make ident lookups an access list

diff --git a/src/cf.data.pre b/src/cf.data.pre
index f0f46fbacb6c1d19be6eb580b5792a6db26d3349..69557d6a4c100de138eed482fd01348aa3cf9722 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.135 1999/01/24 02:22:54 wessels Exp $
+# $Id: cf.data.pre,v 1.136 1999/01/24 02:44:10 wessels Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -757,17 +757,25 @@ debug_options ALL,1
 DOC_END
 
 
-NAME: ident_lookup
-COMMENT: on|off
-TYPE: onoff
-DEFAULT: off
-LOC: Config.onoff.ident_lookup
-DOC_START
-       If you wish to make an RFC931/ident lookup of the client
-       username for each connection, enable this.  It is off by
-       default.
-
-ident_lookup off
+NAME: ident_lookup_access
+TYPE: acl_access
+DEFAULT: none
+LOC: Config.accessList.identLookup
+DOC_START
+       A list of ACL elements which, if matched, cause an ident
+       (RFC 931) lookup to be performed for this request.  For
+       example, you might choose to always perform ident lookups
+       for your main multi-user Unix boxes, but not for your Macs
+       and PCs.  By default, ident lookups are not performed for
+       any requests.
+
+       To enable ident lookups for specific client addresses, you
+       can follow this example:
+ 
+       acl ident_aware_hosts src 198.168.1.0/255.255.255.0
+       ident_lookup_access allow ident_aware_hosts
+       ident_lookup_access deny all
+ident_lookup_access deny all
 DOC_END
 
 

diff --git a/src/client_side.cc b/src/client_side.cc
index 103ad2e16039e2a0a03daad4ef62bf533d53d003..bf2b8ba37975b85f85da04ee6ed18e4028088884 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.435 1999/01/24 02:22:56 wessels Exp $
+ * $Id: client_side.cc,v 1.436 1999/01/24 02:44:11 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -2404,6 +2404,7 @@ httpAccept(int sock, void *data)
     struct sockaddr_in peer;
     struct sockaddr_in me;
     int max = INCOMING_HTTP_MAX;
+    static aclCheck_t identChecklist;
     commSetSelect(sock, COMM_SELECT_READ, httpAccept, NULL, 0);
     while (max-- && !httpAcceptDefer()) {
        memset(&peer, '\0', sizeof(struct sockaddr_in));
@@ -2429,7 +2430,8 @@ httpAccept(int sock, void *data)
        if (Config.onoff.log_fqdn)
            fqdncache_gethostbyaddr(peer.sin_addr, FQDN_LOOKUP_IF_MISS);
        commSetTimeout(fd, Config.Timeout.request, requestTimeout, connState);
-       if (Config.onoff.ident_lookup)
+       identChecklist.src_addr = peer.sin_addr;
+       if (aclCheckFast(Config.accessList.identLookup, &identChecklist))
            identStart(&me, &peer, clientIdentDone, connState);
        commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, connState, 0);
        commSetDefer(fd, clientReadDefer, connState);

diff --git a/src/structs.h b/src/structs.h
index 7eb7bf36001f24ebdb65c23c7210104ca2304c95..19edf816ef1987fb4ff7450711c546589661a6b1 100644 (file)
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.270 1999/01/24 02:26:26 wessels Exp $
+ * $Id: structs.h,v 1.271 1999/01/24 02:44:13 wessels Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -340,7 +340,6 @@ struct _SquidConfig {
 #endif
        int common_log;
        int log_mime_hdrs;
-       int ident_lookup;
        int log_fqdn;
        int announce;
        int accel_with_proxy;
@@ -369,6 +368,7 @@ struct _SquidConfig {
        acl_access *snmp;
 #endif
        acl_access *brokenPosts;
+       acl_access *identLookup;
     } accessList;
     acl_deny_info_list *denyInfoList;
     char *proxyAuthRealm;