- findutils are Red by rpm-build; dropped source*-size

[packages/squid.git] / squid-2.5.STABLE6-ntlm_challengereuse_leak.patch

Index: squid/src/auth/ntlm/auth_ntlm.c
diff -c squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12 squid/src/auth/ntlm/auth_ntlm.c:1.17.2.13
*** squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12   Sat Apr 17 19:29:52 2004
--- squid/src/auth/ntlm/auth_ntlm.c     Sat Jul 17 10:05:53 2004
***************
*** 87,95 ****
  static MemPool *ntlm_helper_state_pool = NULL;
  static MemPool *ntlm_user_pool = NULL;
  static MemPool *ntlm_request_pool = NULL;
  static auth_ntlm_config *ntlmConfig = NULL;
  
! static hash_table *proxy_auth_cache = NULL;
  
  /*
   *
--- 87,96 ----
  static MemPool *ntlm_helper_state_pool = NULL;
  static MemPool *ntlm_user_pool = NULL;
  static MemPool *ntlm_request_pool = NULL;
+ static MemPool *ntlm_challenge_pool = NULL;
  static auth_ntlm_config *ntlmConfig = NULL;
  
! static hash_table *ntlm_challenge_cache = NULL;
  
  /*
   *
***************
*** 249,257 ****
        if (ntlmauthenticators == NULL)
            ntlmauthenticators = helperStatefulCreate("ntlmauthenticator");
        if (ntlmConfig->challengeuses) {
!           if (!proxy_auth_cache)
!               proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
!           assert(proxy_auth_cache);
        }
        ntlmauthenticators->cmdline = ntlmConfig->authenticate;
        ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren;
--- 250,259 ----
        if (ntlmauthenticators == NULL)
            ntlmauthenticators = helperStatefulCreate("ntlmauthenticator");
        if (ntlmConfig->challengeuses) {
!           if (!ntlm_challenge_cache)
!               ntlm_challenge_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
!           if (!ntlm_challenge_pool)
!               ntlm_challenge_pool = memPoolCreate("NTLM Challenge Cache", sizeof(ntlm_challenge_hash_pointer));
        }
        ntlmauthenticators->cmdline = ntlmConfig->authenticate;
        ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren;
***************
*** 393,420 ****
      auth_user_request->scheme_data = NULL;
  }
  
  static void
  authenticateNTLMFreeUser(auth_user_t * auth_user)
  {
-     dlink_node *link, *tmplink;
      ntlm_user_t *ntlm_user = auth_user->scheme_data;
-     auth_user_hash_pointer *proxy_auth_hash;
  
      debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n");
      if (ntlm_user->username)
        xfree(ntlm_user->username);
      /* were they linked in by one or more proxy-authenticate headers */
!     link = ntlm_user->proxy_auth_list.head;
!     while (link) {
!       debug(29, 9) ("authenticateFreeProxyAuthUser: removing proxy_auth hash entry '%p'\n", link->data);
!       proxy_auth_hash = link->data;
!       tmplink = link;
!       link = link->next;
!       dlinkDelete(tmplink, &ntlm_user->proxy_auth_list);
!       hash_remove_link(proxy_auth_cache, (hash_link *) proxy_auth_hash);
!       /* free the key (usually the proxy_auth header) */
!       xfree(proxy_auth_hash->key);
!       memFree(proxy_auth_hash, MEM_AUTH_USER_HASH);
      }
      memPoolFree(ntlm_user_pool, ntlm_user);
      auth_user->scheme_data = NULL;
--- 395,413 ----
      auth_user_request->scheme_data = NULL;
  }
  
+ static void authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash);
+ 
  static void
  authenticateNTLMFreeUser(auth_user_t * auth_user)
  {
      ntlm_user_t *ntlm_user = auth_user->scheme_data;
  
      debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n");
      if (ntlm_user->username)
        xfree(ntlm_user->username);
      /* were they linked in by one or more proxy-authenticate headers */
!     while (ntlm_user->challenge_list.head) {
!       authenticateNTLMChallengeCacheRemoveLink(ntlm_user->challenge_list.head->data);
      }
      memPoolFree(ntlm_user_pool, ntlm_user);
      auth_user->scheme_data = NULL;
***************
*** 792,797 ****
--- 785,793 ----
        statedata->renewed = 0;
        xfree(statedata->challenge);
        statedata->challenge = NULL;
+       while (statedata->user_list.head) {
+           authenticateNTLMChallengeCacheRemoveLink(statedata->user_list.head->data);
+       }
      }
  }
  
***************
*** 880,903 ****
   * Check for this and if found ignore the new link 
   */
  static void
! authenticateProxyAuthCacheAddLink(const char *key, auth_user_t * auth_user)
  {
!     auth_user_hash_pointer *proxy_auth_hash;
!     dlink_node *node;
      ntlm_user_t *ntlm_user;
      ntlm_user = auth_user->scheme_data;
-     node = ntlm_user->proxy_auth_list.head;
      /* prevent duplicates */
!     while (node) {
!       if (!strcmp(key, ((auth_user_hash_pointer *) node->data)->key))
!           return;
!       node = node->next;
!     }
!     proxy_auth_hash = memAllocate(MEM_AUTH_USER_HASH);
!     proxy_auth_hash->key = xstrdup(key);
!     proxy_auth_hash->auth_user = auth_user;
!     dlinkAddTail(proxy_auth_hash, &proxy_auth_hash->link, &ntlm_user->proxy_auth_list);
!     hash_join(proxy_auth_cache, (hash_link *) proxy_auth_hash);
  }
  
  
--- 876,909 ----
   * Check for this and if found ignore the new link 
   */
  static void
! authenticateNTLMChallengeCacheAddLink(const char *key, auth_user_t * auth_user, helper_stateful_server * auth_server)
  {
!     ntlm_challenge_hash_pointer *challenge_hash;
      ntlm_user_t *ntlm_user;
+     ntlm_helper_state_t *helperstate = helperStatefulServerGetData(auth_server);
      ntlm_user = auth_user->scheme_data;
      /* prevent duplicates */
!     if (hash_lookup(ntlm_challenge_cache, key))
!       return;
!     challenge_hash = memPoolAlloc(ntlm_challenge_pool);
!     challenge_hash->key = xstrdup(key);
!     challenge_hash->user.auth_user = auth_user;
!     dlinkAddTail(challenge_hash, &challenge_hash->user.link, &ntlm_user->challenge_list);
!     challenge_hash->challenge.authserver = auth_server;
!     dlinkAddTail(challenge_hash, &challenge_hash->challenge.link, &helperstate->user_list);
!     hash_join(ntlm_challenge_cache, (hash_link *) challenge_hash);
! }
! 
! static void
! authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash)
! {
!     ntlm_user_t *ntlm_user = challenge_hash->user.auth_user->scheme_data;
!     ntlm_helper_state_t *helperstate = helperStatefulServerGetData(challenge_hash->challenge.authserver);
!     hash_remove_link(ntlm_challenge_cache, (hash_link *) challenge_hash);
!     dlinkDelete(&challenge_hash->user.link, &ntlm_user->challenge_list);
!     dlinkDelete(&challenge_hash->challenge.link, &helperstate->user_list);
!     xfree(challenge_hash->key);
!     memPoolFree(ntlm_challenge_pool, challenge_hash);
  }
  
  
***************
*** 915,921 ****
  authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type)
  {
      const char *proxy_auth;
!     auth_user_hash_pointer *usernamehash, *proxy_auth_hash = NULL;
      auth_user_t *auth_user;
      ntlm_request_t *ntlm_request;
      ntlm_user_t *ntlm_user;
--- 921,928 ----
  authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type)
  {
      const char *proxy_auth;
!     auth_user_hash_pointer *usernamehash;
!     ntlm_challenge_hash_pointer *challenge_hash = NULL;
      auth_user_t *auth_user;
      ntlm_request_t *ntlm_request;
      ntlm_user_t *ntlm_user;
***************
*** 982,990 ****
            ntlm_request->authchallenge);
        /* see if we already know this user's authenticate */
        debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash);
!       assert(proxy_auth_cache != NULL);
!       proxy_auth_hash = hash_lookup(proxy_auth_cache, ntlmhash);
!       if (!proxy_auth_hash) { /* not in the hash table */
            debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n");
            ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE;
            /* verify with the ntlm helper */
--- 989,997 ----
            ntlm_request->authchallenge);
        /* see if we already know this user's authenticate */
        debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash);
!       assert(ntlm_challenge_cache != NULL);
!       challenge_hash = hash_lookup(ntlm_challenge_cache, ntlmhash);
!       if (!challenge_hash) {  /* not in the hash table */
            debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n");
            ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE;
            /* verify with the ntlm helper */
***************
*** 993,1000 ****
            /* throw away the temporary entry */
            ntlm_request->authserver_deferred = 0;
            authenticateNTLMReleaseServer(ntlm_request);
!           authenticateAuthUserMerge(auth_user, proxy_auth_hash->auth_user);
!           auth_user = proxy_auth_hash->auth_user;
            auth_user_request->auth_user = auth_user;
            ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
            /* we found one */
--- 1000,1007 ----
            /* throw away the temporary entry */
            ntlm_request->authserver_deferred = 0;
            authenticateNTLMReleaseServer(ntlm_request);
!           authenticateAuthUserMerge(auth_user, challenge_hash->user.auth_user);
!           auth_user = challenge_hash->user.auth_user;
            auth_user_request->auth_user = auth_user;
            ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
            /* we found one */
***************
*** 1026,1035 ****
                usernamehash = usernamehash->next;
        }
        if (usernamehash) {
-           /*
-            * add another link from the new proxy_auth to the
-            * auth_user structure and update the information */
-           assert(proxy_auth_hash == NULL);
            /* we can't seamlessly recheck the username due to the 
             * challenge nature of the protocol. Just free the 
             * temporary auth_user */
--- 1033,1038 ----
***************
*** 1045,1051 ****
            snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",
                ntlm_request->ntlmauthenticate,
                ntlm_request->authchallenge);
!           authenticateProxyAuthCacheAddLink(ntlmhash, auth_user);
        }
        /* set these to now because this is either a new login from an 
         * existing user or a new user */
--- 1048,1054 ----
            snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",
                ntlm_request->ntlmauthenticate,
                ntlm_request->authchallenge);
!           authenticateNTLMChallengeCacheAddLink(ntlmhash, auth_user, ntlm_request->authserver);
        }
        /* set these to now because this is either a new login from an 
         * existing user or a new user */
Index: squid/src/auth/ntlm/auth_ntlm.h
diff -c squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1 squid/src/auth/ntlm/auth_ntlm.h:1.7.2.2
*** squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1     Wed Feb  4 10:42:36 2004
--- squid/src/auth/ntlm/auth_ntlm.h     Sat Jul 17 10:05:53 2004
***************
*** 27,35 ****
  struct _ntlm_user {
      /* what username did this connection get? */
      char *username;
!     dlink_list proxy_auth_list;
  };
  
  struct _ntlm_request {
      /* what negotiate string did the client use? */
      char *ntlmnegotiate;
--- 27,50 ----
  struct _ntlm_user {
      /* what username did this connection get? */
      char *username;
!     dlink_list challenge_list;
  };
  
+ struct _ntlm_challenge_hash_pointer {
+     /* first two items must be same as hash_link */
+     char *key;
+     auth_user_hash_pointer *next;
+     struct {
+       auth_user_t *auth_user;
+       dlink_node link;        /* other hash entries that point to the same auth_user */
+     } user;
+     struct {
+       helper_stateful_server *authserver;
+       dlink_node link;        /* other hash entries that point to the same challenge */
+     } challenge;
+ };
+ 
+ 
  struct _ntlm_request {
      /* what negotiate string did the client use? */
      char *ntlmnegotiate;
***************
*** 52,57 ****
--- 67,73 ----
      int starve;                       /* 0= normal operation. 1=don't hand out any more challenges */
      int challengeuses;                /* the number of times this challenge has been issued */
      time_t renewed;
+     dlink_list user_list;     /* ntlm_challenge_hash_pointer list referring to this challenge */
  };
  
  /* configuration runtime data */
***************
*** 67,72 ****
--- 83,89 ----
  typedef struct _ntlm_request ntlm_request_t;
  typedef struct _ntlm_helper_state_t ntlm_helper_state_t;
  typedef struct _auth_ntlm_config auth_ntlm_config;
+ typedef struct _ntlm_challenge_hash_pointer ntlm_challenge_hash_pointer;
  
  extern MemPool *ntlm_helper_state_pool;
  extern MemPool *ntlm_user_pool;