projects / packages / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| d3969417 AM |
1 | Index: squid/src/acl.c |
| 2 | diff -c squid/src/acl.c:1.270.2.8 squid/src/acl.c:1.270.2.9 | |
| 3 | *** squid/src/acl.c:1.270.2.8 Sat Sep 7 09:13:05 2002 | |
| 4 | --- squid/src/acl.c Wed Oct 2 03:02:29 2002 | |
| 5 | *************** | |
| 6 | *** 1405,1411 **** | |
| 7 | } | |
| 8 | /* get authed here */ | |
| 9 | /* Note: this fills in checklist->auth_user_request when applicable */ | |
| 10 | ! switch (authenticateAuthenticate(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) { | |
| 11 | case AUTH_ACL_CANNOT_AUTHENTICATE: | |
| 12 | debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); | |
| 13 | return 0; | |
| 14 | --- 1405,1411 ---- | |
| 15 | } | |
| 16 | /* get authed here */ | |
| 17 | /* Note: this fills in checklist->auth_user_request when applicable */ | |
| 18 | ! switch (authenticateTryToAuthenticateAndSetAuthUser(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) { | |
| 19 | case AUTH_ACL_CANNOT_AUTHENTICATE: | |
| 20 | debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); | |
| 21 | return 0; | |
| 22 | Index: squid/src/authenticate.c | |
| 23 | diff -c squid/src/authenticate.c:1.36.2.2 squid/src/authenticate.c:1.36.2.3 | |
| 24 | *** squid/src/authenticate.c:1.36.2.2 Wed Jun 12 06:09:26 2002 | |
| 25 | --- squid/src/authenticate.c Wed Oct 2 03:02:29 2002 | |
| 26 | *************** | |
| 27 | *** 44,49 **** | |
| 28 | --- 44,50 ---- | |
| 29 | ||
| 30 | static void | |
| 31 | authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t * auth_user_request); | |
| 32 | + static auth_acl_t authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr); | |
| 33 | ||
| 34 | /* | |
| 35 | * | |
| 36 | *************** | |
| 37 | *** 424,429 **** | |
| 38 | --- 425,431 ---- | |
| 39 | { | |
| 40 | const char *proxy_auth; | |
| 41 | assert(headertype != 0); | |
| 42 | + | |
| 43 | proxy_auth = httpHeaderGetStr(&request->header, headertype); | |
| 44 | ||
| 45 | if (conn == NULL) { | |
| 46 | *************** | |
| 47 | *** 571,576 **** | |
| 48 | --- 573,600 ---- | |
| 49 | return AUTH_AUTHENTICATED; | |
| 50 | } | |
| 51 | ||
| 52 | + auth_acl_t | |
| 53 | + authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) | |
| 54 | + { | |
| 55 | + /* If we have already been called, return the cached value */ | |
| 56 | + auth_user_request_t *t = *auth_user_request ? *auth_user_request : conn->auth_user_request; | |
| 57 | + auth_acl_t result; | |
| 58 | + if (t && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE | |
| 59 | + && t->lastReply != AUTH_ACL_HELPER) { | |
| 60 | + if (!*auth_user_request) | |
| 61 | + *auth_user_request = t; | |
| 62 | + return t->lastReply; | |
| 63 | + } | |
| 64 | + | |
| 65 | + /* ok, call the actual authenticator routine. */ | |
| 66 | + result = authenticateAuthenticate(auth_user_request, headertype, request, conn, src_addr); | |
| 67 | + t = *auth_user_request ? *auth_user_request : conn->auth_user_request; | |
| 68 | + if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE && | |
| 69 | + result != AUTH_ACL_HELPER) | |
| 70 | + t->lastReply = result; | |
| 71 | + return result; | |
| 72 | + } | |
| 73 | + | |
| 74 | ||
| 75 | /* authenticateUserUsername: return a pointer to the username in the */ | |
| 76 | char * | |
| 77 | *************** | |
| 78 | *** 716,721 **** | |
| 79 | --- 740,747 ---- | |
| 80 | if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) | |
| 81 | && (authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader)) | |
| 82 | authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader(auth_user_request, rep, accelerated); | |
| 83 | + if (auth_user_request != NULL) | |
| 84 | + auth_user_request->lastReply = AUTH_ACL_CANNOT_AUTHENTICATE; | |
| 85 | } | |
| 86 | ||
| 87 | /* call the active auth module and allow it to add a trailer to the request */ | |
| 88 | Index: squid/src/client_side.c | |
| 89 | diff -c squid/src/client_side.c:1.561.2.20 squid/src/client_side.c:1.561.2.22 | |
| 90 | *** squid/src/client_side.c:1.561.2.20 Sun Sep 22 22:04:03 2002 | |
| 91 | --- squid/src/client_side.c Thu Oct 3 00:44:06 2002 | |
| 92 | *************** | |
| 93 | *** 1913,1919 **** | |
| 94 | http->range_iter.prefix_size = rep->hdr_sz; | |
| 95 | debug(33, 3) ("clientSendMoreData: Appending %d bytes after %d bytes of headers\n", | |
| 96 | (int) body_size, rep->hdr_sz); | |
| 97 | ! ch = aclChecklistCreate(Config.accessList.reply, http->request, NULL); | |
| 98 | ch->reply = rep; | |
| 99 | rv = aclCheckFast(Config.accessList.reply, ch); | |
| 100 | aclChecklistFree(ch); | |
| 101 | --- 1913,1919 ---- | |
| 102 | http->range_iter.prefix_size = rep->hdr_sz; | |
| 103 | debug(33, 3) ("clientSendMoreData: Appending %d bytes after %d bytes of headers\n", | |
| 104 | (int) body_size, rep->hdr_sz); | |
| 105 | ! ch = clientAclChecklistCreate(Config.accessList.reply, http); | |
| 106 | ch->reply = rep; | |
| 107 | rv = aclCheckFast(Config.accessList.reply, ch); | |
| 108 | aclChecklistFree(ch); | |
| 109 | Index: squid/src/protos.h | |
| 110 | diff -c squid/src/protos.h:1.420.2.12 squid/src/protos.h:1.420.2.13 | |
| 111 | *** squid/src/protos.h:1.420.2.12 Sat Sep 7 09:13:05 2002 | |
| 112 | --- squid/src/protos.h Wed Oct 2 03:02:30 2002 | |
| 113 | *************** | |
| 114 | *** 752,758 **** | |
| 115 | extern void authenticateShutdown(void); | |
| 116 | extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); | |
| 117 | extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); | |
| 118 | ! extern auth_acl_t authenticateAuthenticate(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr); | |
| 119 | extern void authenticateAuthUserUnlock(auth_user_t * auth_user); | |
| 120 | extern void authenticateAuthUserLock(auth_user_t * auth_user); | |
| 121 | extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); | |
| 122 | --- 752,758 ---- | |
| 123 | extern void authenticateShutdown(void); | |
| 124 | extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); | |
| 125 | extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); | |
| 126 | ! extern auth_acl_t authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr); | |
| 127 | extern void authenticateAuthUserUnlock(auth_user_t * auth_user); | |
| 128 | extern void authenticateAuthUserLock(auth_user_t * auth_user); | |
| 129 | extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); | |
| 130 | Index: squid/src/structs.h | |
| 131 | diff -c squid/src/structs.h:1.408.2.6 squid/src/structs.h:1.408.2.7 | |
| 132 | *** squid/src/structs.h:1.408.2.6 Sat Sep 7 17:11:23 2002 | |
| 133 | --- squid/src/structs.h Wed Oct 2 03:02:30 2002 | |
| 134 | *************** | |
| 135 | *** 138,143 **** | |
| 136 | --- 138,148 ---- | |
| 137 | void *scheme_data; | |
| 138 | /* how many 'processes' are working on this data */ | |
| 139 | size_t references; | |
| 140 | + /* We only attempt authentication once per http request. This | |
| 141 | + * is to allow multiple auth acl references from different _access areas | |
| 142 | + * when using connection based authentication | |
| 143 | + */ | |
| 144 | + auth_acl_t lastReply; | |
| 145 | }; | |
| 146 | ||
| 147 |