if ((digestConfig->NonceStrictness && intnc != nonce->nc + 1) ||	intnc < nonce->nc + 1) {	debug(29, 4) ("authDigestNonceIsValid: Nonce count doesn't match\n");	nonce->flags.valid = 0;	return 0;    }    /* seems ok */    /* increment the nonce count - we've already checked that intnc is a     *  valid representation for us, so we don't need the test here.     */    nonce->nc = intnc;    return -1;}static intauthDigestNonceIsStale(digest_nonce_h * nonce){    /* do we have a nonce ? */    if (!nonce)	return -1;    /* has it's max duration expired? */    if (nonce->noncedata.creationtime + digestConfig->noncemaxduration < current_time.tv_sec) {	debug(29, 4) ("authDigestNonceIsStale: Nonce is too old. %ld %d %ld\n", (long int) nonce->noncedata.creationtime, (int) digestConfig->noncemaxduration, (long int) current_time.tv_sec);	nonce->flags.valid = 0;	return -1;    }    if (nonce->nc > 99999998) {	debug(29, 4) ("authDigestNonceIsStale: Nonce count overflow\n");	nonce->flags.valid = 0;	return -1;    }    if (nonce->nc > digestConfig->noncemaxuses) {	debug(29, 4) ("authDigestNoncelastRequest: Nonce count over user limit\n");	nonce->flags.valid = 0;	return -1;    }    /* seems ok */    return 0;}/* return -1 if the digest will be stale on the next request */static intauthDigestNonceLastRequest(digest_nonce_h * nonce){    if (!nonce)	return -1;    if (nonce->nc == 99999997) {	debug(29, 4) ("authDigestNoncelastRequest: Nonce count about to overflow\n");	return -1;    }    if (nonce->nc >= digestConfig->noncemaxuses - 1) {	debug(29, 4) ("authDigestNoncelastRequest: Nonce count about to hit user limit\n");	return -1;    }    /* and other tests are possible. */    return 0;}static voidauthDigestNoncePurge(digest_nonce_h * nonce){    if (!nonce)	return;    if (!nonce->flags.incache)	return;    hash_remove_link(digest_nonce_cache, &nonce->hash);    nonce->flags.incache = 0;    /* the cache's link */    authDigestNonceUnlink(nonce);}/* USER related functions */#if NOT_USEDstatic intauthDigestUsercmpname(digest_user_h * u1, digest_user_h * u2){    return strcmp(u1->username, u2->username);}#endifstatic auth_user_t *authDigestUserFindUsername(const char *username){    auth_user_hash_pointer *usernamehash;    auth_user_t *auth_user;    debug(29, 9) ("authDigestUserFindUsername: Looking for user '%s'\n", username);    if (username && (usernamehash = hash_lookup(proxy_auth_username_cache, username))) {	while ((usernamehash->auth_user->auth_type != AUTH_DIGEST) &&	    (usernamehash->next))	    usernamehash = usernamehash->next;	auth_user = NULL;	if (usernamehash->auth_user->auth_type == AUTH_DIGEST) {	    auth_user = usernamehash->auth_user;	}	return auth_user;    }    return NULL;}static digest_user_h *authDigestUserNew(void){    return memPoolAlloc(digest_user_pool);}static voidauthDigestUserSetup(void){    if (!digest_user_pool)	digest_user_pool = memPoolCreate("Digest Scheme User Data", sizeof(digest_user_h));}static voidauthDigestUserShutdown(void){    /*     * Future work: the auth framework could flush it's cache      */    auth_user_hash_pointer *usernamehash;    auth_user_t *auth_user;    hash_first(proxy_auth_username_cache);    while ((usernamehash = ((auth_user_hash_pointer *) hash_next(proxy_auth_username_cache)))) {	auth_user = usernamehash->auth_user;	if (authscheme_list[auth_user->auth_module - 1].typestr &&	    strcmp(authscheme_list[auth_user->auth_module - 1].typestr, "digest") == 0)	    /* it's digest */	    authenticateAuthUserUnlock(auth_user);    }    if (digest_user_pool) {	assert(memPoolInUseCount(digest_user_pool) == 0);	memPoolDestroy(digest_user_pool);	digest_user_pool = NULL;    }}/* request related functions *//* delete the digest reuqest structure. Does NOT delete related structures */static voidauthDigestRequestDelete(digest_request_h * digest_request){    if (digest_request->nonceb64)	xfree(digest_request->nonceb64);    if (digest_request->cnonce)	xfree(digest_request->cnonce);    if (digest_request->realm)	xfree(digest_request->realm);    if (digest_request->pszPass)	xfree(digest_request->pszPass);    if (digest_request->algorithm)	xfree(digest_request->algorithm);    if (digest_request->pszMethod)	xfree(digest_request->pszMethod);    if (digest_request->qop)	xfree(digest_request->qop);    if (digest_request->uri)	xfree(digest_request->uri);    if (digest_request->response)	xfree(digest_request->response);    if (digest_request->nonce)	authDigestNonceUnlink(digest_request->nonce);    memPoolFree(digest_request_pool, digest_request);}static voidauthDigestAURequestFree(auth_user_request_t * auth_user_request){    if (auth_user_request->scheme_data != NULL) {	authDigestRequestDelete((digest_request_h *) auth_user_request->scheme_data);	auth_user_request->scheme_data = NULL;    }}static digest_request_h *authDigestRequestNew(void){    digest_request_h *tmp;    tmp = memPoolAlloc(digest_request_pool);    assert(tmp != NULL);    return tmp;}static voidauthDigestRequestSetup(void){    if (!digest_request_pool)	digest_request_pool = memPoolCreate("Digest Scheme Request Data", sizeof(digest_request_h));}static voidauthDigestRequestShutdown(void){    /* No requests should be in progress when we get here */    if (digest_request_pool) {	assert(memPoolInUseCount(digest_request_pool) == 0);	memPoolDestroy(digest_request_pool);	digest_request_pool = NULL;    }}static voidauthDigestDone(void){    if (digestauthenticators)	helperShutdown(digestauthenticators);    authdigest_initialised = 0;    if (!shutting_down) {	authenticateDigestNonceReconfigure();	return;    }    if (digestauthenticators) {	helperFree(digestauthenticators);	digestauthenticators = NULL;    }    authDigestRequestShutdown();    authDigestUserShutdown();    authenticateDigestNonceShutdown();    debug(29, 2) ("authenticateDigestDone: Digest authentication shut down.\n");}static voidauthDigestCfgDump(StoreEntry * entry, const char *name, authScheme * scheme){    auth_digest_config *config = scheme->scheme_data;    wordlist *list = config->authenticate;    debug(29, 9) ("authDigestCfgDump: Dumping configuration\n");    storeAppendPrintf(entry, "%s %s", name, "digest");    while (list != NULL) {	storeAppendPrintf(entry, " %s", list->key);	list = list->next;    }    storeAppendPrintf(entry, "\n%s %s realm %s\n", name, "digest", config->digestAuthRealm);    storeAppendPrintf(entry, "%s %s children %d\n", name, "digest", config->authenticateChildren);    storeAppendPrintf(entry, "%s %s concurrency %d\n", name, "digest", config->authenticateConcurrency);    storeAppendPrintf(entry, "%s %s nonce_max_count %d\n", name, "digest", config->noncemaxuses);    storeAppendPrintf(entry, "%s %s nonce_max_duration %d seconds\n", name, "digest", (int) config->noncemaxduration);    storeAppendPrintf(entry, "%s %s nonce_garbage_interval %d seconds\n", name, "digest", (int) config->nonceGCInterval);}voidauthSchemeSetup_digest(authscheme_entry_t * authscheme){    assert(!authdigest_initialised);    authscheme->Active = authenticateDigestActive;    authscheme->configured = authDigestConfigured;    authscheme->parse = authDigestParse;    authscheme->checkconfig = authDigestCheckConfig;    authscheme->freeconfig = authDigestFreeConfig;    authscheme->dump = authDigestCfgDump;    authscheme->init = authDigestInit;    authscheme->authAuthenticate = authenticateDigestAuthenticateUser;    authscheme->authenticated = authDigestAuthenticated;    authscheme->authFixHeader = authenticateDigestFixHeader;    authscheme->FreeUser = authenticateDigestUserFree;    authscheme->AddHeader = authDigestAddHeader;#if WAITING_FOR_TE    authscheme->AddTrailer = authDigestAddTrailer;#endif    authscheme->authStart = authenticateDigestStart;    authscheme->authStats = authenticateDigestStats;    authscheme->authUserUsername = authenticateDigestUsername;    authscheme->getdirection = authenticateDigestDirection;    authscheme->oncloseconnection = NULL;    authscheme->decodeauth = authenticateDigestDecodeAuth;    authscheme->donefunc = authDigestDone;    authscheme->requestFree = authDigestAURequestFree;    authscheme->authConnLastHeader = NULL;}static intauthenticateDigestActive(void){    return (authdigest_initialised == 1) ? 1 : 0;}static intauthDigestConfigured(void){    if ((digestConfig != NULL) && (digestConfig->authenticate != NULL) &&	(digestConfig->authenticateChildren != 0) &&	(digestConfig->digestAuthRealm != NULL) && (digestConfig->noncemaxduration > -1))	return 1;    return 0;}static intauthDigestAuthenticated(auth_user_request_t * auth_user_request){    digest_request_h *request = auth_user_request->scheme_data;    assert(request);    if (request->flags.credentials_ok == 1)	return 1;    else	return 0;}/* log a digest user in */static voidauthenticateDigestAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type){    auth_user_t *auth_user;    digest_request_h *digest_request;    digest_user_h *digest_user;    HASHHEX SESSIONKEY;    HASHHEX HA2 = "";    HASHHEX Response;    assert(auth_user_request->auth_user != NULL);    auth_user = auth_user_request->auth_user;    assert(auth_user->scheme_data != NULL);    digest_user = auth_user->scheme_data;    digest_request = auth_user_request->scheme_data;    assert(auth_user_request->scheme_data != NULL);    /* if the check has corrupted the user, just return */    if (digest_request->flags.credentials_ok == 3) {	return;    }    /* do we have the HA1 */    if (!digest_user->HA1created) {	digest_request->flags.credentials_ok = 2;	return;    }    if (digest_request->nonce == NULL) {	/* this isn't a nonce we issued */	digest_request->flags.credentials_ok = 3;	return;    }    DigestCalcHA1(digest_request->algorithm, NULL, NULL, NULL,	authenticateDigestNonceNonceb64(digest_request->nonce),	digest_request->cnonce,	digest_user->HA1, SESSIONKEY);    DigestCalcResponse(SESSIONKEY, authenticateDigestNonceNonceb64(digest_request->nonce),	digest_request->nc, digest_request->cnonce, digest_request->qop,	RequestMethodStr[request->method], digest_request->uri, HA2, Response);    debug(29, 9) ("\nResponse = '%s'\n"	"squid is = '%s'\n", digest_request->response, Response);    if (strcasecmp(digest_request->response, Response) != 0) {	if (!digest_request->flags.helper_queried) {	    /* Query the helper in case the password has changed */	    digest_request->flags.helper_queried = 1;	    digest_request->flags.credentials_ok = 2;	    return;	}	if (digestConfig->PostWorkaround && request->method != METHOD_GET) {	    /* Ugly workaround for certain very broken browsers using the	     * wrong method to calculate the request-digest on POST request.	     * This should be deleted once Digest authentication becomes more	     * widespread and such broken browsers no longer are commonly	     * used.	     */	    DigestCalcResponse(SESSIONKEY, authenticateDigestNonceNonceb64(digest_request->nonce),