2.1.PATCH2: ident acl + other related things

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 28 Dec 1998 02:27:12 +0100

The last day I have been working on transforming the ident acl into a
normal ACL which invokes ident when needed. While doing this a number of
other areas have been touched as well when I passed by them and that is
why the patch looks the way it does..

* Rewrote ident.c to be a separate module, with proper cbdata checks.
* Moved everything that has to do with invoking ident to acl.c.
* Moved accel-only access check to acl.c.
* Moved acl checklist to the request structure. This is to allow reuse
of looked up information in later access checks. Access list is now sent
to aclNBCheck instead of aclChecklistCreate.
* Changed some one-letter variable names to their full name.
* Deny fast ACL checks if deny and lookup required.
* Removed most arguments from aclCheckListCreate. It now takes request
and source/destination addresses (sockaddr_in to include port).
* Rewrote/added some of the documentation in cbdata.c
* Added acl type src_port.
* Changed the username used in logging and redirector to be: (1)
proxy_auth, (2) ident, (3) "-".

I had planned to split this patch into 3 or 4 separate patches, but due
to lack of time I have not done this yet.

/Henrik

    [ Part 2: "Attached Text" ]

Index: squid/src/HttpRequest.c
diff -u squid/src/HttpRequest.c:1.1.1.4.24.1 squid/src/HttpRequest.c:1.1.1.4.24.2
--- squid/src/HttpRequest.c:1.1.1.4.24.1 Sun Dec 13 15:57:31 1998
+++ squid/src/HttpRequest.c Mon Dec 28 02:18:35 1998
@@ -63,6 +63,8 @@
         httpHdrCcDestroy(req->cache_control);
     if (req->range)
         httpHdrRangeDestroy(req->range);
+ if (req->acl_checklist)
+ aclChecklistFree(req->acl_checklist);
     memFree(MEM_REQUEST_T, req);
 }
 
Index: squid/src/acl.c
diff -u squid/src/acl.c:1.1.1.27.2.1 squid/src/acl.c:1.1.1.27.2.2
--- squid/src/acl.c:1.1.1.27.2.1 Sun Dec 13 15:57:32 1998
+++ squid/src/acl.c Mon Dec 28 02:18:36 1998
@@ -90,6 +90,8 @@
 static SPLAYWALKEE aclDumpIpListWalkee;
 static SPLAYWALKEE aclDumpDomainListWalkee;
 static SPLAYFREE aclFreeIpData;
+static IDCB aclLookupIdentDone;
+static int checkAccelOnly(request_t * request);
 
 #if USE_ARP_ACL
 static void aclParseArpList(void *curlist);
@@ -100,6 +102,24 @@
 static SPLAYWALKEE aclDumpArpListWalkee;
 #endif
 
+static int
+checkAccelOnly(request_t * request)
+{
+ /* return TRUE if someone makes a proxy request to us and
+ * we are in httpd-accel only mode */
+ if (!request)
+ return 0;
+ if (!Config2.Accel.on)
+ return 0;
+ if (Config.onoff.accel_with_proxy)
+ return 0;
+ if (request->protocol == PROTO_CACHEOBJ)
+ return 0;
+ if (request->flags.accelerated)
+ return 0;
+ return 1;
+}
+
 static char *
 strtokFile(void)
 {
@@ -172,6 +192,8 @@
         return ACL_URL_REGEX;
     if (!strcmp(s, "port"))
         return ACL_URL_PORT;
+ if (!strcmp(s, "src_port"))
+ return ACL_SRC_PORT;
     if (!strcmp(s, "ident"))
         return ACL_IDENT;
     if (!strncmp(s, "proto", 5))
@@ -220,6 +242,8 @@
         return "url_regex";
     if (type == ACL_URL_PORT)
         return "port";
+ if (type == ACL_SRC_PORT)
+ return "src_port";
     if (type == ACL_IDENT)
         return "ident";
     if (type == ACL_PROTO)
@@ -716,10 +740,10 @@
         aclParseIntlist(&A->data);
         break;
     case ACL_URL_PORT:
+ case ACL_SRC_PORT:
         aclParseIntRange(&A->data);
         break;
     case ACL_IDENT:
- Config.onoff.ident_lookup = 1;
         aclParseWordList(&A->data);
         break;
     case ACL_PROTO:
@@ -1025,7 +1049,7 @@
  */
 
 static int
-aclMatchProxyAuth(wordlist * data, const char * proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
+aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
 {
     /* checklist is used to register user name when identified, nothing else */
     LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ);
@@ -1041,7 +1065,6 @@
         debug(28, 2) ("aclMatchProxyAuth: user '%s' not allowed\n", user);
         return 0;
     }
-
     if (!auth_user) {
         /* see if we already know this user */
         auth_user = hash_lookup(proxy_auth_cache, user);
@@ -1064,6 +1087,7 @@
             /* remove this user from the hash, making him unknown */
             hash_remove_link(proxy_auth_cache, (hash_link *) auth_user);
             aclFreeProxyAuthUser(auth_user);
+ checklist->auth_user = NULL;
             /* copy username to request for logging on client-side unless ident
              * is known (do not override ident with false proxy auth names) */
             if (!*checklist->request->user_ident)
@@ -1078,6 +1102,7 @@
             assert(checklist->auth_user->passwd_ok == 0);
             debug(28, 4) ("aclMatchProxyAuth: authentication failed for user '%s'\n",
                 user);
+ checklist->auth_user = NULL;
             return 0;
         }
         debug(28, 4) ("aclMatchProxyAuth: user '%s' validated OK\n", user);
@@ -1085,6 +1110,7 @@
         checklist->auth_user->expiretime = current_time.tv_sec + Config.authenticateTTL;
         hash_join(proxy_auth_cache, (hash_link *) checklist->auth_user);
 
+ checklist->auth_user = NULL;
         return 1;
     }
 
@@ -1203,7 +1229,7 @@
 static int
 aclMatchAcl(acl * ae, aclCheck_t * checklist)
 {
- request_t *r = checklist->request;
+ const request_t *request = checklist->request;
     const ipcache_addrs *ia = NULL;
     const char *fqdn = NULL;
     char *esc_buf;
@@ -1213,10 +1239,11 @@
     debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline);
     switch (ae->type) {
     case ACL_SRC_IP:
- return aclMatchIp(&ae->data, checklist->src_addr);
+ return aclMatchIp(&ae->data, checklist->src.sin_addr);
         /* NOTREACHED */
     case ACL_DST_IP:
- ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS);
+ assert(request);
+ ia = ipcache_gethostbyname(request->host, IP_LOOKUP_IF_MISS);
         if (ia) {
             for (k = 0; k < (int) ia->count; k++) {
                 if (aclMatchIp(&ae->data, ia->in_addrs[k]))
@@ -1225,7 +1252,7 @@
             return 0;
         } else if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NONE) {
             debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, r->host);
+ ae->name, request->host);
             checklist->state[ACL_DST_IP] = ACL_LOOKUP_NEEDED;
             return 0;
         } else {
@@ -1233,8 +1260,9 @@
         }
         /* NOTREACHED */
     case ACL_DST_DOMAIN:
- if ((ia = ipcacheCheckNumeric(r->host)) == NULL)
- return aclMatchDomainList(&ae->data, r->host);
+ assert(request);
+ if ((ia = ipcacheCheckNumeric(request->host)) == NULL)
+ return aclMatchDomainList(&ae->data, request->host);
         fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS);
         if (fqdn)
             return aclMatchDomainList(&ae->data, fqdn);
@@ -1247,20 +1275,21 @@
         return aclMatchDomainList(&ae->data, "none");
         /* NOTREACHED */
     case ACL_SRC_DOMAIN:
- fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
+ fqdn = fqdncache_gethostbyaddr(checklist->src.sin_addr, FQDN_LOOKUP_IF_MISS);
         if (fqdn) {
             return aclMatchDomainList(&ae->data, fqdn);
         } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) {
             debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, inet_ntoa(checklist->src_addr));
+ ae->name, inet_ntoa(checklist->src.sin_addr));
             checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED;
             return 0;
         }
         return aclMatchDomainList(&ae->data, "none");
         /* NOTREACHED */
     case ACL_DST_DOM_REGEX:
- if ((ia = ipcacheCheckNumeric(r->host)) == NULL)
- return aclMatchRegex(ae->data, r->host);
+ assert(request);
+ if ((ia = ipcacheCheckNumeric(request->host)) == NULL)
+ return aclMatchRegex(ae->data, request->host);
         fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS);
         if (fqdn)
             return aclMatchRegex(ae->data, fqdn);
@@ -1273,12 +1302,12 @@
         return aclMatchRegex(ae->data, "none");
         /* NOTREACHED */
     case ACL_SRC_DOM_REGEX:
- fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
+ fqdn = fqdncache_gethostbyaddr(checklist->src.sin_addr, FQDN_LOOKUP_IF_MISS);
         if (fqdn) {
             return aclMatchRegex(ae->data, fqdn);
         } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) {
             debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, inet_ntoa(checklist->src_addr));
+ ae->name, inet_ntoa(checklist->src.sin_addr));
             checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED;
             return 0;
         }
@@ -1288,46 +1317,58 @@
         return aclMatchTime(ae->data, squid_curtime);
         /* NOTREACHED */
     case ACL_URLPATH_REGEX:
- esc_buf = xstrdup(strBuf(r->urlpath));
+ assert(request);
+ esc_buf = xstrdup(strBuf(request->urlpath));
         rfc1738_unescape(esc_buf);
         k = aclMatchRegex(ae->data, esc_buf);
         safe_free(esc_buf);
         return k;
         /* NOTREACHED */
     case ACL_URL_REGEX:
- esc_buf = xstrdup(urlCanonical(r));
+ assert(request);
+ esc_buf = xstrdup(urlCanonical(checklist->request));
         rfc1738_unescape(esc_buf);
         k = aclMatchRegex(ae->data, esc_buf);
         safe_free(esc_buf);
         return k;
         /* NOTREACHED */
     case ACL_URL_PORT:
- return aclMatchIntegerRange(ae->data, r->port);
+ assert(request);
+ return aclMatchIntegerRange(ae->data, request->port);
+ /* NOTREACHED */
+ case ACL_SRC_PORT:
+ assert(request);
+ return aclMatchIntegerRange(ae->data, ntohs(checklist->src.sin_port));
         /* NOTREACHED */
     case ACL_IDENT:
         return aclMatchUser(ae->data, checklist->ident);
         /* NOTREACHED */
     case ACL_PROTO:
- return aclMatchInteger(ae->data, r->protocol);
+ assert(request);
+ return aclMatchInteger(ae->data, request->protocol);
         /* NOTREACHED */
     case ACL_METHOD:
- return aclMatchInteger(ae->data, r->method);
+ assert(request);
+ return aclMatchInteger(ae->data, request->method);
         /* NOTREACHED */
     case ACL_BROWSER:
- return aclMatchRegex(ae->data, checklist->browser);
+ assert(request);
+ return aclMatchRegex(ae->data,
+ httpHeaderGetStr(&request->header, HDR_USER_AGENT));
         /* NOTREACHED */
     case ACL_PROXY_AUTH:
- if (!r->flags.accelerated) {
+ assert(request);
+ if (!request->flags.accelerated) {
             /* Proxy authorization on proxy requests */
             k = aclMatchProxyAuth(ae->data,
- httpHeaderGetStr(&checklist->request->header,
+ httpHeaderGetStr(&request->header,
                     HDR_PROXY_AUTHORIZATION),
                 checklist->auth_user,
                 checklist);
- } else if (r->flags.internal) {
+ } else if (request->flags.internal) {
             /* WWW authorization on accelerated internal requests */
             k = aclMatchProxyAuth(ae->data,
- httpHeaderGetStr(&checklist->request->header,
+ httpHeaderGetStr(&request->header,
                     HDR_AUTHORIZATION),
                 checklist->auth_user,
                 checklist);
@@ -1335,7 +1376,7 @@
 #if AUTH_ON_ACCELERATION
             /* WWW authorization on accelerated requests */
             k = aclMatchProxyAuth(ae->data,
- httpHeaderGetStr(&checklist->request->header,
+ httpHeaderGetStr(&request->header,
                     HDR_AUTHORIZATION),
                 checklist->auth_user,
                 checklist);
@@ -1358,7 +1399,7 @@
              * authentication header so that it is not forwarded to the
              * next proxy
              */
- r->flags.used_proxy_auth = 1;
+ checklist->request->flags.used_proxy_auth = 1;
             return 1;
         } else if (k == -1) {
             /*
@@ -1369,11 +1410,12 @@
         }
         /* NOTREACHED */
     case ACL_SNMP_COMM:
- return asnMatchIp(ae->data, checklist->src_addr);
+ return asnMatchIp(ae->data, checklist->src.sin_addr);
     case ACL_SRC_ASN:
- return asnMatchIp(ae->data, checklist->src_addr);
+ return asnMatchIp(ae->data, checklist->src.sin_addr);
     case ACL_DST_ASN:
- ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS);
+ assert(request);
+ ia = ipcache_gethostbyname(request->host, IP_LOOKUP_IF_MISS);
         if (ia) {
             for (k = 0; k < (int) ia->count; k++) {
                 if (asnMatchIp(ae->data, ia->in_addrs[k]))
@@ -1382,7 +1424,7 @@
             return 0;
         } else if (checklist->state[ACL_DST_ASN] == ACL_LOOKUP_NONE) {
             debug(28, 3) ("asnMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
- ae->name, r->host);
+ ae->name, request->host);
             checklist->state[ACL_DST_ASN] = ACL_LOOKUP_NEEDED;
         } else {
             return asnMatchIp(ae->data, no_addr);
@@ -1390,7 +1432,7 @@
         return 0;
 #if USE_ARP_ACL
     case ACL_SRC_ARP:
- return aclMatchArp(&ae->data, checklist->src_addr);
+ return aclMatchArp(&ae->data, checklist->src.sin_addr);
 #endif
     case ACL_NONE:
     default:
@@ -1422,11 +1464,20 @@
 aclCheckFast(const acl_access * A, aclCheck_t * checklist)
 {
     int allow = 0;
+ int i;
     debug(28, 5) ("aclCheckFast: list: %p\n", A);
+ for (i = 0; i < ACL_ENUM_MAX; i++)
+ checklist->state[i] = ACL_LOOKUP_NONE;
     while (A) {
         allow = A->allow;
         if (aclMatchAclList(A->acl_list, checklist))
             return allow;
+ if (!allow) {
+ /* Deny access if a lookup is required */
+ for (i = 0; i < ACL_ENUM_MAX; i++)
+ if (checklist->state[i] != ACL_LOOKUP_NONE)
+ return 0;
+ }
         A = A->next;
     }
     debug(28, 5) ("aclCheckFast: no matches, returning: %d\n", !allow);
@@ -1440,6 +1491,12 @@
     const acl_access *A;
     int match;
     ipcache_addrs *ia;
+ /* Special check for proxy requests in accelerator-only mode */
+ if (checkAccelOnly(checklist->request)) {
+ debug(28, 3) ("aclCheck: Only allowing accelerated requests\n");
+ aclCheckCallback(checklist, 0);
+ return;
+ }
     while ((A = checklist->access_list) != NULL) {
         /*
          * If the _acl_access is no longer valid (i.e. its been
@@ -1467,7 +1524,7 @@
             return;
         } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NEEDED) {
             checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_PENDING;
- fqdncache_nbgethostbyaddr(checklist->src_addr,
+ fqdncache_nbgethostbyaddr(checklist->src.sin_addr,
                 aclLookupSrcFQDNDone,
                 checklist);
             return;
@@ -1496,8 +1553,9 @@
             match = -1;
         } else if (checklist->state[ACL_IDENT] == ACL_LOOKUP_NEEDED) {
             debug(28, 3) ("aclCheck: Doing ident lookup\n");
- /* XXX how to do ident lookup? */
             checklist->state[ACL_IDENT] = ACL_LOOKUP_PENDING;
+ identStart(&checklist->me, &checklist->src,
+ aclLookupIdentDone, checklist);
             return;
         }
         /*
@@ -1505,12 +1563,12 @@
          * is allowed, denied, requires authentication, or we move on to
          * the next entry.
          */
- cbdataUnlock(A);
         if (match) {
             debug(28, 3) ("aclCheck: match found, returning %d\n", allow);
             aclCheckCallback(checklist, allow);
             return;
         }
+ cbdataUnlock(A);
         checklist->access_list = A->next;
         /*
          * Lock the next _acl_access entry
@@ -1526,7 +1584,7 @@
 aclChecklistFree(aclCheck_t * checklist)
 {
     if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_PENDING)
- fqdncacheUnregister(checklist->src_addr, checklist);
+ fqdncacheUnregister(checklist->src.sin_addr, checklist);
     if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_PENDING)
         fqdncacheUnregister(checklist->dst_addr, checklist);
     if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_PENDING)
@@ -1540,13 +1598,27 @@
 static void
 aclCheckCallback(aclCheck_t * checklist, allow_t answer)
 {
+ PF *callback = checklist->callback;
+ void *callback_data = checklist->callback_data;
     debug(28, 3) ("aclCheckCallback: answer=%d\n", answer);
- if (cbdataValid(checklist->callback_data))
- checklist->callback(answer, checklist->callback_data);
- cbdataUnlock(checklist->callback_data);
+ cbdataUnlock(checklist->access_list);
+ checklist->access_list = NULL;
     checklist->callback = NULL;
     checklist->callback_data = NULL;
- aclChecklistFree(checklist);
+ if (cbdataValid(callback_data))
+ callback(answer, callback_data);
+ cbdataUnlock(callback_data);
+}
+
+static void
+aclLookupIdentDone(const char *result, void *data)
+{
+ aclCheck_t *checklist = data;
+ if (result)
+ xstrncpy(checklist->ident, result, USER_IDENT_SZ);
+ else
+ xstrncpy(checklist->ident, dash_str, USER_IDENT_SZ);
+ aclCheck(checklist);
 }
 
 static void
@@ -1596,41 +1668,62 @@
 }
 
 aclCheck_t *
-aclChecklistCreate(const acl_access * A,
- request_t * request,
- struct in_addr src_addr,
- const char *user_agent,
- const char *ident)
+aclChecklistCreate(request_t * request,
+ struct sockaddr_in *src_addr,
+ struct sockaddr_in *local_addr)
 {
     int i;
     aclCheck_t *checklist = memAllocate(MEM_ACLCHECK_T);
     cbdataAdd(checklist, MEM_ACLCHECK_T);
- checklist->access_list = A;
- /*
- * aclCheck() makes sure checklist->access_list is a valid
- * pointer, so lock it.
- */
- cbdataLock(A);
     if (request != NULL)
         checklist->request = requestLink(request);
- checklist->src_addr = src_addr;
+ if (src_addr)
+ checklist->src = *src_addr;
+ if (local_addr)
+ checklist->me = *local_addr;
     for (i = 0; i < ACL_ENUM_MAX; i++)
         checklist->state[i] = ACL_LOOKUP_NONE;
- if (user_agent)
- xstrncpy(checklist->browser, user_agent, BROWSERNAMELEN);
- if (ident)
- xstrncpy(checklist->ident, ident, USER_IDENT_SZ);
     checklist->auth_user = NULL; /* init to NULL */
     return checklist;
 }
 
+aclCheck_t *
+aclChecklistCopy(aclCheck_t * oldchecklist, request_t * request)
+{
+ int i;
+ aclCheck_t *newchecklist = memAllocate(MEM_ACLCHECK_T);
+ cbdataAdd(newchecklist, MEM_ACLCHECK_T);
+ memcpy(newchecklist, oldchecklist, sizeof(aclCheck_t));
+ if (request != NULL)
+ newchecklist->request = requestLink(request);
+ else
+ newchecklist->request = NULL;
+ for (i = 0; i < ACL_ENUM_MAX; i++)
+ if (newchecklist->state[i] != ACL_LOOKUP_DONE)
+ newchecklist->state[i] = ACL_LOOKUP_NONE;
+ return newchecklist;
+}
+
 void
-aclNBCheck(aclCheck_t * checklist, PF callback, void *callback_data)
+aclNBCheck(const struct _acl_access *A, aclCheck_t * checklist, PF callback, void *callback_data)
 {
+ assert(checklist->access_list == NULL); /* nested aclNBCheck is not supported */
+ /*
+ * aclCheck() makes sure checklist->access_list is a valid
+ * pointer, so lock it.
+ */
+ checklist->access_list = A;
+ cbdataLock(A);
     checklist->callback = callback;
     checklist->callback_data = callback_data;
     cbdataLock(callback_data);
- aclCheck(checklist);
+ /* Force ident lookups if configured */
+ if (Config.onoff.ident_lookup && !*checklist->ident) {
+ checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED;
+ identStart(&checklist->me, &checklist->src,
+ aclLookupIdentDone, checklist);
+ aclCheck(checklist);
+ }
 }
 
 
Index: squid/src/cbdata.c
diff -u squid/src/cbdata.c:1.1.1.11 squid/src/cbdata.c:1.1.1.11.12.2
--- squid/src/cbdata.c:1.1.1.11 Thu Oct 22 20:48:42 1998
+++ squid/src/cbdata.c Mon Dec 28 02:18:36 1998
@@ -43,25 +43,50 @@
  * when finished.
  *
  * In terms of time, the sequence goes something like this:
- *
- * foo = xcalloc(sizeof(foo));
- * cbdataAdd(foo);
- * ...
- * cbdataLock(foo);
- * some_blocking_operation(..., callback_func, foo);
- * ...
- * some_blocking_operation_completes()
- * if (cbdataValid(foo))
- * callback_func(..., foo)
- * cbdataUnlock(foo);
- * ...
- * cbdataFree(foo);
- *
+ *
+ * Caller:
+ * foo = xcalloc(sizeof(foo));
+ * cbdataAdd(foo);
+ * ...
+ * some_blocking_operation(..., callback_func, foo);
+ *
+ * Blocking operation:
+ * cbdataLock(foo);
+ * state->callback = callback_func;
+ * state->foo = foo;
+ * ...
+ *
+ * Blocking operation completes:
+ * void *callback_data = state->callback_data;
+ * state->callback_data = NULL;
+ * if (cbdataValid(callback_data) && state->callback)
+ * state->callback(..., callback_data)
+ * state->callback = NULL;
+ * cbdataUnlock(callback_data);
+ *
+ * Caller completes/aborts:
+ * ...
+ * cbdataFree(foo);
+ *
+ * The buisness with a local callback_data variable when the blocking
+ * operation completes is to avoid multiple dereferences when
+ * operations are aborted and the like.
+ *
+ * cbdata does not enforce the useage policy described above. Other
+ * uses of cbdata are possible, but this is the primary use. If you
+ * find that cbdata may be useful in another construct then please
+ * reconsider your design one extra time as it might be a sign that
+ * the design is "messy". The same also applies if you have a design
+ * involving callbacks and/or intra-module referenced data and you
+ * are not using cbdata...
+ *
  * The nice thing is that, we do not need to require that Unlock
  * occurs before Free. If the Free happens first, then the
  * callback data is marked invalid and the callback will never
  * be made. When we Unlock and the lock count reaches zero,
- * we free the memory if it is marked invalid.
+ * we free the memory if it is marked invalid. Data remains
+ * allocated until all references are unlocked to guarantee that
+ * the validity of each reference can be checked.
  */
 
 #include "squid.h"
Index: squid/src/cf.data.pre
diff -u squid/src/cf.data.pre:1.1.1.30.2.1 squid/src/cf.data.pre:1.1.1.30.2.2
--- squid/src/cf.data.pre:1.1.1.30.2.1 Sun Dec 13 15:57:36 1998
+++ squid/src/cf.data.pre Mon Dec 28 02:18:37 1998
@@ -768,6 +768,9 @@
         username for each connection, enable this. It is off by
         default.
 
+ See also acl type ident which can be used to selectively
+ do ident lookups.
+
 ident_lookup off
 DOC_END
 
@@ -1386,7 +1389,8 @@
         when using "file", the file should contain one item per line
 
         acltype is one of src dst srcdomain dstdomain url_pattern
- urlpath_pattern time port proto method browser user
+ urlpath_pattern time port proto method browser ident
+ proxy_auth src_port
 
         acl aclname src ip-address/netmask ... (clients IP address)
         acl aclname src addr1-addr2/netmask ... (range of addresses)
@@ -1445,6 +1449,10 @@
           # WARNING: proxy_auth can't be used in a transparent proxy. It
           # collides with any authentication done by origin servers. It may
           # seem like it works at first, but it doesn't.
+
+ acl aclname src_port 3128 ...
+ # Check the source port of a request. Primarily useful for ICP
+ # checks.
 
 
 Examples:
Index: squid/src/client_side.c
diff -u squid/src/client_side.c:1.1.1.35.2.2 squid/src/client_side.c:1.1.1.35.2.3
--- squid/src/client_side.c:1.1.1.35.2.2 Mon Dec 14 21:25:02 1998
+++ squid/src/client_side.c Mon Dec 28 02:18:37 1998
@@ -76,7 +76,6 @@
 static RH clientRedirectDone;
 static STCB clientHandleIMSReply;
 static int clientGetsOldEntry(StoreEntry * new, StoreEntry * old, request_t * request);
-static int checkAccelOnly(clientHttpRequest *);
 static int clientOnlyIfCached(clientHttpRequest * http);
 static STCB clientSendMoreData;
 static STCB clientCacheHit;
@@ -92,43 +91,16 @@
 static int httpAcceptDefer(void);
 static log_type clientProcessRequest2(clientHttpRequest * http);
 
-static int
-checkAccelOnly(clientHttpRequest * http)
-{
- /* return TRUE if someone makes a proxy request to us and
- * we are in httpd-accel only mode */
- if (!Config2.Accel.on)
- return 0;
- if (Config.onoff.accel_with_proxy)
- return 0;
- if (http->request->protocol == PROTO_CACHEOBJ)
- return 0;
- if (http->flags.accel)
- return 0;
- return 1;
-}
-
 void
 clientAccessCheck(void *data)
 {
     clientHttpRequest *http = data;
     ConnStateData *conn = http->conn;
- const char *browser;
- if (Config.onoff.ident_lookup && conn->ident.state == IDENT_NONE) {
- identStart(-1, conn, clientAccessCheck, http);
- return;
- }
- if (checkAccelOnly(http)) {
- clientAccessCheckDone(0, http);
- return;
- }
- browser = httpHeaderGetStr(&http->request->header, HDR_USER_AGENT);
- http->acl_checklist = aclChecklistCreate(Config.accessList.http,
- http->request,
- conn->peer.sin_addr,
- browser,
- conn->ident.ident);
- aclNBCheck(http->acl_checklist, clientAccessCheckDone, http);
+ http->request->acl_checklist = aclChecklistCreate(http->request,
+ &conn->peer,
+ &conn->me);
+ aclNBCheck(Config.accessList.http, http->request->acl_checklist,
+ clientAccessCheckDone, http);
 }
 
 /*
@@ -201,7 +173,6 @@
     int page_id = -1;
     ErrorState *err = NULL;
     debug(33, 5) ("clientAccessCheckDone: '%s' answer=%d\n", http->uri, answer);
- http->acl_checklist = NULL;
     if (answer == ACCESS_ALLOWED) {
         safe_free(http->uri);
         http->uri = xstrdup(urlCanonical(http->request));
@@ -265,7 +236,9 @@
         new_request->http_ver = old_request->http_ver;
         httpHeaderAppend(&new_request->header, &old_request->header);
         new_request->client_addr = old_request->client_addr;
+ new_request->flags = old_request->flags;
         new_request->flags.redirected = 1;
+ xstrncpy(new_request->user_ident, old_request->user_ident, USER_IDENT_SZ);
         if (old_request->body) {
             new_request->body = xmalloc(old_request->body_sz);
             xmemcpy(new_request->body, old_request->body, old_request->body_sz);
@@ -639,10 +612,7 @@
         http->al.cache.size = http->out.size;
         http->al.cache.code = http->log_type;
         http->al.cache.msec = tvSubMsec(http->start, current_time);
- if (request->user_ident[0])
- http->al.cache.ident = request->user_ident;
- else
- http->al.cache.ident = conn->ident.ident;
+ http->al.cache.ident = request->user_ident;
         if (request) {
             Packer p;
             MemBuf mb;
@@ -660,8 +630,6 @@
         clientUpdateCounters(http);
         clientdbUpdate(conn->peer.sin_addr, http->log_type, PROTO_HTTP, http->out.size);
     }
- if (http->acl_checklist)
- aclChecklistFree(http->acl_checklist);
     if (request)
         checkFailureRatio(request->err_type, http->al.hier.code);
     safe_free(http->uri);
@@ -710,8 +678,6 @@
         assert(connState->chr != connState->chr->next);
         httpRequestFree(http);
     }
- if (connState->ident.fd > -1)
- comm_close(connState->ident.fd);
     safe_free(connState->in.buf);
     /* XXX account connState->in.buf */
     pconnHistCount(0, connState->nrequests);
@@ -857,7 +823,7 @@
      *
      * This may not work yet for 'dst' and 'dst_domain' ACLs.
      */
- ch.src_addr = http->conn->peer.sin_addr;
+ ch.src.sin_addr = http->conn->peer.sin_addr;
     ch.request = http->request;
     /*
      * aclCheckFast returns 1 for ALLOW and 0 for DENY. The default
@@ -2483,7 +2449,6 @@
         connState->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
         connState->me = me;
         connState->fd = fd;
- connState->ident.fd = -1;
         connState->in.size = REQUEST_BUF_SIZE;
         connState->in.buf = xcalloc(connState->in.size, 1);
         cbdataAdd(connState, MEM_NONE);
Index: squid/src/delay_pools.c
diff -u squid/src/delay_pools.c:1.1.1.4 squid/src/delay_pools.c:1.1.1.4.10.1
--- squid/src/delay_pools.c:1.1.1.4 Sat Oct 31 14:36:04 1998
+++ squid/src/delay_pools.c Mon Dec 28 02:18:38 1998
@@ -81,7 +81,7 @@
     request_t *r = http->request;
 
     memset(&ch, '\0', sizeof(ch));
- ch.src_addr = http->conn->peer.sin_addr;
+ ch.src = http->conn->peer;
     ch.request = r;
     if (aclCheckFast(Config.Delay.class1.access, &ch)) {
         class = 1;
@@ -90,9 +90,9 @@
     }
     if (aclCheckFast(Config.Delay.class2.access, &ch)) {
         class = 2;
- host = ntohl(ch.src_addr.s_addr) & 0xff;
+ host = ntohl(ch.src.sin_addr.s_addr) & 0xff;
         if (host == 255 || !host) {
- debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src_addr));
+ debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src.sin_addr));
             class = 0;
             r->delay_id = delayId(class, position);
             return 0;
@@ -113,11 +113,11 @@
     }
     if (aclCheckFast(Config.Delay.class3.access, &ch)) {
         class = 3;
- host = ntohl(ch.src_addr.s_addr) & 0xffff;
+ host = ntohl(ch.src.sin_addr.s_addr) & 0xffff;
         net = host >> 8;
         host &= 0xff;
         if (host == 255 || !host || net == 255) {
- debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src_addr));
+ debug(77, 0) ("ARGH: Delay requested for host %s\n", inet_ntoa(ch.src.sin_addr));
             class = 0;
             r->delay_id = delayId(class, position);
             return 0;
Index: squid/src/enums.h
diff -u squid/src/enums.h:1.1.1.29 squid/src/enums.h:1.1.1.29.8.1
--- squid/src/enums.h:1.1.1.29 Fri Nov 13 23:27:43 1998
+++ squid/src/enums.h Mon Dec 28 02:18:38 1998
@@ -107,6 +107,7 @@
     ACL_SRC_ARP,
     ACL_SNMP_COMM,
     ACL_NETDB_SRC_RTT,
+ ACL_SRC_PORT,
     ACL_ENUM_MAX
 } squid_acl;
 
Index: squid/src/forward.c
diff -u squid/src/forward.c:1.1.1.7 squid/src/forward.c:1.1.1.7.4.1
--- squid/src/forward.c:1.1.1.7 Mon Nov 23 00:56:13 1998
+++ squid/src/forward.c Mon Dec 28 02:18:38 1998
@@ -332,7 +332,7 @@
          * Check if this host is allowed to fetch MISSES from us (miss_access)
          */
         memset(&ch, '\0', sizeof(aclCheck_t));
- ch.src_addr = peer_addr;
+ ch.src.sin_addr = peer_addr;
         ch.request = r;
         answer = aclCheckFast(Config.accessList.miss, &ch);
         if (answer == 0) {
Index: squid/src/icp_v2.c
diff -u squid/src/icp_v2.c:1.1.1.21 squid/src/icp_v2.c:1.1.1.21.12.1
--- squid/src/icp_v2.c:1.1.1.21 Thu Oct 22 20:48:49 1998
+++ squid/src/icp_v2.c Mon Dec 28 02:18:39 1998
@@ -217,7 +217,7 @@
             icpUdpSend(fd, &from, reply, LOG_UDP_INVALID, 0);
             break;
         }
- checklist.src_addr = from.sin_addr;
+ checklist.src = from;
         checklist.request = icp_request;
         allow = aclCheckFast(Config.accessList.icp, &checklist);
         if (!allow) {
Index: squid/src/icp_v3.c
diff -u squid/src/icp_v3.c:1.1.1.13 squid/src/icp_v3.c:1.1.1.13.18.1
--- squid/src/icp_v3.c:1.1.1.13 Thu Sep 24 00:19:36 1998
+++ squid/src/icp_v3.c Mon Dec 28 02:18:39 1998
@@ -71,7 +71,7 @@
             icpUdpSend(fd, &from, reply, LOG_UDP_INVALID, 0);
             break;
         }
- checklist.src_addr = from.sin_addr;
+ checklist.src = from;
         checklist.request = icp_request;
         allow = aclCheckFast(Config.accessList.icp, &checklist);
         if (!allow) {
Index: squid/src/ident.c
diff -u squid/src/ident.c:1.1.1.10 squid/src/ident.c:1.1.1.10.2.1
--- squid/src/ident.c:1.1.1.10 Sun Dec 13 15:49:45 1998
+++ squid/src/ident.c Mon Dec 28 02:18:39 1998
@@ -37,82 +37,81 @@
 
 #define IDENT_PORT 113
 
+typedef struct {
+ int fd; /* IDENT fd */
+ struct sockaddr_in me;
+ struct sockaddr_in peer;
+ void *data;
+ IDCB *callback;
+} IdentStateData;
+
 static PF identReadReply;
 static PF identClose;
 static PF identTimeout;
 static CNCB identConnectDone;
-static void identCallback(ConnStateData * connState);
+
+/**** PRIVATE FUNCTIONS ****/
+
+static void
+identCallback(IdentStateData * state, char *result)
+{
+ IDCB *callback;
+ if (result && !*result)
+ result = NULL;
+ if (state->callback) {
+ callback = state->callback;
+ state->callback = NULL;
+ if (cbdataValid(state->data))
+ callback(result, state->data);
+ cbdataUnlock(state->data);
+ state->data = NULL;
+ }
+}
 
 static void
 identClose(int fdnotused, void *data)
 {
- ConnStateData *connState = data;
- connState->ident.fd = -1;
+ IdentStateData *state = data;
+
+ identCallback(state, NULL);
+ comm_close(state->fd);
+ cbdataFree(state);
 }
 
 static void
 identTimeout(int fd, void *data)
 {
- ConnStateData *connState = data;
+ IdentStateData *state = data;
     debug(30, 3) ("identTimeout: FD %d, %s\n", fd,
- inet_ntoa(connState->peer.sin_addr));
+ inet_ntoa(state->peer.sin_addr));
     comm_close(fd);
 }
 
-/* start a TCP connection to the peer host on port 113 */
-void
-identStart(int fd, ConnStateData * connState, IDCB * callback, void *data)
-{
- connState->ident.callback = callback;
- connState->ident.callback_data = data;
- connState->ident.state = IDENT_PENDING;
- if (fd < 0) {
- fd = comm_open(SOCK_STREAM,
- 0,
- connState->me.sin_addr,
- 0,
- COMM_NONBLOCKING,
- "ident");
- if (fd == COMM_ERROR) {
- identCallback(connState);
- return;
- }
- }
- connState->ident.fd = fd;
- comm_add_close_handler(fd,
- identClose,
- connState);
- commConnectStart(fd,
- inet_ntoa(connState->peer.sin_addr),
- IDENT_PORT,
- identConnectDone,
- connState);
-}
-
 static void
 identConnectDone(int fd, int status, void *data)
 {
- ConnStateData *connState = data;
+ IdentStateData *state = data;
     MemBuf mb;
     if (status != COMM_OK) {
+ /* Failed to connect */
         comm_close(fd);
- identCallback(connState);
         return;
     }
     memBufDefInit(&mb);
     memBufPrintf(&mb, "%d, %d\r\n",
- ntohs(connState->peer.sin_port),
- ntohs(connState->me.sin_port));
- comm_write_mbuf(fd, mb, NULL, connState);
- commSetSelect(fd, COMM_SELECT_READ, identReadReply, connState, 0);
- commSetTimeout(fd, Config.Timeout.read, identTimeout, connState);
+ ntohs(state->peer.sin_port),
+ ntohs(state->me.sin_port));
+ comm_write_mbuf(fd, mb, NULL, state);
+ commSetSelect(fd, COMM_SELECT_READ, identReadReply, state, 0);
+ commSetTimeout(fd, Config.Timeout.read, identTimeout, state);
 }
 
 static void
 identReadReply(int fd, void *data)
 {
- ConnStateData *connState = data;
+ IdentStateData *state = data;
     LOCAL_ARRAY(char, buf, BUFSIZ);
+ char *ident = NULL;
     char *t = NULL;
     int len = -1;
 
@@ -121,6 +120,10 @@
     len = read(fd, buf, BUFSIZ - 1);
     fd_bytes(fd, len, FD_READ);
     if (len > 0) {
+ /* XXX This isn't really very tolerant. It should read until EOL
+ * or EOF and then decode the answer... If the reply is fragmented
+ * then this will fail
+ */
         buf[len] = '\0';
         if ((t = strchr(buf, '\r')))
             *t = '\0';
@@ -128,20 +131,71 @@
             *t = '\0';
         debug(30, 5) ("identReadReply: FD %d: Read '%s'\n", fd, buf);
         if (strstr(buf, "USERID")) {
- if ((t = strrchr(buf, ':'))) {
- while (isspace(*++t));
- xstrncpy(connState->ident.ident, t, USER_IDENT_SZ);
+ if ((ident = strrchr(buf, ':'))) {
+ while (isspace(*++ident));
+ identCallback(state, ident);
             }
         }
     }
     comm_close(fd);
- identCallback(connState);
 }
 
-static void
-identCallback(ConnStateData * connState)
+/**** PUBLIC FUNCTIONS ****/
+
+/* start a TCP connection to the peer host on port 113 */
+void *
+identStart(struct sockaddr_in *me, struct sockaddr_in *peer, IDCB * callback, void *data)
+{
+ IdentStateData *state;
+ int fd;
+
+ fd = comm_open(SOCK_STREAM,
+ 0,
+ me->sin_addr,
+ 0,
+ COMM_NONBLOCKING,
+ "ident");
+ if (fd == COMM_ERROR) {
+ /* Failed to get a local socket */
+ callback(NULL, data);
+ return NULL;
+ }
+ state = xcalloc(1, sizeof(IdentStateData));
+ cbdataAdd(state, MEM_NONE);
+ state->callback = callback;
+ cbdataLock(data);
+ state->data = data;
+ state->fd = fd;
+ state->me = *me;
+ state->peer = *peer;
+ comm_add_close_handler(fd,
+ identClose,
+ state);
+ commSetTimeout(fd, Config.Timeout.read, identTimeout, state);
+ commConnectStart(fd,
+ inet_ntoa(state->peer.sin_addr),
+ IDENT_PORT,
+ identConnectDone,
+ state);
+ return (void *) state;
+}
+
+/* Abort a IDENT connection prematurely on the callers request */
+void
+identAbort(void *data)
 {
- connState->ident.state = IDENT_DONE;
- if (connState->ident.callback)
- connState->ident.callback(connState->ident.callback_data);
+ IdentStateData *state = data;
+
+ if (cbdataValid(state)) {
+ /* Don't call any handlers. It is assumed to be the callers
+ * obligation to keep track of the resources assosiated
+ * with the handler
+ */
+ state->callback = NULL;
+ cbdataUnlock(state->data);
+ state->data = NULL;
+ comm_close(state->fd);
+ } else {
+ debug(30, 1) ("identAbort called with a invalid ident state\n");
+ }
 }
Index: squid/src/neighbors.c
diff -u squid/src/neighbors.c:1.1.1.28 squid/src/neighbors.c:1.1.1.28.2.1
--- squid/src/neighbors.c:1.1.1.28 Sun Dec 13 15:49:46 1998
+++ squid/src/neighbors.c Mon Dec 28 02:18:40 1998
@@ -146,7 +146,7 @@
         return do_ping;
     if (p->access == NULL)
         return do_ping;
- checklist.src_addr = request->client_addr;
+ checklist.src.sin_addr = request->client_addr;
     checklist.request = request;
     return aclCheckFast(p->access, &checklist);
 }
Index: squid/src/peer_select.c
diff -u squid/src/peer_select.c:1.1.1.24 squid/src/peer_select.c:1.1.1.24.8.1
--- squid/src/peer_select.c:1.1.1.24 Fri Nov 13 23:27:49 1998
+++ squid/src/peer_select.c Mon Dec 28 02:18:40 1998
@@ -268,26 +268,16 @@
         RequestMethodStr[request->method],
         request->host);
     if (psstate->always_direct == 0 && Config.accessList.AlwaysDirect) {
- psstate->acl_checklist = aclChecklistCreate(
- Config.accessList.AlwaysDirect,
- request,
- request->client_addr,
- NULL, /* user agent */
- NULL); /* ident */
- aclNBCheck(psstate->acl_checklist,
+ aclNBCheck(Config.accessList.AlwaysDirect,
+ request->acl_checklist,
             peerCheckAlwaysDirectDone,
             psstate);
         return;
     } else if (psstate->always_direct > 0) {
         direct = DIRECT_YES;
     } else if (psstate->never_direct == 0 && Config.accessList.NeverDirect) {
- psstate->acl_checklist = aclChecklistCreate(
- Config.accessList.NeverDirect,
- request,
- request->client_addr,
- NULL, /* user agent */
- NULL); /* ident */
- aclNBCheck(psstate->acl_checklist,
+ aclNBCheck(Config.accessList.NeverDirect,
+ request->acl_checklist,
             peerCheckNeverDirectDone,
             psstate);
         return;
Index: squid/src/protos.h
diff -u squid/src/protos.h:1.1.1.35.2.1 squid/src/protos.h:1.1.1.35.2.2
--- squid/src/protos.h:1.1.1.35.2.1 Sun Dec 13 15:57:45 1998
+++ squid/src/protos.h Mon Dec 28 02:18:40 1998
@@ -43,12 +43,10 @@
 #endif
 
 extern void aclInit(void);
-extern aclCheck_t *aclChecklistCreate(const struct _acl_access *,
- request_t *,
- struct in_addr src,
- const char *user_agent,
- const char *ident);
-extern void aclNBCheck(aclCheck_t *, PF *, void *);
+extern aclCheck_t *aclChecklistCreate(request_t *,
+ struct sockaddr_in *src_addr,
+ struct sockaddr_in *local_addr);
+extern void aclNBCheck(const struct _acl_access *, aclCheck_t *, PF *, void *);
 extern int aclCheckFast(const struct _acl_access *A, aclCheck_t *);
 extern void aclChecklistFree(aclCheck_t *);
 extern void aclDestroyAccessList(struct _acl_access **list);
@@ -659,8 +657,8 @@
 extern void sslStart(int fd, const char *, request_t *, size_t * sz);
 extern void waisStart(request_t *, StoreEntry *, int fd);
 extern void passStart(int, const char *, request_t *, size_t *);
-extern void identStart(int, ConnStateData *, IDCB * callback, void *);
-
+extern void *identStart(struct sockaddr_in *me, struct sockaddr_in *peer, IDCB * callback, void *cbdata);
+extern void identAbort(void *data);
 extern void statInit(void);
 extern void statFreeMemory(void);
 extern double median_svc_get(int, int);
Index: squid/src/redirect.c
diff -u squid/src/redirect.c:1.1.1.17 squid/src/redirect.c:1.1.1.17.10.1
--- squid/src/redirect.c:1.1.1.17 Sat Oct 31 14:36:12 1998
+++ squid/src/redirect.c Mon Dec 28 02:18:41 1998
@@ -103,11 +103,9 @@
     cbdataAdd(r, MEM_NONE);
     r->orig_url = xstrdup(http->uri);
     r->client_addr = conn->log_addr;
- if (conn->ident.ident == NULL || *conn->ident.ident == '\0') {
+ r->client_ident = http->request->user_ident;
+ if (!*r->client_ident)
         r->client_ident = dash_str;
- } else {
- r->client_ident = conn->ident.ident;
- }
     r->method_s = RequestMethodStr[http->request->method];
     r->handler = handler;
     r->data = data;
Index: squid/src/snmp_auth.c
diff -u squid/src/snmp_auth.c:1.1.1.3 squid/src/snmp_auth.c:1.1.1.3.16.1
--- squid/src/snmp_auth.c:1.1.1.3 Sat Oct 3 02:58:23 1998
+++ squid/src/snmp_auth.c Mon Dec 28 02:18:41 1998
@@ -66,9 +66,9 @@
     communityEntry *cp;
     for (cp = Config.Snmp.communities; cp != NULL; cp = cp->next)
         if (!strcmp((char *) rq->community, cp->name) && cp->acls) {
- rq->acl_checklist = aclChecklistCreate(cp->acls,
- NULL, rq->from.sin_addr, NULL, NULL);
- aclNBCheck(rq->acl_checklist, snmpAclCheckDone, rq);
+ rq->acl_checklist = aclChecklistCreate(NULL,
+ &rq->from, NULL);
+ aclNBCheck(cp->acls, rq->acl_checklist, snmpAclCheckDone, rq);
             return;
         }
     snmpAclCheckDone(ACCESS_ALLOWED, rq);
@@ -87,6 +87,7 @@
     int ret;
 
     debug(49, 5) ("snmpAclCheckDone: %d\n", answer);
+ aclChecklistFree(rq->acl_checklist);
     rq->acl_checklist = NULL;
     PDU = rq->PDU;
     Community = rq->community;
Index: squid/src/structs.h
diff -u squid/src/structs.h:1.1.1.34.2.1 squid/src/structs.h:1.1.1.34.2.2
--- squid/src/structs.h:1.1.1.34.2.1 Sun Dec 13 15:57:49 1998
+++ squid/src/structs.h Mon Dec 28 02:18:42 1998
@@ -156,17 +156,19 @@
     acl_access *next;
 };
 
+/* The information needed while doing ACL checks. Gradually
+ * completed with additional data as required. */
 struct _aclCheck_t {
- const acl_access *access_list;
- struct in_addr src_addr;
+ struct sockaddr_in src;
+ struct sockaddr_in me;
     struct in_addr dst_addr;
     request_t *request;
     char ident[USER_IDENT_SZ];
- char browser[BROWSERNAMELEN];
     acl_proxy_auth_user *auth_user;
     acl_lookup_state state[ACL_ENUM_MAX];
     PF *callback;
     void *callback_data;
+ const acl_access *access_list; /* aclNBCheck ACL state */
 };
 
 struct _aio_result_t {
@@ -804,7 +806,6 @@
     struct timeval start;
     float http_ver;
     int redirect_state;
- aclCheck_t *acl_checklist; /* need ptr back so we can unreg if needed */
     clientHttpRequest *next;
     AccessLogEntry al;
     struct {
@@ -829,13 +830,6 @@
     struct sockaddr_in peer;
     struct sockaddr_in me;
     struct in_addr log_addr;
- struct {
- int fd;
- char ident[USER_IDENT_SZ];
- IDCB *callback;
- int state;
- void *callback_data;
- } ident;
     int nrequests;
     int persistent;
     int tproxy;
@@ -1280,7 +1274,7 @@
     protocol_t protocol;
     char login[MAX_LOGIN_SZ];
     char host[SQUIDHOSTNAMELEN + 1];
- char user_ident[USER_IDENT_SZ]; /* from proxy auth or ident server */
+ char user_ident[USER_IDENT_SZ]; /* from proxy auth or ident server, used for logging */
     u_short port;
     String urlpath;
     char *canonical;
@@ -1302,6 +1296,7 @@
     delay_id delay_id;
 #endif
     char *peer_login; /* Configured peer login:password */
+ aclCheck_t *acl_checklist;
 };
 
 struct _cachemgr_passwd {
Index: squid/src/typedefs.h
diff -u squid/src/typedefs.h:1.1.1.20 squid/src/typedefs.h:1.1.1.20.10.1
--- squid/src/typedefs.h:1.1.1.20 Sat Oct 31 14:36:17 1998
+++ squid/src/typedefs.h Mon Dec 28 02:18:42 1998
@@ -181,7 +181,7 @@
 typedef void DRCB(int fd, const char *buf, int size, int errflag, void *data);
 typedef void DWCB(int, int, size_t, void *);
 typedef void FQDNH(const char *, void *);
-typedef void IDCB(void *);
+typedef void IDCB(const char *ident, void *data);
 typedef void IPH(const ipcache_addrs *, void *);
 typedef void IRCB(peer *, peer_t, protocol_t, void *, void *data);
 typedef void PSC(peer *, void *);
Received on Tue Jul 29 2003 - 13:15:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:02 MST