svn commit: lorikeet r57 - in trunk/mod_ntlm_winbind: .
abartlet at samba.org
abartlet at samba.org
Tue Sep 14 02:22:31 GMT 2004
Author: abartlet
Date: 2004-09-14 02:22:30 +0000 (Tue, 14 Sep 2004)
New Revision: 57
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/mod_ntlm_winbind&rev=57&nolog=1
Log:
Try to re-use the helper, when possible. This avoids the load of a
fork()/exec() for every incoming authentication.
Andrew Bartlett
Modified:
trunk/mod_ntlm_winbind/mod_ntlm_winbind.c
Changeset:
Modified: trunk/mod_ntlm_winbind/mod_ntlm_winbind.c
===================================================================
--- trunk/mod_ntlm_winbind/mod_ntlm_winbind.c 2004-09-09 10:44:16 UTC (rev 56)
+++ trunk/mod_ntlm_winbind/mod_ntlm_winbind.c 2004-09-14 02:22:30 UTC (rev 57)
@@ -101,15 +101,21 @@
/* A structure to hold per-connection information about authentications
that are in progress. */
-typedef struct ntlm_connection_struct {
+struct ntlm_connection {
int sent_challenge;
char *user;
int auth_ok;
int helper_pid;
BUFF *out_to_helper, *in_from_helper;
ap_pool *pool;
-} ntlm_connection_rec;
+};
+struct ntlm_authenticated {
+ char *user;
+ int auth_ok;
+ ap_pool *pool;
+};
+
struct ntlm_child_stuff {
request_rec *r;
char *argv0;
@@ -129,8 +135,10 @@
because we are only ever processing one authentication request per
apache daemon. */
-static ntlm_connection_rec *ntlm_connection;
+static struct ntlm_connection *ntlm_connection;
+static struct ntlm_authenticated *ntlm_authenticated;
+
/* Extra apache configuration directives defined for this module */
static const command_rec ntlm_winbind_cmds[] = {
@@ -179,7 +187,7 @@
/* Authorisation has failed - we set some headers so the client can
get the hint and prompt for a password from the user. */
-static void
+static int
note_ntlm_auth_failure(request_rec * r)
{
ntlm_config_rec *crec
@@ -206,19 +214,37 @@
r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
line);
}
+
+ if (ntlm_authenticated) {
+ ap_destroy_pool(ntlm_authenticated->pool);
+ }
+ return HTTP_UNAUTHORIZED;
}
+
/* Dispose of a connection */
static void
cleanup_ntlm_connection(void *ntlm_conn_v)
{
- ntlm_connection_rec **ntlm_conn = ntlm_conn_v;
+ struct ntlm_connection **ntlm_conn = ntlm_conn_v;
ap_bclose((*ntlm_conn)->out_to_helper);
ap_bclose((*ntlm_conn)->in_from_helper);
- *ntlm_conn = NULL;
+
+ /* references the global */
+ ntlm_connection = NULL;
}
+/* Dispose of a connected user */
+
+static void
+cleanup_ntlm_authenticated(void *ntlm_conn_v)
+{
+ struct ntlm_authenticated **ntlm_auth = ntlm_conn_v;
+ /* references the global */
+ ntlm_authenticated = NULL;
+}
+
const char *
get_ntlm_header(request_rec * r, ntlm_config_rec * crec)
{
@@ -394,12 +420,11 @@
if (ntlm_connection == NULL) {
struct ntlm_child_stuff cld;
- ap_pool *pool = ap_make_sub_pool(r->connection->pool);
+ ap_pool *pool = ap_make_sub_pool(NULL);
ntlm_connection = ap_pcalloc(pool,
- sizeof(ntlm_connection_rec));
+ sizeof(struct ntlm_connection));
ntlm_connection->pool = pool;
- ntlm_connection->auth_ok = 0;
ntlm_connection->helper_pid = 0;
ap_register_cleanup(pool, &ntlm_connection, cleanup_ntlm_connection,
@@ -418,18 +443,21 @@
"couldn't spawn child ntlm helper process: %s", cld.argv0);
return HTTP_INTERNAL_SERVER_ERROR;
}
+ }
+
+ if (ntlm_authenticated == NULL) {
+ ap_pool *pool = ap_make_sub_pool(r->connection->pool);
+ ntlm_authenticated = ap_pcalloc(pool,
+ sizeof(ntlm_authenticated));
+
+ ap_register_cleanup(pool, &ntlm_authenticated, cleanup_ntlm_authenticated,
+ ap_null_cleanup);
+
+ ntlm_authenticated->pool = pool;
+ ntlm_authenticated->auth_ok = 0;
+ ntlm_authenticated->user = NULL;
message_type = "YR";
- } else if (ntlm_connection->auth_ok && ntlm_connection->user) {
- ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
- "silent reauthentication");
-
- /* silently accept login with same credentials */
- r->connection->user = ap_pstrdup(r->connection->pool,
- ntlm_connection->user);
- r->connection->ap_auth_type = ap_pstrdup(r->connection->pool,
- NTLM_AUTH_NAME);
- return OK;
} else {
message_type = "KK";
}
@@ -439,9 +467,7 @@
if ((ntlmssp = get_ntlm_header(r, crec)) == NULL) {
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"client did not return NTLM authenticaiton header");
- note_ntlm_auth_failure(r);
- ap_destroy_pool(ntlm_connection->pool);
- return HTTP_UNAUTHORIZED;
+ return note_ntlm_auth_failure(r);
}
/* Pipe to helper */
@@ -452,7 +478,8 @@
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"failed to write NTLMSSP string to helper - wrote %d bytes", bytes_written);
ap_destroy_pool(ntlm_connection->pool);
- return HTTP_UNAUTHORIZED;
+ ap_destroy_pool(ntlm_authenticated->pool);
+ return HTTP_INTERNAL_SERVER_ERROR;
}
ap_bflush(ntlm_connection->out_to_helper);
@@ -462,17 +489,20 @@
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"early EOF from helper");
ap_destroy_pool(ntlm_connection->pool);
- return HTTP_UNAUTHORIZED;
+ ap_destroy_pool(ntlm_authenticated->pool);
+ return HTTP_INTERNAL_SERVER_ERROR;
} else if (bytes_read == -1) {
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"helper dies!");
ap_destroy_pool(ntlm_connection->pool);
- return HTTP_UNAUTHORIZED;
+ ap_destroy_pool(ntlm_authenticated->pool);
+ return HTTP_INTERNAL_SERVER_ERROR;
} else if (bytes_read < 2) {
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"failed to read NTLMSSP string from helper - only got %d bytes", bytes_read);
ap_destroy_pool(ntlm_connection->pool);
- return HTTP_UNAUTHORIZED;
+ ap_destroy_pool(ntlm_authenticated->pool);
+ return HTTP_INTERNAL_SERVER_ERROR;
}
newline = strchr(argsbuffer, '\n');
@@ -488,6 +518,7 @@
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"failed to parse response from helper");
ap_destroy_pool(ntlm_connection->pool);
+ ap_destroy_pool(ntlm_authenticated->pool);
return HTTP_UNAUTHORIZED;
}
childarg++;
@@ -501,23 +532,17 @@
/* if NA, not authenticated */
if (strncmp(argsbuffer, "NA ", 3) == 0) {
- note_ntlm_auth_failure(r);
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"user not authenticated: %s", childarg);
- ap_destroy_pool(ntlm_connection->pool);
- return HTTP_UNAUTHORIZED;
+ return note_ntlm_auth_failure(r);
}
/* if AF, record username */
if (strncmp(argsbuffer, "AF ", 3) == 0) {
- ntlm_connection->auth_ok = 1;
-
- ntlm_connection->user = ap_pstrdup(ntlm_connection->pool,
- childarg);
- r->connection->user = ap_pstrdup(r->connection->pool,
- childarg);
- r->connection->ap_auth_type = ap_pstrdup(r->connection->pool,
- NTLM_AUTH_NAME);
+ ntlm_authenticated->user = ap_pstrdup(ntlm_authenticated->pool,
+ childarg);
+ r->connection->user = ntlm_authenticated->user;
+ r->connection->ap_auth_type = NTLM_AUTH_NAME;
return OK;
}
@@ -525,9 +550,9 @@
ap_log_rerror(APLOG_MARK, NTLM_DEBUG, r,
"could not parse NTLM helper callback: %s", argsbuffer);
-
ap_destroy_pool(ntlm_connection->pool);
- return HTTP_BAD_REQUEST;
+ ap_destroy_pool(ntlm_authenticated->pool);
+ return HTTP_INTERNAL_SERVER_ERROR;
}
/* Called to create a configuration structure for each <Directory> section
@@ -636,9 +661,10 @@
/* Trust the authentication on an existing connection */
- if (ntlm_connection && ntlm_connection->auth_ok) {
- r->connection->user = ntlm_connection->user;
- r->connection->ap_auth_type = "NTLM";
+ if (ntlm_authenticated && ntlm_authenticated->auth_ok) {
+ /* silently accept login with same credentials */
+ r->connection->user = ntlm_authenticated->user;
+ r->connection->ap_auth_type = NTLM_AUTH_NAME;
return OK;
}
More information about the samba-cvs
mailing list