------------------------------------------------------------ revno: 12671 revision-id: squid3@treenet.co.nz-20140220012041-hvcglecl6zpgyhdz parent: squid3@treenet.co.nz-20131215052323-ijocst9eqalo3mpw fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3969 author: Frederic Bourgeois committer: Amos Jeffries branch nick: 3.3 timestamp: Wed 2014-02-19 18:20:41 -0700 message: Bug 3969: user credentials cache lookup for Digest authentication broken Changes to the username credentials cache were made in Basic auth but the matching changes were not duplicated to Digest auth. Since the lookup is identical move it to generic Auth::Config. Also fixes assertion auth_digest.cc:759: "(nonce->user == NULL) || (nonce->user == user)" ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20140220012041-hvcglecl6zpgyhdz # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # testament_sha1: 8fbe832ee4e08acb4ef5fad6a38ae41ce79b0cfd # timestamp: 2014-02-20 01:54:13 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3 # base_revision_id: squid3@treenet.co.nz-20131215052323-\ # ijocst9eqalo3mpw # # Begin patch === modified file 'src/auth/Config.cc' --- src/auth/Config.cc 2012-09-01 14:38:36 +0000 +++ src/auth/Config.cc 2014-02-20 01:20:41 +0000 @@ -32,6 +32,7 @@ #include "squid.h" #include "auth/Config.h" +#include "auth/Gadgets.h" #include "auth/UserRequest.h" #include "Debug.h" #include "globals.h" @@ -76,3 +77,22 @@ void Auth::Config::registerWithCacheManager(void) {} + +Auth::User::Pointer +Auth::Config::findUserInCache(const char *nameKey, Auth::Type authType) +{ + AuthUserHashPointer *usernamehash; + debugs(29, 9, "Looking for user '" << nameKey << "'"); + + if (nameKey && (usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, nameKey)))) { + while (usernamehash) { + if ((usernamehash->user()->auth_type == authType) && + !strcmp(nameKey, (char const *)usernamehash->key)) + return usernamehash->user(); + + usernamehash = static_cast(usernamehash->next); + } + } + + return NULL; +} === modified file 'src/auth/Config.h' --- src/auth/Config.h 2012-09-01 14:38:36 +0000 +++ src/auth/Config.h 2014-02-20 01:20:41 +0000 @@ -122,6 +122,9 @@ /** add headers as needed when challenging for auth */ virtual void fixHeader(UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0; + /// Find any existing user credentials in the authentication cache by name and type. + virtual Auth::User::Pointer findUserInCache(const char *nameKey, Auth::Type type); + /** prepare to handle requests */ virtual void init(Config *) = 0; === modified file 'src/auth/basic/auth_basic.cc' --- src/auth/basic/auth_basic.cc 2012-09-01 14:38:36 +0000 +++ src/auth/basic/auth_basic.cc 2014-02-20 01:20:41 +0000 @@ -195,25 +195,6 @@ helperStats(sentry, basicauthenticators, "Basic Authenticator Statistics"); } -static Auth::User::Pointer -authBasicAuthUserFindUsername(const char *username) -{ - AuthUserHashPointer *usernamehash; - debugs(29, 9, HERE << "Looking for user '" << username << "'"); - - if (username && (usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, username)))) { - while (usernamehash) { - if ((usernamehash->user()->auth_type == Auth::AUTH_BASIC) && - !strcmp(username, (char const *)usernamehash->key)) - return usernamehash->user(); - - usernamehash = static_cast(usernamehash->next); - } - } - - return NULL; -} - char * Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) { @@ -310,7 +291,7 @@ /* now lookup and see if we have a matching auth_user structure in memory. */ Auth::User::Pointer auth_user; - if ((auth_user = authBasicAuthUserFindUsername(lb->username())) == NULL) { + if ((auth_user = findUserInCache(lb->username(), Auth::AUTH_BASIC)) == NULL) { /* the user doesn't exist in the username cache yet */ /* save the credentials */ debugs(29, 9, HERE << "Creating new user '" << lb->username() << "'"); === modified file 'src/auth/digest/auth_digest.cc' --- src/auth/digest/auth_digest.cc 2013-11-20 00:10:16 +0000 +++ src/auth/digest/auth_digest.cc 2014-02-20 01:20:41 +0000 @@ -476,25 +476,6 @@ authDigestNonceUnlink(nonce); } -/* USER related functions */ -static Auth::User::Pointer -authDigestUserFindUsername(const char *username) -{ - AuthUserHashPointer *usernamehash; - debugs(29, 9, HERE << "Looking for user '" << username << "'"); - - if (username && (usernamehash = static_cast < AuthUserHashPointer * >(hash_lookup(proxy_auth_username_cache, username)))) { - while ((usernamehash->user()->auth_type != Auth::AUTH_DIGEST) && (usernamehash->next)) - usernamehash = static_cast(usernamehash->next); - - if (usernamehash->user()->auth_type == Auth::AUTH_DIGEST) { - return usernamehash->user(); - } - } - - return NULL; -} - void Auth::Digest::Config::rotateHelpers() { @@ -729,7 +710,7 @@ { dlink_node *node; - if (!user || !nonce) + if (!user || !nonce || !nonce->user) return; Auth::Digest::User *digest_user = user; @@ -1076,7 +1057,7 @@ Auth::User::Pointer auth_user; - if ((auth_user = authDigestUserFindUsername(username)) == NULL) { + if ((auth_user = findUserInCache(username, Auth::AUTH_DIGEST)) == NULL) { /* the user doesn't exist in the username cache yet */ debugs(29, 9, HERE << "Creating new digest user '" << username << "'"); digest_user = new Auth::Digest::User(this);