From 7bf93630e4fe7f4f2bf5f6b9202d6b203f55335e Mon Sep 17 00:00:00 2001 From: Vadim Aleksandrov Date: Wed, 24 Jan 2018 05:12:06 +0300 Subject: [PATCH] Fix 889fc47 for SSL bumping with an authentication type other than the Basic (#104) Commit 889fc47 was made to fix issue with Basic authentication and SSL bumping. But after this commit we can no longer properly use http_access with proxy_auth/proxy_auth_regex ACL because that type of ACL always return 1(match) regardless of the conditions in the rules. Use the caches authentication results (if any) instead of a fixed 1(match) result. --- src/auth/AclProxyAuth.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc index 58ee755c25..22dc9fa56b 100644 --- a/src/auth/AclProxyAuth.cc +++ b/src/auth/AclProxyAuth.cc @@ -177,10 +177,10 @@ int ACLProxyAuth::matchProxyAuth(ACLChecklist *cl) { ACLFilledChecklist *checklist = Filled(cl); - if (checklist->request->flags.sslBumped) - return 1; // AuthenticateAcl() already handled this bumped request - if (!authenticateUserAuthenticated(Filled(checklist)->auth_user_request)) { - return 0; + if (!checklist->request->flags.sslBumped) { + if (!authenticateUserAuthenticated(checklist->auth_user_request)) { + return 0; + } } /* check to see if we have matched the user-acl before */ int result = cacheMatchAcl(&checklist->auth_user_request->user()->proxy_match_cache, checklist); -- 2.47.2