This patch add 3 switch to acl proxy_auth to force a authentication
scheme to bogus clients, like IE and Messenger (see squid.conf help).
Please somebody can check this and send me your opinion.
Thanks
diff -Nru squid-2.5/src/acl.c squid-2.5-ws/src/acl.c
--- squid-2.5/src/acl.c Mon May 12 04:24:37 2003
+++ squid-2.5-ws/src/acl.c Fri Sep 5 12:05:05 2003
@@ -101,7 +101,8 @@
static SPLAYCMP aclArpCompare;
static SPLAYWALKEE aclDumpArpListWalkee;
#endif
-static int aclCacheMatchAcl(dlink_list * cache, squid_acl acltype, void
*data, char *MatchParam);
+static int aclCacheMatchAcl(dlink_list * cache, squid_acl acltype, void
*data,
+ char *MatchParam);
static squid_acl
aclStrToType(const char *s)
@@ -444,7 +445,9 @@
if (!decode_addr(addr1, &q->addr1, &q->mask)) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown
first address '%s'\n", addr1);
+ debug(28, 0)
+ ("aclParseIpData: Ignoring invalid IP acl entry: unknown first
address '%s'\n",
+ addr1);
safe_free(q);
return NULL;
}
@@ -452,7 +455,9 @@
if (*addr2 && !decode_addr(addr2, &q->addr2, &q->mask)) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown
second address '%s'\n", addr2);
+ debug(28, 0)
+ ("aclParseIpData: Ignoring invalid IP acl entry: unknown second
address '%s'\n",
+ addr2);
safe_free(q);
return NULL;
}
@@ -460,13 +465,17 @@
if (*mask && !decode_addr(mask, &q->mask, NULL)) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown
netmask '%s'\n", mask);
+ debug(28, 0)
+ ("aclParseIpData: Ignoring invalid IP acl entry: unknown netmask
'%s'\n",
+ mask);
safe_free(q);
return NULL;
}
if ((q->addr1.s_addr & q->mask.s_addr) != q->addr1.s_addr ||
(q->addr2.s_addr & q->mask.s_addr) != q->addr2.s_addr)
- debug(28, 0) ("aclParseIpData: WARNING: Netmask masks away part of the
specified IP in '%s'\n", t);
+ debug(28, 0)
+ ("aclParseIpData: WARNING: Netmask masks away part of the
specified IP in '%s'\n",
+ t);
q->addr1.s_addr &= q->mask.s_addr;
q->addr2.s_addr &= q->mask.s_addr;
/* 1.2.3.4/255.255.255.0 --> 1.2.3.0 */
@@ -554,7 +563,8 @@
if (q->start > q->stop) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseTimeSpec: IGNORING Reversed time range\n");
+ debug(28,
+ 0) ("aclParseTimeSpec: IGNORING Reversed time range\n");
memFree(q, MEM_ACL_TIME_DATA);
return;
}
@@ -592,7 +602,8 @@
regerror(errcode, &comp, errbuf, sizeof errbuf);
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseRegexList: Invalid regular expression '%s':
%s\n",
+ debug(28,
+ 0) ("aclParseRegexList: Invalid regular expression '%s': %s\n",
t, errbuf);
continue;
}
@@ -628,11 +639,36 @@
}
data = *current;
Top = data->names;
- if ((t = strtokFile())) {
- debug(28, 5) ("aclParseUserList: First token is %s\n", t);
+ data->flags.schemeid = -1;
+ while ((t = strtokFile())) {
+ debug(28, 5) ("aclParseUserList: token is %s\n", t);
if (strcmp("-i", t) == 0) {
debug(28, 5) ("aclParseUserList: Going case-insensitive\n");
data->flags.case_insensitive = 1;
+ } else if (strcmp("-b", t) == 0) {
+ if (!authenticateAuthSchemeConfigured("basic"))
+ debug(28, 5)
+ ("aclParseUserList: switch -b ignored, basic auth not
configured\n");
+ else {
+ debug(28, 5) ("aclParseUserList: using basic auth\n");
+ data->flags.schemeid = authenticateAuthSchemeId("basic");
+ }
+ } else if (strcmp("-n", t) == 0) {
+ if (!authenticateAuthSchemeConfigured("ntlm"))
+ debug(28, 5)
+ ("aclParseUserList: switch -n ignored, ntlm auth not
configured\n");
+ else {
+ debug(28, 5) ("aclParseUserList: using ntlm auth\n");
+ data->flags.schemeid = authenticateAuthSchemeId("ntlm");
+ }
+ } else if (strcmp("-d", t) == 0) {
+ if (!authenticateAuthSchemeConfigured("digest"))
+ debug(28, 5)
+ ("aclParseUserList: switch -d ignored, digest auth not
configured\n");
+ else {
+ debug(28, 5) ("aclParseUserList: using digest auth\n");
+ data->flags.schemeid = authenticateAuthSchemeId("digest");
+ }
} else if (strcmp("REQUIRED", t) == 0) {
debug(28, 5) ("aclParseUserList: REQUIRED-type enabled\n");
data->flags.required = 1;
@@ -644,16 +680,12 @@
}
debug(28, 3) ("aclParseUserList: Case-insensitive-switch is %d\n",
data->flags.case_insensitive);
- /* we might inherit from a previous declaration */
+ debug(28, 3) ("aclParseUserList: scheme ID is %d\n",
data->flags.schemeid);
+ /* we might inherit from a previous declaration, (?,
diegows@linux.org.ar) */
- debug(28, 4) ("aclParseUserList: parsing user list\n");
- while ((t = strtokFile())) {
- debug(28, 6) ("aclParseUserList: Got token: %s\n", t);
- if (data->flags.case_insensitive)
- Tolower(t);
- Top = splay_insert(xstrdup(t), Top, (SPLAYCMP *) strcmp);
- }
+ debug(28, 4) ("aclParseUserList: user list parsed \n");
data->names = Top;
+
}
@@ -712,7 +744,9 @@
new_acl = 1;
} else {
if (acltype != A->type) {
- debug(28, 0) ("aclParseAclLine: ACL '%s' already exists with
different type, skipping.\n", A->name);
+ debug(28, 0)
+ ("aclParseAclLine: ACL '%s' already exists with different type,
skipping.\n",
+ A->name);
return;
}
debug(28, 3) ("aclParseAclLine: Appending to '%s'\n", aclname);
@@ -895,7 +929,8 @@
if ((t = strtok(NULL, w_space)) == NULL) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseDenyInfoLine: missing 'error page'
parameter.\n");
+ debug(28,
+ 0) ("aclParseDenyInfoLine: missing 'error page' parameter.\n");
return;
}
A = memAllocate(MEM_ACL_DENY_INFO_LIST);
@@ -913,7 +948,8 @@
if (A->acl_list == NULL) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseDenyInfoLine: deny_info line contains no ACL's,
skipping\n");
+ debug(28, 0)
+ ("aclParseDenyInfoLine: deny_info line contains no ACL's,
skipping\n");
memFree(A, MEM_ACL_DENY_INFO_LIST);
return;
}
@@ -945,7 +981,9 @@
else {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseAccessLine: expecting 'allow' or 'deny', got
'%s'.\n", t);
+ debug(28,
+ 0) ("aclParseAccessLine: expecting 'allow' or 'deny', got
'%s'.\n",
+ t);
cbdataFree(A);
return;
}
@@ -953,7 +991,8 @@
if (A->acl_list == NULL) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseAccessLine: Access line contains no ACL's,
skipping\n");
+ debug(28, 0)
+ ("aclParseAccessLine: Access line contains no ACL's, skipping\n");
cbdataFree(A);
return;
}
@@ -1221,7 +1260,8 @@
goto error;
}
(*acldata)->max = atoi(t);
- debug(28, 5) ("aclParseUserMaxIP: Max IP address's %d\n", (int)
(*acldata)->max);
+ debug(28, 5) ("aclParseUserMaxIP: Max IP address's %d\n",
+ (int) (*acldata)->max);
return;
error:
fatal("aclParseUserMaxIP: Malformed ACL %d\n");
@@ -1283,7 +1323,8 @@
* ie to allow the user to move machines easily
*/
authenticateAuthUserRequestClearIp(auth_user_request);
- debug(28, 4) ("aclMatchUserMaxIP: Denying access in non-strict mode -
flushing the user ip cache\n");
+ debug(28, 4)
+ ("aclMatchUserMaxIP: Denying access in non-strict mode - flushing
the user ip cache\n");
}
return 1;
@@ -1368,7 +1409,8 @@
(int) t, (int) data->start, (int) data->stop, data->weekbits);
while (data) {
- if (t >= data->start && t <= data->stop && (data->weekbits & (1 <<
tm.tm_wday)))
+ if (t >= data->start && t <= data->stop
+ && (data->weekbits & (1 << tm.tm_wday)))
return 1;
data = data->next;
}
@@ -1408,26 +1450,33 @@
/* WWW authorization on accelerated requests */
headertype = HDR_AUTHORIZATION;
#else
- debug(28, 1) ("aclAuthenticated: authentication not applicable on
accelerated requests.\n");
+ debug(28, 1)
+ ("aclAuthenticated: authentication not applicable on accelerated
requests.\n");
return -1;
#endif
}
/* get authed here */
/* Note: this fills in checklist->auth_user_request when applicable
*/
- switch
(authenticateTryToAuthenticateAndSetAuthUser(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) {
+ switch (authenticateTryToAuthenticateAndSetAuthUser(&checklist->
+ auth_user_request, headertype, checklist->request,
checklist->conn,
+ checklist->src_addr)) {
case AUTH_ACL_CANNOT_AUTHENTICATE:
- debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not
authorised.\n");
+ debug(28, 4)
+ ("aclMatchAcl: returning 0 user authenticated but not
authorised.\n");
return 0;
case AUTH_AUTHENTICATED:
return 1;
break;
case AUTH_ACL_HELPER:
- debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to
helper.\n");
+ debug(28,
+ 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
return -1;
case AUTH_ACL_CHALLENGE:
- debug(28, 4) ("aclMatchAcl: returning 0 sending authentication
challenge.\n");
+ debug(28,
+ 4) ("aclMatchAcl: returning 0 sending authentication
challenge.\n");
checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
+ AclMatched = checklist->current_acl;
return -1;
default:
fatal("unexpected authenticateAuthenticate reply\n");
@@ -1514,7 +1563,8 @@
return aclMatchDomainList(&ae->data, "none");
/* NOTREACHED */
case ACL_SRC_DOMAIN:
- fqdn = fqdncache_gethostbyaddr(checklist->src_addr,
FQDN_LOOKUP_IF_MISS);
+ fqdn =
+ fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
if (fqdn) {
return aclMatchDomainList(&ae->data, fqdn);
} else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) {
@@ -1540,7 +1590,8 @@
return aclMatchRegex(ae->data, "none");
/* NOTREACHED */
case ACL_SRC_DOM_REGEX:
- fqdn = fqdncache_gethostbyaddr(checklist->src_addr,
FQDN_LOOKUP_IF_MISS);
+ fqdn =
+ fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
if (fqdn) {
return aclMatchRegex(ae->data, fqdn);
} else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) {
@@ -1683,8 +1734,7 @@
case ACL_ENUM_MAX:
break;
}
- debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n",
- ae->name, ae->type);
+ debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n", ae->name,
ae->type);
return 0;
}
@@ -1745,7 +1795,8 @@
}
A = A->next;
}
- debug(28, 5) ("aclCheckFast: no matches, returning: %d\n", allow ==
ACCESS_DENIED);
+ debug(28, 5) ("aclCheckFast: no matches, returning: %d\n",
+ allow == ACCESS_DENIED);
aclCheckCleanup(checklist);
return allow == ACCESS_DENIED;
}
@@ -1823,7 +1874,8 @@
checklist->state[ACL_IDENT] = ACL_LOOKUP_PENDING;
return;
} else {
- debug(28, 1) ("aclCheck: Can't start ident lookup. No client
connection\n");
+ debug(28, 1)
+ ("aclCheck: Can't start ident lookup. No client connection\n");
cbdataUnlock(checklist->conn);
checklist->conn = NULL;
allow = ACCESS_DENIED;
@@ -1834,7 +1886,8 @@
else if (checklist->state[ACL_EXTERNAL] == ACL_LOOKUP_NEEDED) {
acl *acl = checklist->current_acl;
assert(acl->type == ACL_EXTERNAL);
- externalAclLookup(checklist, acl->data, aclLookupExternalDone,
checklist);
+ externalAclLookup(checklist, acl->data, aclLookupExternalDone,
+ checklist);
return;
}
/*
@@ -1857,8 +1910,10 @@
cbdataLock(A->next);
cbdataUnlock(A);
}
- debug(28, 3) ("aclCheck: NO match found, returning %d\n", allow !=
ACCESS_DENIED ? ACCESS_DENIED : ACCESS_ALLOWED);
- aclCheckCallback(checklist, allow != ACCESS_DENIED ? ACCESS_DENIED
: ACCESS_ALLOWED);
+ debug(28, 3) ("aclCheck: NO match found, returning %d\n",
+ allow != ACCESS_DENIED ? ACCESS_DENIED : ACCESS_ALLOWED);
+ aclCheckCallback(checklist,
+ allow != ACCESS_DENIED ? ACCESS_DENIED : ACCESS_ALLOWED);
}
void
@@ -1962,8 +2017,10 @@
aclCheck_t *checklist = data;
checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_DONE;
if (result != NULL)
- fatal("AclLookupProxyAuthDone: Old code floating around
somewhere.\nMake clean and if that doesn't work, report a bug to the
squid developers.\n");
- if (!authenticateValidateUser(checklist->auth_user_request) ||
checklist->conn == NULL) {
+ fatal
+ ("AclLookupProxyAuthDone: Old code floating around
somewhere.\nMake clean and if that doesn't work, report a bug to the
squid developers.\n");
+ if (!authenticateValidateUser(checklist->auth_user_request)
+ || checklist->conn == NULL) {
/* credentials could not be checked either way
* restart the whole process */
/* OR the connection was closed, there's no way to continue */
@@ -2234,8 +2291,12 @@
}
if (ret == 0) {
debug(28, 0) ("WARNING: '%s' is a subdomain of '%s'\n", d1, d2);
- debug(28, 0) ("WARNING: because of this '%s' is ignored to keep splay
tree searching predictable\n", (char *) a);
- debug(28, 0) ("WARNING: You should probably remove '%s' from the ACL
named '%s'\n", d1, AclMatchedName);
+ debug(28, 0)
+ ("WARNING: because of this '%s' is ignored to keep splay tree
searching predictable\n",
+ (char *) a);
+ debug(28, 0)
+ ("WARNING: You should probably remove '%s' from the ACL named
'%s'\n",
+ d1, AclMatchedName);
}
return ret;
}
@@ -2665,7 +2726,9 @@
if (!decode_eth(eth, q->eth)) {
debug(28, 0) ("%s line %d: %s\n",
cfg_filename, config_lineno, config_input_line);
- debug(28, 0) ("aclParseArpData: Ignoring invalid ARP acl entry: can't
parse '%s'\n", eth);
+ debug(28, 0)
+ ("aclParseArpData: Ignoring invalid ARP acl entry: can't parse
'%s'\n",
+ eth);
safe_free(q);
return NULL;
}
diff -Nru squid-2.5/src/authenticate.c squid-2.5-ws/src/authenticate.c
--- squid-2.5/src/authenticate.c Sun May 18 18:49:19 2003
+++ squid-2.5-ws/src/authenticate.c Fri Sep 5 12:05:27 2003
@@ -43,8 +43,11 @@
CBDATA_TYPE(auth_user_ip_t);
static void
- authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t
* auth_user_request);
-static auth_acl_t authenticateAuthenticate(auth_user_request_t **
auth_user_request, http_hdr_type headertype, request_t * request,
ConnStateData * conn, struct in_addr src_addr);
+ authenticateDecodeAuth(const char *proxy_auth,
+ auth_user_request_t * auth_user_request);
+static auth_acl_t authenticateAuthenticate(auth_user_request_t **
+ auth_user_request, http_hdr_type headertype, request_t * request,
+ ConnStateData * conn, struct in_addr src_addr);
/*
*
@@ -64,8 +67,9 @@
int i;
for (i = 0; i < Config.authConfig.n_configured; i++) {
scheme = Config.authConfig.schemes + i;
- if ((strncasecmp(proxy_auth, scheme->typestr, strlen(scheme->typestr))
== 0) &&
- (authscheme_list[scheme->Id].Active()))
+ if ((strncasecmp(proxy_auth, scheme->typestr,
+ strlen(scheme->typestr)) == 0)
+ && (authscheme_list[scheme->Id].Active()))
return 1;
}
return 0;
@@ -76,7 +80,8 @@
{
int i = 0;
for (i = 0; authscheme_list && authscheme_list[i].typestr; i++) {
- if (strncasecmp(typestr, authscheme_list[i].typestr,
strlen(authscheme_list[i].typestr)) == 0) {
+ if (strncasecmp(typestr, authscheme_list[i].typestr,
+ strlen(authscheme_list[i].typestr)) == 0) {
return i;
}
}
@@ -84,7 +89,8 @@
}
void
-authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t *
auth_user_request)
+authenticateDecodeAuth(const char *proxy_auth,
+ auth_user_request_t * auth_user_request)
{
int i = 0;
assert(proxy_auth != NULL);
@@ -116,8 +122,10 @@
* remain linked to it - the next type might not be conn based
*/
assert(auth_user_request->auth_user->auth_module);
- if (authscheme_list[auth_user_request->auth_user->auth_module -
1].oncloseconnection) {
- authscheme_list[auth_user_request->auth_user->auth_module -
1].oncloseconnection(conn);
+ if (authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].oncloseconnection) {
+ authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].oncloseconnection(conn);
}
}
}
@@ -126,13 +134,16 @@
/* send the initial data to an authenticator module */
void
-authenticateStart(auth_user_request_t * auth_user_request, RH *
handler, void *data)
+authenticateStart(auth_user_request_t * auth_user_request, RH *
handler,
+ void *data)
{
assert(auth_user_request);
assert(handler);
- debug(29, 9) ("authenticateStart: auth_user_request '%p'\n",
auth_user_request);
+ debug(29, 9) ("authenticateStart: auth_user_request '%p'\n",
+ auth_user_request);
if (auth_user_request->auth_user->auth_module > 0)
- authscheme_list[auth_user_request->auth_user->auth_module -
1].authStart(auth_user_request, handler, data);
+ authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].authStart(auth_user_request, handler, data);
else
handler(data, NULL);
}
@@ -145,25 +156,38 @@
int
authenticateValidateUser(auth_user_request_t * auth_user_request)
{
- debug(29, 9) ("authenticateValidateUser: Validating Auth_user
request '%p'.\n", auth_user_request);
+ debug(29,
+ 9) ("authenticateValidateUser: Validating Auth_user request '%p'.\n",
+ auth_user_request);
if (auth_user_request == NULL) {
- debug(29, 4) ("authenticateValidateUser: Auth_user_request was
NULL!\n");
+ debug(29,
+ 4) ("authenticateValidateUser: Auth_user_request was NULL!\n");
return 0;
}
if (auth_user_request->auth_user == NULL) {
- debug(29, 4) ("authenticateValidateUser: No associated auth_user
structure\n");
+ debug(29,
+ 4)
+ ("authenticateValidateUser: No associated auth_user structure\n");
return 0;
}
if (auth_user_request->auth_user->auth_type == AUTH_UNKNOWN) {
- debug(29, 4) ("authenticateValidateUser: Auth_user '%p' uses unknown
scheme.\n", auth_user_request->auth_user);
+ debug(29,
+ 4)
+ ("authenticateValidateUser: Auth_user '%p' uses unknown
scheme.\n",
+ auth_user_request->auth_user);
return 0;
}
if (auth_user_request->auth_user->auth_type == AUTH_BROKEN) {
- debug(29, 4) ("authenticateValidateUser: Auth_user '%p' is broken for
it's scheme.\n", auth_user_request->auth_user);
+ debug(29,
+ 4)
+ ("authenticateValidateUser: Auth_user '%p' is broken for it's
scheme.\n",
+ auth_user_request->auth_user);
return 0;
}
if (!auth_user_request->auth_user->scheme_data) {
- debug(29, 4) ("authenticateValidateUser: auth_user '%p' has no scheme
data\n", auth_user_request->auth_user);
+ debug(29,
+ 4) ("authenticateValidateUser: auth_user '%p' has no scheme
data\n",
+ auth_user_request->auth_user);
return 0;
}
/* any other sanity checks that we need in the future */
@@ -171,7 +195,9 @@
/* Thus should a module call to something like authValidate */
/* finally return ok */
- debug(29, 5) ("authenticateValidateUser: Validated Auth_user
request '%p'.\n", auth_user_request);
+ debug(29,
+ 5) ("authenticateValidateUser: Validated Auth_user request '%p'.\n",
+ auth_user_request);
return 1;
}
@@ -195,7 +221,9 @@
{
auth_user_request_t *temp_request;
if (!auth_user_request_pool)
- auth_user_request_pool = memPoolCreate("Authenticate Request Data",
sizeof(auth_user_request_t));
+ auth_user_request_pool =
+ memPoolCreate("Authenticate Request Data",
+ sizeof(auth_user_request_t));
temp_request = memPoolAlloc(auth_user_request_pool);
assert(temp_request != NULL);
memset(temp_request, '\0', sizeof(auth_user_request_t));
@@ -206,7 +234,8 @@
authenticateAuthUserRequestFree(auth_user_request_t *
auth_user_request)
{
dlink_node *link;
- debug(29, 5) ("authenticateAuthUserRequestFree: freeing request
%p\n", auth_user_request);
+ debug(29, 5) ("authenticateAuthUserRequestFree: freeing request
%p\n",
+ auth_user_request);
if (!auth_user_request)
return;
assert(auth_user_request->references == 0);
@@ -215,8 +244,10 @@
/* we MUST know the module */
assert((auth_user_request->auth_user->auth_module > 0));
/* and the module MUST support requestFree if it has created
scheme data */
- assert(authscheme_list[auth_user_request->auth_user->auth_module -
1].requestFree != NULL);
- authscheme_list[auth_user_request->auth_user->auth_module -
1].requestFree(auth_user_request);
+ assert(authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].requestFree != NULL);
+ authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].requestFree(auth_user_request);
}
/* unlink from the auth_user struct */
link = auth_user_request->auth_user->requests.head;
@@ -245,7 +276,8 @@
}
static void
-authenticateAuthUserRequestSetIp(auth_user_request_t *
auth_user_request, struct in_addr ipaddr)
+authenticateAuthUserRequestSetIp(auth_user_request_t *
auth_user_request,
+ struct in_addr ipaddr)
{
auth_user_ip_t *ipdata, *tempnode;
auth_user_t *auth_user;
@@ -269,7 +301,8 @@
found = 1;
/* update IP ttl */
ipdata->ip_expiretime = squid_curtime;
- } else if (ipdata->ip_expiretime + Config.authenticateIpTTL <
squid_curtime) {
+ } else if (ipdata->ip_expiretime + Config.authenticateIpTTL <
+ squid_curtime) {
/* This IP has expired - remove from the seen list */
dlinkDelete(&ipdata->node, &auth_user->ip_list);
cbdataFree(ipdata);
@@ -291,12 +324,16 @@
auth_user->ipcount++;
ip1 = xstrdup(inet_ntoa(ipaddr));
- debug(29, 2) ("authenticateAuthUserRequestSetIp: user '%s' has been
seen at a new IP address (%s)\n ", authenticateUserUsername(auth_user),
ip1);
+ debug(29,
+ 2)
+ ("authenticateAuthUserRequestSetIp: user '%s' has been seen at a new
IP address (%s)\n ",
+ authenticateUserUsername(auth_user), ip1);
safe_free(ip1);
}
void
-authenticateAuthUserRequestRemoveIp(auth_user_request_t *
auth_user_request, struct in_addr ipaddr)
+authenticateAuthUserRequestRemoveIp(auth_user_request_t *
auth_user_request,
+ struct in_addr ipaddr)
{
auth_user_ip_t *ipdata;
auth_user_t *auth_user;
@@ -382,7 +419,8 @@
if (!authenticateValidateUser(auth_user_request))
return 0;
if (auth_user_request->auth_user->auth_module > 0)
- return authscheme_list[auth_user_request->auth_user->auth_module -
1].authenticated(auth_user_request);
+ return authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].authenticated(auth_user_request);
else
return 0;
}
@@ -394,11 +432,13 @@
* This is basically a handle approach.
*/
static void
-authenticateAuthenticateUser(auth_user_request_t * auth_user_request,
request_t * request, ConnStateData * conn, http_hdr_type type)
+authenticateAuthenticateUser(auth_user_request_t * auth_user_request,
+ request_t * request, ConnStateData * conn, http_hdr_type type)
{
assert(auth_user_request != NULL);
if (auth_user_request->auth_user->auth_module > 0)
- authscheme_list[auth_user_request->auth_user->auth_module -
1].authAuthenticate(auth_user_request, request, conn, type);
+ authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].authAuthenticate(auth_user_request, request, conn, type);
}
static auth_user_request_t *
@@ -432,7 +472,9 @@
* the authenticateStart routine for rv==AUTH_ACL_HELPER
*/
auth_acl_t
-authenticateAuthenticate(auth_user_request_t ** auth_user_request,
http_hdr_type headertype, request_t * request, ConnStateData * conn,
struct in_addr src_addr)
+authenticateAuthenticate(auth_user_request_t ** auth_user_request,
+ http_hdr_type headertype, request_t * request, ConnStateData *
conn,
+ struct in_addr src_addr)
{
const char *proxy_auth;
assert(headertype != 0);
@@ -445,12 +487,16 @@
* authenticated connection so we test for an authenticated
* connection when we recieve no authentication header.
*/
- if (((proxy_auth == NULL) &&
(!authenticateUserAuthenticated(authTryGetUser(auth_user_request,
conn))))
+ if (((proxy_auth == NULL)
+ &&
(!authenticateUserAuthenticated(authTryGetUser(auth_user_request,
+ conn))))
|| (conn && conn->auth_type == AUTH_BROKEN)) {
/* no header or authentication failed/got corrupted - restart */
if (conn)
conn->auth_type = AUTH_UNKNOWN;
- debug(28, 4) ("authenticateAuthenticate: broken auth or no proxy_auth
header. Requesting auth header.\n");
+ debug(28,
+ 4)
+ ("authenticateAuthenticate: broken auth or no proxy_auth header.
Requesting auth header.\n");
/* something wrong with the AUTH credentials. Force a new attempt */
if (conn && conn->auth_user_request) {
authenticateAuthUserRequestUnlock(conn->auth_user_request);
@@ -470,8 +516,15 @@
*/
if (proxy_auth && conn && conn->auth_user_request &&
authenticateUserAuthenticated(conn->auth_user_request) &&
- strcmp(proxy_auth,
authscheme_list[conn->auth_user_request->auth_user->auth_module -
1].authConnLastHeader(conn->auth_user_request))) {
- debug(28, 2) ("authenticateAuthenticate: DUPLICATE AUTH -
authentication header on already authenticated connection!. AU %p,
Current user '%s' proxy_auth %s\n", conn->auth_user_request,
authenticateUserRequestUsername(conn->auth_user_request), proxy_auth);
+ strcmp(proxy_auth,
+ authscheme_list[conn->auth_user_request->auth_user->auth_module -
+ 1].authConnLastHeader(conn->auth_user_request))) {
+ debug(28,
+ 2)
+ ("authenticateAuthenticate: DUPLICATE AUTH - authentication header
on already authenticated connection!. AU %p, Current user '%s'
proxy_auth %s\n",
+ conn->auth_user_request,
+ authenticateUserRequestUsername(conn->auth_user_request),
+ proxy_auth);
/* remove this request struct - the link is already authed and it
can't be to
* reauth.
*/
@@ -489,14 +542,19 @@
}
/* we have a proxy auth header and as far as we know this
connection has
* not had bungled connection oriented authentication happen on it.
*/
- debug(28, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth
? proxy_auth : NULL);
+ debug(28, 9) ("authenticateAuthenticate: header %s.\n",
+ proxy_auth ? proxy_auth : NULL);
if (*auth_user_request == NULL) {
- debug(28, 9) ("authenticateAuthenticate: This is a new checklist test
on FD:%d\n",
+ debug(28,
+ 9)
+ ("authenticateAuthenticate: This is a new checklist test on
FD:%d\n",
conn ? conn->fd : -1);
if ((!request->auth_user_request)
&& (!conn || conn->auth_type == AUTH_UNKNOWN)) {
/* beginning of a new request check */
- debug(28, 4) ("authenticateAuthenticate: no connection
authentication type\n");
+ debug(28,
+ 4)
+ ("authenticateAuthenticate: no connection authentication type\n");
if (!authenticateValidateUser(*auth_user_request =
authenticateGetAuthUser(proxy_auth))) {
/* the decode might have left a username for logging, or a message to
@@ -524,8 +582,11 @@
authenticateAuthUserRequestLock(*auth_user_request);
} else {
/* failed connection based authentication */
- debug(28, 4) ("authenticateAuthenticate: Auth user request %p
conn-auth user request %p conn type %d authentication failed.\n",
- *auth_user_request, conn->auth_user_request, conn->auth_type);
+ debug(28,
+ 4)
+ ("authenticateAuthenticate: Auth user request %p conn-auth user
request %p conn type %d authentication failed.\n",
+ *auth_user_request, conn->auth_user_request,
+ conn->auth_type);
authenticateAuthUserRequestUnlock(*auth_user_request);
*auth_user_request = NULL;
return AUTH_ACL_CHALLENGE;
@@ -585,7 +646,9 @@
}
auth_acl_t
-authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t **
auth_user_request, http_hdr_type headertype, request_t * request,
ConnStateData * conn, struct in_addr src_addr)
+authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t **
+ auth_user_request, http_hdr_type headertype, request_t * request,
+ ConnStateData * conn, struct in_addr src_addr)
{
/* If we have already been called, return the cached value */
auth_user_request_t *t = authTryGetUser(auth_user_request, conn);
@@ -597,7 +660,9 @@
return t->lastReply;
}
/* ok, call the actual authenticator routine. */
- result = authenticateAuthenticate(auth_user_request, headertype,
request, conn, src_addr);
+ result =
+ authenticateAuthenticate(auth_user_request, headertype, request, conn,
+ src_addr);
t = authTryGetUser(auth_user_request, conn);
if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE &&
result != AUTH_ACL_HELPER)
@@ -613,7 +678,8 @@
if (!auth_user)
return NULL;
if (auth_user->auth_module > 0)
- return authscheme_list[auth_user->auth_module -
1].authUserUsername(auth_user);
+ return authscheme_list[auth_user->auth_module -
+ 1].authUserUsername(auth_user);
return NULL;
}
@@ -642,7 +708,8 @@
if (authenticateUserAuthenticated(auth_user_request))
return 0;
if (auth_user_request->auth_user->auth_module > 0)
- return authscheme_list[auth_user_request->auth_user->auth_module -
1].getdirection(auth_user_request);
+ return authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].getdirection(auth_user_request);
return -2;
}
@@ -680,7 +747,8 @@
authScheme *scheme;
for (i = 0; i < config->n_configured; i++) {
scheme = config->schemes + i;
- if (authscheme_list[scheme->Id].init &&
authscheme_list[scheme->Id].configured()) {
+ if (authscheme_list[scheme->Id].init
+ && authscheme_list[scheme->Id].configured()) {
authscheme_list[scheme->Id].init(scheme);
}
}
@@ -698,14 +766,18 @@
if (authscheme_list[i].donefunc != NULL)
authscheme_list[i].donefunc();
else
- debug(29, 2) ("authenticateShutdown: scheme %s has not registered
a shutdown function.\n", authscheme_list[i].typestr);
+ debug(29,
+ 2)
+ ("authenticateShutdown: scheme %s has not registered a shutdown
function.\n",
+ authscheme_list[i].typestr);
if (shutting_down)
authscheme_list[i].typestr = NULL;
}
}
void
-authenticateFixHeader(HttpReply * rep, auth_user_request_t *
auth_user_request, request_t * request, int accelerated, int internal)
+authenticateFixHeader(HttpReply * rep, auth_user_request_t *
auth_user_request,
+ request_t * request, int accelerated, int internal)
/* send the auth types we are configured to support (and have compiled
in!) */
{
int type = 0;
@@ -723,24 +795,39 @@
/* some other HTTP status */
break;
}
- debug(29, 9) ("authenticateFixHeader: headertype:%d authuser:%p\n",
type, auth_user_request);
+ debug(29, 9) ("authenticateFixHeader: headertype:%d authuser:%p\n",
type,
+ auth_user_request);
if (((rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
|| (rep->sline.status == HTTP_UNAUTHORIZED)) && internal)
/* this is a authenticate-needed response */
{
- if ((auth_user_request != NULL) &&
(auth_user_request->auth_user->auth_module > 0) &
!authenticateUserAuthenticated(auth_user_request))
- authscheme_list[auth_user_request->auth_user->auth_module -
1].authFixHeader(auth_user_request, rep, type, request);
+ if ((auth_user_request != NULL)
+ && (auth_user_request->auth_user->auth_module >
+ 0) & !authenticateUserAuthenticated(auth_user_request))
+ authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].authFixHeader(auth_user_request, rep, type, request);
else {
int i;
authScheme *scheme;
- /* call each configured & running authscheme */
- for (i = 0; i < Config.authConfig.n_configured; i++) {
- scheme = Config.authConfig.schemes + i;
- if (authscheme_list[scheme->Id].Active())
- authscheme_list[scheme->Id].authFixHeader(NULL, rep, type,
- request);
- else
- debug(29, 4) ("authenticateFixHeader: Configured scheme %s not
Active\n", scheme->typestr);
+ acl_user_data *user_data;
+
+ user_data = AclMatched->data;
+ if (user_data->flags.schemeid != 0)
+ authscheme_list[user_data->flags.schemeid].authFixHeader(NULL,
+ rep, type, request);
+ else {
+ /* call each configured & running authscheme */
+ for (i = 0; i < Config.authConfig.n_configured; i++) {
+ scheme = Config.authConfig.schemes + i;
+ if (authscheme_list[scheme->Id].Active())
+ authscheme_list[scheme->Id].authFixHeader(NULL, rep,
+ type, request);
+ else
+ debug(29,
+ 4)
+ ("authenticateFixHeader: Configured scheme %s not Active\n",
+ scheme->typestr);
+ }
}
}
}
@@ -748,20 +835,27 @@
* allow protocol specific headers to be _added_ to the existing
* response - ie digest auth
*/
- if ((auth_user_request != NULL) &&
(auth_user_request->auth_user->auth_module > 0)
- && (authscheme_list[auth_user_request->auth_user->auth_module -
1].AddHeader))
- authscheme_list[auth_user_request->auth_user->auth_module -
1].AddHeader(auth_user_request, rep, accelerated);
+ if ((auth_user_request != NULL)
+ && (auth_user_request->auth_user->auth_module > 0)
+ && (authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].AddHeader))
+ authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].AddHeader(auth_user_request, rep, accelerated);
if (auth_user_request != NULL)
auth_user_request->lastReply = AUTH_ACL_CANNOT_AUTHENTICATE;
}
/* call the active auth module and allow it to add a trailer to the
request */
void
-authenticateAddTrailer(HttpReply * rep, auth_user_request_t *
auth_user_request, request_t * request, int accelerated)
+authenticateAddTrailer(HttpReply * rep, auth_user_request_t *
auth_user_request,
+ request_t * request, int accelerated)
{
- if ((auth_user_request != NULL) &&
(auth_user_request->auth_user->auth_module > 0)
- && (authscheme_list[auth_user_request->auth_user->auth_module -
1].AddTrailer))
- authscheme_list[auth_user_request->auth_user->auth_module -
1].AddTrailer(auth_user_request, rep, accelerated);
+ if ((auth_user_request != NULL)
+ && (auth_user_request->auth_user->auth_module > 0)
+ && (authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].AddTrailer))
+ authscheme_list[auth_user_request->auth_user->auth_module -
+ 1].AddTrailer(auth_user_request, rep, accelerated);
}
void
@@ -770,7 +864,8 @@
debug(29, 9) ("authenticateAuthUserLock auth_user '%p'.\n",
auth_user);
assert(auth_user != NULL);
auth_user->references++;
- debug(29, 9) ("authenticateAuthUserLock auth_user '%p' now at
'%ld'.\n", auth_user, (long int) auth_user->references);
+ debug(29, 9) ("authenticateAuthUserLock auth_user '%p' now at
'%ld'.\n",
+ auth_user, (long int) auth_user->references);
}
void
@@ -781,9 +876,11 @@
if (auth_user->references > 0) {
auth_user->references--;
} else {
- debug(29, 1) ("Attempt to lower Auth User %p refcount below 0!\n",
auth_user);
+ debug(29, 1) ("Attempt to lower Auth User %p refcount below 0!\n",
+ auth_user);
}
- debug(29, 9) ("authenticateAuthUserUnlock auth_user '%p' now at
'%ld'.\n", auth_user, (long int) auth_user->references);
+ debug(29, 9) ("authenticateAuthUserUnlock auth_user '%p' now at
'%ld'.\n",
+ auth_user, (long int) auth_user->references);
if (auth_user->references == 0)
authenticateFreeProxyAuthUser(auth_user);
}
@@ -791,23 +888,33 @@
void
authenticateAuthUserRequestLock(auth_user_request_t *
auth_user_request)
{
- debug(29, 9) ("authenticateAuthUserRequestLock auth_user request
'%p'.\n", auth_user_request);
+ debug(29, 9) ("authenticateAuthUserRequestLock auth_user request
'%p'.\n",
+ auth_user_request);
assert(auth_user_request != NULL);
auth_user_request->references++;
- debug(29, 9) ("authenticateAuthUserRequestLock auth_user request
'%p' now at '%ld'.\n", auth_user_request, (long int)
auth_user_request->references);
+ debug(29,
+ 9)
+ ("authenticateAuthUserRequestLock auth_user request '%p' now at
'%ld'.\n",
+ auth_user_request, (long int) auth_user_request->references);
}
void
authenticateAuthUserRequestUnlock(auth_user_request_t *
auth_user_request)
{
- debug(29, 9) ("authenticateAuthUserRequestUnlock auth_user request
'%p'.\n", auth_user_request);
+ debug(29, 9) ("authenticateAuthUserRequestUnlock auth_user request
'%p'.\n",
+ auth_user_request);
assert(auth_user_request != NULL);
if (auth_user_request->references > 0) {
auth_user_request->references--;
} else {
- debug(29, 1) ("Attempt to lower Auth User request %p refcount below
0!\n", auth_user_request);
- }
- debug(29, 9) ("authenticateAuthUserRequestUnlock auth_user_request
'%p' now at '%ld'.\n", auth_user_request, (long int)
auth_user_request->references);
+ debug(29,
+ 1) ("Attempt to lower Auth User request %p refcount below 0!\n",
+ auth_user_request);
+ }
+ debug(29,
+ 9)
+ ("authenticateAuthUserRequestUnlock auth_user_request '%p' now at
'%ld'.\n",
+ auth_user_request, (long int) auth_user_request->references);
if (auth_user_request->references == 0) {
/* not locked anymore */
authenticateAuthUserRequestFree(auth_user_request);
@@ -839,7 +946,9 @@
* in hash references too and ask the module to merge in scheme
* data
*/
- debug(29, 5) ("authenticateAuthUserMerge auth_user '%p' into
auth_user '%p'.\n", from, to);
+ debug(29,
+ 5) ("authenticateAuthUserMerge auth_user '%p' into auth_user '%p'.\n",
+ from, to);
link = from->requests.head;
while (link) {
auth_user_request = link->data;
@@ -861,12 +970,18 @@
auth_user_request_t *auth_user_request;
dlink_node *link, *tmplink;
assert(data != NULL);
- debug(29, 5) ("authenticateFreeProxyAuthUser: Freeing auth_user
'%p' with refcount '%ld'.\n", u, (long int) u->references);
+ debug(29,
+ 5)
+ ("authenticateFreeProxyAuthUser: Freeing auth_user '%p' with refcount
'%ld'.\n",
+ u, (long int) u->references);
assert(u->references == 0);
/* were they linked in by username ? */
if (u->usernamehash) {
assert(u->usernamehash->auth_user == u);
- debug(29, 5) ("authenticateFreeProxyAuthUser: removing usernamehash
entry '%p'\n", u->usernamehash);
+ debug(29,
+ 5)
+ ("authenticateFreeProxyAuthUser: removing usernamehash entry
'%p'\n",
+ u->usernamehash);
hash_remove_link(proxy_auth_username_cache,
(hash_link *) u->usernamehash);
/* don't free the key as we use the same user string as the auth_user
@@ -876,7 +991,9 @@
/* remove any outstanding requests */
link = u->requests.head;
while (link) {
- debug(29, 5) ("authenticateFreeProxyAuthUser: removing request entry
'%p'\n", link->data);
+ debug(29,
+ 5) ("authenticateFreeProxyAuthUser: removing request entry
'%p'\n",
+ link->data);
auth_user_request = link->data;
tmplink = link;
link = link->next;
@@ -903,7 +1020,8 @@
proxy_auth_username_cache =
hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(proxy_auth_username_cache);
- eventAdd("User Cache Maintenance", authenticateProxyUserCacheCleanup,
NULL, Config.authenticateGCInterval, 1);
+ eventAdd("User Cache Maintenance", authenticateProxyUserCacheCleanup,
+ NULL, Config.authenticateGCInterval, 1);
}
}
@@ -918,27 +1036,44 @@
auth_user_hash_pointer *usernamehash;
auth_user_t *auth_user;
char *username = NULL;
- debug(29, 3) ("authenticateProxyUserCacheCleanup: Cleaning the user
cache now\n");
- debug(29, 3) ("authenticateProxyUserCacheCleanup: Current time:
%ld\n", (long int) current_time.tv_sec);
+ debug(29,
+ 3) ("authenticateProxyUserCacheCleanup: Cleaning the user cache
now\n");
+ debug(29, 3) ("authenticateProxyUserCacheCleanup: Current time:
%ld\n",
+ (long int) current_time.tv_sec);
hash_first(proxy_auth_username_cache);
- while ((usernamehash = ((auth_user_hash_pointer *)
hash_next(proxy_auth_username_cache)))) {
+ while ((usernamehash =
+ ((auth_user_hash_pointer *)
hash_next(proxy_auth_username_cache)))) {
auth_user = usernamehash->auth_user;
username = authenticateUserUsername(auth_user);
/* if we need to have inpedendent expiry clauses, insert a module call
* here */
- debug(29, 4) ("authenticateProxyUserCacheCleanup: Cache
entry:\n\tType: %d\n\tUsername: %s\n\texpires: %ld\n\treferences:
%ld\n", auth_user->auth_type, username, (long int)
(auth_user->expiretime + Config.authenticateTTL), (long int)
auth_user->references);
- if (auth_user->expiretime + Config.authenticateTTL <=
current_time.tv_sec) {
- debug(29, 5) ("authenticateProxyUserCacheCleanup: Removing user %s
from cache due to timeout.\n", username);
+ debug(29,
+ 4)
+ ("authenticateProxyUserCacheCleanup: Cache entry:\n\tType:
%d\n\tUsername: %s\n\texpires: %ld\n\treferences: %ld\n",
+ auth_user->auth_type, username,
+ (long int) (auth_user->expiretime + Config.authenticateTTL),
+ (long int) auth_user->references);
+ if (auth_user->expiretime + Config.authenticateTTL <=
+ current_time.tv_sec) {
+ debug(29,
+ 5)
+ ("authenticateProxyUserCacheCleanup: Removing user %s from cache due
to timeout.\n",
+ username);
/* the minus 1 accounts for the cache lock */
if ((authenticateAuthUserInuse(auth_user) - 1))
- debug(29, 4) ("authenticateProxyUserCacheCleanup: this cache entry
has expired AND has a non-zero ref count.\n");
+ debug(29,
+ 4)
+ ("authenticateProxyUserCacheCleanup: this cache entry has expired
AND has a non-zero ref count.\n");
else
authenticateAuthUserUnlock(auth_user);
}
}
- debug(29, 3) ("authenticateProxyUserCacheCleanup: Finished cleaning
the user cache.\n");
- eventAdd("User Cache Maintenance",
authenticateProxyUserCacheCleanup, NULL, Config.authenticateGCInterval,
1);
+ debug(29,
+ 3)
+ ("authenticateProxyUserCacheCleanup: Finished cleaning the user
cache.\n");
+ eventAdd("User Cache Maintenance",
authenticateProxyUserCacheCleanup, NULL,
+ Config.authenticateGCInterval, 1);
}
/*
@@ -952,12 +1087,18 @@
auth_user_hash_pointer *usernamehash;
auth_user_t *auth_user;
char *username = NULL;
- debug(29, 3) ("authenticateUserCacheRestart: Clearing config
dependent cache data.\n");
+ debug(29,
+ 3)
+ ("authenticateUserCacheRestart: Clearing config dependent cache
data.\n");
hash_first(proxy_auth_username_cache);
- while ((usernamehash = ((auth_user_hash_pointer *)
hash_next(proxy_auth_username_cache)))) {
+ while ((usernamehash =
+ ((auth_user_hash_pointer *)
hash_next(proxy_auth_username_cache)))) {
auth_user = usernamehash->auth_user;
username = authenticateUserUsername(auth_user);
- debug(29, 5) ("authenticateUserCacheRestat: Clearing cache ACL results
for user: %s\n", username);
+ debug(29,
+ 5)
+ ("authenticateUserCacheRestat: Clearing cache ACL results for
user: %s\n",
+ username);
aclCacheMatchFlush(&auth_user->proxy_match_cache);
}
@@ -976,7 +1117,8 @@
assert(strcmp(authscheme_list[i].typestr, type) != 0);
}
/* add the new type */
- authscheme_list = xrealloc(authscheme_list, (i + 2) *
sizeof(authscheme_entry_t));
+ authscheme_list =
+ xrealloc(authscheme_list, (i + 2) * sizeof(authscheme_entry_t));
memset(&authscheme_list[i], 0, sizeof(authscheme_entry_t));
memset(&authscheme_list[i + 1], 0, sizeof(authscheme_entry_t));
authscheme_list[i].typestr = type;
diff -Nru squid-2.5/src/cf.data.pre squid-2.5-ws/src/cf.data.pre
--- squid-2.5/src/cf.data.pre Tue Sep 2 04:49:32 2003
+++ squid-2.5-ws/src/cf.data.pre Fri Sep 5 12:13:40 2003
@@ -1971,10 +1971,15 @@
# cache_peer_access mycache.mydomain.net allow asexample
# cache_peer_access mycache_mydomain.net deny all
- acl aclname proxy_auth username ...
+ acl aclname proxy_auth [-i] [-b | -n | -d ] username ...
acl aclname proxy_auth_regex [-i] pattern ...
# list of valid usernames
# use REQUIRED to accept any valid username.
+ # -i: case-insensitive
+ # For bogus clients (like IE and Messenger):
+ # -b: use basic authentication
+ # -n: use NTLM authentication
+ # -d: use digest authentication
#
# NOTE: when a Proxy-Authentication header is sent but it is not
# needed during ACL checking the username is NOT logged
@@ -1983,6 +1988,9 @@
# NOTE: proxy_auth requires a EXTERNAL authentication program
# to check username/password combinations (see
# auth_param directive).
+ #
+ # NOTE: If -b, -n or -d is not especified, the three schemes are
+ # offered to the client.
#
# WARNING: proxy_auth can't be used in a transparent proxy. It
# collides with any authentication done by origin servers. It may
diff -Nru squid-2.5/src/globals.h squid-2.5-ws/src/globals.h
--- squid-2.5/src/globals.h Mon Jan 13 20:01:13 2003
+++ squid-2.5-ws/src/globals.h Fri Sep 5 11:58:05 2003
@@ -47,6 +47,7 @@
extern char ThisCache2[SQUIDHOSTNAMELEN << 1];
extern char config_input_line[BUFSIZ];
extern const char *AclMatchedName; /* NULL */
+extern acl *AclMatched;
extern const char *DefaultConfigFile; /* DEFAULT_CONFIG_FILE */
extern const char *RequestMethodStr[];
extern const char *ProtocolStr[];
@@ -136,7 +137,7 @@
extern int _db_level;
extern const int CacheDigestHashFuncCount; /* 4 */
extern CacheDigest *store_digest; /* NULL */
-extern const char *StoreDigestFileName; /* "store_digest" */
+extern const char *StoreDigestFileName; /* "store_digest" */
extern const char *StoreDigestMimeStr; /* "application/cache-digest" */
#if USE_CACHE_DIGESTS
extern const Version CacheDigestVer; /* { 5, 3 } */
diff -Nru squid-2.5/src/structs.h squid-2.5-ws/src/structs.h
--- squid-2.5/src/structs.h Wed Aug 6 10:49:03 2003
+++ squid-2.5-ws/src/structs.h Fri Sep 5 11:58:05 2003
@@ -37,58 +37,70 @@
#include "config.h"
#include "splay.h"
-struct _dlink_node {
+struct _dlink_node
+{
void *data;
dlink_node *prev;
dlink_node *next;
};
-struct _dlink_list {
+struct _dlink_list
+{
dlink_node *head;
dlink_node *tail;
};
-struct _acl_user_data {
+struct _acl_user_data
+{
splayNode *names;
- struct {
+ struct
+ {
unsigned int case_insensitive:1;
unsigned int required:1;
+ unsigned int schemeid:2;
} flags;
};
-struct _acl_user_ip_data {
+struct _acl_user_ip_data
+{
size_t max;
- struct {
+ struct
+ {
unsigned int strict:1;
} flags;
};
-struct _acl_ip_data {
+struct _acl_ip_data
+{
struct in_addr addr1; /* if addr2 non-zero then its a range */
struct in_addr addr2;
struct in_addr mask;
acl_ip_data *next; /* used for parsing, not for storing */
};
-struct _acl_time_data {
+struct _acl_time_data
+{
int weekbits;
int start;
int stop;
acl_time_data *next;
};
-struct _acl_name_list {
+struct _acl_name_list
+{
char name[ACL_NAME_SZ];
acl_name_list *next;
};
-struct _acl_proxy_auth_match_cache {
+struct _acl_proxy_auth_match_cache
+{
dlink_node link;
int matchrv;
void *acl_data;
};
-struct _auth_user_hash_pointer {
+struct _auth_user_hash_pointer
+{
/* first two items must be same as hash_link */
char *key;
auth_user_hash_pointer *next;
@@ -96,14 +108,16 @@
dlink_node link; /* other hash entries that point to the same
auth_user */
};
-struct _auth_user_ip_t {
+struct _auth_user_ip_t
+{
dlink_node node;
/* IP addr this user authenticated from */
struct in_addr ipaddr;
time_t ip_expiretime;
};
-struct _auth_user_t {
+struct _auth_user_t
+{
/* extra fields for proxy_auth */
/* this determines what scheme owns the user data. */
auth_type_t auth_type;
@@ -127,7 +141,8 @@
dlink_list requests;
};
-struct _auth_user_request_t {
+struct _auth_user_request_t
+{
/* this is the object passed around by client_side and acl
functions */
/* it has request specific data, and links to user specific data */
/* the user */
@@ -150,7 +165,8 @@
* This defines an auth scheme module
*/
-struct _authscheme_entry {
+struct _authscheme_entry
+{
const char *typestr;
AUTHSACTIVE *Active;
AUTHSADDHEADER *AddHeader;
@@ -180,7 +196,8 @@
*/
/* private data types */
-struct _authScheme {
+struct _authScheme
+{
/* pointer to the authscheme_list's string entry */
const char *typestr;
/* the scheme id in the authscheme_list */
@@ -189,7 +206,8 @@
void *scheme_data;
};
-struct _acl_deny_info_list {
+struct _acl_deny_info_list
+{
int err_page_id;
char *err_page_name;
acl_name_list *acl_list;
@@ -198,38 +216,44 @@
#if USE_ARP_ACL
-struct _acl_arp_data {
+struct _acl_arp_data
+{
char eth[6];
};
#endif
-struct _String {
+struct _String
+{
/* never reference these directly! */
unsigned short int size; /* buffer size; 64K limit */
unsigned short int len; /* current length */
char *buf;
};
-struct _header_mangler {
+struct _header_mangler
+{
acl_access *access_list;
char *replacement;
};
-struct _body_size {
+struct _body_size
+{
dlink_node node;
acl_access *access_list;
size_t maxsize;
};
-struct _http_version_t {
+struct _http_version_t
+{
unsigned int major;
unsigned int minor;
};
#if SQUID_SNMP
-struct _snmp_request_t {
+struct _snmp_request_t
+{
u_char *buf;
u_char *outbuf;
int len;
@@ -244,7 +268,8 @@
#endif
-struct _acl {
+struct _acl
+{
char name[ACL_NAME_SZ];
squid_acl type;
void *data;
@@ -252,32 +277,37 @@
acl *next;
};
-struct _acl_list {
+struct _acl_list
+{
int op;
acl *acl;
acl_list *next;
};
-struct _acl_access {
+struct _acl_access
+{
int allow;
acl_list *acl_list;
char *cfgline;
acl_access *next;
};
-struct _acl_address {
+struct _acl_address
+{
acl_address *next;
acl_list *acl_list;
struct in_addr addr;
};
-struct _acl_tos {
+struct _acl_tos
+{
acl_tos *next;
acl_list *acl_list;
int tos;
};
-struct _aclCheck_t {
+struct _aclCheck_t
+{
const acl_access *access_list;
struct in_addr src_addr;
struct in_addr dst_addr;
@@ -299,40 +329,47 @@
acl *current_acl; /* private, used by aclCheck */
};
-struct _wordlist {
+struct _wordlist
+{
char *key;
wordlist *next;
};
-struct _intlist {
+struct _intlist
+{
int i;
intlist *next;
};
-struct _intrange {
+struct _intrange
+{
int i;
int j;
intrange *next;
};
-struct _ushortlist {
+struct _ushortlist
+{
u_short i;
ushortlist *next;
};
-struct _relist {
+struct _relist
+{
char *pattern;
regex_t regex;
relist *next;
};
-struct _sockaddr_in_list {
+struct _sockaddr_in_list
+{
struct sockaddr_in s;
sockaddr_in_list *next;
};
#if USE_SSL
-struct _https_port_list {
+struct _https_port_list
+{
https_port_list *next;
struct sockaddr_in s;
char *cert;
@@ -345,7 +382,8 @@
#endif
#if DELAY_POOLS
-struct _delaySpec {
+struct _delaySpec
+{
int restore_bps;
int max_bytes;
};
@@ -353,13 +391,15 @@
/* malloc()'d only as far as used (class * sizeof(delaySpec)!
* order of elements very important!
*/
-struct _delaySpecSet {
+struct _delaySpecSet
+{
delaySpec aggregate;
delaySpec individual;
delaySpec network;
};
-struct _delayConfig {
+struct _delayConfig
+{
unsigned short pools;
unsigned short initial;
unsigned char *class;
@@ -369,24 +409,29 @@
#endif
-struct _RemovalPolicySettings {
+struct _RemovalPolicySettings
+{
char *type;
wordlist *args;
};
-struct _SquidConfig {
- struct {
+struct _SquidConfig
+{
+ struct
+ {
size_t maxSize;
int highWaterMark;
int lowWaterMark;
} Swap;
size_t memMaxSize;
- struct {
+ struct
+ {
char *relayHost;
u_short relayPort;
peer *peer;
} Wais;
- struct {
+ struct
+ {
size_t min;
int pct;
size_t max;
@@ -397,7 +442,8 @@
time_t negativeDnsTtl;
time_t positiveDnsTtl;
time_t shutdownLifetime;
- struct {
+ struct
+ {
time_t read;
time_t lifetime;
time_t connect;
@@ -421,7 +467,8 @@
size_t maxRequestHeaderSize;
size_t maxRequestBodySize;
dlink_list ReplyBodySize;
- struct {
+ struct
+ {
u_short icp;
#if USE_HTCP
u_short htcp;
@@ -430,20 +477,23 @@
u_short snmp;
#endif
} Port;
- struct {
+ struct
+ {
sockaddr_in_list *http;
#if USE_SSL
https_port_list *https;
#endif
} Sockaddr;
#if SQUID_SNMP
- struct {
+ struct
+ {
char *configFile;
char *agentInfo;
} Snmp;
#endif
#if USE_WCCP
- struct {
+ struct
+ {
struct in_addr router;
struct in_addr incoming;
struct in_addr outgoing;
@@ -451,7 +501,8 @@
} Wccp;
#endif
char *as_whois_server;
- struct {
+ struct
+ {
char *log;
char *access;
char *store;
@@ -470,7 +521,8 @@
char *adminEmail;
char *effectiveUser;
char *effectiveGroup;
- struct {
+ struct
+ {
#if USE_DNSSERVERS
char *dnsserver;
#endif
@@ -490,7 +542,8 @@
time_t authenticateGCInterval;
time_t authenticateTTL;
time_t authenticateIpTTL;
- struct {
+ struct
+ {
int single_host;
char *host;
u_short port;
@@ -505,13 +558,15 @@
char *uniqueHostname;
wordlist *hostnameAliases;
char *errHtmlText;
- struct {
+ struct
+ {
char *host;
char *file;
time_t period;
u_short port;
} Announce;
- struct {
+ struct
+ {
struct in_addr udp_incoming;
struct in_addr udp_outgoing;
#if SQUID_SNMP
@@ -528,30 +583,35 @@
wordlist *dns_nameservers;
peer *peers;
int npeers;
- struct {
+ struct
+ {
int size;
int low;
int high;
} ipcache;
- struct {
+ struct
+ {
int size;
} fqdncache;
int minDirectHops;
int minDirectRtt;
cachemgr_passwd *passwd_list;
- struct {
+ struct
+ {
int objectsPerBucket;
size_t avgObjectSize;
size_t maxObjectSize;
size_t minObjectSize;
size_t maxInMemObjSize;
} Store;
- struct {
+ struct
+ {
int high;
int low;
time_t period;
} Netdb;
- struct {
+ struct
+ {
int log_udp;
#if USE_DNSSERVERS
int res_defnames;
@@ -594,7 +654,8 @@
int request_entities;
} onoff;
acl *aclList;
- struct {
+ struct
+ {
acl_access *http;
acl_access *icp;
acl_access *miss;
@@ -615,12 +676,14 @@
acl_tos *outgoing_tos;
} accessList;
acl_deny_info_list *denyInfoList;
- struct _authConfig {
+ struct _authConfig
+ {
authScheme *schemes;
int n_allocated;
int n_configured;
} authConfig;
- struct {
+ struct
+ {
size_t list_width;
int list_wrap;
char *anon_user;
@@ -628,25 +691,30 @@
int sanitycheck;
} Ftp;
refresh_t *Refresh;
- struct _cacheSwap {
+ struct _cacheSwap
+ {
SwapDir *swapDirs;
int n_allocated;
int n_configured;
} cacheSwap;
- struct {
+ struct
+ {
char *directory;
} icons;
char *errorDirectory;
- struct {
+ struct
+ {
int maxtries;
} retry;
- struct {
+ struct
+ {
size_t limit;
} MemPools;
#if DELAY_POOLS
delayConfig Delay;
#endif
- struct {
+ struct
+ {
int icp_average;
int dns_average;
int http_average;
@@ -658,7 +726,8 @@
int uri_whitespace;
size_t rangeOffsetLimit;
#if MULTICAST_MISS_STREAM
- struct {
+ struct
+ {
struct in_addr addr;
int ttl;
unsigned short port;
@@ -669,7 +738,8 @@
char *coredump_dir;
char *chroot_dir;
#if USE_CACHE_DIGESTS
- struct {
+ struct
+ {
int bits_per_entry;
time_t rebuild_period;
time_t rewrite_period;
@@ -678,12 +748,14 @@
} digest;
#endif
#if USE_SSL
- struct {
+ struct
+ {
int unclean_shutdown;
} SSL;
#endif
wordlist *ext_methods;
- struct {
+ struct
+ {
int high_rptm;
int high_pf;
size_t high_memory;
@@ -693,25 +765,30 @@
external_acl *externalAclHelperList;
};
-struct _SquidConfig2 {
- struct {
+struct _SquidConfig2
+{
+ struct
+ {
char *prefix;
int on;
} Accel;
- struct {
+ struct
+ {
int enable_purge;
} onoff;
uid_t effectiveUserID;
gid_t effectiveGroupID;
};
-struct _close_handler {
+struct _close_handler
+{
PF *handler;
void *data;
close_handler *next;
};
-struct _dread_ctrl {
+struct _dread_ctrl
+{
int fd;
off_t offset;
int req_len;
@@ -721,7 +798,8 @@
void *client_data;
};
-struct _dnsserver_t {
+struct _dnsserver_t
+{
int id;
int inpipe;
int outpipe;
@@ -733,7 +811,8 @@
void *data;
};
-struct _dwrite_q {
+struct _dwrite_q
+{
off_t file_offset;
char *buf;
int len;
@@ -747,12 +826,14 @@
* this struct is likely to change
* Note: "str" points to memory in HttpHeaderEntry (for now)
* so ETags should be used as tmp variables only (for now) */
-struct _ETag {
+struct _ETag
+{
const char *str; /* quoted-string */
int weak; /* true if it is a weak validator */
};
-struct _fde {
+struct _fde
+{
unsigned int type;
u_short local_port;
u_short remote_port;
@@ -760,7 +841,8 @@
unsigned char tos;
char ipaddr[16]; /* dotted decimal address of peer */
char desc[FD_DESC_SZ];
- struct {
+ struct
+ {
unsigned int open:1;
unsigned int close_request:1;
unsigned int write_daemon:1;
@@ -777,7 +859,8 @@
int bytes_read;
int bytes_written;
int uses; /* ie # req's over persistent conn */
- struct _fde_disk {
+ struct _fde_disk
+ {
DWCB *wrt_handle;
void *wrt_handle_data;
dwrite_q *write_q;
@@ -804,7 +887,8 @@
#endif
};
-struct _fileMap {
+struct _fileMap
+{
int max_n_files;
int n_files_in_map;
int toggle;
@@ -814,7 +898,8 @@
/* auto-growing memory-resident buffer with printf interface */
/* note: when updating this struct, update MemBufNULL #define */
-struct _MemBuf {
+struct _MemBuf
+{
/* public, read-only */
char *buf;
mb_size_t size; /* used space, does not count 0-terminator */
@@ -826,7 +911,8 @@
};
/* see Packer.c for description */
-struct _Packer {
+struct _Packer
+{
/* protected, use interface functions instead */
append_f append;
vprintf_f vprintf;
@@ -834,7 +920,8 @@
};
/* http status line */
-struct _HttpStatusLine {
+struct _HttpStatusLine
+{
/* public, read only */
http_version_t version;
const char *reason; /* points to a _constant_ string (default or
supplied), never free()d */
@@ -845,19 +932,22 @@
* Note: HttpBody is used only for messages with a small content that
is
* known a priory (e.g., error messages).
*/
-struct _HttpBody {
+struct _HttpBody
+{
/* private */
MemBuf mb;
};
/* http header extention field */
-struct _HttpHdrExtField {
+struct _HttpHdrExtField
+{
String name; /* field-name from HTTP/1.1 (no column after name)
*/
String value; /* field-value from HTTP/1.1 */
};
/* http cache control header field */
-struct _HttpHdrCc {
+struct _HttpHdrCc
+{
int mask;
int max_age;
int s_maxage;
@@ -865,7 +955,8 @@
};
/* http byte-range-spec */
-struct _HttpHdrRangeSpec {
+struct _HttpHdrRangeSpec
+{
ssize_t offset;
ssize_t length;
};
@@ -874,25 +965,29 @@
* This object holds all range specs in order of their appearence
* in the request because we SHOULD preserve that order.
*/
-struct _HttpHdrRange {
+struct _HttpHdrRange
+{
Stack specs;
};
/* http content-range header field */
-struct _HttpHdrContRange {
+struct _HttpHdrContRange
+{
HttpHdrRangeSpec spec;
ssize_t elength; /* entity length, not content length */
};
/* some fields can hold either time or etag specs (e.g. If-Range) */
-struct _TimeOrTag {
+struct _TimeOrTag
+{
ETag tag; /* entity tag */
time_t time;
int valid; /* true if struct is usable */
};
/* data for iterating thru range specs */
-struct _HttpHdrRangeIter {
+struct _HttpHdrRangeIter
+{
HttpHdrRangePos pos;
const HttpHdrRangeSpec *spec; /* current spec at pos */
ssize_t debt_size; /* bytes left to send from the current spec */
@@ -901,14 +996,16 @@
};
/* constant attributes of http header fields */
-struct _HttpHeaderFieldAttrs {
+struct _HttpHeaderFieldAttrs
+{
const char *name;
http_hdr_type id;
field_type type;
};
/* per field statistics */
-struct _HttpHeaderFieldStat {
+struct _HttpHeaderFieldStat
+{
int aliveCount; /* created but not destroyed (count) */
int seenCount; /* #fields we've seen */
int parsCount; /* #parsing attempts */
@@ -917,20 +1014,23 @@
};
/* compiled version of HttpHeaderFieldAttrs plus stats */
-struct _HttpHeaderFieldInfo {
+struct _HttpHeaderFieldInfo
+{
http_hdr_type id;
String name;
field_type type;
HttpHeaderFieldStat stat;
};
-struct _HttpHeaderEntry {
+struct _HttpHeaderEntry
+{
http_hdr_type id;
String name;
String value;
};
-struct _HttpHeader {
+struct _HttpHeader
+{
/* protected, do not use these, use interface functions instead */
Array entries; /* parsed fields in raw format */
HttpHeaderMask mask; /* bit set <=> entry present */
@@ -938,7 +1038,8 @@
int len; /* length when packed, not counting terminating '\0' */
};
-struct _HttpReply {
+struct _HttpReply
+{
/* unsupported, writable, may disappear/change in the future */
int hdr_sz; /* sums _stored_ status-line, headers, and <CRLF> */
@@ -961,13 +1062,15 @@
HttpBody body; /* for small constant memory-resident text bodies
only */
};
-struct _http_state_flags {
+struct _http_state_flags
+{
unsigned int proxying:1;
unsigned int keepalive:1;
unsigned int only_if_cached:1;
};
-struct _HttpStateData {
+struct _HttpStateData
+{
StoreEntry *entry;
request_t *request;
char *reply_hdr;
@@ -981,7 +1084,8 @@
FwdState *fwd;
};
-struct _icpUdpData {
+struct _icpUdpData
+{
struct sockaddr_in address;
void *msg;
size_t len;
@@ -993,7 +1097,8 @@
struct timeval queue_time;
};
-struct _ping_data {
+struct _ping_data
+{
struct timeval start;
struct timeval stop;
int n_sent;
@@ -1005,7 +1110,8 @@
int p_rtt;
};
-struct _HierarchyLogEntry {
+struct _HierarchyLogEntry
+{
hier_code code;
char host[SQUIDHOSTNAMELEN];
ping_data ping;
@@ -1017,18 +1123,22 @@
struct timeval store_complete_stop;
};
-struct _AccessLogEntry {
+struct _AccessLogEntry
+{
const char *url;
- struct {
+ struct
+ {
method_t method;
int code;
const char *content_type;
http_version_t version;
} http;
- struct {
+ struct
+ {
icp_opcode opcode;
} icp;
- struct {
+ struct
+ {
struct in_addr caddr;
size_t size;
log_type code;
@@ -1036,24 +1146,28 @@
const char *rfc931;
const char *authuser;
} cache;
- struct {
+ struct
+ {
char *request;
char *reply;
} headers;
- struct {
+ struct
+ {
const char *method_str;
} private;
HierarchyLogEntry hier;
};
-struct _clientHttpRequest {
+struct _clientHttpRequest
+{
ConnStateData *conn;
request_t *request; /* Parsed URL ... */
store_client *sc; /* The store_client we're using */
store_client *old_sc; /* ... for entry to be validated */
char *uri;
char *log_uri;
- struct {
+ struct
+ {
off_t offset;
size_t size;
} out;
@@ -1071,13 +1185,15 @@
aclCheck_t *acl_checklist; /* need ptr back so we can unreg if
needed */
clientHttpRequest *next;
AccessLogEntry al;
- struct {
+ struct
+ {
unsigned int accel:1;
unsigned int internal:1;
unsigned int done_copying:1;
unsigned int purging:1;
} flags;
- struct {
+ struct
+ {
http_status status;
char *location;
} redirect;
@@ -1085,14 +1201,17 @@
size_t maxBodySize;
};
-struct _ConnStateData {
+struct _ConnStateData
+{
int fd;
- struct {
+ struct
+ {
char *buf;
off_t offset;
size_t size;
} in;
- struct {
+ struct
+ {
size_t size_left; /* How much body left to process */
request_t *request; /* Parameters passed to clientReadBody */
char *buf;
@@ -1111,13 +1230,15 @@
struct in_addr log_addr;
char rfc931[USER_IDENT_SZ];
int nrequests;
- struct {
+ struct
+ {
int n;
time_t until;
} defer;
};
-struct _ipcache_addrs {
+struct _ipcache_addrs
+{
struct in_addr *in_addrs;
unsigned char *bad_mask;
unsigned char count;
@@ -1125,26 +1246,30 @@
unsigned char badcount;
};
-struct _domain_ping {
+struct _domain_ping
+{
char *domain;
int do_ping; /* boolean */
domain_ping *next;
};
-struct _domain_type {
+struct _domain_type
+{
char *domain;
peer_t type;
domain_type *next;
};
#if USE_CACHE_DIGESTS
-struct _Version {
+struct _Version
+{
short int current; /* current version */
short int required; /* minimal version that can safely handle
current version */
};
/* digest control block; used for transmission and storage */
-struct _StoreDigestCBlock {
+struct _StoreDigestCBlock
+{
Version ver;
int capacity;
int count;
@@ -1156,7 +1281,8 @@
int reserved[32 - 6];
};
-struct _DigestFetchState {
+struct _DigestFetchState
+{
PeerDigest *pd;
StoreEntry *entry;
StoreEntry *old_entry;
@@ -1168,14 +1294,16 @@
time_t start_time;
time_t resp_time;
time_t expires;
- struct {
+ struct
+ {
int msg;
int bytes;
} sent, recv;
};
/* statistics for cache digests and other hit "predictors" */
-struct _cd_guess_stats {
+struct _cd_guess_stats
+{
/* public, read-only */
int true_hits;
int false_hits;
@@ -1184,17 +1312,20 @@
int close_hits; /* tmp, remove it later */
};
-struct _PeerDigest {
+struct _PeerDigest
+{
peer *peer; /* pointer back to peer structure, argh */
CacheDigest *cd; /* actual digest structure */
String host; /* copy of peer->host */
const char *req_result; /* text status of the last request */
- struct {
+ struct
+ {
unsigned int needed:1; /* there were requests for this digest */
unsigned int usable:1; /* can be used for lookups */
unsigned int requested:1; /* in process of receiving [fresh] digest */
} flags;
- struct {
+ struct
+ {
/* all times are absolute unless augmented with _delay */
time_t initialized; /* creation */
time_t needed; /* first lookup/use by a peer */
@@ -1205,10 +1336,12 @@
time_t received; /* received the current copy of a digest */
time_t disabled; /* disabled for good */
} times;
- struct {
+ struct
+ {
cd_guess_stats guess;
int used_count;
- struct {
+ struct
+ {
int msgs;
kb_t kbytes;
} sent, recv;
@@ -1217,11 +1350,13 @@
#endif
-struct _peer {
+struct _peer
+{
char *host;
peer_t type;
struct sockaddr_in in_addr;
- struct {
+ struct
+ {
int pings_sent;
int pings_acked;
int fetches;
@@ -1237,13 +1372,15 @@
int logged_state; /* so we can print dead/revived msgs */
int conn_open; /* current opened connections */
} stats;
- struct {
+ struct
+ {
int version;
int counts[ICP_END];
u_short port;
} icp;
#if USE_HTCP
- struct {
+ struct
+ {
double version;
int counts[2];
u_short port;
@@ -1253,7 +1390,8 @@
domain_ping *peer_domain;
domain_type *typelist;
acl_access *access;
- struct {
+ struct
+ {
unsigned int proxy_only:1;
unsigned int no_query:1;
unsigned int no_digest:1;
@@ -1271,13 +1409,15 @@
unsigned int allow_miss:1;
} options;
int weight;
- struct {
+ struct
+ {
double avg_n_members;
int n_times_counted;
int n_replies_expected;
int ttl;
int id;
- struct {
+ struct
+ {
unsigned int count_event_pending:1;
unsigned int counting:1;
} flags;
@@ -1294,7 +1434,8 @@
peer *next;
int test_fd;
#if USE_CARP
- struct {
+ struct
+ {
unsigned int hash;
double load_multiplier;
float load_factor;
@@ -1305,20 +1446,23 @@
int max_conn;
};
-struct _net_db_name {
+struct _net_db_name
+{
hash_link hash; /* must be first */
net_db_name *next;
netdbEntry *net_db_entry;
};
-struct _net_db_peer {
+struct _net_db_peer
+{
const char *peername;
double hops;
double rtt;
time_t expires;
};
-struct _netdbEntry {
+struct _netdbEntry
+{
hash_link hash; /* must be first */
char network[16];
int pings_sent;
@@ -1334,7 +1478,8 @@
int n_peers;
};
-struct _ps_state {
+struct _ps_state
+{
request_t *request;
StoreEntry *entry;
int always_direct;
@@ -1366,14 +1511,16 @@
};
#if USE_ICMP
-struct _pingerEchoData {
+struct _pingerEchoData
+{
struct in_addr to;
unsigned char opcode;
int psize;
char payload[PINGER_PAYLOAD_SZ];
};
-struct _pingerReplyData {
+struct _pingerReplyData
+{
struct in_addr from;
unsigned char opcode;
int rtt;
@@ -1384,7 +1531,8 @@
#endif
-struct _icp_common_t {
+struct _icp_common_t
+{
unsigned char opcode; /* opcode */
unsigned char version; /* version number */
unsigned short length; /* total length (bytes) */
@@ -1394,8 +1542,10 @@
u_num32 shostid; /* sender host id */
};
-struct _iostats {
- struct {
+struct _iostats
+{
+ struct
+ {
int reads;
int reads_deferred;
int read_hist[16];
@@ -1404,20 +1554,23 @@
} Http, Ftp, Gopher, Wais;
};
-struct _mem_node {
+struct _mem_node
+{
char data[SM_PAGE_SIZE];
int len;
mem_node *next;
};
-struct _mem_hdr {
+struct _mem_hdr
+{
mem_node *head;
mem_node *tail;
int origin_offset;
};
/* keep track each client receiving data from that particular
StoreEntry */
-struct _store_client {
+struct _store_client
+{
int type;
off_t copy_offset;
off_t seen_offset;
@@ -1427,7 +1580,8 @@
void *callback_data;
StoreEntry *entry; /* ptr to the parent StoreEntry, argh! */
storeIOState *swapin_sio;
- struct {
+ struct
+ {
unsigned int disk_io_pending:1;
unsigned int store_copying:1;
unsigned int copy_event_pending:1;
@@ -1441,31 +1595,39 @@
/* Removal policies */
-struct _RemovalPolicyNode {
+struct _RemovalPolicyNode
+{
void *data;
};
-struct _RemovalPolicy {
+struct _RemovalPolicy
+{
const char *_type;
void *_data;
void (*Free) (RemovalPolicy * policy);
- void (*Add) (RemovalPolicy * policy, StoreEntry * entry,
RemovalPolicyNode * node);
- void (*Remove) (RemovalPolicy * policy, StoreEntry * entry,
RemovalPolicyNode * node);
- void (*Referenced) (RemovalPolicy * policy, const StoreEntry *
entry, RemovalPolicyNode * node);
- void (*Dereferenced) (RemovalPolicy * policy, const StoreEntry *
entry, RemovalPolicyNode * node);
+ void (*Add) (RemovalPolicy * policy, StoreEntry * entry,
+ RemovalPolicyNode * node);
+ void (*Remove) (RemovalPolicy * policy, StoreEntry * entry,
+ RemovalPolicyNode * node);
+ void (*Referenced) (RemovalPolicy * policy, const StoreEntry *
entry,
+ RemovalPolicyNode * node);
+ void (*Dereferenced) (RemovalPolicy * policy, const StoreEntry *
entry,
+ RemovalPolicyNode * node);
RemovalPolicyWalker *(*WalkInit) (RemovalPolicy * policy);
RemovalPurgeWalker *(*PurgeInit) (RemovalPolicy * policy, int
max_scan);
void (*Stats) (RemovalPolicy * policy, StoreEntry * entry);
};
-struct _RemovalPolicyWalker {
+struct _RemovalPolicyWalker
+{
RemovalPolicy *_policy;
void *_data;
const StoreEntry *(*Next) (RemovalPolicyWalker * walker);
void (*Done) (RemovalPolicyWalker * walker);
};
-struct _RemovalPurgeWalker {
+struct _RemovalPurgeWalker
+{
RemovalPolicy *_policy;
void *_data;
int scanned, max_scan, locked;
@@ -1474,7 +1636,8 @@
};
/* This structure can be freed while object is purged out from memory
*/
-struct _MemObject {
+struct _MemObject
+{
method_t method;
char *url;
mem_hdr data_hdr;
@@ -1482,7 +1645,8 @@
off_t inmem_lo;
dlink_list clients;
int nclients;
- struct {
+ struct
+ {
off_t queue_offset; /* relative to in-mem data */
mem_node *memnode; /* which node we're currently paging out */
storeIOState *sio;
@@ -1492,7 +1656,8 @@
struct timeval start_ping;
IRCB *ping_reply_callback;
void *ircb_data;
- struct {
+ struct
+ {
STABH *callback;
void *data;
} abort;
@@ -1507,7 +1672,8 @@
const char *vary_headers;
};
-struct _StoreEntry {
+struct _StoreEntry
+{
hash_link hash; /* must be first */
MemObject *mem_obj;
RemovalPolicyNode repl;
@@ -1529,7 +1695,8 @@
swap_status_t swap_status:3;
};
-struct _SwapDir {
+struct _SwapDir
+{
const char *type;
int cur_size;
int low_size;
@@ -1540,7 +1707,8 @@
RemovalPolicy *repl;
int removals;
int scanned;
- struct {
+ struct
+ {
unsigned int selected:1;
unsigned int read_only:1;
} flags;
@@ -1557,7 +1725,8 @@
STUNREFOBJ *unrefobj; /* Unreference this object */
STCALLBACK *callback; /* Handle pending callbacks */
STSYNC *sync; /* Sync the directory */
- struct {
+ struct
+ {
STOBJCREATE *create;
STOBJOPEN *open;
STOBJCLOSE *close;
@@ -1565,11 +1734,13 @@
STOBJWRITE *write;
STOBJUNLINK *unlink;
} obj;
- struct {
+ struct
+ {
STLOGOPEN *open;
STLOGCLOSE *close;
STLOGWRITE *write;
- struct {
+ struct
+ {
STLOGCLEANSTART *start;
STLOGCLEANNEXTENTRY *nextentry;
STLOGCLEANWRITE *write;
@@ -1578,13 +1749,15 @@
} clean;
int writes_since_clean;
} log;
- struct {
+ struct
+ {
int blksize;
} fs;
void *fsdata;
};
-struct _request_flags {
+struct _request_flags
+{
unsigned int range:1;
unsigned int nocache:1;
unsigned int ims:1;
@@ -1606,12 +1779,14 @@
unsigned int reset_tcp:1;
};
-struct _link_list {
+struct _link_list
+{
void *ptr;
struct _link_list *next;
};
-struct _storeIOState {
+struct _storeIOState
+{
sdirno swap_dirn;
sfileno swap_filen;
StoreEntry *e; /* Need this so the FS layers can play god */
@@ -1621,17 +1796,20 @@
STFNCB *file_callback; /* called on delayed sfileno assignments */
STIOCB *callback;
void *callback_data;
- struct {
+ struct
+ {
STRCB *callback;
void *callback_data;
} read;
- struct {
+ struct
+ {
unsigned int closing:1; /* debugging aid */
} flags;
void *fsstate;
};
-struct _request_t {
+struct _request_t
+{
method_t method;
protocol_t protocol;
char login[MAX_LOGIN_SZ];
@@ -1662,20 +1840,23 @@
const char *vary_headers; /* Used when varying entities are
detected. Changes how the store key is calculated */
};
-struct _cachemgr_passwd {
+struct _cachemgr_passwd
+{
char *passwd;
wordlist *actions;
cachemgr_passwd *next;
};
-struct _refresh_t {
+struct _refresh_t
+{
const char *pattern;
regex_t compiled_pattern;
time_t min;
double pct;
time_t max;
refresh_t *next;
- struct {
+ struct
+ {
unsigned int icase:1;
#if HTTP_VIOLATIONS
unsigned int override_expire:1;
@@ -1686,7 +1867,8 @@
} flags;
};
-struct _CommWriteStateData {
+struct _CommWriteStateData
+{
char *buf;
size_t size;
off_t offset;
@@ -1695,7 +1877,8 @@
FREE *free_func;
};
-struct _ErrorState {
+struct _ErrorState
+{
err_type type;
int page_id;
http_status http_status;
@@ -1711,10 +1894,12 @@
char *redirect_url;
ERCB *callback;
void *callback_data;
- struct {
+ struct
+ {
unsigned int flag_cbdata:1;
} flags;
- struct {
+ struct
+ {
wordlist *server_msg;
char *request;
char *reply;
@@ -1726,7 +1911,8 @@
* "very generic" histogram;
* see important comments on hbase_f restrictions in StatHist.c
*/
-struct _StatHist {
+struct _StatHist
+{
int *bins;
int capacity;
double min;
@@ -1740,8 +1926,10 @@
* if you add a field to StatCounters,
* you MUST sync statCountersInitSpecial, statCountersClean, and
statCountersCopy
*/
-struct _StatCounters {
- struct {
+struct _StatCounters
+{
+ struct
+ {
int clients;
int requests;
int hits;
@@ -1757,15 +1945,18 @@
StatHist hit_svc_time;
StatHist all_svc_time;
} client_http;
- struct {
- struct {
+ struct
+ {
+ struct
+ {
int requests;
int errors;
kb_t kbytes_in;
kb_t kbytes_out;
} all , http, ftp, other;
} server;
- struct {
+ struct
+ {
int pkts_sent;
int queries_sent;
int replies_sent;
@@ -1787,13 +1978,16 @@
int query_timeouts;
int times_used;
} icp;
- struct {
+ struct
+ {
int requests;
} unlink;
- struct {
+ struct
+ {
StatHist svc_time;
} dns;
- struct {
+ struct
+ {
int times_used;
kb_t kbytes_sent;
kb_t kbytes_recv;
@@ -1805,7 +1999,8 @@
#endif
StatHist on_xition_count;
} cd;
- struct {
+ struct
+ {
int times_used;
} netdb;
int page_faults;
@@ -1818,8 +2013,10 @@
StatHist comm_dns_incoming;
StatHist comm_http_incoming;
StatHist select_fds_hist;
- struct {
- struct {
+ struct
+ {
+ struct
+ {
int opens;
int closes;
int reads;
@@ -1827,7 +2024,8 @@
int seeks;
int unlinks;
} disk;
- struct {
+ struct
+ {
int accepts;
int sockets;
int connects;
@@ -1845,7 +2043,8 @@
#endif
} syscalls;
int aborted_requests;
- struct {
+ struct
+ {
int files_cleaned;
int outs;
int ins;
@@ -1853,7 +2052,8 @@
};
/* per header statistics */
-struct _HttpHeaderStat {
+struct _HttpHeaderStat
+{
const char *label;
HttpHeaderMask *owner_mask;
@@ -1868,7 +2068,8 @@
};
-struct _tlv {
+struct _tlv
+{
char type;
int length;
void *value;
@@ -1879,7 +2080,8 @@
* Do we need to have the dirn in here? I don't think so, since we
already
* know the dirn ..
*/
-struct _storeSwapLogData {
+struct _storeSwapLogData
+{
char op;
sfileno swap_filen;
time_t timestamp;
@@ -1893,14 +2095,16 @@
};
/* object to track per-action memory usage (e.g. #idle objects) */
-struct _MemMeter {
+struct _MemMeter
+{
ssize_t level; /* current level (count or volume) */
ssize_t hwater_level; /* high water mark */
time_t hwater_stamp; /* timestamp of last high water mark change */
};
/* object to track per-pool memory usage (alloc = inuse+idle) */
-struct _MemPoolMeter {
+struct _MemPoolMeter
+{
MemMeter alloc;
MemMeter inuse;
MemMeter idle;
@@ -1909,24 +2113,28 @@
};
/* a pool is a [growing] space for objects of the same size */
-struct _MemPool {
+struct _MemPool
+{
const char *label;
size_t obj_size;
Stack pstack; /* stack for free pointers */
MemPoolMeter meter;
};
-struct _ClientInfo {
+struct _ClientInfo
+{
hash_link hash; /* must be first */
struct in_addr addr;
- struct {
+ struct
+ {
int result_hist[LOG_TYPE_MAX];
int n_requests;
kb_t kbytes_in;
kb_t kbytes_out;
kb_t hit_kbytes_out;
} Http, Icp;
- struct {
+ struct
+ {
time_t time;
int n_req;
int n_denied;
@@ -1934,7 +2142,8 @@
int n_established; /* number of current established connections */
};
-struct _CacheDigest {
+struct _CacheDigest
+{
/* public, read-only */
char *mask; /* bit mask */
size_t mask_size; /* mask size in bytes */
@@ -1944,13 +2153,15 @@
int del_count; /* number of deletions performed so far */
};
-struct _FwdServer {
+struct _FwdServer
+{
peer *peer; /* NULL --> origin server */
hier_code code;
FwdServer *next;
};
-struct _FwdState {
+struct _FwdState
+{
int client_fd;
StoreEntry *entry;
request_t *request;
@@ -1962,19 +2173,22 @@
#if WIP_FWD_LOG
http_status last_status;
#endif
- struct {
+ struct
+ {
unsigned int dont_retry:1;
unsigned int ftp_pasv_failed:1;
} flags;
};
#if USE_HTCP
-struct _htcpReplyData {
+struct _htcpReplyData
+{
int hit;
HttpHeader hdr;
u_num32 msg_id;
double version;
- struct {
+ struct
+ {
/* cache-to-origin */
double rtt;
int samp;
@@ -1985,13 +2199,15 @@
#endif
-struct _helper_request {
+struct _helper_request
+{
char *buf;
HLPCB *callback;
void *data;
};
-struct _helper_stateful_request {
+struct _helper_stateful_request
+{
char *buf;
HLPSCB *callback;
int placeholder; /* if 1, this is a dummy request waiting for a
stateful helper
@@ -2000,7 +2216,8 @@
};
-struct _helper {
+struct _helper
+{
wordlist *cmdline;
dlink_list servers;
dlink_list queue;
@@ -2009,7 +2226,8 @@
int n_running;
int ipc_type;
time_t last_queue_warn;
- struct {
+ struct
+ {
int requests;
int replies;
int queue_size;
@@ -2017,7 +2235,8 @@
} stats;
};
-struct _helper_stateful {
+struct _helper_stateful
+{
wordlist *cmdline;
dlink_list servers;
dlink_list queue;
@@ -2029,7 +2248,8 @@
HLPSAVAIL *IsAvailable;
HLPSONEQ *OnEmptyQueue;
time_t last_queue_warn;
- struct {
+ struct
+ {
int requests;
int replies;
int queue_size;
@@ -2037,7 +2257,8 @@
} stats;
};
-struct _helper_server {
+struct _helper_server
+{
int index;
int pid;
int rfd;
@@ -2050,19 +2271,22 @@
dlink_node link;
helper *parent;
helper_request *request;
- struct _helper_flags {
+ struct _helper_flags
+ {
unsigned int alive:1;
unsigned int busy:1;
unsigned int closing:1;
unsigned int shutdown:1;
} flags;
- struct {
+ struct
+ {
int uses;
} stats;
};
-struct _helper_stateful_server {
+struct _helper_stateful_server
+{
int index;
int pid;
int rfd;
@@ -2076,14 +2300,16 @@
dlink_list queue;
statefulhelper *parent;
helper_stateful_request *request;
- struct _helper_stateful_flags {
+ struct _helper_stateful_flags
+ {
unsigned int alive:1;
unsigned int busy:1;
unsigned int closing:1;
unsigned int shutdown:1;
stateful_helper_reserve_t reserved;
} flags;
- struct {
+ struct
+ {
int uses;
int submits;
int releases;
@@ -2098,11 +2324,13 @@
* use this when you need to pass callback data to a blocking
* operation, but you don't want to add that pointer to cbdata
*/
-struct _generic_cbdata {
+struct _generic_cbdata
+{
void *data;
};
-struct _store_rebuild_data {
+struct _store_rebuild_data
+{
int objcount; /* # objects successfully reloaded */
int expcount; /* # objects expired */
int scancount; /* # entries scanned or read from state file */
@@ -2119,7 +2347,8 @@
* This defines an fs type
*/
-struct _storefs_entry {
+struct _storefs_entry
+{
const char *typestr;
STFSPARSE *parsefunc;
STFSRECONFIGURE *reconfigurefunc;
@@ -2130,7 +2359,8 @@
* This defines an repl type
*/
-struct _storerepl_entry {
+struct _storerepl_entry
+{
const char *typestr;
REMOVALPOLICYCREATE *create;
};
@@ -2139,34 +2369,40 @@
* Async disk IO - this defines a async disk io queue
*/
-struct _diskd_queue {
+struct _diskd_queue
+{
int smsgid; /* send sysvmsg id */
int rmsgid; /* recv sysvmsg id */
int wfd; /* queue file descriptor ? */
int away; /* number of requests away */
int sent_count; /* number of messages sent */
int recv_count; /* number of messages received */
- struct {
+ struct
+ {
char *buf; /* shm buffer */
link_list *stack;
int id; /* sysvshm id */
} shm;
};
-struct _Logfile {
+struct _Logfile
+{
int fd;
char path[MAXPATHLEN];
char *buf;
size_t bufsz;
off_t offset;
- struct {
+ struct
+ {
unsigned int fatal:1;
} flags;
};
-struct cache_dir_option {
+struct cache_dir_option
+{
const char *name;
- void (*parse) (SwapDir * sd, const char *option, const char *value,
int reconfiguring);
+ void (*parse) (SwapDir * sd, const char *option, const char *value,
+ int reconfiguring);
void (*dump) (StoreEntry * e, const char *option, SwapDir * sd);
};
-- Diego WoitasenReceived on Fri Sep 05 2003 - 09:20:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:40 MST