]>
Commit | Line | Data |
---|---|---|
d3969417 AM |
1 | Index: squid/src/acl.c |
2 | diff -c squid/src/acl.c:1.270.2.8 squid/src/acl.c:1.270.2.9 | |
3 | *** squid/src/acl.c:1.270.2.8 Sat Sep 7 09:13:05 2002 | |
4 | --- squid/src/acl.c Wed Oct 2 03:02:29 2002 | |
5 | *************** | |
6 | *** 1405,1411 **** | |
7 | } | |
8 | /* get authed here */ | |
9 | /* Note: this fills in checklist->auth_user_request when applicable */ | |
10 | ! switch (authenticateAuthenticate(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) { | |
11 | case AUTH_ACL_CANNOT_AUTHENTICATE: | |
12 | debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); | |
13 | return 0; | |
14 | --- 1405,1411 ---- | |
15 | } | |
16 | /* get authed here */ | |
17 | /* Note: this fills in checklist->auth_user_request when applicable */ | |
18 | ! switch (authenticateTryToAuthenticateAndSetAuthUser(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) { | |
19 | case AUTH_ACL_CANNOT_AUTHENTICATE: | |
20 | debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); | |
21 | return 0; | |
22 | Index: squid/src/authenticate.c | |
23 | diff -c squid/src/authenticate.c:1.36.2.2 squid/src/authenticate.c:1.36.2.3 | |
24 | *** squid/src/authenticate.c:1.36.2.2 Wed Jun 12 06:09:26 2002 | |
25 | --- squid/src/authenticate.c Wed Oct 2 03:02:29 2002 | |
26 | *************** | |
27 | *** 44,49 **** | |
28 | --- 44,50 ---- | |
29 | ||
30 | static void | |
31 | authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t * auth_user_request); | |
32 | + static auth_acl_t authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr); | |
33 | ||
34 | /* | |
35 | * | |
36 | *************** | |
37 | *** 424,429 **** | |
38 | --- 425,431 ---- | |
39 | { | |
40 | const char *proxy_auth; | |
41 | assert(headertype != 0); | |
42 | + | |
43 | proxy_auth = httpHeaderGetStr(&request->header, headertype); | |
44 | ||
45 | if (conn == NULL) { | |
46 | *************** | |
47 | *** 571,576 **** | |
48 | --- 573,600 ---- | |
49 | return AUTH_AUTHENTICATED; | |
50 | } | |
51 | ||
52 | + auth_acl_t | |
53 | + authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) | |
54 | + { | |
55 | + /* If we have already been called, return the cached value */ | |
56 | + auth_user_request_t *t = *auth_user_request ? *auth_user_request : conn->auth_user_request; | |
57 | + auth_acl_t result; | |
58 | + if (t && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE | |
59 | + && t->lastReply != AUTH_ACL_HELPER) { | |
60 | + if (!*auth_user_request) | |
61 | + *auth_user_request = t; | |
62 | + return t->lastReply; | |
63 | + } | |
64 | + | |
65 | + /* ok, call the actual authenticator routine. */ | |
66 | + result = authenticateAuthenticate(auth_user_request, headertype, request, conn, src_addr); | |
67 | + t = *auth_user_request ? *auth_user_request : conn->auth_user_request; | |
68 | + if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE && | |
69 | + result != AUTH_ACL_HELPER) | |
70 | + t->lastReply = result; | |
71 | + return result; | |
72 | + } | |
73 | + | |
74 | ||
75 | /* authenticateUserUsername: return a pointer to the username in the */ | |
76 | char * | |
77 | *************** | |
78 | *** 716,721 **** | |
79 | --- 740,747 ---- | |
80 | if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) | |
81 | && (authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader)) | |
82 | authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader(auth_user_request, rep, accelerated); | |
83 | + if (auth_user_request != NULL) | |
84 | + auth_user_request->lastReply = AUTH_ACL_CANNOT_AUTHENTICATE; | |
85 | } | |
86 | ||
87 | /* call the active auth module and allow it to add a trailer to the request */ | |
88 | Index: squid/src/client_side.c | |
89 | diff -c squid/src/client_side.c:1.561.2.20 squid/src/client_side.c:1.561.2.22 | |
90 | *** squid/src/client_side.c:1.561.2.20 Sun Sep 22 22:04:03 2002 | |
91 | --- squid/src/client_side.c Thu Oct 3 00:44:06 2002 | |
92 | *************** | |
93 | *** 1913,1919 **** | |
94 | http->range_iter.prefix_size = rep->hdr_sz; | |
95 | debug(33, 3) ("clientSendMoreData: Appending %d bytes after %d bytes of headers\n", | |
96 | (int) body_size, rep->hdr_sz); | |
97 | ! ch = aclChecklistCreate(Config.accessList.reply, http->request, NULL); | |
98 | ch->reply = rep; | |
99 | rv = aclCheckFast(Config.accessList.reply, ch); | |
100 | aclChecklistFree(ch); | |
101 | --- 1913,1919 ---- | |
102 | http->range_iter.prefix_size = rep->hdr_sz; | |
103 | debug(33, 3) ("clientSendMoreData: Appending %d bytes after %d bytes of headers\n", | |
104 | (int) body_size, rep->hdr_sz); | |
105 | ! ch = clientAclChecklistCreate(Config.accessList.reply, http); | |
106 | ch->reply = rep; | |
107 | rv = aclCheckFast(Config.accessList.reply, ch); | |
108 | aclChecklistFree(ch); | |
109 | Index: squid/src/protos.h | |
110 | diff -c squid/src/protos.h:1.420.2.12 squid/src/protos.h:1.420.2.13 | |
111 | *** squid/src/protos.h:1.420.2.12 Sat Sep 7 09:13:05 2002 | |
112 | --- squid/src/protos.h Wed Oct 2 03:02:30 2002 | |
113 | *************** | |
114 | *** 752,758 **** | |
115 | extern void authenticateShutdown(void); | |
116 | extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); | |
117 | extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); | |
118 | ! extern auth_acl_t authenticateAuthenticate(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr); | |
119 | extern void authenticateAuthUserUnlock(auth_user_t * auth_user); | |
120 | extern void authenticateAuthUserLock(auth_user_t * auth_user); | |
121 | extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); | |
122 | --- 752,758 ---- | |
123 | extern void authenticateShutdown(void); | |
124 | extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); | |
125 | extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); | |
126 | ! extern auth_acl_t authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr); | |
127 | extern void authenticateAuthUserUnlock(auth_user_t * auth_user); | |
128 | extern void authenticateAuthUserLock(auth_user_t * auth_user); | |
129 | extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); | |
130 | Index: squid/src/structs.h | |
131 | diff -c squid/src/structs.h:1.408.2.6 squid/src/structs.h:1.408.2.7 | |
132 | *** squid/src/structs.h:1.408.2.6 Sat Sep 7 17:11:23 2002 | |
133 | --- squid/src/structs.h Wed Oct 2 03:02:30 2002 | |
134 | *************** | |
135 | *** 138,143 **** | |
136 | --- 138,148 ---- | |
137 | void *scheme_data; | |
138 | /* how many 'processes' are working on this data */ | |
139 | size_t references; | |
140 | + /* We only attempt authentication once per http request. This | |
141 | + * is to allow multiple auth acl references from different _access areas | |
142 | + * when using connection based authentication | |
143 | + */ | |
144 | + auth_acl_t lastReply; | |
145 | }; | |
146 | ||
147 |