debugs(29, 2, "Username for the nonce does not equal the username for the request");
nonce = NULL;
}
- /* check for stale nonce */
- if (authDigestNonceIsStale(nonce)) {
- debugs(29, 3, "The received nonce is stale from " << username);
- digest_request->setDenyMessage("Stale nonce");
- nonce = NULL;
- }
+
if (!nonce) {
/* we couldn't find a matching nonce! */
debugs(29, 2, "Unexpected or invalid nonce received from " << username);
}
/* check for stale nonce */
- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
- auth_user->credentials(Auth::Handshake);
- digest_request->setDenyMessage("Stale nonce");
+ /* check Auth::Pending to avoid loop */
+
+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
+ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
+ /* Pending prevent banner and makes a ldap control */
+ auth_user->credentials(Auth::Pending);
+ nonce->flags.valid = false;
+ authDigestNoncePurge(nonce);
return;
}
projects / thirdparty / squid.git / commitdiff
