diff -ur --exclude=*CVS* squid-without-splay-acls/include/splay.h squid/include/splay.h --- squid-without-splay-acls/include/splay.h Fri Oct 13 09:53:29 2000 +++ squid/include/splay.h Thu Oct 12 15:59:03 2000 @@ -2,6 +2,8 @@ * $Id: splay.h,v 1.1.1.2.10.1 2000/04/17 00:13:08 hno Exp $ */ +#ifndef _SPLAY_H +#define _SPLAY_H typedef struct _splay_node { void *data; @@ -19,3 +21,5 @@ extern splayNode *splay_splay(const void *, splayNode *, SPLAYCMP *); extern void splay_destroy(splayNode *, SPLAYFREE *); extern void splay_walk(splayNode *, SPLAYWALKEE *, void *); + +#endif /* _SPLAY_H */ diff -ur --exclude=*CVS* squid-without-splay-acls/src/acl.c squid/src/acl.c --- squid-without-splay-acls/src/acl.c Fri Oct 13 17:01:42 2000 +++ squid/src/acl.c Fri Oct 13 18:11:54 2000 @@ -44,9 +44,7 @@ static hash_table *proxy_auth_cache = NULL; #endif static void aclParseDomainList(void *curlist); -#if 0 -static void aclParseProxyAuthList(void *curlist); -#endif +static void aclParseProxyAuthList(void **current); static void aclParseIpList(void *curlist); static void aclParseIntlist(void *curlist); static void aclParseWordList(void *curlist); @@ -65,7 +63,7 @@ static int aclMatchAcl(struct _acl *, aclCheck_t *); static int aclMatchIntegerRange(intrange * data, int i); static int aclMatchTime(acl_time_data * data, time_t when); -static int aclMatchUser(wordlist * data, const char *ident); +static int aclMatchUser(void *proxyauth_acl, char *user); static int aclMatchIp(void *dataptr, struct in_addr c); static int aclMatchDomainList(void *dataptr, const char *); static int aclMatchIntegerRange(intrange * data, int i); @@ -649,38 +647,44 @@ wordlistAdd(curlist, t); } -#if 0 -/* each proxy auth acl can be for a specific front-side protocol. */ static void -aclParseProxyAuthList(void *curlist) +aclParseProxyAuthList(void ** current) { -/* This code currently non-functional */ -/* - acl_proxy_auth_data *pad; - char *t = NULL; - - pad = memAllocate(MEM_ACL_PROXY_AUTH_DATA); - pad->names = NULL; - *(acl_proxy_auth_data **)curlist = pad; - t = strtokFile(); - - if (!strcmp(t, "basic")) - pad->type = AUTH_BASIC; -#if USE_NTLM - else if (!strcmp(t, "ntlm")) - pad->type = AUTH_NTLM; -#endif - else { - debug(28, 0) ("%s line %d: %s\n", - cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseProxyAuthList: Invalid auth type '%s'\n", t); - return; - } - while ((t = strtokFile())) - wordlistAdd(&pad->names, t); -*/ + char *t=NULL; + acl_proxy_auth_data **data=(acl_proxy_auth_data **)current; + splayNode *Top=NULL; + int case_insensitive; + + debug(28,2) ("aclParseProxyAuthList: parsing authlist\n"); + if (*data==NULL) { + debug(28,3)("aclParseProxyAuthList: current is null. Creating\n"); + *data=memAllocate(MEM_ACL_PROXY_AUTH_DATA); /*we rely on mA. zeroing*/ + } + Top=(*data)->names; + + if ((t = strtokFile())) { + debug(28,5)("aclParseProxyAuthList: First token is %s\n",t); + if (!strcmp("-i",t)) { + debug(28,5)("aclParseProxyAuthList: Going case-insensitive\n"); + (*data)->flags|=PROXY_AUTH_IS_CASE_INSENSITIVE; + } + else + Top=splay_insert(xstrdup(t), Top, (SPLAYCMP *)strcmp); + } + + case_insensitive=(*data)->flags & PROXY_AUTH_IS_CASE_INSENSITIVE; + debug(28,3)("aclParseProxyAuthList: Case-insensitive-switch is %d\n", + case_insensitive); + /* we might inherit from a previous declaration */ + + debug(28,4) ("aclParseProxyAuthList: parsing proxy-auth list\n"); + while ((t = strtokFile())) { + debug(28,6)("aclParseProxyAuthList: Got token: %s\n",t); + if (case_insensitive) Tolower(t); + Top=splay_insert(xstrdup(t), Top, (SPLAYCMP *)strcmp); + } + (*data)->names=Top; } -#endif /**********************/ /* aclParseDomainList */ @@ -689,12 +693,12 @@ static void aclParseDomainList(void *curlist) { - char *t = NULL; - splayNode **Top = curlist; - while ((t = strtokFile())) { - Tolower(t); - *Top = splay_insert(xstrdup(t), *Top, aclDomainCompare); - } + char *t = NULL; + splayNode **Top = curlist; + while ((t = strtokFile())) { + Tolower(t); + *Top = splay_insert(xstrdup(t), *Top, aclDomainCompare); + } } void @@ -793,11 +797,7 @@ aclParseMethodList(&A->data); break; case ACL_PROXY_AUTH: -#if 0 aclParseProxyAuthList(&A->data); -#else - aclParseWordList(&A->data); -#endif #ifdef USE_BASIC_AUTH if (!proxy_auth_cache) { /* First time around, 7921 should be big enough */ @@ -1080,30 +1080,27 @@ } static int -aclMatchUser(wordlist * data, const char *user) +aclMatchUser(void * proxyauth_acl, char *user) { - int cis=0; - if (user == NULL) - return 0; - debug(28, 3) ("aclMatchUser: checking '%s'\n", user); - while (data) { - debug(28, 3) ("aclMatchUser: looking for '%s'\n", data->key); - if (strcmp(data->key, "REQUIRED") == 0 && *user != '\0' && strcmp(user, "-") != 0) - return 1; - if (strcmp(data->key,"-i") == 0) { - debug(28, 3) ("aclMatchUser: going case-insensitive\n"); - cis=1; - } - if (cis) { - if (strcasecmp(data->key,user) == 0) - return 1; - } else { - if (strcmp(data->key, user) == 0) - return 1; - } - data = data->next; - } - return 0; + acl_proxy_auth_data *data=proxyauth_acl; + splayNode **Top=&(data->names); + int case_insensitive=((data->flags&PROXY_AUTH_IS_CASE_INSENSITIVE) != 0); + + debug(28,7)("aclMatchUser: user is %s, case_insensitive is %d\n", + user,case_insensitive); + debug(28,8)("*Top is %p, *Top->data is %s\n",Top, + (*Top!=NULL?(*Top)->data:"Unavailable")); + + if (user==NULL) + return 0; + if (case_insensitive) + Tolower(user); + + *Top=splay_splay(user,*Top,(SPLAYCMP *)strcmp); + debug(28,7)("aclMatchUser: returning %d,*Top is %p, *Top->data is %s\n", + !splayLastResult, + *Top, (*Top?(*Top)->data:"Unavailable")); + return !splayLastResult; } /* @@ -1121,7 +1118,7 @@ return 0; *///checked by aclMatchProxy. assert(proxy_auth!=NULL); - debug(28, 6) ("aclDecodeProxyAuth: header = '%s'\n", proxy_auth); + debug(28, 6) ("aclDecodeProxyAuth header = '%s'\n", proxy_auth); #ifdef USE_BASIC_AUTH if (strncasecmp(proxy_auth, "Basic ", 6) == 0) { @@ -2295,6 +2292,12 @@ memFree(p, MEM_ACL_IP_DATA); } +static void aclFreeProxyAuthData(void *data) { + acl_proxy_auth_data *d=data; + splay_destroy(d->names,xfree); + memFree(d,MEM_ACL_PROXY_AUTH_DATA); +} + void aclDestroyAcls(acl ** head) { @@ -2314,15 +2317,15 @@ case ACL_SRC_DOMAIN: splay_destroy(a->data, xfree); break; + case ACL_PROXY_AUTH: + aclFreeProxyAuthData(a->data); + break; #if SQUID_SNMP case ACL_SNMP_COMMUNITY: #endif #if USE_IDENT case ACL_IDENT: #endif - case ACL_PROXY_AUTH: - wordlistDestroy((wordlist **) & a->data); - break; case ACL_TIME: aclDestroyTimeList(a->data); break; @@ -2522,6 +2525,24 @@ } static void +aclDumpProxyAuthListWalkee(char *entry, wordlist** outlist) { + wordlistAdd(outlist,entry); +} + +static wordlist * +aclDumpProxyAuthList (acl_proxy_auth_data * data) { + wordlist *W = NULL; + if ((data->flags&PROXY_AUTH_IS_CASE_INSENSITIVE) != 0) + wordlistAdd(&W,"-i"); + /* damn this is VERY inefficient for long ACL lists... filling + a wordlist this way costs Sum(1,N) iterations. For instance + a 1000-elements list woll be filled in 499500 iterations. + */ + splay_walk(data->names,(SPLAYWALKEE *)aclDumpProxyAuthListWalkee,&W); + return W; +} + +static void aclDumpDomainListWalkee(void *node, void *state) { char *domain = node; @@ -2647,8 +2668,8 @@ return aclDumpRegexList(a->data); break; #endif - case ACL_PROXY_AUTH: - return wordlistDup(a->data); + case ACL_PROXY_AUTH: + return aclDumpProxyAuthList(a->data); break; case ACL_TIME: return aclDumpTimeSpecList(a->data); diff -ur --exclude=*CVS* squid-without-splay-acls/src/structs.h squid/src/structs.h --- squid-without-splay-acls/src/structs.h Fri Oct 13 17:01:43 2000 +++ squid/src/structs.h Fri Oct 13 16:58:42 2000 @@ -31,6 +31,8 @@ * */ +#include "splay.h" + struct _dlink_node { void *data; dlink_node *prev; @@ -56,9 +58,10 @@ acl_time_data *next; }; +#define PROXY_AUTH_IS_CASE_INSENSITIVE 0x1 struct _acl_proxy_auth_data { - auth_type_t type; - wordlist *names; + u_num32 flags; + splayNode *names; }; struct _acl_name_list {