------------------------------------------------------------ revno: 13424 revision-id: squid3@treenet.co.nz-20140531155114-1abrec0jpy6nijdg parent: squid3@treenet.co.nz-20140528113834-do5q31cu02nez5b8 committer: Amos Jeffries branch nick: trunk timestamp: Sat 2014-05-31 08:51:14 -0700 message: Cleanup: de-duplicate auth_param realm configuration Move realm parse and config dump logics to Auth::Config base object. This de-duplicates Basic, Digest (and future schemes ie Bearer) config processing code. Also makes realm available to NTLM and Negotiate schemes, although at present it remains unused by those schemes. Also, convert the realm parameter string to an SBuf. Removing the need for some memory maintenance code. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20140531155114-1abrec0jpy6nijdg # target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # testament_sha1: fe08263ab1556fde89c33895bac39e98b7a1d788 # timestamp: 2014-05-31 16:53:52 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # base_revision_id: squid3@treenet.co.nz-20140528113834-\ # do5q31cu02nez5b8 # # Begin patch === modified file 'src/auth/Config.cc' --- src/auth/Config.cc 2014-05-28 11:38:34 +0000 +++ src/auth/Config.cc 2014-05-31 15:51:14 +0000 @@ -94,7 +94,23 @@ void Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) { - if (strcmp(param_str, "children") == 0) { + if (strcmp(param_str, "realm") == 0) { + realm.clear(); + + char *token = ConfigParser::NextQuotedOrToEol(); + + while (*token && xisspace(*token)) + ++token; + + if (!token || !*token) { + debugs(29, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: Missing auth_param " << scheme->type() << " realm"); + self_destruct(); + return; + } + + realm = token; + + } else if (strcmp(param_str, "children") == 0) { authenticateChildren.parseConfig(); } else if (strcmp(param_str, "key_extras") == 0) { @@ -122,6 +138,8 @@ void Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme) { + storeAppendPrintf(entry, "%s %s realm " SQUIDSBUFPH "\n", name, scheme->type(), SQUIDSBUFPRINT(realm)); + storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n", name, scheme->type(), authenticateChildren.n_max, authenticateChildren.n_startup, === modified file 'src/auth/Config.h' --- src/auth/Config.h 2014-02-10 17:18:48 +0000 +++ src/auth/Config.h 2014-05-31 15:51:14 +0000 @@ -148,6 +148,10 @@ wordlist *authenticateProgram; ///< Helper program to run, includes all parameters String keyExtrasLine; ///< The format of the request to the auth helper Format::Format *keyExtras; ///< The compiled request format + +protected: + /// RFC 7235 section 2.2 - Protection Space (Realm) + SBuf realm; }; typedef std::vector ConfigVector; === modified file 'src/auth/basic/auth_basic.cc' --- src/auth/basic/auth_basic.cc 2014-05-28 11:38:34 +0000 +++ src/auth/basic/auth_basic.cc 2014-05-31 15:51:14 +0000 @@ -76,8 +76,7 @@ bool Auth::Basic::Config::configured() const { - if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && - (basicAuthRealm != NULL)) { + if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && !realm.isEmpty()) { debugs(29, 9, HERE << "returning configured"); return true; } @@ -96,8 +95,8 @@ Auth::Basic::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (authenticateProgram) { - debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Basic realm=\"" << basicAuthRealm << "\"'"); - httpHeaderPutStrf(&rep->header, hdrType, "Basic realm=\"%s\"", basicAuthRealm); + debugs(29, 9, "Sending type:" << hdrType << " header: 'Basic realm=\"" << realm << "\"'"); + httpHeaderPutStrf(&rep->header, hdrType, "Basic realm=\"" SQUIDSBUFPH "\"", SQUIDSBUFPRINT(realm)); } } @@ -129,9 +128,6 @@ if (authenticateProgram) wordlistDestroy(&authenticateProgram); - - if (basicAuthRealm) - safe_free(basicAuthRealm); } void @@ -147,7 +143,6 @@ storeAppendPrintf(entry, "\n"); - storeAppendPrintf(entry, "%s basic realm %s\n", name, basicAuthRealm); storeAppendPrintf(entry, "%s basic credentialsttl %d seconds\n", name, (int) credentialsTTL); storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off"); Auth::Config::dump(entry, name, scheme); @@ -158,12 +153,8 @@ casesensitive(0), utf8(0) { - basicAuthRealm = xstrdup("Squid proxy-caching web server"); -} - -Auth::Basic::Config::~Config() -{ - safe_free(basicAuthRealm); + static const SBuf defaultRealm("Squid proxy-caching web server"); + realm = defaultRealm; } void @@ -176,8 +167,6 @@ parse_wordlist(&authenticateProgram); requirePathnameExists("auth_param basic program", authenticateProgram->key); - } else if (strcmp(param_str, "realm") == 0) { - parse_eol(&basicAuthRealm); } else if (strcmp(param_str, "credentialsttl") == 0) { parse_time_t(&credentialsTTL); } else if (strcmp(param_str, "casesensitive") == 0) { === modified file 'src/auth/basic/auth_basic.h' --- src/auth/basic/auth_basic.h 2013-12-06 14:59:47 +0000 +++ src/auth/basic/auth_basic.h 2014-05-31 15:51:14 +0000 @@ -23,7 +23,6 @@ { public: Config(); - ~Config(); virtual bool active() const; virtual bool configured() const; virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm); @@ -38,7 +37,6 @@ virtual const char * type() const; public: - char *basicAuthRealm; time_t credentialsTTL; int casesensitive; int utf8; === modified file 'src/auth/digest/auth_digest.cc' --- src/auth/digest/auth_digest.cc 2014-05-28 11:38:34 +0000 +++ src/auth/digest/auth_digest.cc 2014-05-31 15:51:14 +0000 @@ -499,8 +499,7 @@ list = list->next; } - storeAppendPrintf(entry, "\n%s %s realm %s\n%s %s nonce_max_count %d\n%s %s nonce_max_duration %d seconds\n%s %s nonce_garbage_interval %d seconds\n", - name, "digest", digestAuthRealm, + storeAppendPrintf(entry, "\n%s %s nonce_max_count %d\n%s %s nonce_max_duration %d seconds\n%s %s nonce_garbage_interval %d seconds\n", name, "digest", noncemaxuses, name, "digest", (int) noncemaxduration, name, "digest", (int) nonceGCInterval); @@ -518,7 +517,7 @@ { if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && - (digestAuthRealm != NULL) && (noncemaxduration > -1)) + !realm.isEmpty() && (noncemaxduration > -1)) return true; return false; @@ -550,12 +549,13 @@ } debugs(29, 9, "Sending type:" << hdrType << - " header: 'Digest realm=\"" << digestAuthRealm << "\", nonce=\"" << + " header: 'Digest realm=\"" << realm << "\", nonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\", qop=\"" << QOP_AUTH << "\", stale=" << (stale ? "true" : "false")); /* in the future, for WWW auth we may want to support the domain entry */ - httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s", digestAuthRealm, authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false"); + httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"" SQUIDSBUFPH "\", nonce=\"%s\", qop=\"%s\", stale=%s", + SQUIDSBUFPRINT(realm), authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false"); } /* Initialize helpers and the like for this auth scheme. Called AFTER parsing the @@ -613,12 +613,9 @@ if (authenticateProgram) wordlistDestroy(&authenticateProgram); - - safe_free(digestAuthRealm); } Auth::Digest::Config::Config() : - digestAuthRealm(NULL), nonceGCInterval(5*60), noncemaxduration(30*60), noncemaxuses(50), @@ -638,8 +635,6 @@ parse_wordlist(&authenticateProgram); requirePathnameExists("auth_param digest program", authenticateProgram->key); - } else if (strcmp(param_str, "realm") == 0) { - parse_eol(&digestAuthRealm); } else if (strcmp(param_str, "nonce_garbage_interval") == 0) { parse_time_t(&nonceGCInterval); } else if (strcmp(param_str, "nonce_max_duration") == 0) { === modified file 'src/auth/digest/auth_digest.h' --- src/auth/digest/auth_digest.h 2014-02-21 02:19:52 +0000 +++ src/auth/digest/auth_digest.h 2014-05-31 15:51:14 +0000 @@ -83,7 +83,6 @@ virtual const char * type() const; public: - char *digestAuthRealm; time_t nonceGCInterval; time_t noncemaxduration; unsigned int noncemaxuses;