From 972952bb7b44e8c7c469acd34131232d370ded53 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 10 May 2006 22:54:23 +0000 Subject: Keep cached user name around when doing NTLM auth. --- daemon/ntlm.c | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) (limited to 'daemon') diff --git a/daemon/ntlm.c b/daemon/ntlm.c index 8c9e0af..53d960d 100644 --- a/daemon/ntlm.c +++ b/daemon/ntlm.c @@ -61,12 +61,12 @@ typedef struct ntlm_context const char* server; /* Server to authenticate against */ const char* domain; /* NTLM domain to authenticate against */ const char* backup; /* Backup server if primary is down */ - int pending_max; /* Maximum number of connections at once */ + int pending_max; /* Maximum number of connections at once */ int pending_timeout; /* Timeout for authentication (in seconds) */ /* Require Locking --------------------------------------------------- */ - hsh_t* pending; /* Pending connections */ - hsh_t* established; /* Established connections */ + hsh_t* pending; /* Pending connections */ + hsh_t* established; /* Established connections */ } ntlm_context_t; @@ -145,6 +145,11 @@ static void free_hash_object(void* arg, void* val) } } +static void free_string(void* arg, void* val) +{ + free (val); +} + static ntlm_connection_t* getpending(ntlm_context_t* ctx, const void* key) { ntlm_connection_t* ret; @@ -214,13 +219,15 @@ int ntlm_auth_basic(ha_request_t* rq, ntlm_context_t* ctx, unsigned char* key, /* Check and see if this connection is in the cache */ ha_lock(NULL); - if(hsh_get(ctx->established, basic.key) == NTLM_ESTABLISHED) + if(hsh_get(ctx->established, basic.key) != NULL) found = 1; ha_unlock(NULL); if(found) + { ha_messagex(rq, LOG_NOTICE, "validated basic user against cache: %s", basic.user); + } else { @@ -277,7 +284,7 @@ int ntlm_auth_basic(ha_request_t* rq, ntlm_context_t* ctx, unsigned char* key, ha_lock(NULL); /* We put this connection into the successful connections */ - r = hsh_set(ctx->established, basic.key, NTLM_ESTABLISHED); + r = hsh_set(ctx->established, basic.key, strdup(basic.user)); ha_unlock(NULL); @@ -507,7 +514,7 @@ int ntlm_auth_ntlm(ha_request_t* rq, ntlm_context_t* ctx, void* key, ha_lock(NULL); /* We put this connection into the successful connections */ - r = hsh_set(ctx->established, key, NTLM_ESTABLISHED); + r = hsh_set(ctx->established, key, strdup((char*)ntlmssp.user)); ha_unlock(NULL); @@ -622,6 +629,10 @@ int ntlm_init(ha_context_t* context) htc.arg = NULL; hsh_set_table_calls(ctx->pending, &htc); + htc.f_freeval = free_string; + htc.arg = NULL; + hsh_set_table_calls(ctx->established, &htc); + ha_messagex(NULL, LOG_INFO, "initialized ntlm handler"); } @@ -675,6 +686,7 @@ int ntlm_process(ha_request_t* rq) const char* header = NULL; time_t t = time(NULL); int ret = 0, r; + char *user; ASSERT(rq); ASSERT(rq->req_args[AUTH_ARG_CONN]); @@ -745,18 +757,19 @@ int ntlm_process(ha_request_t* rq) * allow connections to be re-authenticated. */ - if(hsh_get(ctx->established, key) == NTLM_ESTABLISHED) + user = hsh_get(ctx->established, key); + if(user != NULL) { hsh_touch(ctx->established, key); rq->resp_code = HA_SERVER_OK; + rq->resp_detail = user; } ha_unlock(NULL); if(rq->resp_code == HA_SERVER_OK) - ha_messagex(rq, LOG_NOTICE, "validated user against connection cache"); - - /* TODO: We need to be able to retrieve the user here somehow */ + ha_messagex(rq, LOG_NOTICE, "validated user against connection cache: %s", + user); } -- cgit v1.2.3