Fwd: small bugs in authentication

This belongs here. I do not know why several people mail be directly
these days with things that should be addressed to
squid-dev@squid-cache.org.

If you address squid-dev material directly to me you are in a great
danger of the message being overlooked or forgotten when I am busy on
other tasks. Squid messages in my private mailbox then are easily
lost in all the noise.

Regards
Henrik

---------- Forwarded Message ----------

Subject: small bugs in authentication
Date: Wed, 01 May 2002 16:19:13 +0300
From: Evgeny Kotsuba <evgen@laser.ru>
To: hno@marasystems.com

Hi,

I start playing with authentication

1) FAQ should be changed in part of change of authentication's
keywords in squid.conf
The first rake that user of 2.4 will stand on will be change from
authenticate_program
to
auth_param & Co
=========================
2) Visibility of errors with authentication initialisation should be
enforced. For example,

\CVS\squid\src\auth\basic\auth_basic.c ->authBasicConfigured()
[ in brackets - hah, so ancient declaration - without (void) ]
{
[...]
    debug(29, 9) ("authBasicConfigured: returning unconfigured\n");
    return 0;
}
will be better

    debug(29,1) ("authBasicConfigured: WARNING: returning
unconfigured\n");
    return 0;
}

or even may be more human understandable

    debug(29,0) ("authBasicConfigured: WARNING: returning
unconfigured\n");
    if (basicConfig == NULL)
    { debug(29,0) ("authBasicConfigured: basicConfig undefined\n");
    } else {
      if (basicConfig->authenticate == NULL)
            debug(29,0) ("authBasicConfigured: authenticate
undefined\n");
      if (basicConfig->authenticateChildren == 0)
            debug(29,0) ("authBasicConfigured: authenticateChildren =
0\n");
      if (basicConfig->basicAuthRealm == NULL)
            debug(29,0) ("authBasicConfigured: basicAuthRealm
undefined\n");
    }
====================
3)
Why not all aclParseAclLine: error messages contain source line
 number ?
i.e.
\CVS\squid\src\acl.c

void
aclParseAclLine(acl ** head)
{
[.....]
    } else {
       if (acltype != A->type) {
           debug(28, 0) ("aclParseAclLine: ACL '%s' already exists
 with different type, skipping.\n", A->name);
/* proposed change to
          debug(28, 0) ("aclParseAclLine(line %d): ACL '%s' already
exists with different type, skipping.\n", config_lineno, A->name);
*/
           return;
       }
[.....]
    case ACL_PROXY_AUTH:
       if (authenticateSchemeCount() == 0) {
           debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL
 '%s' \
because no authentication schemes were compiled.\n", A->cfgline);
/* proposed change to
           debug(28, 0) ("aclParseAclLine(line %d): IGNORING: Proxy
 Auth ACL '%s' \
because no authentication schemes were compiled.\n", config_lineno,
A->cfgline);
*/
       } else if (authenticateActiveSchemeCount() == 0) {
           debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL
 '%s' \
because no authentication schemes are fully configured.\n",
 A->cfgline);

/* proposed change to
           debug(28, 0) ("aclParseAclLine(line %d): IGNORING: Proxy
 Auth ACL '%s' \
because no authentication schemes are fully configured.\n",
config_lineno, A->cfgline);
*/
       } else {
           aclParseUserList(&A->data);
       }
       break;
    case ACL_PROXY_AUTH_REGEX:
       if (authenticateSchemeCount() == 0) {
           debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL
 '%s' \
because no authentication schemes were compiled.\n", A->cfgline);
/* proposed change to
           debug(28, 0) ("aclParseAclLine(line %d): IGNORING: Proxy
 Auth ACL '%s' \
because no authentication schemes were compiled.\n",config_lineno,
A->cfgline);
*/
       } else if (authenticateActiveSchemeCount() == 0) {
           debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL
 '%s' \
because no authentication schemes are fully configured.\n",
 A->cfgline);

/* proposed change to
           debug(28, 0) ("aclParseAclLine(line %d): IGNORING: Proxy
 Auth ACL '%s' \
because no authentication schemes are fully
configured.\n",config_lineno, A->cfgline);
*/
       } else {
           aclParseRegexList(&A->data);
       }
       break;
[.......]
    /*
     * Clear AclMatchedName from our temporary hack
     */
    AclMatchedName = NULL; /* ugly */
    if (!new_acl)
       return;
    if (A->data == NULL) {
       debug(28, 0) ("aclParseAclLine: IGNORING invalid ACL: %s\n",
            A->cfgline);
/* proposed change to
       debug(28, 0) ("aclParseAclLine(line %d): IGNORING invalid ACL:
%s\n",
           config_lineno, A->cfgline);
*/

4) One more trouble is than errors with squid.conf reading and
parsing are not writes to cache.log due to the fact that
 _db_init(Config.Log.log, Config.debugOptions);
is called from mainInitialize(void) while squid.conf is parsing
 before. So if we'll turn all debug on we'll never see non-fatal
 errors with squid.conf reading

SY,
EK

-------------------------------------------------------
Received on Wed May 01 2002 - 13:39:54 MDT