From 1ab50efa7d0e27664f91ef0422b7cca2607fae6c Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 15 Jul 2009 23:35:00 +1200
Subject: [PATCH] Revert Auth changes from b9814

---
 src/auth/Acl.cc         | 19 ++++++++++---------
 src/auth/UserRequest.cc | 10 ++++------
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/src/auth/Acl.cc b/src/auth/Acl.cc
index affaffafae..dddea7d0d4 100644
--- a/src/auth/Acl.cc
+++ b/src/auth/Acl.cc
@@ -6,11 +6,9 @@
 #include "auth/AclProxyAuth.h"
 #include "HttpRequest.h"
 
-/**
- * \retval -1 user not authenticated (authentication error?)
- * \retval  0 user not authorized OR user authentication is in progress
- * \retval +1 user authenticated and authorized
- */
+/** retval -1 user not authenticated (authentication error?)
+    retval  0 user not authorized OR user authentication is in pgrogress
+    retval +1 user authenticated and authorized */
 int
 AuthenticateAcl(ACLChecklist *ch)
 {
@@ -40,16 +38,19 @@ AuthenticateAcl(ACLChecklist *ch)
      * unlock auth_user_request on our behalf, but it was too
      * ugly and hard to follow.  Now we do our own locking here.
      *
-     * AYJ 2009-07-15:
-     * tryToAuthenticateAndSetAuthUser now only produces the auth_user_request object
-     * for use here. Will try to authenticate if missing. And fix-up request pointer if unset.
+     * I'm not sure what tryToAuthenticateAndSetAuthUser does when
+     * auth_user_request is set before calling.  I'm tempted to
+     * unlock and set it to NULL, but it seems safer to save the
+     * pointer before calling and unlock it afterwards.  If the
+     * pointer doesn't change then its a no-op.
      */
+    AuthUserRequest *old_auth_user_request = checklist->auth_user_request;
     const auth_acl_t result = AuthUserRequest::tryToAuthenticateAndSetAuthUser(
                                   &checklist->auth_user_request, headertype, request,
                                   checklist->conn(), checklist->src_addr);
     if (checklist->auth_user_request)
         AUTHUSERREQUESTLOCK(checklist->auth_user_request, "ACLAuth::authenticated");
-
+    AUTHUSERREQUESTUNLOCK(old_auth_user_request, "old ACLAuth");
     switch (result) {
 
     case AUTH_ACL_CANNOT_AUTHENTICATE:
diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc
index 6aa57f2e01..285e19c706 100644
--- a/src/auth/UserRequest.cc
+++ b/src/auth/UserRequest.cc
@@ -502,10 +502,11 @@ AuthUserRequest::authenticate(AuthUserRequest ** auth_user_request, http_hdr_typ
 }
 
 auth_acl_t
+
 AuthUserRequest::tryToAuthenticateAndSetAuthUser(AuthUserRequest ** auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, IpAddress &src_addr)
 {
     /* If we have already been called, return the cached value */
-    AuthUserRequest *t = authTryGetUser(auth_user_request, conn, request);
+    AuthUserRequest *t = authTryGetUser (auth_user_request, conn, request);
 
     if (t && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE
             && t->lastReply != AUTH_ACL_HELPER) {
@@ -522,14 +523,11 @@ AuthUserRequest::tryToAuthenticateAndSetAuthUser(AuthUserRequest ** auth_user_re
     /* ok, call the actual authenticator routine. */
     auth_acl_t result = authenticate(auth_user_request, headertype, request, conn, src_addr);
 
-    t = authTryGetUser(auth_user_request, conn, request);
+    t = authTryGetUser (auth_user_request, conn, request);
 
     if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE &&
-            result != AUTH_ACL_HELPER) {
+            result != AUTH_ACL_HELPER)
         t->lastReply = result;
-        if (!*auth_user_request)
-            *auth_user_request = t;
-    }
 
     return result;
 }
-- 
2.47.2