// Authentication ACL result states
ACCESS_AUTH_REQUIRED, // Missing Credentials
- ACCESS_AUTH_EXPIRED_OK, // Expired now. Were Okay.
- ACCESS_AUTH_EXPIRED_BAD // Expired now. Were Failed.
} allow_t;
inline std::ostream &
case ACCESS_AUTH_REQUIRED:
o << "AUTH_REQUIRED";
break;
- case ACCESS_AUTH_EXPIRED_OK:
- o << "AUTH_EXPIRED_OK";
- break;
- case ACCESS_AUTH_EXPIRED_BAD:
- o << "AUTH_EXPIRED_BAD";
- break;
}
return o;
}
// convert to tri-state ACL match 1,0,-1
switch (answer) {
case ACCESS_ALLOWED:
- case ACCESS_AUTH_EXPIRED_OK:
// check for a match
ti = match(checklist->auth_user_request, checklist->src_addr);
checklist->auth_user_request = NULL;
return ti;
case ACCESS_DENIED:
- case ACCESS_AUTH_EXPIRED_BAD:
return 0; // non-match
case ACCESS_DUNNO:
// convert to tri-state ACL match 1,0,-1
switch (answer) {
case ACCESS_ALLOWED:
- case ACCESS_AUTH_EXPIRED_OK:
// check for a match
return matchProxyAuth(checklist);
case ACCESS_DENIED:
- case ACCESS_AUTH_EXPIRED_BAD:
return 0; // non-match
case ACCESS_DUNNO:
proxy_auth_msg = http->request->auth_user_request->denyMessage("<null>");
#endif
- if (answer != ACCESS_ALLOWED && answer != ACCESS_AUTH_EXPIRED_OK) {
+ if (answer != ACCESS_ALLOWED) {
// auth has a grace period where credentials can be expired but okay not to challenge.
/* Send an auth challenge or error */
// XXX: do we still need aclIsProxyAuth() ?
- bool auth_challenge = (answer == ACCESS_AUTH_REQUIRED || answer == ACCESS_AUTH_EXPIRED_BAD || aclIsProxyAuth(AclMatchedName));
+ bool auth_challenge = (answer == ACCESS_AUTH_REQUIRED || aclIsProxyAuth(AclMatchedName));
debugs(85, 5, "Access Denied: " << http->uri);
debugs(85, 5, "AclMatchedName = " << (AclMatchedName ? AclMatchedName : "<null>"));
#if USE_AUTH
return;
}
- /* ACCESS_ALLOWED (or auth in grace period ACCESS_AUTH_EXPIRED_OK) continues here ... */
+ /* ACCESS_ALLOWED continues here ... */
safe_free(http->uri);
http->uri = xstrdup(urlCanonical(http->request));
// convert to tri-state ACL match 1,0,-1
switch (answer) {
case ACCESS_ALLOWED:
- case ACCESS_AUTH_EXPIRED_OK:
return 1; // match
case ACCESS_DENIED:
- case ACCESS_AUTH_EXPIRED_BAD:
return 0; // non-match
case ACCESS_DUNNO:
case ACCESS_DUNNO: // not relevant.
break;
case ACCESS_AUTH_REQUIRED:
- case ACCESS_AUTH_EXPIRED_OK:
- case ACCESS_AUTH_EXPIRED_BAD:
debugs(44, DBG_IMPORTANT, "WARNING: never_direct resulted in " << answer << ". Username ACLs are not reliable here.");
break;
}
case ACCESS_DUNNO: // not relevant.
break;
case ACCESS_AUTH_REQUIRED:
- case ACCESS_AUTH_EXPIRED_OK:
- case ACCESS_AUTH_EXPIRED_BAD:
debugs(44, DBG_IMPORTANT, "WARNING: always_direct resulted in " << answer << ". Username ACLs are not reliable here.");
break;
}
projects / thirdparty / squid.git / commitdiff
