The state of credentials lookup and handling is recorded by
authenticateDirection / AuthUserRequest::direction() and its per-scheme
helper methods AuthUserRequest::module_direction().
This formalizes and coordinates the state being returned by using a
shared enum.
The states can generally be considerd as:
- LOOKUP with a helper still needs to validate the credentials
- CHALLENGE if the helepr needs more info from the client
- VALID if everything is fine and the credentials are known Good/Bad
- ERROR if there is any problem with the state or credentials
This combination has highlighted a few strange things in the NTLM and
Negotiate states. Where known but Failed credentials are marked as
ERROR. This needs closer investigation since it should logically be a
re-CHALLENGE in all auth types.
Also there is a little obfuscation of the cases around the generalized
fixHeader() calls. This will be handled in a followup patch.
On the side any ideas what to call this state management besides
"Direction"? I'm at a loss for terminology.
NP: labels above are relatively arbitrary. If they need changing to
fit some terminology scope of the function name so be it.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.6
This archive was generated by hypermail 2.2.0 : Wed Apr 20 2011 - 12:00:05 MDT