nocache(0), ims(0), auth(0), cachable(0),
hierarchical(0), loopdetect(0), proxy_keepalive(0), proxying(0),
refresh(0), redirected(0), need_validation(0),
- fail_on_validation_err(0), stale_if_hit(0), accelerated(0),
+ fail_on_validation_err(0), stale_if_hit(0), nocache_hack(0), accelerated(0),
ignore_cc(0), intercepted(0), hostVerified(0), spoof_client_ip(0),
- internal(0), internalclient(0), must_keepalive(0), pinned(false),
+ internal(0), internalclient(false), must_keepalive(false), connection_auth_wanted(false), connection_auth_disabled(false), connection_proxy_auth(false), pinned_(false),
canRePin_(false), authSent_(false), noDirect_(false), chunkedReply_(false),
streamError_(false), sslPeek_(false),
doneFollowXForwardedFor(!FOLLOW_X_FORWARDED_FOR),
sslBumped_(false), destinationIPLookedUp_(false), resetTCP_(false),
isRanged_(false)
- {
-#if USE_HTTP_VIOLATIONS
- nocache_hack = 0;
-#endif
- }
+ {}
unsigned int nocache :1; ///< whether the response to this request may be READ from cache
unsigned int ims :1;
unsigned int need_validation :1;
unsigned int fail_on_validation_err :1; ///< whether we should fail if validation fails
unsigned int stale_if_hit :1; ///< reply is stale if it is a hit
-#if USE_HTTP_VIOLATIONS
- /* for changing/ignoring no-cache requests */
- /* TODO: remove the conditional definition, move ifdef to setter */
+ /* for changing/ignoring no-cache requests. Unused unless USE_HTTP_VIOLATIONS */
unsigned int nocache_hack :1;
-#endif
unsigned int accelerated :1;
unsigned int ignore_cc :1;
unsigned int intercepted :1; ///< intercepted request
unsigned int hostVerified :1; ///< whether the Host: header passed verification
unsigned int spoof_client_ip :1; /**< spoof client ip if possible */
unsigned int internal :1;
- unsigned int internalclient :1;
- unsigned int must_keepalive :1;
- unsigned int connection_auth :1; /** Request wants connection oriented auth */
- unsigned int connection_auth_disabled :1; /** Connection oriented auth can not be supported */
- unsigned int connection_proxy_auth :1; /** Request wants connection oriented auth */
// When adding new flags, please update cloneAdaptationImmune() as needed.
bool resetTCP() const;
bool canRePin() const { return canRePin_; }
void allowRepinning() { canRePin_=true; }
- void markPinned() { pinned = true; }
- void clearPinned() { pinned = false; }
- bool connPinned() const { return pinned; }
+ void markPinned() { pinned_ = true; }
+ void clearPinned() { pinned_ = false; }
+ bool pinned() const { return pinned_; }
+
+ //XXX: oddly this is set in client_side_request.cc, but never checked.
+ bool wantConnectionProxyAuth() { return connection_proxy_auth; }
+ void requestConnectionProxyAuth() { connection_proxy_auth=true; }
+
+ void disableConnectionAuth() { connection_auth_disabled=true; }
+ bool connectionAuthDisabled() { return connection_auth_disabled; }
+
+ void wantConnectionAuth() { connection_auth_wanted=true; }
+ bool connectionAuthWanted() { return connection_auth_wanted; }
+
+ void setMustKeepalive() { must_keepalive = true; }
+ bool mustKeepalive() { return must_keepalive; }
+
+ //XXX: oddly this is set in client_side_request.cc but never checked.
+ void setInternalClient() { internalclient=true;}
private:
- bool pinned :1; ///< Request sent on a pinned connection
+ bool internalclient :1;
+ bool must_keepalive :1;
+ bool connection_auth_wanted :1; /** Request wants connection oriented auth */
+ bool connection_auth_disabled :1; ///< Connection oriented auth can't be supported
+ bool connection_proxy_auth :1; ///< Request wants connection oriented auth
+ bool pinned_ :1; ///< Request sent on a pinned connection
bool canRePin_ :1; ///< OK to reopen a failed pinned connection
bool authSent_ :1; ///< Authentication was forwarded
/** Deny direct forwarding unless overriden by always_direct.
++arg;
}
safe_free(lm_request->server_blob);
- lm_request->request->flags.must_keepalive = 1;
+ lm_request->request->flags.setMustKeepalive();
if (lm_request->request->flags.proxy_keepalive) {
lm_request->server_blob = xstrdup(blob);
auth_user_request->user()->credentials(Auth::Handshake);
return;
/* Need keep-alive */
- if (!request->flags.proxy_keepalive && request->flags.must_keepalive)
+ if (!request->flags.proxy_keepalive && request->flags.mustKeepalive())
return;
/* New request, no user details */
if (strncasecmp(reply, "TT ", 3) == 0) {
/* we have been given a blob to send to the client */
safe_free(lm_request->server_blob);
- lm_request->request->flags.must_keepalive = 1;
+ lm_request->request->flags.setMustKeepalive();
if (lm_request->request->flags.proxy_keepalive) {
lm_request->server_blob = xstrdup(blob);
auth_user_request->user()->credentials(Auth::Handshake);
return;
/* Need keep-alive */
- if (!request->flags.proxy_keepalive && request->flags.must_keepalive)
+ if (!request->flags.proxy_keepalive && request->flags.mustKeepalive())
return;
/* New request, no user details */
||
(strncasecmp(value, "Kerberos", 8) == 0 &&
(value[8] == '\0' || value[8] == ' '))) {
- if (request->flags.connection_auth_disabled) {
+ if (request->flags.connectionAuthDisabled()) {
hdr->delAt(pos, connection_auth_blocked);
continue;
}
- request->flags.must_keepalive = 1;
+ request->flags.setMustKeepalive();
if (!request->flags.accelerated && !request->flags.intercepted) {
httpHeaderPutStrf(hdr, HDR_PROXY_SUPPORT, "Session-Based-Authentication");
/*
(request->http_ver >= HttpVersion(1, 1));
/* Check whether we should send keep-alive */
- if (!Config.onoff.error_pconns && reply->sline.status >= 400 && !request->flags.must_keepalive) {
+ if (!Config.onoff.error_pconns && reply->sline.status >= 400 && !request->flags.mustKeepalive()) {
debugs(33, 3, "clientBuildReplyHeader: Error, don't keep-alive");
request->flags.proxy_keepalive = 0;
- } else if (!Config.onoff.client_pconns && !request->flags.must_keepalive) {
+ } else if (!Config.onoff.client_pconns && !request->flags.mustKeepalive()) {
debugs(33, 2, "clientBuildReplyHeader: Connection Keep-Alive not requested by admin or client");
request->flags.proxy_keepalive = 0;
} else if (request->flags.proxy_keepalive && shutting_down) {
debugs(88, 3, "clientBuildReplyHeader: Shutting down, don't keep-alive.");
request->flags.proxy_keepalive = 0;
- } else if (request->flags.connection_auth && !reply->keep_alive) {
+ } else if (request->flags.connectionAuthWanted() && !reply->keep_alive) {
debugs(33, 2, "clientBuildReplyHeader: Connection oriented auth but server side non-persistent");
request->flags.proxy_keepalive = 0;
} else if (reply->bodySize(request->method) < 0 && !maySendChunkedReply) {
debugs(88, 3, "clientBuildReplyHeader: can't keep-alive, unknown body size" );
request->flags.proxy_keepalive = 0;
- } else if (fdUsageHigh()&& !request->flags.must_keepalive) {
+ } else if (fdUsageHigh()&& !request->flags.mustKeepalive()) {
debugs(88, 3, "clientBuildReplyHeader: Not many unused FDs, can't keep-alive");
request->flags.proxy_keepalive = 0;
} else if (request->flags.sslBumped() && !reply->persistent()) {
*/
request->flags.accelerated = http->flags.accel;
- request->flags.internalclient = 1;
+ request->flags.setInternalClient();
/* this is an internally created
* request, not subject to acceleration
if (!http_conn)
return;
- request->flags.connection_auth_disabled = http_conn->port->connection_auth_disabled;
- if (!request->flags.connection_auth_disabled) {
+ if (http_conn->port->connection_auth_disabled)
+ request->flags.disableConnectionAuth();
+ if (!request->flags.connectionAuthDisabled()) {
if (Comm::IsConnOpen(http_conn->pinning.serverConnection)) {
if (http_conn->pinning.auth) {
- request->flags.connection_auth = 1;
+ request->flags.wantConnectionAuth();
request->flags.auth = 1;
} else {
- request->flags.connection_proxy_auth = 1;
+ request->flags.requestConnectionProxyAuth();
}
// These should already be linked correctly.
assert(request->clientConnectionManager == http_conn);
}
/* check if connection auth is used, and flag as candidate for pinning
- * in such case.
+ * in such case.;
* Note: we may need to set flags.connection_auth even if the connection
* is already pinned if it was pinned earlier due to proxy auth
*/
- if (!request->flags.connection_auth) {
+ if (!request->flags.connectionAuthWanted()) {
if (req_hdr->has(HDR_AUTHORIZATION) || req_hdr->has(HDR_PROXY_AUTHORIZATION)) {
HttpHeaderPos pos = HttpHeaderInitPos;
HttpHeaderEntry *e;
||
strncasecmp(value, "Kerberos ", 9) == 0) {
if (e->id == HDR_AUTHORIZATION) {
- request->flags.connection_auth = 1;
+ request->flags.wantConnectionAuth();
may_pin = 1;
} else {
- request->flags.connection_proxy_auth = 1;
+ request->flags.requestConnectionProxyAuth();
may_pin = 1;
}
}
}
#if USE_SSL
- if (!request->flags.connPinned() || rePin) {
+ if (!request->flags.pinned() || rePin) {
if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) ||
(!serverConnection()->getPeer() && request->protocol == AnyP::PROTO_HTTPS) ||
request->flags.sslPeek()) {
}
if (!peerSupportsConnectionPinning())
- request->flags.connection_auth_disabled = 1;
+ request->flags.disableConnectionAuth();
HttpReply *vrep = setVirginReply(newrep);
flags.headers_parsed = 1;
return true;
/*if the connections it is already pinned it is OK*/
- if (request->flags.connPinned())
+ if (request->flags.pinned())
return true;
/*Allow pinned connections only if the Proxy-support header exists in
if (request->flags.spoof_client_ip)
client_addr = request->client_addr;
- if (request->flags.connPinned()) {
+ if (request->flags.pinned()) {
ispinned = true;
- } else if (request->flags.connection_auth && request->flags.authSent()) {
+ } else if (request->flags.connectionAuthWanted() && request->flags.authSent()) {
ispinned = true;
}
if (request->pinnedConnection() && ispinned) {
request->pinnedConnection()->pinConnection(serverConnection, request, _peer,
- (request->flags.connection_auth != 0));
+ request->flags.connectionAuthWanted());
} else {
fwd->pconnPush(serverConnection, request->peer_host ? request->peer_host : request->GetHost());
}
int64_t roffLimit = request->getRangeOffsetLimit();
if (NULL == request->range || !request->flags.cachable
- || request->range->offsetLimitExceeded(roffLimit) || request->flags.connection_auth)
+ || request->range->offsetLimitExceeded(roffLimit) || request->flags.connectionAuthWanted())
result = false;
debugs(11, 8, "decideIfWeDoRanges: range specs: " <<
Packer p;
httpBuildRequestHeader(request, entry, fwd->al, &hdr, flags);
- if (request->flags.connPinned() && request->flags.connection_auth)
+ if (request->flags.pinned() && request->flags.connectionAuthWanted())
request->flags.markAuthSent();
else if (hdr.has(HDR_AUTHORIZATION))
request->flags.markAuthSent();
/*
* Is keep-alive okay for all request methods?
*/
- if (request->flags.must_keepalive)
+ if (request->flags.mustKeepalive())
flags.keepalive = 1;
else if (!Config.onoff.server_pconns)
flags.keepalive = 0;
projects / thirdparty / squid.git / commitdiff
