The last day I have been working on transforming the ident acl into a
normal ACL which invokes ident when needed. While doing this a number of
other areas have been touched as well when I passed by them and that is
why the patch looks the way it does..
* Rewrote ident.c to be a separate module, with proper cbdata checks.
* Moved everything that has to do with invoking ident to acl.c.
* Moved accel-only access check to acl.c.
* Moved acl checklist to the request structure. This is to allow reuse
of looked up information in later access checks. Access list is now sent
to aclNBCheck instead of aclChecklistCreate.
* Changed some one-letter variable names to their full name.
* Deny fast ACL checks if deny and lookup required.
* Removed most arguments from aclCheckListCreate. It now takes request
and source/destination addresses (sockaddr_in to include port).
* Rewrote/added some of the documentation in cbdata.c
* Added acl type src_port.
* Changed the username used in logging and redirector to be: (1)
proxy_auth, (2) ident, (3) "-".
I had planned to split this patch into 3 or 4 separate patches, but due
to lack of time I have not done this yet.
/Henrik
[ Part 2: "Attached Text" ]
Index: squid/src/HttpRequest.c
diff -u squid/src/HttpRequest.c:1.1.1.4.24.1 squid/src/HttpRequest.c:1.1.1.4.24.2
--- squid/src/HttpRequest.c:1.1.1.4.24.1 Sun Dec 13 15:57:31 1998
+++ squid/src/HttpRequest.c Mon Dec 28 02:18:35 1998
@@ -63,6 +63,8 @@
httpHdrCcDestroy(req->cache_control);
if (req->range)
httpHdrRangeDestroy(req->range);
+ if (req->acl_checklist)
+ aclChecklistFree(req->acl_checklist);
memFree(MEM_REQUEST_T, req);
}
Index: squid/src/acl.c
diff -u squid/src/acl.c:1.1.1.27.2.1 squid/src/acl.c:1.1.1.27.2.2
--- squid/src/acl.c:1.1.1.27.2.1 Sun Dec 13 15:57:32 1998
+++ squid/src/acl.c Mon Dec 28 02:18:36 1998
@@ -90,6 +90,8 @@
static SPLAYWALKEE aclDumpIpListWalkee;
static SPLAYWALKEE aclDumpDomainListWalkee;
static SPLAYFREE aclFreeIpData;
+static IDCB aclLookupIdentDone;
+static int checkAccelOnly(request_t * request);
#if USE_ARP_ACL
static void aclParseArpList(void *curlist);
@@ -100,6 +102,24 @@
static SPLAYWALKEE aclDumpArpListWalkee;
#endif
+static int
+checkAccelOnly(request_t * request)
+{
+ /* return TRUE if someone makes a proxy request to us and
+ * we are in httpd-accel only mode */
+ if (!request)
+ return 0;
+ if (!Config2.Accel.on)
+ return 0;
+ if (Config.onoff.accel_with_proxy)
+ return 0;
+ if (request->protocol == PROTO_CACHEOBJ)
+ return 0;
+ if (request->flags.accelerated)
+ return 0;
+ return 1;
+}
+
static char *
strtokFile(void)
{
@@ -172,6 +192,8 @@
return ACL_URL_REGEX;
if (!strcmp(s, "port"))
return ACL_URL_PORT;
+ if (!strcmp(s, "src_port"))
+ return ACL_SRC_PORT;
if (!strcmp(s, "ident"))
return ACL_IDENT;
if (!strncmp(s, "proto", 5))
@@ -220,6 +242,8 @@
return "url_regex";
if (type == ACL_URL_PORT)
return "port";
+ if (type == ACL_SRC_PORT)
+ return "src_port";
if (type == ACL_IDENT)
return "ident";
if (type == ACL_PROTO)
@@ -716,10 +740,10 @@
aclParseIntlist(&A->data);
break;
case ACL_URL_PORT:
+ case ACL_SRC_PORT:
aclParseIntRange(&A->data);
break;
case ACL_IDENT:
- Config.onoff.ident_lookup = 1;
aclParseWordList(&A->data);
break;
case ACL_PROTO:
@@ -1025,7 +1049,7 @@
*/
static int
-aclMatchProxyAuth(wordlist * data, const char * proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
+aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
{
/* checklist is used to register user name when identified, nothing else */
LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ);
@@ -1041,7 +1065,6 @@
debug(28, 2) ("aclMatchProxyAuth: user '%s' not allowed\n", user);
return 0;
}
-
if (!auth_user) {
/* see if we already know this user */
auth_user = hash_lookup(proxy_auth_cache, user);
@@ -1064,6 +1087,7 @@
/* remove this user from the hash, making him unknown */
hash_remove_link(proxy_auth_cache, (hash_link *) auth_user);
aclFreeProxyAuthUser(auth_user);
+ checklist->auth_user = NULL;
/* copy username to request for logging on client-side unless ident
* is known (do not override ident with false proxy auth names) */
if (!*checklist->request->user_ident)
@@ -1078,6 +1102,7 @@
assert(checklist->auth_user->passwd_ok == 0);
debug(28, 4) ("aclMatchProxyAuth: authentication failed for user '%s'\n",
user);
+ checklist->auth_user = NULL;
return 0;
}
debug(28, 4) ("aclMatchProxyAuth: user '%s' validated OK\n", user);
@@ -1085,6 +1110,7 @@
checklist->auth_user->expiretime = current_time.tv_sec + Config.authenticateTTL;
hash_join(proxy_auth_cache, (hash_link *) checklist->auth_user);
+ checklist->auth_user = NULL;
return 1;
}
@@ -1203,7 +1229,7 @@
static int
aclMatchAcl(acl * ae, aclCheck_t * checklist)
{
- request_t *r = checklist->request;
+ const request_t *request = checklist->request;
const ipcache_addrs *ia = NULL;
const char *fqdn = NULL;
char *esc_buf;
@@ -1213,10 +1239,11 @@
debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline);
switch (ae->type) {
case ACL_SRC_IP:
- return aclMatchIp(&ae->data, checklist->src_addr);
+ return aclMatchIp(&ae->data, checklist->src.sin_addr);
/* NOTREACHED */
case ACL_DST_IP:
- ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS);
+ assert(request);
+ ia = ipcache_gethostbyname(request->host, IP_LOOKUP_IF_MISS);
if (ia) {
for (k = 0; k < (int) ia->count; k++) {
if (aclMatchIp(&ae->data, ia->in_addrs[k]))
@@ -1225,7 +1252,7 @@
return 0;
} else if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NONE) {
debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, r->host);
+ ae->name, request->host);
checklist->state[ACL_DST_IP] = ACL_LOOKUP_NEEDED;
return 0;
} else {
@@ -1233,8 +1260,9 @@
}
/* NOTREACHED */
case ACL_DST_DOMAIN:
- if ((ia = ipcacheCheckNumeric(r->host)) == NULL)
- return aclMatchDomainList(&ae->data, r->host);
+ assert(request);
+ if ((ia = ipcacheCheckNumeric(request->host)) == NULL)
+ return aclMatchDomainList(&ae->data, request->host);
fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS);
if (fqdn)
return aclMatchDomainList(&ae->data, fqdn);
@@ -1247,20 +1275,21 @@
return aclMatchDomainList(&ae->data, "none");
/* NOTREACHED */
case ACL_SRC_DOMAIN:
- fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
+ fqdn = fqdncache_gethostbyaddr(checklist->src.sin_addr, FQDN_LOOKUP_IF_MISS);
if (fqdn) {
return aclMatchDomainList(&ae->data, fqdn);
} else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) {
debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, inet_ntoa(checklist->src_addr));
+ ae->name, inet_ntoa(checklist->src.sin_addr));
checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED;
return 0;
}
return aclMatchDomainList(&ae->data, "none");
/* NOTREACHED */
case ACL_DST_DOM_REGEX:
- if ((ia = ipcacheCheckNumeric(r->host)) == NULL)
- return aclMatchRegex(ae->data, r->host);
+ assert(request);
+ if ((ia = ipcacheCheckNumeric(request->host)) == NULL)
+ return aclMatchRegex(ae->data, request->host);
fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS);
if (fqdn)
return aclMatchRegex(ae->data, fqdn);
@@ -1273,12 +1302,12 @@
return aclMatchRegex(ae->data, "none");
/* NOTREACHED */
case ACL_SRC_DOM_REGEX:
- fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
+ fqdn = fqdncache_gethostbyaddr(checklist->src.sin_addr, FQDN_LOOKUP_IF_MISS);
if (fqdn) {
return aclMatchRegex(ae->data, fqdn);
} else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) {
debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, inet_ntoa(checklist->src_addr));
+ ae->name, inet_ntoa(checklist->src.sin_addr));
checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED;
return 0;
}
@@ -1288,46 +1317,58 @@
return aclMatchTime(ae->data, squid_curtime);
/* NOTREACHED */
case ACL_URLPATH_REGEX:
- esc_buf = xstrdup(strBuf(r->urlpath));
+ assert(request);
+ esc_buf = xstrdup(strBuf(request->urlpath));
rfc1738_unescape(esc_buf);
k = aclMatchRegex(ae->data, esc_buf);
safe_free(esc_buf);
return k;
/* NOTREACHED */
case ACL_URL_REGEX:
- esc_buf = xstrdup(urlCanonical(r));
+ assert(request);
+ esc_buf = xstrdup(urlCanonical(checklist->request));
rfc1738_unescape(esc_buf);
k = aclMatchRegex(ae->data, esc_buf);
safe_free(esc_buf);
return k;
/* NOTREACHED */
case ACL_URL_PORT:
- return aclMatchIntegerRange(ae->data, r->port);
+ assert(request);
+ return aclMatchIntegerRange(ae->data, request->port);
+ /* NOTREACHED */
+ case ACL_SRC_PORT:
+ assert(request);
+ return aclMatchIntegerRange(ae->data, ntohs(checklist->src.sin_port));
/* NOTREACHED */
case ACL_IDENT:
return aclMatchUser(ae->data, checklist->ident);
/* NOTREACHED */
case ACL_PROTO:
- return aclMatchInteger(ae->data, r->protocol);
+ assert(request);
+ return aclMatchInteger(ae->data, request->protocol);
/* NOTREACHED */
case ACL_METHOD:
- return aclMatchInteger(ae->data, r->method);
+ assert(request);
+ return aclMatchInteger(ae->data, request->method);
/* NOTREACHED */
case ACL_BROWSER:
- return aclMatchRegex(ae->data, checklist->browser);
+ assert(request);
+ return aclMatchRegex(ae->data,
+ httpHeaderGetStr(&request->header, HDR_USER_AGENT));
/* NOTREACHED */
case ACL_PROXY_AUTH:
- if (!r->flags.accelerated) {
+ assert(request);
+ if (!request->flags.accelerated) {
/* Proxy authorization on proxy requests */
k = aclMatchProxyAuth(ae->data,
- httpHeaderGetStr(&checklist->request->header,
+ httpHeaderGetStr(&request->header,
HDR_PROXY_AUTHORIZATION),
checklist->auth_user,
checklist);
- } else if (r->flags.internal) {
+ } else if (request->flags.internal) {
/* WWW authorization on accelerated internal requests */
k = aclMatchProxyAuth(ae->data,
- httpHeaderGetStr(&checklist->request->header,
+ httpHeaderGetStr(&request->header,
HDR_AUTHORIZATION),
checklist->auth_user,
checklist);
@@ -1335,7 +1376,7 @@
#if AUTH_ON_ACCELERATION
/* WWW authorization on accelerated requests */
k = aclMatchProxyAuth(ae->data,
- httpHeaderGetStr(&checklist->request->header,
+ httpHeaderGetStr(&request->header,
HDR_AUTHORIZATION),
checklist->auth_user,
checklist);
@@ -1358,7 +1399,7 @@
* authentication header so that it is not forwarded to the
* next proxy
*/
- r->flags.used_proxy_auth = 1;
+ checklist->request->flags.used_proxy_auth = 1;
return 1;
} else if (k == -1) {
/*
@@ -1369,11 +1410,12 @@
}
/* NOTREACHED */
case ACL_SNMP_COMM:
- return asnMatchIp(ae->data, checklist->src_addr);
+ return asnMatchIp(ae->data, checklist->src.sin_addr);
case ACL_SRC_ASN:
- return asnMatchIp(ae->data, checklist->src_addr);
+ return asnMatchIp(ae->data, checklist->src.sin_addr);
case ACL_DST_ASN:
- ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS);
+ assert(request);
+ ia = ipcache_gethostbyname(request->host, IP_LOOKUP_IF_MISS);
if (ia) {
for (k = 0; k < (int) ia->count; k++) {
if (asnMatchIp(ae->data, ia->in_addrs[k]))
@@ -1382,7 +1424,7 @@
return 0;
} else if (checklist->state[ACL_DST_ASN] == ACL_LOOKUP_NONE) {
debug(28, 3) ("asnMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, r->host);
+ ae->name, request->host);
checklist->state[ACL_DST_ASN] = ACL_LOOKUP_NEEDED;
} else {
return asnMatchIp(ae->data, no_addr);
@@ -1390,7 +1432,7 @@
return 0;
#if USE_ARP_ACL
case ACL_SRC_ARP:
- return aclMatchArp(&ae->data, checklist->src_addr);
+ return aclMatchArp(&ae->data, checklist->src.sin_addr);
#endif
case ACL_NONE:
default:
@@ -1422,11 +1464,20 @@
aclCheckFast(const acl_access * A, aclCheck_t * checklist)
{
int allow = 0;
+ int i;
debug(28, 5) ("aclCheckFast: list: %p\n", A);
+ for (i = 0; i < ACL_ENUM_MAX; i++)
+ checklist->state[i] = ACL_LOOKUP_NONE;
while (A) {
allow = A->allow;
if (aclMatchAclList(A->acl_list, checklist))
return allow;
+ if (!allow) {
+ /* Deny access if a lookup is required */
+ for (i = 0; i < ACL_ENUM_MAX; i++)
+ if (checklist->state[i] != ACL_LOOKUP_NONE)
+ return 0;
+ }
A = A->next;
}
debug(28, 5) ("aclCheckFast: no matches, returning: %d\n", !allow);
@@ -1440,6 +1491,12 @@
const acl_access *A;
int match;
ipcache_addrs *ia;
+ /* Special check for proxy requests in accelerator-only mode */
+ if (checkAccelOnly(checklist->request)) {
+ debug(28, 3) ("aclCheck: Only allowing accelerated requests\n");
+ aclCheckCallback(checklist, 0);
+ return;
+ }
while ((A = checklist->access_list) != NULL) {
/*
* If the _acl_access is no longer valid (i.e. its been
@@ -1467,7 +1524,7 @@
return;
} else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NEEDED) {
checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_PENDING;
- fqdncache_nbgethostbyaddr(checklist->src_addr,
+ fqdncache_nbgethostbyaddr(checklist->src.sin_addr,
aclLookupSrcFQDNDone,
checklist);
return;
@@ -1496,8 +1553,9 @@
match = -1;
} else if (checklist->state[ACL_IDENT] == ACL_LOOKUP_NEEDED) {
debug(28, 3) ("aclCheck: Doing ident lookup\n");
- /* XXX how to do ident lookup? */
checklist->state[ACL_IDENT] = ACL_LOOKUP_PENDING;
+ identStart(&checklist->me, &checklist->src,
+ aclLookupIdentDone, checklist);
return;
}
/*
@@ -1505,12 +1563,12 @@
* is allowed, denied, requires authentication, or we move on to
* the next entry.
*/
- cbdataUnlock(A);
if (match) {
debug(28, 3) ("aclCheck: match found, returning %d\n", allow);
aclCheckCallback(checklist, allow);
return;
}
+ cbdataUnlock(A);
checklist->access_list = A->next;
/*
* Lock the next _acl_access entry
@@ -1526,7 +1584,7 @@
aclChecklistFree(aclCheck_t * checklist)
{
if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_PENDING)
- fqdncacheUnregister(checklist->src_addr, checklist);
+ fqdncacheUnregister(checklist->src.sin_addr, checklist);
if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_PENDING)
fqdncacheUnregister(checklist->dst_addr, checklist);
if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_PENDING)
@@ -1540,13 +1598,27 @@
static void
aclCheckCallback(aclCheck_t * checklist, allow_t answer)
{
+ PF *callback = checklist->callback;
+ void *callback_data = checklist->callback_data;
debug(28, 3) ("aclCheckCallback: answer=%d\n", answer);
- if (cbdataValid(checklist->callback_data))
- checklist->callback(answer, checklist->callback_data);
- cbdataUnlock(checklist->callback_data);
+ cbdataUnlock(checklist->access_list);
+ checklist->access_list = NULL;
checklist->callback = NULL;
checklist->callback_data = NULL;
- aclChecklistFree(checklist);
+ if (cbdataValid(callback_data))
+ callback(answer, callback_data);
+ cbdataUnlock(callback_data);
+}
+
+static void
+aclLookupIdentDone(const char *result, void *data)
+{
+ aclCheck_t *checklist = data;
+ if (result)
+ xstrncpy(checklist->ident, result, USER_IDENT_SZ);
+ else
+ xstrncpy(checklist->ident, dash_str, USER_IDENT_SZ);
+ aclCheck(checklist);
}
static void
@@ -1596,41 +1668,62 @@
}
aclCheck_t *
-aclChecklistCreate(const acl_access * A,
- request_t * request,
- struct in_addr src_addr,
- const char *user_agent,
- const char *ident)
+aclChecklistCreate(request_t * request,
+ struct sockaddr_in *src_addr,
+ struct sockaddr_in *local_addr)
{
int i;
aclCheck_t *checklist = memAllocate(MEM_ACLCHECK_T);
cbdataAdd(checklist, MEM_ACLCHECK_T);
- checklist->access_list = A;
- /*
- * aclCheck() makes sure checklist->access_list is a valid
- * pointer, so lock it.
- */
- cbdataLock(A);
if (request != NULL)
checklist->request = requestLink(request);
- checklist->src_addr = src_addr;
+ if (src_addr)
+ checklist->src = *src_addr;
+ if (local_addr)
+ checklist->me = *local_addr;
for (i = 0; i < ACL_ENUM_MAX; i++)
checklist->state[i] = ACL_LOOKUP_NONE;
- if (user_agent)
- xstrncpy(checklist->browser, user_agent, BROWSERNAMELEN);
- if (ident)
- xstrncpy(checklist->ident, ident, USER_IDENT_SZ);
checklist->auth_user = NULL; /* init to NULL */
return checklist;
}
+aclCheck_t *
+aclChecklistCopy(aclCheck_t * oldchecklist, request_t * request)
+{
+ int i;
+ aclCheck_t *newchecklist = memAllocate(MEM_ACLCHECK_T);
+ cbdataAdd(newchecklist, MEM_ACLCHECK_T);
+ memcpy(newchecklist, oldchecklist, sizeof(aclCheck_t));
+ if (request != NULL)
+ newchecklist->request = requestLink(request);
+ else
+ newchecklist->request = NULL;
+ for (i = 0; i < ACL_ENUM_MAX; i++)
+ if (newchecklist->state[i] != ACL_LOOKUP_DONE)
+ newchecklist->state[i] = ACL_LOOKUP_NONE;
+ return newchecklist;
+}
+
void
-aclNBCheck(aclCheck_t * checklist, PF callback, void *callback_data)
+aclNBCheck(const struct _acl_access *A, aclCheck_t * checklist, PF callback, void *callback_data)
{
+ assert(checklist->access_list == NULL); /* nested aclNBCheck is not supported */
+ /*
+ * aclCheck() makes sure checklist->access_list is a valid
+ * pointer, so lock it.
+ */
+ checklist->access_list = A;
+ cbdataLock(A);
checklist->callback = callback;
checklist->callback_data = callback_data;
cbdataLock(callback_data);
- aclCheck(checklist);
+ /* Force ident lookups if configured */
+ if (Config.onoff.ident_lookup && !*checklist->ident) {
+ checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED;
+ identStart(&checklist->me, &checklist->src,
+ aclLookupIdentDone, checklist);
+ aclCheck(checklist);
+ }
}
Index: squid/src/cbdata.c
diff -u squid/src/cbdata.c:1.1.1.11 squid/src/cbdata.c:1.1.1.11.12.2
--- squid/src/cbdata.c:1.1.1.11 Thu Oct 22 20:48:42 1998
+++ squid/src/cbdata.c Mon Dec 28 02:18:36 1998
@@ -43,25 +43,50 @@
* when finished.
*
* In terms of time, the sequence goes something like this:
- *
- * foo = xcalloc(sizeof(foo));
- * cbdataAdd(foo);
- * ...
- * cbdataLock(foo);
- * some_blocking_operation(..., callback_func, foo);
- * ...
- * some_blocking_operation_completes()
- * if (cbdataValid(foo))
- * callback_func(..., foo)
- * cbdataUnlock(foo);
- * ...
- * cbdataFree(foo);
- *
+ *
+ * Caller:
+ * foo = xcalloc(sizeof(foo));
+ * cbdataAdd(foo);
+ * ...
+ * some_blocking_operation(..., callback_func, foo);
+ *
+ * Blocking operation:
+ * cbdataLock(foo);
+ * state->callback = callback_func;
+ * state->foo = foo;
+ * ...
+ *
+ * Blocking operation completes:
+ * void *callback_data = state->callback_data;
+ * state->callback_data = NULL;
+ * if (cbdataValid(callback_data) && state->callback)
+ * state->callback(..., callback_data)
+ * state->callback = NULL;
+ * cbdataUnlock(callback_data);
+ *
+ * Caller completes/aborts:
+ * ...
+ * cbdataFree(foo);
+ *
+ * The buisness with a local callback_data variable when the blocking
+ * operation completes is to avoid multiple dereferences when
+ * operations are aborted and the like.
+ *
+ * cbdata does not enforce the useage policy described above. Other
+ * uses of cbdata are possible, but this is the primary use. If you
+ * find that cbdata may be useful in another construct then please
+ * reconsider your design one extra time as it might be a sign that
+ * the design is "messy". The same also applies if you have a design
+ * involving callbacks and/or intra-module referenced data and you
+ * are not using cbdata...
+ *
* The nice thing is that, we do not need to require that Unlock
* occurs before Free. If the Free happens first, then the
* callback data is marked invalid and the callback will never
* be made. When we Unlock and the lock count reaches zero,
- * we free the memory if it is marked invalid.
+ * we free the memory if it is marked invalid. Data remains
+ * allocated until all references are unlocked to guarantee that
+ * the validity of each reference can be checked.
*/
#include "squid.h"
Index: squid/src/cf.data.pre
diff -u squid/src/cf.data.pre:1.1.1.30.2.1 squid/src/cf.data.pre:1.1.1.30.2.2
--- squid/src/cf.data.pre:1.1.1.30.2.1 Sun Dec 13 15:57:36 1998
+++ squid/src/cf.data.pre Mon Dec 28 02:18:37 1998
@@ -768,6 +768,9 @@
username for each connection, enable this. It is off by
default.
+ See also acl type ident which can be used to selectively
+ do ident lookups.
+
ident_lookup off
DOC_END
@@ -1386,7 +1389,8 @@
when using "file", the file should contain one item per line
acltype is one of src dst srcdomain dstdomain url_pattern
- urlpath_pattern time port proto method browser user
+ urlpath_pattern time port proto method browser ident
+ proxy_auth src_port
acl aclname src ip-address/netmask ... (clients IP address)
acl aclname src addr1-addr2/netmask ... (range of addresses)
@@ -1445,6 +1449,10 @@
# WARNING: proxy_auth can't be used in a transparent proxy. It
# collides with any authentication done by origin servers. It may
# seem like it works at first, but it doesn't.
+
+ acl aclname src_port 3128 ...
+ # Check the source port of a request. Primarily useful for ICP
+ # checks.
Examples:
Index: squid/src/client_side.c
diff -u squid/src/client_side.c:1.1.1.35.2.2 squid/src/client_side.c:1.1.1.35.2.3
--- squid/src/client_side.c:1.1.1.35.2.2 Mon Dec 14 21:25:02 1998
+++ squid/src/client_side.c Mon Dec 28 02:18:37 1998
@@ -76,7 +76,6 @@
static RH clientRedirectDone;
static STCB clientHandleIMSReply;
static int clientGetsOldEntry(StoreEntry * new, StoreEntry * old, request_t * request);
-static int checkAccelOnly(clientHttpRequest *);
static int clientOnlyIfCached(clientHttpRequest * http);
static STCB clientSendMoreData;
static STCB clientCacheHit;
@@ -92,43 +91,16 @@
static int httpAcceptDefer(void);
static log_type clientProcessRequest2(clientHttpRequest * http);
-static int
-checkAccelOnly(clientHttpRequest * http)
-{
- /* return TRUE if someone makes a proxy request to us and
- * we are in httpd-accel only mode */
- if (!Config2.Accel.on)
- return 0;
- if (Config.onoff.accel_with_proxy)
- return 0;
- if (http->request->protocol == PROTO_CACHEOBJ)
- return 0;
- if (http->flags.accel)
- return 0;
- return 1;
-}
-
void
clientAccessCheck(void *data)
{
clientHttpRequest *http = data;
ConnStateData *conn = http->conn;
- const char *browser;
- if (Config.onoff.ident_lookup && conn->ident.state == IDENT_NONE) {
- identStart(-1, conn, clientAccessCheck, http);
- return;
- }
- if (checkAccelOnly(http)) {
- clientAccessCheckDone(0, http);
- return;
- }
- browser = httpHeaderGetStr(&http->request->header, HDR_USER_AGENT);
- http->acl_checklist = aclChecklistCreate(Config.accessList.http,
- http->request,
- conn->peer.sin_addr,
- browser,
- conn->ident.ident);
- aclNBCheck(http->acl_checklist, clientAccessCheckDone, http);
+ http->request->acl_checklist = aclChecklistCreate(http->request,
+ &conn->peer,
+ &conn->me);
+ aclNBCheck(Config.accessList.http, http->request->acl_checklist,
+ clientAccessCheckDone, http);
}
/*
@@ -201,7 +173,6 @@
int page_id = -1;
ErrorState *err = NULL;
debug(33, 5) ("clientAccessCheckDone: '%s' answer=%d\n", http->uri, answer);
- http->acl_checklist = NULL;
if (answer == ACCESS_ALLOWED) {
safe_free(http->uri);
http->uri = xstrdup(urlCanonical(http->request));
@@ -265,7 +236,9 @@
new_request->http_ver = old_request->http_ver;
httpHeaderAppend(&new_request->header, &old_request->header);
new_request->client_addr = old_request->client_addr;
+ new_request->flags = old_request->flags;
new_request->flags.redirected = 1;
+ xstrncpy(new_request->user_ident, old_request->user_ident, USER_IDENT_SZ);
if (old_request->body) {
new_request->body = xmalloc(old_request->body_sz);
xmemcpy(new_request->body, old_request->body, old_request->body_sz);
@@ -639,10 +612,7 @@
http->al.cache.size = http->out.size;
http->al.cache.code = http->log_type;
http->al.cache.msec = tvSubMsec(http->start, current_time);
- if (request->user_ident[0])
- http->al.cache.ident = request->user_ident;
- else
- http->al.cache.ident = conn->ident.ident;
+ http->al.cache.ident = request->user_ident;
if (request) {
Packer p;
MemBuf mb;
@@ -660,8 +630,6 @@
clientUpdateCounters(http);
clientdbUpdate(conn->peer.sin_addr, http->log_type, PROTO_HTTP, http->out.size);
}
- if (http->acl_checklist)
- aclChecklistFree(http->acl_checklist);
if (request)
checkFailureRatio(request->err_type, http->al.hier.code);
safe_free(http->uri);
@@ -710,8 +678,6 @@
assert(connState->chr != connState->chr->next);
httpRequestFree(http);
}
- if (connState->ident.fd > -1)
- comm_close(connState->ident.fd);
safe_free(connState->in.buf);
/* XXX account connState->in.buf */
pconnHistCount(0, connState->nrequests);
@@ -857,7 +823,7 @@
*
* This may not work yet for 'dst' and 'dst_domain' ACLs.
*/
- ch.src_addr = http->conn->peer.sin_addr;
+ ch.src.sin_addr = http->conn->peer.sin_addr;
ch.request = http->request;
/*
* aclCheckFast returns 1 for ALLOW and 0 for DENY. The default
@@ -2483,7 +2449,6 @@
connState->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
connState->me = me;
connState->fd = fd;
- connState->ident.fd = -1;
connState->in.size = REQUEST_BUF_SIZE;
connState->in.buf = xcalloc(connState->in.size, 1);
cbdataAdd(connState, MEM_NONE);
Index: squid/src/delay_pools.c
diff -u squid/src/delay_pools.c:1.1.1.4 squid/src/delay_pools.c:1.1.1.4.10.1
--- squid/src/delay_pools.c:1.1.1.4 Sat Oct 31 14:36:04 1998
+++ squid/src/delay_pools.c Mon Dec 28 02:18:38 1998
@@ -81,7 +81,7 @@
request_t *r = http->request;
memset(&ch, '\0', sizeof(ch));
- ch.src_addr = http->conn->peer.sin_addr;
+ ch.src = http->conn->peer;
ch.request = r;
if (aclCheckFast(Config.Delay.class1.access, &ch)) {
class = 1;
@@ -90,9 +90,9 @@
}
if (aclCheckFast(Config.Delay.class2.access, &ch)) {
class = 2;
- host = ntohl(ch.src_addr.s_addr) & 0xff;
+ host = ntohl(ch.src.sin_addr.s_addr) & 0xff;
if (host == 255 || !host) {
- debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src_addr));
+ debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src.sin_addr));
class = 0;
r->delay_id = delayId(class, position);
return 0;
@@ -113,11 +113,11 @@
}
if (aclCheckFast(Config.Delay.class3.access, &ch)) {
class = 3;
- host = ntohl(ch.src_addr.s_addr) & 0xffff;
+ host = ntohl(ch.src.sin_addr.s_addr) & 0xffff;
net = host >> 8;
host &= 0xff;
if (host == 255 || !host || net == 255) {
- debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src_addr));
+ debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src.sin_addr));
class = 0;
r->delay_id = delayId(class, position);
return 0;
Index: squid/src/enums.h
diff -u squid/src/enums.h:1.1.1.29 squid/src/enums.h:1.1.1.29.8.1
--- squid/src/enums.h:1.1.1.29 Fri Nov 13 23:27:43 1998
+++ squid/src/enums.h Mon Dec 28 02:18:38 1998
@@ -107,6 +107,7 @@
ACL_SRC_ARP,
ACL_SNMP_COMM,
ACL_NETDB_SRC_RTT,
+ ACL_SRC_PORT,
ACL_ENUM_MAX
} squid_acl;
Index: squid/src/forward.c
diff -u squid/src/forward.c:1.1.1.7 squid/src/forward.c:1.1.1.7.4.1
--- squid/src/forward.c:1.1.1.7 Mon Nov 23 00:56:13 1998
+++ squid/src/forward.c Mon Dec 28 02:18:38 1998
@@ -332,7 +332,7 @@
* Check if this host is allowed to fetch MISSES from us (miss_access)
*/
memset(&ch, '\0', sizeof(aclCheck_t));
- ch.src_addr = peer_addr;
+ ch.src.sin_addr = peer_addr;
ch.request = r;
answer = aclCheckFast(Config.accessList.miss, &ch);
if (answer == 0) {
Index: squid/src/icp_v2.c
diff -u squid/src/icp_v2.c:1.1.1.21 squid/src/icp_v2.c:1.1.1.21.12.1
--- squid/src/icp_v2.c:1.1.1.21 Thu Oct 22 20:48:49 1998
+++ squid/src/icp_v2.c Mon Dec 28 02:18:39 1998
@@ -217,7 +217,7 @@
icpUdpSend(fd, &from, reply, LOG_UDP_INVALID, 0);
break;
}
- checklist.src_addr = from.sin_addr;
+ checklist.src = from;
checklist.request = icp_request;
allow = aclCheckFast(Config.accessList.icp, &checklist);
if (!allow) {
Index: squid/src/icp_v3.c
diff -u squid/src/icp_v3.c:1.1.1.13 squid/src/icp_v3.c:1.1.1.13.18.1
--- squid/src/icp_v3.c:1.1.1.13 Thu Sep 24 00:19:36 1998
+++ squid/src/icp_v3.c Mon Dec 28 02:18:39 1998
@@ -71,7 +71,7 @@
icpUdpSend(fd, &from, reply, LOG_UDP_INVALID, 0);
break;
}
- checklist.src_addr = from.sin_addr;
+ checklist.src = from;
checklist.request = icp_request;
allow = aclCheckFast(Config.accessList.icp, &checklist);
if (!allow) {
Index: squid/src/ident.c
diff -u squid/src/ident.c:1.1.1.10 squid/src/ident.c:1.1.1.10.2.1
--- squid/src/ident.c:1.1.1.10 Sun Dec 13 15:49:45 1998
+++ squid/src/ident.c Mon Dec 28 02:18:39 1998
@@ -37,82 +37,81 @@
#define IDENT_PORT 113
+typedef struct {
+ int fd; /* IDENT fd */
+ struct sockaddr_in me;
+ struct sockaddr_in peer;
+ void *data;
+ IDCB *callback;
+} IdentStateData;
+
static PF identReadReply;
static PF identClose;
static PF identTimeout;
static CNCB identConnectDone;
-static void identCallback(ConnStateData * connState);
+
+/**** PRIVATE FUNCTIONS ****/
+
+static void
+identCallback(IdentStateData * state, char *result)
+{
+ IDCB *callback;
+ if (result && !*result)
+ result = NULL;
+ if (state->callback) {
+ callback = state->callback;
+ state->callback = NULL;
+ if (cbdataValid(state->data))
+ callback(result, state->data);
+ cbdataUnlock(state->data);
+ state->data = NULL;
+ }
+}
static void
identClose(int fdnotused, void *data)
{
- ConnStateData *connState = data;
- connState->ident.fd = -1;
+ IdentStateData *state = data;
+
+ identCallback(state, NULL);
+ comm_close(state->fd);
+ cbdataFree(state);
}
static void
identTimeout(int fd, void *data)
{
- ConnStateData *connState = data;
+ IdentStateData *state = data;
debug(30, 3) ("identTimeout: FD %d, %s\n", fd,
- inet_ntoa(connState->peer.sin_addr));
+ inet_ntoa(state->peer.sin_addr));
comm_close(fd);
}
-/* start a TCP connection to the peer host on port 113 */
-void
-identStart(int fd, ConnStateData * connState, IDCB * callback, void *data)
-{
- connState->ident.callback = callback;
- connState->ident.callback_data = data;
- connState->ident.state = IDENT_PENDING;
- if (fd < 0) {
- fd = comm_open(SOCK_STREAM,
- 0,
- connState->me.sin_addr,
- 0,
- COMM_NONBLOCKING,
- "ident");
- if (fd == COMM_ERROR) {
- identCallback(connState);
- return;
- }
- }
- connState->ident.fd = fd;
- comm_add_close_handler(fd,
- identClose,
- connState);
- commConnectStart(fd,
- inet_ntoa(connState->peer.sin_addr),
- IDENT_PORT,
- identConnectDone,
- connState);
-}
-
static void
identConnectDone(int fd, int status, void *data)
{
- ConnStateData *connState = data;
+ IdentStateData *state = data;
MemBuf mb;
if (status != COMM_OK) {
+ /* Failed to connect */
comm_close(fd);
- identCallback(connState);
return;
}
memBufDefInit(&mb);
memBufPrintf(&mb, "%d, %d\r\n",
- ntohs(connState->peer.sin_port),
- ntohs(connState->me.sin_port));
- comm_write_mbuf(fd, mb, NULL, connState);
- commSetSelect(fd, COMM_SELECT_READ, identReadReply, connState, 0);
- commSetTimeout(fd, Config.Timeout.read, identTimeout, connState);
+ ntohs(state->peer.sin_port),
+ ntohs(state->me.sin_port));
+ comm_write_mbuf(fd, mb, NULL, state);
+ commSetSelect(fd, COMM_SELECT_READ, identReadReply, state, 0);
+ commSetTimeout(fd, Config.Timeout.read, identTimeout, state);
}
static void
identReadReply(int fd, void *data)
{
- ConnStateData *connState = data;
+ IdentStateData *state = data;
LOCAL_ARRAY(char, buf, BUFSIZ);
+ char *ident = NULL;
char *t = NULL;
int len = -1;
@@ -121,6 +120,10 @@
len = read(fd, buf, BUFSIZ - 1);
fd_bytes(fd, len, FD_READ);
if (len > 0) {
+ /* XXX This isn't really very tolerant. It should read until EOL
+ * or EOF and then decode the answer... If the reply is fragmented
+ * then this will fail
+ */
buf[len] = '\0';
if ((t = strchr(buf, '\r')))
*t = '\0';
@@ -128,20 +131,71 @@
*t = '\0';
debug(30, 5) ("identReadReply: FD %d: Read '%s'\n", fd, buf);
if (strstr(buf, "USERID")) {
- if ((t = strrchr(buf, ':'))) {
- while (isspace(*++t));
- xstrncpy(connState->ident.ident, t, USER_IDENT_SZ);
+ if ((ident = strrchr(buf, ':'))) {
+ while (isspace(*++ident));
+ identCallback(state, ident);
}
}
}
comm_close(fd);
- identCallback(connState);
}
-static void
-identCallback(ConnStateData * connState)
+/**** PUBLIC FUNCTIONS ****/
+
+/* start a TCP connection to the peer host on port 113 */
+void *
+identStart(struct sockaddr_in *me, struct sockaddr_in *peer, IDCB * callback, void *data)
+{
+ IdentStateData *state;
+ int fd;
+
+ fd = comm_open(SOCK_STREAM,
+ 0,
+ me->sin_addr,
+ 0,
+ COMM_NONBLOCKING,
+ "ident");
+ if (fd == COMM_ERROR) {
+ /* Failed to get a local socket */
+ callback(NULL, data);
+ return NULL;
+ }
+ state = xcalloc(1, sizeof(IdentStateData));
+ cbdataAdd(state, MEM_NONE);
+ state->callback = callback;
+ cbdataLock(data);
+ state->data = data;
+ state->fd = fd;
+ state->me = *me;
+ state->peer = *peer;
+ comm_add_close_handler(fd,
+ identClose,
+ state);
+ commSetTimeout(fd, Config.Timeout.read, identTimeout, state);
+ commConnectStart(fd,
+ inet_ntoa(state->peer.sin_addr),
+ IDENT_PORT,
+ identConnectDone,
+ state);
+ return (void *) state;
+}
+
+/* Abort a IDENT connection prematurely on the callers request */
+void
+identAbort(void *data)
{
- connState->ident.state = IDENT_DONE;
- if (connState->ident.callback)
- connState->ident.callback(connState->ident.callback_data);
+ IdentStateData *state = data;
+
+ if (cbdataValid(state)) {
+ /* Don't call any handlers. It is assumed to be the callers
+ * obligation to keep track of the resources assosiated
+ * with the handler
+ */
+ state->callback = NULL;
+ cbdataUnlock(state->data);
+ state->data = NULL;
+ comm_close(state->fd);
+ } else {
+ debug(30, 1) ("identAbort called with a invalid ident state\n");
+ }
}
Index: squid/src/neighbors.c
diff -u squid/src/neighbors.c:1.1.1.28 squid/src/neighbors.c:1.1.1.28.2.1
--- squid/src/neighbors.c:1.1.1.28 Sun Dec 13 15:49:46 1998
+++ squid/src/neighbors.c Mon Dec 28 02:18:40 1998
@@ -146,7 +146,7 @@
return do_ping;
if (p->access == NULL)
return do_ping;
- checklist.src_addr = request->client_addr;
+ checklist.src.sin_addr = request->client_addr;
checklist.request = request;
return aclCheckFast(p->access, &checklist);
}
Index: squid/src/peer_select.c
diff -u squid/src/peer_select.c:1.1.1.24 squid/src/peer_select.c:1.1.1.24.8.1
--- squid/src/peer_select.c:1.1.1.24 Fri Nov 13 23:27:49 1998
+++ squid/src/peer_select.c Mon Dec 28 02:18:40 1998
@@ -268,26 +268,16 @@
RequestMethodStr[request->method],
request->host);
if (psstate->always_direct == 0 && Config.accessList.AlwaysDirect) {
- psstate->acl_checklist = aclChecklistCreate(
- Config.accessList.AlwaysDirect,
- request,
- request->client_addr,
- NULL, /* user agent */
- NULL); /* ident */
- aclNBCheck(psstate->acl_checklist,
+ aclNBCheck(Config.accessList.AlwaysDirect,
+ request->acl_checklist,
peerCheckAlwaysDirectDone,
psstate);
return;
} else if (psstate->always_direct > 0) {
direct = DIRECT_YES;
} else if (psstate->never_direct == 0 && Config.accessList.NeverDirect) {
- psstate->acl_checklist = aclChecklistCreate(
- Config.accessList.NeverDirect,
- request,
- request->client_addr,
- NULL, /* user agent */
- NULL); /* ident */
- aclNBCheck(psstate->acl_checklist,
+ aclNBCheck(Config.accessList.NeverDirect,
+ request->acl_checklist,
peerCheckNeverDirectDone,
psstate);
return;
Index: squid/src/protos.h
diff -u squid/src/protos.h:1.1.1.35.2.1 squid/src/protos.h:1.1.1.35.2.2
--- squid/src/protos.h:1.1.1.35.2.1 Sun Dec 13 15:57:45 1998
+++ squid/src/protos.h Mon Dec 28 02:18:40 1998
@@ -43,12 +43,10 @@
#endif
extern void aclInit(void);
-extern aclCheck_t *aclChecklistCreate(const struct _acl_access *,
- request_t *,
- struct in_addr src,
- const char *user_agent,
- const char *ident);
-extern void aclNBCheck(aclCheck_t *, PF *, void *);
+extern aclCheck_t *aclChecklistCreate(request_t *,
+ struct sockaddr_in *src_addr,
+ struct sockaddr_in *local_addr);
+extern void aclNBCheck(const struct _acl_access *, aclCheck_t *, PF *, void *);
extern int aclCheckFast(const struct _acl_access *A, aclCheck_t *);
extern void aclChecklistFree(aclCheck_t *);
extern void aclDestroyAccessList(struct _acl_access **list);
@@ -659,8 +657,8 @@
extern void sslStart(int fd, const char *, request_t *, size_t * sz);
extern void waisStart(request_t *, StoreEntry *, int fd);
extern void passStart(int, const char *, request_t *, size_t *);
-extern void identStart(int, ConnStateData *, IDCB * callback, void *);
-
+extern void *identStart(struct sockaddr_in *me, struct sockaddr_in *peer, IDCB * callback, void *cbdata);
+extern void identAbort(void *data);
extern void statInit(void);
extern void statFreeMemory(void);
extern double median_svc_get(int, int);
Index: squid/src/redirect.c
diff -u squid/src/redirect.c:1.1.1.17 squid/src/redirect.c:1.1.1.17.10.1
--- squid/src/redirect.c:1.1.1.17 Sat Oct 31 14:36:12 1998
+++ squid/src/redirect.c Mon Dec 28 02:18:41 1998
@@ -103,11 +103,9 @@
cbdataAdd(r, MEM_NONE);
r->orig_url = xstrdup(http->uri);
r->client_addr = conn->log_addr;
- if (conn->ident.ident == NULL || *conn->ident.ident == '\0') {
+ r->client_ident = http->request->user_ident;
+ if (!*r->client_ident)
r->client_ident = dash_str;
- } else {
- r->client_ident = conn->ident.ident;
- }
r->method_s = RequestMethodStr[http->request->method];
r->handler = handler;
r->data = data;
Index: squid/src/snmp_auth.c
diff -u squid/src/snmp_auth.c:1.1.1.3 squid/src/snmp_auth.c:1.1.1.3.16.1
--- squid/src/snmp_auth.c:1.1.1.3 Sat Oct 3 02:58:23 1998
+++ squid/src/snmp_auth.c Mon Dec 28 02:18:41 1998
@@ -66,9 +66,9 @@
communityEntry *cp;
for (cp = Config.Snmp.communities; cp != NULL; cp = cp->next)
if (!strcmp((char *) rq->community, cp->name) && cp->acls) {
- rq->acl_checklist = aclChecklistCreate(cp->acls,
- NULL, rq->from.sin_addr, NULL, NULL);
- aclNBCheck(rq->acl_checklist, snmpAclCheckDone, rq);
+ rq->acl_checklist = aclChecklistCreate(NULL,
+ &rq->from, NULL);
+ aclNBCheck(cp->acls, rq->acl_checklist, snmpAclCheckDone, rq);
return;
}
snmpAclCheckDone(ACCESS_ALLOWED, rq);
@@ -87,6 +87,7 @@
int ret;
debug(49, 5) ("snmpAclCheckDone: %d\n", answer);
+ aclChecklistFree(rq->acl_checklist);
rq->acl_checklist = NULL;
PDU = rq->PDU;
Community = rq->community;
Index: squid/src/structs.h
diff -u squid/src/structs.h:1.1.1.34.2.1 squid/src/structs.h:1.1.1.34.2.2
--- squid/src/structs.h:1.1.1.34.2.1 Sun Dec 13 15:57:49 1998
+++ squid/src/structs.h Mon Dec 28 02:18:42 1998
@@ -156,17 +156,19 @@
acl_access *next;
};
+/* The information needed while doing ACL checks. Gradually
+ * completed with additional data as required. */
struct _aclCheck_t {
- const acl_access *access_list;
- struct in_addr src_addr;
+ struct sockaddr_in src;
+ struct sockaddr_in me;
struct in_addr dst_addr;
request_t *request;
char ident[USER_IDENT_SZ];
- char browser[BROWSERNAMELEN];
acl_proxy_auth_user *auth_user;
acl_lookup_state state[ACL_ENUM_MAX];
PF *callback;
void *callback_data;
+ const acl_access *access_list; /* aclNBCheck ACL state */
};
struct _aio_result_t {
@@ -804,7 +806,6 @@
struct timeval start;
float http_ver;
int redirect_state;
- aclCheck_t *acl_checklist; /* need ptr back so we can unreg if needed */
clientHttpRequest *next;
AccessLogEntry al;
struct {
@@ -829,13 +830,6 @@
struct sockaddr_in peer;
struct sockaddr_in me;
struct in_addr log_addr;
- struct {
- int fd;
- char ident[USER_IDENT_SZ];
- IDCB *callback;
- int state;
- void *callback_data;
- } ident;
int nrequests;
int persistent;
int tproxy;
@@ -1280,7 +1274,7 @@
protocol_t protocol;
char login[MAX_LOGIN_SZ];
char host[SQUIDHOSTNAMELEN + 1];
- char user_ident[USER_IDENT_SZ]; /* from proxy auth or ident server */
+ char user_ident[USER_IDENT_SZ]; /* from proxy auth or ident server, used for logging */
u_short port;
String urlpath;
char *canonical;
@@ -1302,6 +1296,7 @@
delay_id delay_id;
#endif
char *peer_login; /* Configured peer login:password */
+ aclCheck_t *acl_checklist;
};
struct _cachemgr_passwd {
Index: squid/src/typedefs.h
diff -u squid/src/typedefs.h:1.1.1.20 squid/src/typedefs.h:1.1.1.20.10.1
--- squid/src/typedefs.h:1.1.1.20 Sat Oct 31 14:36:17 1998
+++ squid/src/typedefs.h Mon Dec 28 02:18:42 1998
@@ -181,7 +181,7 @@
typedef void DRCB(int fd, const char *buf, int size, int errflag, void *data);
typedef void DWCB(int, int, size_t, void *);
typedef void FQDNH(const char *, void *);
-typedef void IDCB(void *);
+typedef void IDCB(const char *ident, void *data);
typedef void IPH(const ipcache_addrs *, void *);
typedef void IRCB(peer *, peer_t, protocol_t, void *, void *data);
typedef void PSC(peer *, void *);
Received on Tue Jul 29 2003 - 13:15:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:02 MST