From: Vadim Aleksandrov Date: Wed, 24 Jan 2018 02:12:06 +0000 (+0300) Subject: Fix 889fc47 for SSL bumping with an authentication type other than the Basic (#104) X-Git-Tag: SQUID_3_5_28~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a220b5730ec8e3018da3a4f74b118f2a05f23d8d;p=thirdparty%2Fsquid.git Fix 889fc47 for SSL bumping with an authentication type other than the Basic (#104) Commit 889fc47 was made to fix issue with Basic authentication and SSL bumping. But after this commit we can no longer properly use http_access with proxy_auth/proxy_auth_regex ACL because that type of ACL always return 1(match) regardless of the conditions in the rules. Use the caches authentication results (if any) instead of a fixed 1(match) result. --- diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc index e457b1e5f3..052e4695bf 100644 --- a/src/auth/AclProxyAuth.cc +++ b/src/auth/AclProxyAuth.cc @@ -165,10 +165,10 @@ int ACLProxyAuth::matchProxyAuth(ACLChecklist *cl) { ACLFilledChecklist *checklist = Filled(cl); - if (checklist->request->flags.sslBumped) - return 1; // AuthenticateAcl() already handled this bumped request - if (!authenticateUserAuthenticated(Filled(checklist)->auth_user_request)) { - return 0; + if (!checklist->request->flags.sslBumped) { + if (!authenticateUserAuthenticated(checklist->auth_user_request)) { + return 0; + } } /* check to see if we have matched the user-acl before */ int result = cacheMatchAcl(&checklist->auth_user_request->user()->proxy_match_cache, checklist);