Make proxy_auth ACL fail on invalid auth credentials.

diff --git a/src/auth/AclProxyAuth.cc b/src/auth/AclProxyAuth.cc
index a0a16b9cad3666f47c699e5c5f8812c437dd664c..c7b6fe6a23becaad3dea9137fc49f78572e9d73a 100644 (file)
--- a/src/auth/AclProxyAuth.cc
+++ b/src/auth/AclProxyAuth.cc
@@ -208,19 +208,10 @@ int
 ACLProxyAuth::matchProxyAuth(ACLChecklist *cl)
 {
     ACLFilledChecklist *checklist = Filled(cl);
-    checkAuthForCaching(checklist);
+    if (!authenticateUserAuthenticated(Filled(checklist)->auth_user_request))
+        return 0;
     /* check to see if we have matched the user-acl before */
     int result = cacheMatchAcl(&checklist->auth_user_request->user()->proxy_match_cache, checklist);
     checklist->auth_user_request = NULL;
     return result;
 }
-
-void
-ACLProxyAuth::checkAuthForCaching(ACLChecklist *checklist)const
-{
-    /* for completeness */
-    /* consistent parameters ? */
-    assert(authenticateUserAuthenticated(Filled(checklist)->auth_user_request));
-    /* this check completed */
-}
-

diff --git a/src/auth/AclProxyAuth.h b/src/auth/AclProxyAuth.h
index 8183d99ba87d3b36984852ff19e7146580efd06e..390fd2a52bbd1098a77bc455450078501f34b85e 100644 (file)
--- a/src/auth/AclProxyAuth.h
+++ b/src/auth/AclProxyAuth.h
@@ -82,7 +82,7 @@ public:
     virtual bool empty () const;
     virtual bool requiresRequest() const {return true;}
 
-    virtual ACL *clone()const;
+    virtual ACL *clone() const;
     virtual int matchForCache(ACLChecklist *checklist);
 
 private:
@@ -91,7 +91,6 @@ private:
     static Prototype RegexRegistryProtoype;
     static ACLProxyAuth RegexRegistryEntry_;
     int matchProxyAuth(ACLChecklist *);
-    void checkAuthForCaching(ACLChecklist *) const;
     ACLData<char const *> *data;
     char const *type_;
 };