Fix 889fc47 for SSL bumping with an authentication type other than the Basic (#104)

Commit 889fc47 was made to fix issue with Basic authentication and SSL bumping. But after this commit we can no longer properly use http_access with proxy_auth/proxy_auth_regex ACL because that type of ACL always return 1(match) regardless of the conditions in the rules.

Use the caches authentication results (if any) instead of a fixed 1(match) result.

diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc
index e457b1e5f35c02cfd6f803502162cb077697c582..052e4695bf73d0735cdb5f739b8e717c6a440072 100644 (file)
--- a/src/auth/AclProxyAuth.cc
+++ b/src/auth/AclProxyAuth.cc
@@ -165,10 +165,10 @@ int
 ACLProxyAuth::matchProxyAuth(ACLChecklist *cl)
 {
     ACLFilledChecklist *checklist = Filled(cl);
-    if (checklist->request->flags.sslBumped)
-        return 1; // AuthenticateAcl() already handled this bumped request
-    if (!authenticateUserAuthenticated(Filled(checklist)->auth_user_request)) {
-        return 0;
+    if (!checklist->request->flags.sslBumped) {
+        if (!authenticateUserAuthenticated(checklist->auth_user_request)) {
+            return 0;
+        }
     }
     /* check to see if we have matched the user-acl before */
     int result = cacheMatchAcl(&checklist->auth_user_request->user()->proxy_match_cache, checklist);