3 #include "acl/FilledChecklist.h"
4 #include "auth/UserRequest.h"
6 #include "auth/AclProxyAuth.h"
7 #include "HttpRequest.h"
10 * \retval -1 user not authenticated (authentication error?)
11 * \retval 0 user not authorized OR user authentication is in progress
12 * \retval +1 user authenticated and authorized
15 AuthenticateAcl(ACLChecklist
*ch
)
17 ACLFilledChecklist
*checklist
= Filled(ch
);
18 HttpRequest
*request
= checklist
->request
;
19 http_hdr_type headertype
;
21 if (NULL
== request
) {
22 fatal ("requiresRequest SHOULD have been true for this ACL!!");
24 } else if (request
->flags
.accelerated
) {
25 /* WWW authorization on accelerated requests */
26 headertype
= HDR_AUTHORIZATION
;
27 } else if (request
->flags
.intercepted
|| request
->flags
.spoof_client_ip
) {
28 debugs(28, DBG_IMPORTANT
, HERE
<< " authentication not applicable on intercepted requests.");
31 /* Proxy authorization on proxy requests */
32 headertype
= HDR_PROXY_AUTHORIZATION
;
36 /* Note: this fills in auth_user_request when applicable */
39 * tryToAuthenticateAndSetAuthUser used to try to lock and
40 * unlock auth_user_request on our behalf, but it was too
41 * ugly and hard to follow. Now we do our own locking here.
44 * tryToAuthenticateAndSetAuthUser now only produces the auth_user_request object
45 * for use here. Will try to authenticate if missing. And fix-up request pointer if unset.
47 const auth_acl_t result
= AuthUserRequest::tryToAuthenticateAndSetAuthUser(
48 &checklist
->auth_user_request
, headertype
, request
,
49 checklist
->conn(), checklist
->src_addr
);
50 if (checklist
->auth_user_request
)
51 AUTHUSERREQUESTLOCK(checklist
->auth_user_request
, "ACLAuth::authenticated");
55 case AUTH_ACL_CANNOT_AUTHENTICATE
:
56 debugs(28, 4, HERE
<< "returning 0 user authenticated but not authorised.");
59 case AUTH_AUTHENTICATED
:
64 debugs(28, 4, HERE
<< "returning 0 sending credentials to helper.");
65 checklist
->changeState(ProxyAuthLookup::Instance());
68 case AUTH_ACL_CHALLENGE
:
69 debugs(28, 4, HERE
<< "returning 0 sending authentication challenge.");
70 checklist
->changeState (ProxyAuthNeeded::Instance());
74 fatal("unexpected authenticateAuthenticate reply\n");