Acl.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #include "squid.h"
10 #include "acl/Acl.h"
11 #include "acl/FilledChecklist.h"
12 #include "auth/Acl.h"
13 #include "auth/AclProxyAuth.h"
14 #include "auth/UserRequest.h"
15 #include "client_side.h"
16 #include "fatal.h"
17 #include "http/Stream.h"
18 #include "HttpRequest.h"
19 
27 allow_t
29 {
30  ACLFilledChecklist *checklist = Filled(ch);
31  HttpRequest *request = checklist->request;
32  Http::HdrType headertype;
33 
34  if (NULL == request) {
35  fatal ("requiresRequest SHOULD have been true for this ACL!!");
36  return ACCESS_DENIED;
37  } else if (request->flags.sslBumped) {
38  debugs(28, 5, "SslBumped request: It is an encapsulated request do not authenticate");
39  checklist->auth_user_request = checklist->conn() != NULL ? checklist->conn()->getAuth() : request->auth_user_request;
40  if (checklist->auth_user_request != NULL)
41  return ACCESS_ALLOWED;
42  else
43  return ACCESS_DENIED;
44  } else if (request->flags.accelerated) {
45  /* WWW authorization on accelerated requests */
46  headertype = Http::HdrType::AUTHORIZATION;
47  } else if (request->flags.intercepted || request->flags.interceptTproxy) {
48  debugs(28, DBG_IMPORTANT, "NOTICE: Authentication not applicable on intercepted requests.");
49  return ACCESS_DENIED;
50  } else {
51  /* Proxy authorization on proxy requests */
53  }
54 
55  /* get authed here */
56  /* Note: this fills in auth_user_request when applicable */
58  &checklist->auth_user_request, headertype, request,
59  checklist->conn(), checklist->src_addr, checklist->al);
60  switch (result) {
61 
63  debugs(28, 4, HERE << "returning " << ACCESS_DENIED << " user authenticated but not authorised.");
64  return ACCESS_DENIED;
65 
66  case AUTH_AUTHENTICATED:
67  return ACCESS_ALLOWED;
68  break;
69 
70  case AUTH_ACL_HELPER:
71  if (checklist->goAsync(ProxyAuthLookup::Instance()))
72  debugs(28, 4, "returning " << ACCESS_DUNNO << " sending credentials to helper.");
73  else
74  debugs(28, 2, "cannot go async; returning " << ACCESS_DUNNO);
75  return ACCESS_DUNNO; // XXX: break this down into DUNNO, EXPIRED_OK, EXPIRED_BAD states
76 
77  case AUTH_ACL_CHALLENGE:
78  debugs(28, 4, HERE << "returning " << ACCESS_AUTH_REQUIRED << " sending authentication challenge.");
79  /* Client is required to resend the request with correct authentication
80  * credentials. (This may be part of a stateful auth protocol.)
81  * The request is denied.
82  */
83  return ACCESS_AUTH_REQUIRED;
84 
85  default:
86  fatal("unexpected authenticateAuthenticate reply\n");
87  return ACCESS_DENIED;
88  }
89 }
90 
bool interceptTproxy
Set for requests handled by a &quot;tproxy&quot; port.
Definition: RequestFlags.h:68
Definition: Acl.h:113
Ip::Address src_addr
AuthAclState
Definition: AuthAclState.h:14
ACLFilledChecklist * Filled(ACLChecklist *checklist)
convenience and safety wrapper for dynamic_cast&lt;ACLFilledChecklist*&gt;
struct _request * request(char *urlin)
Definition: tcp-banger2.c:291
allow_t AuthenticateAcl(ACLChecklist *ch)
Definition: Acl.cc:28
AccessLogEntry::Pointer al
info for the future access.log, and external ACL
ConnStateData * conn() const
The client connection manager.
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:124
bool goAsync(AsyncState *)
Definition: Checklist.cc:115
#define DBG_IMPORTANT
Definition: Debug.h:46
void fatal(const char *message)
Definition: fatal.cc:28
static ProxyAuthLookup * Instance()
std::ostream & HERE(std::ostream &s)
Definition: Debug.h:153
bool accelerated
Definition: RequestFlags.h:60
HttpRequest * request
RequestFlags flags
Definition: HttpRequest.h:133
bool intercepted
Definition: RequestFlags.h:64
Auth::UserRequest::Pointer auth_user_request
Definition: HttpRequest.h:119
#define NULL
Definition: types.h:166
const Auth::UserRequest::Pointer & getAuth() const
Definition: client_side.h:114
Auth::UserRequest::Pointer auth_user_request
static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, Http::HdrType, HttpRequest *, ConnStateData *, Ip::Address &, AccessLogEntry::Pointer &)
Definition: UserRequest.cc:437

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors