1 Index: squid/src/auth/ntlm/auth_ntlm.c
2 diff -c squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12 squid/src/auth/ntlm/auth_ntlm.c:1.17.2.13
3 *** squid/src/auth/ntlm/auth_ntlm.c:1.17.2.12 Sat Apr 17 19:29:52 2004
4 --- squid/src/auth/ntlm/auth_ntlm.c Sat Jul 17 10:05:53 2004
7 static MemPool *ntlm_helper_state_pool = NULL;
8 static MemPool *ntlm_user_pool = NULL;
9 static MemPool *ntlm_request_pool = NULL;
10 static auth_ntlm_config *ntlmConfig = NULL;
12 ! static hash_table *proxy_auth_cache = NULL;
17 static MemPool *ntlm_helper_state_pool = NULL;
18 static MemPool *ntlm_user_pool = NULL;
19 static MemPool *ntlm_request_pool = NULL;
20 + static MemPool *ntlm_challenge_pool = NULL;
21 static auth_ntlm_config *ntlmConfig = NULL;
23 ! static hash_table *ntlm_challenge_cache = NULL;
29 if (ntlmauthenticators == NULL)
30 ntlmauthenticators = helperStatefulCreate("ntlmauthenticator");
31 if (ntlmConfig->challengeuses) {
32 ! if (!proxy_auth_cache)
33 ! proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
34 ! assert(proxy_auth_cache);
36 ntlmauthenticators->cmdline = ntlmConfig->authenticate;
37 ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren;
39 if (ntlmauthenticators == NULL)
40 ntlmauthenticators = helperStatefulCreate("ntlmauthenticator");
41 if (ntlmConfig->challengeuses) {
42 ! if (!ntlm_challenge_cache)
43 ! ntlm_challenge_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
44 ! if (!ntlm_challenge_pool)
45 ! ntlm_challenge_pool = memPoolCreate("NTLM Challenge Cache", sizeof(ntlm_challenge_hash_pointer));
47 ntlmauthenticators->cmdline = ntlmConfig->authenticate;
48 ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren;
51 auth_user_request->scheme_data = NULL;
55 authenticateNTLMFreeUser(auth_user_t * auth_user)
57 - dlink_node *link, *tmplink;
58 ntlm_user_t *ntlm_user = auth_user->scheme_data;
59 - auth_user_hash_pointer *proxy_auth_hash;
61 debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n");
62 if (ntlm_user->username)
63 xfree(ntlm_user->username);
64 /* were they linked in by one or more proxy-authenticate headers */
65 ! link = ntlm_user->proxy_auth_list.head;
67 ! debug(29, 9) ("authenticateFreeProxyAuthUser: removing proxy_auth hash entry '%p'\n", link->data);
68 ! proxy_auth_hash = link->data;
71 ! dlinkDelete(tmplink, &ntlm_user->proxy_auth_list);
72 ! hash_remove_link(proxy_auth_cache, (hash_link *) proxy_auth_hash);
73 ! /* free the key (usually the proxy_auth header) */
74 ! xfree(proxy_auth_hash->key);
75 ! memFree(proxy_auth_hash, MEM_AUTH_USER_HASH);
77 memPoolFree(ntlm_user_pool, ntlm_user);
78 auth_user->scheme_data = NULL;
80 auth_user_request->scheme_data = NULL;
83 + static void authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash);
86 authenticateNTLMFreeUser(auth_user_t * auth_user)
88 ntlm_user_t *ntlm_user = auth_user->scheme_data;
90 debug(29, 5) ("authenticateNTLMFreeUser: Clearing NTLM scheme data\n");
91 if (ntlm_user->username)
92 xfree(ntlm_user->username);
93 /* were they linked in by one or more proxy-authenticate headers */
94 ! while (ntlm_user->challenge_list.head) {
95 ! authenticateNTLMChallengeCacheRemoveLink(ntlm_user->challenge_list.head->data);
97 memPoolFree(ntlm_user_pool, ntlm_user);
98 auth_user->scheme_data = NULL;
102 statedata->renewed = 0;
103 xfree(statedata->challenge);
104 statedata->challenge = NULL;
105 + while (statedata->user_list.head) {
106 + authenticateNTLMChallengeCacheRemoveLink(statedata->user_list.head->data);
113 * Check for this and if found ignore the new link
116 ! authenticateProxyAuthCacheAddLink(const char *key, auth_user_t * auth_user)
118 ! auth_user_hash_pointer *proxy_auth_hash;
120 ntlm_user_t *ntlm_user;
121 ntlm_user = auth_user->scheme_data;
122 - node = ntlm_user->proxy_auth_list.head;
123 /* prevent duplicates */
125 ! if (!strcmp(key, ((auth_user_hash_pointer *) node->data)->key))
129 ! proxy_auth_hash = memAllocate(MEM_AUTH_USER_HASH);
130 ! proxy_auth_hash->key = xstrdup(key);
131 ! proxy_auth_hash->auth_user = auth_user;
132 ! dlinkAddTail(proxy_auth_hash, &proxy_auth_hash->link, &ntlm_user->proxy_auth_list);
133 ! hash_join(proxy_auth_cache, (hash_link *) proxy_auth_hash);
138 * Check for this and if found ignore the new link
141 ! authenticateNTLMChallengeCacheAddLink(const char *key, auth_user_t * auth_user, helper_stateful_server * auth_server)
143 ! ntlm_challenge_hash_pointer *challenge_hash;
144 ntlm_user_t *ntlm_user;
145 + ntlm_helper_state_t *helperstate = helperStatefulServerGetData(auth_server);
146 ntlm_user = auth_user->scheme_data;
147 /* prevent duplicates */
148 ! if (hash_lookup(ntlm_challenge_cache, key))
150 ! challenge_hash = memPoolAlloc(ntlm_challenge_pool);
151 ! challenge_hash->key = xstrdup(key);
152 ! challenge_hash->user.auth_user = auth_user;
153 ! dlinkAddTail(challenge_hash, &challenge_hash->user.link, &ntlm_user->challenge_list);
154 ! challenge_hash->challenge.authserver = auth_server;
155 ! dlinkAddTail(challenge_hash, &challenge_hash->challenge.link, &helperstate->user_list);
156 ! hash_join(ntlm_challenge_cache, (hash_link *) challenge_hash);
160 ! authenticateNTLMChallengeCacheRemoveLink(ntlm_challenge_hash_pointer * challenge_hash)
162 ! ntlm_user_t *ntlm_user = challenge_hash->user.auth_user->scheme_data;
163 ! ntlm_helper_state_t *helperstate = helperStatefulServerGetData(challenge_hash->challenge.authserver);
164 ! hash_remove_link(ntlm_challenge_cache, (hash_link *) challenge_hash);
165 ! dlinkDelete(&challenge_hash->user.link, &ntlm_user->challenge_list);
166 ! dlinkDelete(&challenge_hash->challenge.link, &helperstate->user_list);
167 ! xfree(challenge_hash->key);
168 ! memPoolFree(ntlm_challenge_pool, challenge_hash);
174 authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type)
176 const char *proxy_auth;
177 ! auth_user_hash_pointer *usernamehash, *proxy_auth_hash = NULL;
178 auth_user_t *auth_user;
179 ntlm_request_t *ntlm_request;
180 ntlm_user_t *ntlm_user;
182 authenticateNTLMAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type)
184 const char *proxy_auth;
185 ! auth_user_hash_pointer *usernamehash;
186 ! ntlm_challenge_hash_pointer *challenge_hash = NULL;
187 auth_user_t *auth_user;
188 ntlm_request_t *ntlm_request;
189 ntlm_user_t *ntlm_user;
192 ntlm_request->authchallenge);
193 /* see if we already know this user's authenticate */
194 debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash);
195 ! assert(proxy_auth_cache != NULL);
196 ! proxy_auth_hash = hash_lookup(proxy_auth_cache, ntlmhash);
197 ! if (!proxy_auth_hash) { /* not in the hash table */
198 debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n");
199 ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE;
200 /* verify with the ntlm helper */
202 ntlm_request->authchallenge);
203 /* see if we already know this user's authenticate */
204 debug(29, 9) ("aclMatchProxyAuth: cache lookup with key '%s'\n", ntlmhash);
205 ! assert(ntlm_challenge_cache != NULL);
206 ! challenge_hash = hash_lookup(ntlm_challenge_cache, ntlmhash);
207 ! if (!challenge_hash) { /* not in the hash table */
208 debug(29, 4) ("authenticateNTLMAuthenticateUser: proxy-auth cache miss.\n");
209 ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE;
210 /* verify with the ntlm helper */
213 /* throw away the temporary entry */
214 ntlm_request->authserver_deferred = 0;
215 authenticateNTLMReleaseServer(ntlm_request);
216 ! authenticateAuthUserMerge(auth_user, proxy_auth_hash->auth_user);
217 ! auth_user = proxy_auth_hash->auth_user;
218 auth_user_request->auth_user = auth_user;
219 ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
222 /* throw away the temporary entry */
223 ntlm_request->authserver_deferred = 0;
224 authenticateNTLMReleaseServer(ntlm_request);
225 ! authenticateAuthUserMerge(auth_user, challenge_hash->user.auth_user);
226 ! auth_user = challenge_hash->user.auth_user;
227 auth_user_request->auth_user = auth_user;
228 ntlm_request->auth_state = AUTHENTICATE_STATE_DONE;
232 usernamehash = usernamehash->next;
236 - * add another link from the new proxy_auth to the
237 - * auth_user structure and update the information */
238 - assert(proxy_auth_hash == NULL);
239 /* we can't seamlessly recheck the username due to the
240 * challenge nature of the protocol. Just free the
241 * temporary auth_user */
245 snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",
246 ntlm_request->ntlmauthenticate,
247 ntlm_request->authchallenge);
248 ! authenticateProxyAuthCacheAddLink(ntlmhash, auth_user);
250 /* set these to now because this is either a new login from an
251 * existing user or a new user */
253 snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",
254 ntlm_request->ntlmauthenticate,
255 ntlm_request->authchallenge);
256 ! authenticateNTLMChallengeCacheAddLink(ntlmhash, auth_user, ntlm_request->authserver);
258 /* set these to now because this is either a new login from an
259 * existing user or a new user */
260 Index: squid/src/auth/ntlm/auth_ntlm.h
261 diff -c squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1 squid/src/auth/ntlm/auth_ntlm.h:1.7.2.2
262 *** squid/src/auth/ntlm/auth_ntlm.h:1.7.2.1 Wed Feb 4 10:42:36 2004
263 --- squid/src/auth/ntlm/auth_ntlm.h Sat Jul 17 10:05:53 2004
267 /* what username did this connection get? */
269 ! dlink_list proxy_auth_list;
272 struct _ntlm_request {
273 /* what negotiate string did the client use? */
277 /* what username did this connection get? */
279 ! dlink_list challenge_list;
282 + struct _ntlm_challenge_hash_pointer {
283 + /* first two items must be same as hash_link */
285 + auth_user_hash_pointer *next;
287 + auth_user_t *auth_user;
288 + dlink_node link; /* other hash entries that point to the same auth_user */
291 + helper_stateful_server *authserver;
292 + dlink_node link; /* other hash entries that point to the same challenge */
297 struct _ntlm_request {
298 /* what negotiate string did the client use? */
303 int starve; /* 0= normal operation. 1=don't hand out any more challenges */
304 int challengeuses; /* the number of times this challenge has been issued */
306 + dlink_list user_list; /* ntlm_challenge_hash_pointer list referring to this challenge */
309 /* configuration runtime data */
313 typedef struct _ntlm_request ntlm_request_t;
314 typedef struct _ntlm_helper_state_t ntlm_helper_state_t;
315 typedef struct _auth_ntlm_config auth_ntlm_config;
316 + typedef struct _ntlm_challenge_hash_pointer ntlm_challenge_hash_pointer;
318 extern MemPool *ntlm_helper_state_pool;
319 extern MemPool *ntlm_user_pool;