diff -uNr base/src/acl.c current/src/acl.c --- base/src/acl.c 2002-09-07 23:13:05.000000000 +0800 +++ current/src/acl.c 2003-01-01 03:55:42.000000000 +0800 @@ -69,6 +69,7 @@ static int decode_addr(const char *, struct in_addr *, struct in_addr *); static void aclCheck(aclCheck_t * checklist); static void aclCheckCallback(aclCheck_t * checklist, allow_t answer); +static int aclCheckPortFlags(aclCheck_t *checklist); #if USE_IDENT static IDCB aclLookupIdentDone; #endif @@ -1607,6 +1608,8 @@ /* NOTREACHED */ case ACL_PROXY_AUTH: case ACL_PROXY_AUTH_REGEX: + if ((ti = aclCheckPortFlags(checklist)) != 1) + return ti; if ((ti = aclAuthenticated(checklist)) != 1) return ti; ti = aclMatchProxyAuth(ae->data, checklist->auth_user_request, @@ -1865,6 +1868,24 @@ aclChecklistFree(checklist); } +static int +aclCheckPortFlags(aclCheck_t *checklist) +{ + http_port_list *s; + for(s = Config.Sockaddr.http; s != NULL; s = s->next) { + if(checklist->my_port != ntohs(s->s.sin_port)) + continue; + if(s->s.sin_addr.s_addr != any_addr.s_addr && + s->s.sin_addr.s_addr != checklist->my_addr.s_addr) + continue; + if(s->flags & HTTP_PORT_NO_AUTH) + return 0; + else + return 1; + } + return 1; +} + #if USE_IDENT static void aclLookupIdentDone(const char *ident, void *data) diff -uNr base/src/cache_cf.c current/src/cache_cf.c --- base/src/cache_cf.c 2002-09-07 23:13:59.000000000 +0800 +++ current/src/cache_cf.c 2003-01-01 03:47:41.000000000 +0800 @@ -96,6 +96,10 @@ static void dump_sockaddr_in_list(StoreEntry *, const char *, const sockaddr_in_list *); static void free_sockaddr_in_list(sockaddr_in_list **); static int check_null_sockaddr_in_list(const sockaddr_in_list *); +static void parse_http_port_list(http_port_list **); +static void dump_http_port_list(StoreEntry *, const char *, const http_port_list *); +static void free_http_port_list(http_port_list **); +static int check_null_http_port_list(const http_port_list *); #if USE_SSL static void parse_https_port_list(https_port_list **); static void dump_https_port_list(StoreEntry *, const char *, const https_port_list *); @@ -2272,6 +2276,90 @@ return NULL == s; } +static void +parse_http_port_list(http_port_list **head) +{ + char *token; + char *t; + char *host; + const struct hostent *hp; + unsigned short port; + + http_port_list *s; + token = strtok(NULL, w_space); + if(!token) + self_destruct(); + host = NULL; + port = 0; + + if((t = strchr(token, ':'))) { + /* host:port*/ + host = token; + *t = '\0'; + port = (unsigned short) atoi(t + 1); + if (0 == port) + self_destruct(); + } else if ((port = atoi(token)) > 0) { + /* port */ + } else { + self_destruct(); + } + + s = xcalloc(1, sizeof(*s)); + s->s.sin_port = htons(port); + if (NULL == host) + s->s.sin_addr = any_addr; + else if (1 == safe_inet_addr(host, &s->s.sin_addr)) + (void)0; + else if ((hp = gethostbyname(host))) + s->s.sin_addr = inaddrFromHostent(hp); + else + self_destruct(); + + /* parse options ... */ + while((token = strtok(NULL, w_space))) { + if (strncmp(token, "noauth", 6) == 0) { + s->flags |= HTTP_PORT_NO_AUTH; + } else { + self_destruct(); + } + } + while (*head) + head = &(*head)->next; + *head = s; +} + +static void +dump_http_port_list(StoreEntry *e, const char *n, const http_port_list *s) +{ + while(s) { + storeAppendPrintf(e, "%s %s:%d", + n, + inet_ntoa(s->s.sin_addr), + ntohs(s->s.sin_port)); + if(s->flags & HTTP_PORT_NO_AUTH) + storeAppendPrintf(e, " noauth"); + storeAppendPrintf(e, "\n"); + s = s->next; + } +} + +static void +free_http_port_list(http_port_list **head) +{ + http_port_list *s; + while ((s = *head) != NULL) { + *head = s->next; + safe_free(s); + } +} + +static int +check_null_http_port_list(const http_port_list *s) +{ + return NULL == s; +} + #if USE_SSL static void parse_https_port_list(https_port_list ** head) @@ -2281,6 +2369,7 @@ char *host; const struct hostent *hp; unsigned short port; + https_port_list *s; token = strtok(NULL, w_space); if (!token) diff -uNr base/src/cf.data.pre current/src/cf.data.pre --- base/src/cf.data.pre 2003-01-01 01:42:30.000000000 +0800 +++ current/src/cf.data.pre 2003-01-01 04:23:42.000000000 +0800 @@ -54,14 +54,14 @@ COMMENT_END NAME: http_port ascii_port -TYPE: sockaddr_in_list +TYPE: http_port_list DEFAULT: none DEFAULT_IF_NONE: 3128 LOC: Config.Sockaddr.http DOC_START - Usage: port - hostname:port - 1.2.3.4:port + Usage: port [options] + hostname:port [options] + 1.2.3.4:port [options] The socket addresses where Squid will listen for HTTP client requests. You may specify multiple socket addresses. @@ -80,6 +80,9 @@ The -a command line option will override the *first* port number listed here. That option will NOT override an IP address, however. + + Options: + noauth Disable proxy auth on this port. You may specify multiple socket addresses on multiple lines. diff -uNr base/src/client_side.c current/src/client_side.c --- base/src/client_side.c 2003-01-01 01:18:48.000000000 +0800 +++ current/src/client_side.c 2003-01-01 03:47:41.000000000 +0800 @@ -3541,7 +3541,7 @@ static void clientHttpConnectionsOpen(void) { - sockaddr_in_list *s; + http_port_list *s; int fd; for (s = Config.Sockaddr.http; s; s = s->next) { if (MAXHTTPPORTS == NHttpSockets) { diff -uNr base/src/structs.h current/src/structs.h --- base/src/structs.h 2003-01-01 01:06:18.000000000 +0800 +++ current/src/structs.h 2003-01-01 03:06:35.000000000 +0800 @@ -325,6 +325,14 @@ sockaddr_in_list *next; }; +struct _http_port_list { + http_port_list *next; + struct sockaddr_in s; + int flags; +}; + +#define HTTP_PORT_NO_AUTH 1 + #if USE_SSL struct _https_port_list { https_port_list *next; @@ -425,7 +433,7 @@ #endif } Port; struct { - sockaddr_in_list *http; + http_port_list *http; #if USE_SSL https_port_list *https; #endif diff -uNr base/src/typedefs.h current/src/typedefs.h --- base/src/typedefs.h 2002-06-23 21:53:46.000000000 +0800 +++ current/src/typedefs.h 2003-01-01 03:06:35.000000000 +0800 @@ -84,6 +84,7 @@ typedef struct _ushortlist ushortlist; typedef struct _relist relist; typedef struct _sockaddr_in_list sockaddr_in_list; +typedef struct _http_port_list http_port_list; typedef struct _https_port_list https_port_list; typedef struct _SquidConfig SquidConfig; typedef struct _SquidConfig2 SquidConfig2;