Index: squid/src/acl.c diff -c squid/src/acl.c:1.270.2.8 squid/src/acl.c:1.270.2.9 *** squid/src/acl.c:1.270.2.8 Sat Sep 7 09:13:05 2002 --- squid/src/acl.c Wed Oct 2 03:02:29 2002 *************** *** 1405,1411 **** } /* get authed here */ /* Note: this fills in checklist->auth_user_request when applicable */ ! switch (authenticateAuthenticate(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) { case AUTH_ACL_CANNOT_AUTHENTICATE: debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); return 0; --- 1405,1411 ---- } /* get authed here */ /* Note: this fills in checklist->auth_user_request when applicable */ ! switch (authenticateTryToAuthenticateAndSetAuthUser(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) { case AUTH_ACL_CANNOT_AUTHENTICATE: debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); return 0; Index: squid/src/authenticate.c diff -c squid/src/authenticate.c:1.36.2.2 squid/src/authenticate.c:1.36.2.3 *** squid/src/authenticate.c:1.36.2.2 Wed Jun 12 06:09:26 2002 --- squid/src/authenticate.c Wed Oct 2 03:02:29 2002 *************** *** 44,49 **** --- 44,50 ---- static void authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t * auth_user_request); + static auth_acl_t authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr); /* * *************** *** 424,429 **** --- 425,431 ---- { const char *proxy_auth; assert(headertype != 0); + proxy_auth = httpHeaderGetStr(&request->header, headertype); if (conn == NULL) { *************** *** 571,576 **** --- 573,600 ---- return AUTH_AUTHENTICATED; } + auth_acl_t + authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) + { + /* If we have already been called, return the cached value */ + auth_user_request_t *t = *auth_user_request ? *auth_user_request : conn->auth_user_request; + auth_acl_t result; + if (t && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE + && t->lastReply != AUTH_ACL_HELPER) { + if (!*auth_user_request) + *auth_user_request = t; + return t->lastReply; + } + + /* ok, call the actual authenticator routine. */ + result = authenticateAuthenticate(auth_user_request, headertype, request, conn, src_addr); + t = *auth_user_request ? *auth_user_request : conn->auth_user_request; + if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE && + result != AUTH_ACL_HELPER) + t->lastReply = result; + return result; + } + /* authenticateUserUsername: return a pointer to the username in the */ char * *************** *** 716,721 **** --- 740,747 ---- if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) && (authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader)) authscheme_list[auth_user_request->auth_user->auth_module - 1].AddHeader(auth_user_request, rep, accelerated); + if (auth_user_request != NULL) + auth_user_request->lastReply = AUTH_ACL_CANNOT_AUTHENTICATE; } /* call the active auth module and allow it to add a trailer to the request */ Index: squid/src/client_side.c diff -c squid/src/client_side.c:1.561.2.20 squid/src/client_side.c:1.561.2.22 *** squid/src/client_side.c:1.561.2.20 Sun Sep 22 22:04:03 2002 --- squid/src/client_side.c Thu Oct 3 00:44:06 2002 *************** *** 1913,1919 **** http->range_iter.prefix_size = rep->hdr_sz; debug(33, 3) ("clientSendMoreData: Appending %d bytes after %d bytes of headers\n", (int) body_size, rep->hdr_sz); ! ch = aclChecklistCreate(Config.accessList.reply, http->request, NULL); ch->reply = rep; rv = aclCheckFast(Config.accessList.reply, ch); aclChecklistFree(ch); --- 1913,1919 ---- http->range_iter.prefix_size = rep->hdr_sz; debug(33, 3) ("clientSendMoreData: Appending %d bytes after %d bytes of headers\n", (int) body_size, rep->hdr_sz); ! ch = clientAclChecklistCreate(Config.accessList.reply, http); ch->reply = rep; rv = aclCheckFast(Config.accessList.reply, ch); aclChecklistFree(ch); Index: squid/src/protos.h diff -c squid/src/protos.h:1.420.2.12 squid/src/protos.h:1.420.2.13 *** squid/src/protos.h:1.420.2.12 Sat Sep 7 09:13:05 2002 --- squid/src/protos.h Wed Oct 2 03:02:30 2002 *************** *** 752,758 **** extern void authenticateShutdown(void); extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); ! extern auth_acl_t authenticateAuthenticate(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr); extern void authenticateAuthUserUnlock(auth_user_t * auth_user); extern void authenticateAuthUserLock(auth_user_t * auth_user); extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); --- 752,758 ---- extern void authenticateShutdown(void); extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, request_t *, int, int); extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, request_t *, int); ! extern auth_acl_t authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t **, http_hdr_type, request_t *, ConnStateData *, struct in_addr); extern void authenticateAuthUserUnlock(auth_user_t * auth_user); extern void authenticateAuthUserLock(auth_user_t * auth_user); extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); Index: squid/src/structs.h diff -c squid/src/structs.h:1.408.2.6 squid/src/structs.h:1.408.2.7 *** squid/src/structs.h:1.408.2.6 Sat Sep 7 17:11:23 2002 --- squid/src/structs.h Wed Oct 2 03:02:30 2002 *************** *** 138,143 **** --- 138,148 ---- void *scheme_data; /* how many 'processes' are working on this data */ size_t references; + /* We only attempt authentication once per http request. This + * is to allow multiple auth acl references from different _access areas + * when using connection based authentication + */ + auth_acl_t lastReply; };