3 #include "acl/FilledChecklist.h"
4 #include "auth/UserRequest.h"
6 #include "auth/AclProxyAuth.h"
7 #include "HttpRequest.h"
9 /** retval -1 user not authenticated (authentication error?)
10 retval 0 user not authorized OR user authentication is in pgrogress
11 retval +1 user authenticated and authorized */
13 AuthenticateAcl(ACLChecklist
*ch
)
15 ACLFilledChecklist
*checklist
= Filled(ch
);
16 HttpRequest
*request
= checklist
->request
;
17 http_hdr_type headertype
;
19 if (NULL
== request
) {
20 fatal ("requiresRequest SHOULD have been true for this ACL!!");
22 } else if (request
->flags
.accelerated
) {
23 /* WWW authorization on accelerated requests */
24 headertype
= HDR_AUTHORIZATION
;
25 } else if (request
->flags
.intercepted
|| request
->flags
.spoof_client_ip
) {
26 debugs(28, DBG_IMPORTANT
, HERE
<< " authentication not applicable on intercepted requests.");
29 /* Proxy authorization on proxy requests */
30 headertype
= HDR_PROXY_AUTHORIZATION
;
34 /* Note: this fills in auth_user_request when applicable */
35 const auth_acl_t result
= AuthUserRequest::tryToAuthenticateAndSetAuthUser(
36 &checklist
->auth_user_request
, headertype
, request
,
37 checklist
->conn(), checklist
->src_addr
);
40 case AUTH_ACL_CANNOT_AUTHENTICATE
:
41 debugs(28, 4, HERE
<< "returning 0 user authenticated but not authorised.");
44 case AUTH_AUTHENTICATED
:
49 debugs(28, 4, HERE
<< "returning 0 sending credentials to helper.");
50 checklist
->changeState(ProxyAuthLookup::Instance());
53 case AUTH_ACL_CHALLENGE
:
54 debugs(28, 4, HERE
<< "returning 0 sending authentication challenge.");
55 checklist
->changeState (ProxyAuthNeeded::Instance());
59 fatal("unexpected authenticateAuthenticate reply\n");