Index: squid/src/auth/ntlm/auth_ntlm.c diff -c squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12 squid/src/auth/ntlm/auth_ntlm.c:1.17.2.13 *** squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12 Sat Apr 17 19:29:52 2004 --- squid/src/auth/ntlm/auth_ntlm.c Sat Jul 17 10:05:53 2004 *************** *** 87,95 **** static MemPool *ntlm_helper_state_pool = NULL; static MemPool *ntlm_user_pool = NULL; static MemPool *ntlm_request_pool = NULL; static auth_ntlm_config *ntlmConfig = NULL; ! static hash_table *proxy_auth_cache = NULL; /* * --- 87,96 ---- static MemPool *ntlm_helper_state_pool = NULL; static MemPool *ntlm_user_pool = NULL; static MemPool *ntlm_request_pool = NULL; + static MemPool *ntlm_challenge_pool = NULL; static auth_ntlm_config *ntlmConfig = NULL; ! static hash_table *ntlm_challenge_cache = NULL; /* * *************** *** 249,257 **** if (ntlmauthenticators == NULL) ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); if (ntlmConfig->challengeuses) { ! if (!proxy_auth_cache) ! proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); ! assert(proxy_auth_cache); } ntlmauthenticators->cmdline = ntlmConfig->authenticate; ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren; --- 250,259 ---- if (ntlmauthenticators == NULL) ntlmauthenticators = helperStatefulCreate("ntlmauthenticator"); if (ntlmConfig->challengeuses) { ! if (!ntlm_challenge_cache) ! ntlm_challenge_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); ! if (!ntlm_challenge_pool) ! ntlm_challenge_pool = memPoolCreate("NTLM Challenge Cache", sizeof(ntlm_challenge_hash_pointer)); } ntlmauthenticators->cmdline = ntlmConfig->authenticate; ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren; *************** *** 393,420 **** auth_user_request->scheme_data = NULL; } static void authenticateNTLMFreeUser(auth_user_t * auth_user) { - dlink_node *link, *tmplink; ntlm_user_t *ntlm_user = auth_user->scheme_data; - auth_user_hash_pointer *proxy_auth_hash; debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n"); if (ntlm_user->username) xfree(ntlm_user->username); /* were they linked in by one or more proxy-authenticate headers */ ! link = ntlm_user->proxy_auth_list.head; ! while (link) { ! debug(29, 9) ("authenticateFreeProxyAuthUser: removing proxy_auth hash entry '%p'\n", link->data); ! proxy_auth_hash = link->data; ! tmplink = link; ! link = link->next; ! dlinkDelete(tmplink, &ntlm_user->proxy_auth_list); ! hash_remove_link(proxy_auth_cache, (hash_link *) proxy_auth_hash); ! /* free the key (usually the proxy_auth header) */ ! xfree(proxy_auth_hash->key); ! memFree(proxy_auth_hash, MEM_AUTH_USER_HASH); } memPoolFree(ntlm_user_pool, ntlm_user); auth_user->scheme_data = NULL; --- 395,413 ---- auth_user_request->scheme_data = NULL; } + static void authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash); + static void authenticateNTLMFreeUser(auth_user_t * auth_user) { ntlm_user_t *ntlm_user = auth_user->scheme_data; debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n"); if (ntlm_user->username) xfree(ntlm_user->username); /* were they linked in by one or more proxy-authenticate headers */ ! while (ntlm_user->challenge_list.head) { ! authenticateNTLMChallengeCacheRemoveLink(ntlm_user->challenge_list.head->data); } memPoolFree(ntlm_user_pool, ntlm_user); auth_user->scheme_data = NULL; *************** *** 792,797 **** --- 785,793 ---- statedata->renewed = 0; xfree(statedata->challenge); statedata->challenge = NULL; + while (statedata->user_list.head) { + authenticateNTLMChallengeCacheRemoveLink(statedata->user_list.head->data); + } } } *************** *** 880,903 **** * Check for this and if found ignore the new link */ static void ! authenticateProxyAuthCacheAddLink(const char *key, auth_user_t * auth_user) { ! auth_user_hash_pointer *proxy_auth_hash; ! dlink_node *node; ntlm_user_t *ntlm_user; ntlm_user = auth_user->scheme_data; - node = ntlm_user->proxy_auth_list.head; /* prevent duplicates */ ! while (node) { ! if (!strcmp(key, ((auth_user_hash_pointer *) node->data)->key)) ! return; ! node = node->next; ! } ! proxy_auth_hash = memAllocate(MEM_AUTH_USER_HASH); ! proxy_auth_hash->key = xstrdup(key); ! proxy_auth_hash->auth_user = auth_user; ! dlinkAddTail(proxy_auth_hash, &proxy_auth_hash->link, &ntlm_user->proxy_auth_list); ! hash_join(proxy_auth_cache, (hash_link *) proxy_auth_hash); } --- 876,909 ---- * Check for this and if found ignore the new link */ static void ! authenticateNTLMChallengeCacheAddLink(const char *key, auth_user_t * auth_user, helper_stateful_server * auth_server) { ! ntlm_challenge_hash_pointer *challenge_hash; ntlm_user_t *ntlm_user; + ntlm_helper_state_t *helperstate = helperStatefulServerGetData(auth_server); ntlm_user = auth_user->scheme_data; /* prevent duplicates */ ! if (hash_lookup(ntlm_challenge_cache, key)) ! return; ! challenge_hash = memPoolAlloc(ntlm_challenge_pool); ! challenge_hash->key = xstrdup(key); ! challenge_hash->user.auth_user = auth_user; ! dlinkAddTail(challenge_hash, &challenge_hash->user.link, &ntlm_user->challenge_list); ! challenge_hash->challenge.authserver = auth_server; ! dlinkAddTail(challenge_hash, &challenge_hash->challenge.link, &helperstate->user_list); ! hash_join(ntlm_challenge_cache, (hash_link *) challenge_hash); ! } ! ! static void ! authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash) ! { ! ntlm_user_t *ntlm_user = challenge_hash->user.auth_user->scheme_data; ! ntlm_helper_state_t *helperstate = helperStatefulServerGetData(challenge_hash->challenge.authserver); ! hash_remove_link(ntlm_challenge_cache, (hash_link *) challenge_hash); ! dlinkDelete(&challenge_hash->user.link, &ntlm_user->challenge_list); ! dlinkDelete(&challenge_hash->challenge.link, &helperstate->user_list); ! xfree(challenge_hash->key); ! memPoolFree(ntlm_challenge_pool, challenge_hash); } *************** *** 915,921 **** authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type) { const char *proxy_auth; ! auth_user_hash_pointer *usernamehash, *proxy_auth_hash = NULL; auth_user_t *auth_user; ntlm_request_t *ntlm_request; ntlm_user_t *ntlm_user; --- 921,928 ---- authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type) { const char *proxy_auth; ! auth_user_hash_pointer *usernamehash; ! ntlm_challenge_hash_pointer *challenge_hash = NULL; auth_user_t *auth_user; ntlm_request_t *ntlm_request; ntlm_user_t *ntlm_user; *************** *** 982,990 **** ntlm_request->authchallenge); /* see if we already know this user's authenticate */ debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash); ! assert(proxy_auth_cache != NULL); ! proxy_auth_hash = hash_lookup(proxy_auth_cache, ntlmhash); ! if (!proxy_auth_hash) { /* not in the hash table */ debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n"); ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE; /* verify with the ntlm helper */ --- 989,997 ---- ntlm_request->authchallenge); /* see if we already know this user's authenticate */ debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash); ! assert(ntlm_challenge_cache != NULL); ! challenge_hash = hash_lookup(ntlm_challenge_cache, ntlmhash); ! if (!challenge_hash) { /* not in the hash table */ debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n"); ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE; /* verify with the ntlm helper */ *************** *** 993,1000 **** /* throw away the temporary entry */ ntlm_request->authserver_deferred = 0; authenticateNTLMReleaseServer(ntlm_request); ! authenticateAuthUserMerge(auth_user, proxy_auth_hash->auth_user); ! auth_user = proxy_auth_hash->auth_user; auth_user_request->auth_user = auth_user; ntlm_request->auth_state = AUTHENTICATE_STATE_DONE; /* we found one */ --- 1000,1007 ---- /* throw away the temporary entry */ ntlm_request->authserver_deferred = 0; authenticateNTLMReleaseServer(ntlm_request); ! authenticateAuthUserMerge(auth_user, challenge_hash->user.auth_user); ! auth_user = challenge_hash->user.auth_user; auth_user_request->auth_user = auth_user; ntlm_request->auth_state = AUTHENTICATE_STATE_DONE; /* we found one */ *************** *** 1026,1035 **** usernamehash = usernamehash->next; } if (usernamehash) { - /* - * add another link from the new proxy_auth to the - * auth_user structure and update the information */ - assert(proxy_auth_hash == NULL); /* we can't seamlessly recheck the username due to the * challenge nature of the protocol. Just free the * temporary auth_user */ --- 1033,1038 ---- *************** *** 1045,1051 **** snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", ntlm_request->ntlmauthenticate, ntlm_request->authchallenge); ! authenticateProxyAuthCacheAddLink(ntlmhash, auth_user); } /* set these to now because this is either a new login from an * existing user or a new user */ --- 1048,1054 ---- snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s", ntlm_request->ntlmauthenticate, ntlm_request->authchallenge); ! authenticateNTLMChallengeCacheAddLink(ntlmhash, auth_user, ntlm_request->authserver); } /* set these to now because this is either a new login from an * existing user or a new user */ Index: squid/src/auth/ntlm/auth_ntlm.h diff -c squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1 squid/src/auth/ntlm/auth_ntlm.h:1.7.2.2 *** squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1 Wed Feb 4 10:42:36 2004 --- squid/src/auth/ntlm/auth_ntlm.h Sat Jul 17 10:05:53 2004 *************** *** 27,35 **** struct _ntlm_user { /* what username did this connection get? */ char *username; ! dlink_list proxy_auth_list; }; struct _ntlm_request { /* what negotiate string did the client use? */ char *ntlmnegotiate; --- 27,50 ---- struct _ntlm_user { /* what username did this connection get? */ char *username; ! dlink_list challenge_list; }; + struct _ntlm_challenge_hash_pointer { + /* first two items must be same as hash_link */ + char *key; + auth_user_hash_pointer *next; + struct { + auth_user_t *auth_user; + dlink_node link; /* other hash entries that point to the same auth_user */ + } user; + struct { + helper_stateful_server *authserver; + dlink_node link; /* other hash entries that point to the same challenge */ + } challenge; + }; + + struct _ntlm_request { /* what negotiate string did the client use? */ char *ntlmnegotiate; *************** *** 52,57 **** --- 67,73 ---- int starve; /* 0= normal operation. 1=don't hand out any more challenges */ int challengeuses; /* the number of times this challenge has been issued */ time_t renewed; + dlink_list user_list; /* ntlm_challenge_hash_pointer list referring to this challenge */ }; /* configuration runtime data */ *************** *** 67,72 **** --- 83,89 ---- typedef struct _ntlm_request ntlm_request_t; typedef struct _ntlm_helper_state_t ntlm_helper_state_t; typedef struct _auth_ntlm_config auth_ntlm_config; + typedef struct _ntlm_challenge_hash_pointer ntlm_challenge_hash_pointer; extern MemPool *ntlm_helper_state_pool; extern MemPool *ntlm_user_pool;