Index: squid/src/auth/ntlm/auth_ntlm.c diff -c squid/src/auth/ntlm/auth_ntlm.c:1.17.2.3 squid/src/auth/ntlm/auth_ntlm.c:1.17.2.4 *** squid/src/auth/ntlm/auth_ntlm.c:1.17.2.3 Wed Jan 8 13:59:09 2003 --- squid/src/auth/ntlm/auth_ntlm.c Tue Feb 4 16:17:26 2003 *************** *** 965,970 **** --- 965,977 ---- assert(auth_user_request->scheme_data != NULL); ntlm_user = auth_user->scheme_data; ntlm_request = auth_user_request->scheme_data; + /* Check that we are in the client side, where we can generate + * auth challenges */ + if (!conn) { + ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED; + debug(29, 1) ("authenticateNTLMAuthenticateUser: attempt to perform authentication without a connection!\n"); + return; + } switch (ntlm_request->auth_state) { case AUTHENTICATE_STATE_NONE: /* we've recieved a negotiate request. pass to a helper */ Index: squid/src/authenticate.c diff -c squid/src/authenticate.c:1.36.2.7 squid/src/authenticate.c:1.36.2.8 *** squid/src/authenticate.c:1.36.2.7 Fri Jan 31 19:40:58 2003 --- squid/src/authenticate.c Tue Feb 4 16:31:42 2003 *************** *** 401,406 **** --- 401,417 ---- authscheme_list[auth_user_request->auth_user->auth_module - 1].authAuthenticate(auth_user_request, request, conn, type); } + static auth_user_request_t * + authTryGetUser(auth_user_request_t ** auth_user_request, ConnStateData * conn) + { + if (*auth_user_request) + return *auth_user_request; + else if (conn) + return conn->auth_user_request; + else + return NULL; + } + /* returns one of * AUTH_ACL_CHALLENGE, * AUTH_ACL_HELPER, *************** *** 428,454 **** proxy_auth = httpHeaderGetStr(&request->header, headertype); - if (conn == NULL) { - debug(28, 1) ("authenticateAuthenticate: no connection data, cannot process authentication\n"); - /* - * deny access: clientreadrequest requires conn data, and it is always - * compiled in so we should have it too. - */ - return AUTH_ACL_CANNOT_AUTHENTICATE; - } /* * a note on proxy_auth logix here: * proxy_auth==NULL -> unauthenticated request || already * authenticated connection so we test for an authenticated * connection when we recieve no authentication header. */ ! if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(*auth_user_request ? *auth_user_request : conn->auth_user_request))) ! || (conn->auth_type == AUTH_BROKEN)) { /* no header or authentication failed/got corrupted - restart */ ! conn->auth_type = AUTH_UNKNOWN; debug(28, 4) ("authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header.\n"); /* something wrong with the AUTH credentials. Force a new attempt */ ! if (conn->auth_user_request) { authenticateAuthUserRequestUnlock(conn->auth_user_request); conn->auth_user_request = NULL; } --- 439,458 ---- proxy_auth = httpHeaderGetStr(&request->header, headertype); /* * a note on proxy_auth logix here: * proxy_auth==NULL -> unauthenticated request || already * authenticated connection so we test for an authenticated * connection when we recieve no authentication header. */ ! if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(authTryGetUser(auth_user_request, conn)))) ! || (conn && conn->auth_type == AUTH_BROKEN)) { /* no header or authentication failed/got corrupted - restart */ ! if (conn) ! conn->auth_type = AUTH_UNKNOWN; debug(28, 4) ("authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header.\n"); /* something wrong with the AUTH credentials. Force a new attempt */ ! if (conn && conn->auth_user_request) { authenticateAuthUserRequestUnlock(conn->auth_user_request); conn->auth_user_request = NULL; } *************** *** 464,470 **** * No check for function required in the if: its compulsory for conn based * auth modules */ ! if (proxy_auth && conn->auth_user_request && authenticateUserAuthenticated(conn->auth_user_request) && strcmp(proxy_auth, authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].authConnLastHeader(conn->auth_user_request))) { debug(28, 2) ("authenticateAuthenticate: DUPLICATE AUTH - authentication header on already authenticated connection!. AU %p, Current user '%s' proxy_auth %s\n", conn->auth_user_request, authenticateUserRequestUsername(conn->auth_user_request), proxy_auth); --- 468,474 ---- * No check for function required in the if: its compulsory for conn based * auth modules */ ! if (proxy_auth && conn && conn->auth_user_request && authenticateUserAuthenticated(conn->auth_user_request) && strcmp(proxy_auth, authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].authConnLastHeader(conn->auth_user_request))) { debug(28, 2) ("authenticateAuthenticate: DUPLICATE AUTH - authentication header on already authenticated connection!. AU %p, Current user '%s' proxy_auth %s\n", conn->auth_user_request, authenticateUserRequestUsername(conn->auth_user_request), proxy_auth); *************** *** 488,496 **** debug(28, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth); if (*auth_user_request == NULL) { debug(28, 9) ("authenticateAuthenticate: This is a new checklist test on FD:%d\n", ! conn->fd); if ((!request->auth_user_request) ! && (conn->auth_type == AUTH_UNKNOWN)) { /* beginning of a new request check */ debug(28, 4) ("authenticateAuthenticate: no connection authentication type\n"); if (!authenticateValidateUser(*auth_user_request = --- 492,500 ---- debug(28, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth); if (*auth_user_request == NULL) { debug(28, 9) ("authenticateAuthenticate: This is a new checklist test on FD:%d\n", ! conn ? conn->fd : -1); if ((!request->auth_user_request) ! && (!conn || conn->auth_type == AUTH_UNKNOWN)) { /* beginning of a new request check */ debug(28, 4) ("authenticateAuthenticate: no connection authentication type\n"); if (!authenticateValidateUser(*auth_user_request = *************** *** 513,518 **** --- 517,523 ---- /* lock the user request for this ACL processing */ authenticateAuthUserRequestLock(*auth_user_request); } else { + assert(conn); if (conn->auth_user_request != NULL) { *auth_user_request = conn->auth_user_request; /* lock the user request for this ACL processing */ *************** *** 577,583 **** authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) { /* If we have already been called, return the cached value */ ! auth_user_request_t *t = *auth_user_request ? *auth_user_request : conn->auth_user_request; auth_acl_t result; if (t && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE && t->lastReply != AUTH_ACL_HELPER) { --- 582,588 ---- authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) { /* If we have already been called, return the cached value */ ! auth_user_request_t *t = authTryGetUser(auth_user_request, conn); auth_acl_t result; if (t && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE && t->lastReply != AUTH_ACL_HELPER) { *************** *** 587,593 **** } /* ok, call the actual authenticator routine. */ result = authenticateAuthenticate(auth_user_request, headertype, request, conn, src_addr); ! t = *auth_user_request ? *auth_user_request : conn->auth_user_request; if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE && result != AUTH_ACL_HELPER) t->lastReply = result; --- 592,598 ---- } /* ok, call the actual authenticator routine. */ result = authenticateAuthenticate(auth_user_request, headertype, request, conn, src_addr); ! t = authTryGetUser(auth_user_request, conn); if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE && result != AUTH_ACL_HELPER) t->lastReply = result;

AltStyle によって変換されたページ (->オリジナル) /