---------------------
PatchSet 1947 
Date: 2001/04/16 08:57:19
Author: rbcollins
Branch: ntlm
Tag: (none) 
Log:
Check for spurious authentication attempts on already authenticated headers

Members: 
	src/acl.c:1.1.1.3.12.44->1.1.1.3.12.45 

Index: squid/src/acl.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/acl.c,v
retrieving revision 1.1.1.3.12.44
retrieving revision 1.1.1.3.12.45
diff -u -r1.1.1.3.12.44 -r1.1.1.3.12.45
--- squid/src/acl.c	10 Apr 2001 12:34:58 -0000	1.1.1.3.12.44
+++ squid/src/acl.c	16 Apr 2001 08:57:19 -0000	1.1.1.3.12.45
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.c,v 1.1.1.3.12.44 2001/04/10 12:34:58 rbcollins Exp $
+ * $Id: acl.c,v 1.1.1.3.12.45 2001/04/16 08:57:19 rbcollins Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -1227,6 +1227,18 @@
 	}
 	return -2;
     }
+
+    /* 
+     * Is this an already authenticated connection with a new auth header?
+     */
+    if (proxy_auth && authenticateUserAuthenticated(checklist->conn->auth_user_request)) {
+	debug(28,1) ("aclMatchProxyAuth: authenication header on already authenticated connection!. Current user '%s'\n", authenticateUserRequestUsername(checklist->conn->auth_user_request));
+	/* deny this request, leave connection intact. (We are not concerned with client
+	 * state.
+	 */
+	return 0;
+    }
+
     /* we have a proxy auth header and as far as we know this connection has
      * not had bungled connection oriented authentication happen on it. */
     debug(28, 9) ("aclMatchProxyAuth: header %s.\n", proxy_auth);