static void
authenticateBasicHandleReply(void *data, char *reply)
{
authenticateStateData *r = data;
auth_user_t *auth_user;
basic_data *basic_auth;
auth_basic_queue_node *tmpnode;
int valid;
char *t = NULL;
debug(29, 9) ("authenticateBasicHandleReply: {%s}\n", reply ? reply : "<NULL>");
if (reply) {
if ((t = strchr(reply, ' ')))
*t++ = '\0';
if (*reply == '\0')
reply = NULL;
}
assert(r->auth_user_request != NULL);
assert(r->auth_user_request->auth_user->auth_type == AUTH_BASIC);
auth_user = r->auth_user_request->auth_user;
basic_auth = auth_user->scheme_data;
if (reply && (strncasecmp(reply, "OK", 2) == 0))
basic_auth->flags.credentials_ok = 1;
else {
basic_auth->flags.credentials_ok = 3;
safe_free(r->auth_user_request->message);
if (t && *t)
r->auth_user_request->message = xstrdup(t);
}
basic_auth->credentials_checkedtime = squid_curtime;
valid = cbdataValid(r->data);
if (valid)
r->handler(r->data, NULL);
cbdataUnlock(r->data);
while (basic_auth->auth_queue) {
tmpnode = basic_auth->auth_queue->next;
valid = cbdataValid(basic_auth->auth_queue->data);
if (valid)
basic_auth->auth_queue->handler(basic_auth->auth_queue->data, NULL);
cbdataUnlock(basic_auth->auth_queue->data);
xfree(basic_auth->auth_queue);
basic_auth->auth_queue = tmpnode;
}
authenticateStateFree(r);
}
static void
authenticateHandleReply(void *data, char *reply)
{
authenticateStateData *r = data;
int valid;
char *t = NULL;
debug(29, 5) ("authenticateHandleReply: {%s}\n", reply ? reply : "<NULL>");
if (reply) {
if ((t = strchr(reply, ' ')))
*t = '\0';
if (*reply == '\0')
reply = NULL;
}
valid = cbdataValid(r->data);
cbdataUnlock(r->data);
if (valid)
r->handler(r->data, reply);
authenticateStateFree(r);
}
static void
authenticateDigestHandleReply(void *data, char *reply)
{
authenticateStateData *r = data;
auth_user_request_t *auth_user_request;
digest_request_h *digest_request;
digest_user_h *digest_user;
int valid;
char *t = NULL;
debug(29, 9) ("authenticateDigestHandleReply: {%s}\n", reply ? reply : "<NULL>");
if (reply) {
if ((t = strchr(reply, ' ')))
*t++ = '\0';
if (*reply == '\0' || *reply == '\n')
reply = NULL;
}
assert(r->auth_user_request != NULL);
auth_user_request = r->auth_user_request;
assert(auth_user_request->scheme_data != NULL);
digest_request = auth_user_request->scheme_data;
digest_user = auth_user_request->auth_user->scheme_data;
if (reply && (strncasecmp(reply, "ERR", 3) == 0)) {
digest_request->flags.credentials_ok = 3;
safe_free(auth_user_request->message);
if (t && *t)
auth_user_request->message = xstrdup(t);
} else if (reply) {
CvtBin(reply, digest_user->HA1);
digest_user->HA1created = 1;
}
valid = cbdataValid(r->data);
if (valid)
r->handler(r->data, NULL);
cbdataUnlock(r->data);
authenticateStateFree(r);
}
static void
authenticateNegotiateHandleReply(void *data, void *srv, char *reply)
{
authenticateStateData *r = data;
int valid;
auth_user_request_t *auth_user_request;
auth_user_t *auth_user;
negotiate_user_t *negotiate_user;
negotiate_request_t *negotiate_request;
char *blob, *arg;
debug(29, 9) ("authenticateNegotiateHandleReply: Helper: '%p' {%s}\n", srv, reply ? reply : "<NULL>");
valid = cbdataValid(r->data);
if (!valid) {
debug(29, 2) ("AuthenticateNegotiateHandleReply: invalid callback data. Releasing helper '%p'.\n", srv);
negotiate_request = r->auth_user_request->scheme_data;
if (negotiate_request != NULL) {
if (negotiate_request->authserver == NULL)
negotiate_request->authserver = srv;
authenticateNegotiateReleaseServer(negotiate_request);
}
cbdataUnlock(r->data);
authenticateStateFree(r);
return;
}
if (!reply) {
debug(29, 1) ("AuthenticateNegotiateHandleReply: Helper '%p' crashed!.\n", srv);
reply = (char *) "BH Internal error";
}
auth_user_request = r->auth_user_request;
negotiate_request = auth_user_request->scheme_data;
assert(negotiate_request != NULL);
assert(negotiate_request->waiting);
negotiate_request->waiting = 0;
safe_free(negotiate_request->client_blob);
auth_user = auth_user_request->auth_user;
assert(auth_user != NULL);
assert(auth_user->auth_type == AUTH_NEGOTIATE);
negotiate_user = auth_user_request->auth_user->scheme_data;
if (negotiate_request->authserver == NULL)
negotiate_request->authserver = srv;
else
assert(negotiate_request->authserver == srv);
/* seperate out the useful data */
blob = strchr(reply, ' ');
if (blob) {
blob++;
arg = strchr(blob + 1, ' ');
} else {
arg = NULL;
}
if (strncasecmp(reply, "TT ", 3) == 0) {
/* we have been given a blob to send to the client */
if (arg)
*arg++ = '\0';
safe_free(negotiate_request->server_blob);
negotiate_request->request->flags.must_keepalive = 1;
if (negotiate_request->request->flags.proxy_keepalive) {
negotiate_request->server_blob = xstrdup(blob);
negotiate_request->auth_state = AUTHENTICATE_STATE_NEGOTIATE;
safe_free(auth_user_request->message);
auth_user_request->message = xstrdup("Authentication in progress");
debug(29, 4) ("authenticateNegotiateHandleReply: Need to challenge the client with a server blob '%s'\n", blob);
} else {
negotiate_request->auth_state = AUTHENTICATE_STATE_FAILED;
safe_free(auth_user_request->message);
auth_user_request->message = xstrdup("NTLM authentication requires a persistent connection");
}
} else if (strncasecmp(reply, "AF ", 3) == 0 && arg != NULL) {
auth_user_hash_pointer *usernamehash;
/* we're finished, release the helper */
if (arg)
*arg++ = '\0';
safe_free(negotiate_user->username);
negotiate_user->username = xstrdup(arg);
safe_free(auth_user_request->message);
auth_user_request->message = xstrdup("Login successful");
safe_free(negotiate_request->server_blob);
negotiate_request->server_blob = xstrdup(blob);
debug(29, 4) ("authenticateNegotiateHandleReply: Successfully validated user via Negotiate. Username '%s'\n", arg);
/* this connection is authenticated */
debug(29, 4) ("authenticated user %s\n", negotiate_user->username);
/* see if this is an existing user with a different proxy_auth
* string */
usernamehash = hash_lookup(proxy_auth_username_cache, negotiate_user->username);
if (usernamehash) {
while (usernamehash && (usernamehash->auth_user->auth_type != auth_user->auth_type || authenticateNegotiatecmpUsername(usernamehash->auth_user->scheme_data, negotiate_user) != 0))
usernamehash = usernamehash->next;
}
if (usernamehash) {
/* we can't seamlessly recheck the username due to the
* challenge nature of the protocol. Just free the
* temporary auth_user */
authenticateAuthUserMerge(auth_user, usernamehash->auth_user);
auth_user = usernamehash->auth_user;
auth_user_request->auth_user = auth_user;
} else {
/* store user in hash's */
authenticateUserNameCacheAdd(auth_user);
}
/* set these to now because this is either a new login from an
* existing user or a new user */
auth_user->expiretime = current_time.tv_sec;
authenticateNegotiateReleaseServer(negotiate_request);
negotiate_request->auth_state = AUTHENTICATE_STATE_DONE;
} else if (strncasecmp(reply, "NA ", 3) == 0 && arg != NULL) {
if (arg)
*arg++ = '\0';
safe_free(auth_user_request->message);
auth_user_request->message = xstrdup(arg);
negotiate_request->auth_state = AUTHENTICATE_STATE_FAILED;
safe_free(negotiate_request->server_blob);
negotiate_request->server_blob = xstrdup(blob);
authenticateNegotiateReleaseServer(negotiate_request);
debug(29, 4) ("authenticateNegotiateHandleReply: Failed validating user via Negotiate. Error returned '%s'\n", arg);
} else if (strncasecmp(reply, "BH ", 3) == 0) {
/* TODO kick off a refresh process. This can occur after a YR or after
* a KK. If after a YR release the helper and resubmit the request via
* Authenticate Negotiate start.
* If after a KK deny the user's request w/ 407 and mark the helper as
* Needing YR. */
auth_user_request->message = xstrdup(blob);
negotiate_request->auth_state = AUTHENTICATE_STATE_FAILED;
safe_free(negotiate_request->server_blob);
authenticateNegotiateReleaseServer(negotiate_request);
debug(29, 1) ("authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned '%s'\n", reply);
} else {
fatalf("authenticateNegotiateHandleReply: *** Unsupported helper response ***, '%s'\n", reply);
}
requestUnlink(negotiate_request->request);
negotiate_request->request = NULL;
r->handler(r->data, NULL);
cbdataUnlock(r->data);
authenticateStateFree(r);
}
