/*
- * $Id: acl.cc,v 1.114 1997/11/12 00:08:44 wessels Exp $
+ * $Id: acl.cc,v 1.115 1997/11/12 18:58:38 wessels Exp $
*
* DEBUG: section 28 Access Control
* AUTHOR: Duane Wessels
static squid_acl aclType(const char *s);
static int decode_addr(const char *, struct in_addr *, struct in_addr *);
static void aclCheck(aclCheck_t * checklist);
-static void aclCheckCallback(aclCheck_t * checklist, int answer);
+static void aclCheckCallback(aclCheck_t * checklist, allow_t answer);
static IPH aclLookupDstIPDone;
static FQDNH aclLookupSrcFQDNDone;
static FQDNH aclLookupDstFQDNDone;
return 0;
}
passwd = strtok(sent_user, null_string);
- passwd++;
/* See if we've already validated them */
passwd[0] |= 0x80;
if (strcmp(hashr->item, passwd) == 0) {
static time_t last_when = 0;
static struct tm tm;
time_t t;
- if (data == NULL)
- fatal_dump("aclMatchTime: NULL data");
+ assert(data != NULL);
if (when != last_when) {
last_when = when;
xmemcpy(&tm, localtime(&when), sizeof(struct tm));
static void
aclCheck(aclCheck_t * checklist)
{
- int allow = 0;
+ allow_t allow = ACCESS_DENIED;
const struct _acl_access *A;
int match;
ipcache_addrs *ia;
return;
}
if (match) {
+ /* hack! */
+ if (allow == ACCESS_DENIED)
+ if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED)
+ allow = ACCESS_REQ_PROXY_AUTH;
debug(28, 3) ("aclCheck: match found, returning %d\n", allow);
aclCheckCallback(checklist, allow);
return;
}
static void
-aclCheckCallback(aclCheck_t * checklist, int answer)
+aclCheckCallback(aclCheck_t * checklist, allow_t answer)
{
debug(28, 3) ("aclCheckCallback: answer=%d\n", answer);
if (cbdataValid(checklist->callback_data))
break;
case ACL_NONE:
default:
- fatal_dump("aclDestroyAcls: Found ACL_NONE?");
+ assert(0);
break;
}
safe_free(a->cfgline);
/*
- * $Id: client_side.cc,v 1.144 1997/11/12 00:08:45 wessels Exp $
+ * $Id: client_side.cc,v 1.145 1997/11/12 18:58:39 wessels Exp $
*
* DEBUG: section 33 Client-side Routines
* AUTHOR: Duane Wessels
#include "squid.h"
static const char *const crlf = "\r\n";
+static const char *const proxy_auth_line =
+"Proxy-Authenticate: Basic realm=\"Squid proxy-caching web server\"\r\n";
#define REQUEST_BUF_SIZE 4096
#define FAILURE_MODE_TIME 300
/* Local functions */
static CWCB icpHandleIMSComplete;
+static CWCB clientWriteComplete;
+static CWCB clientShortWriteComplete;
static PF clientReadRequest;
static PF connStateFree;
static PF requestTimeout;
static STCB clientCacheHit;
static void icpParseRequestHeaders(clientHttpRequest *);
static void icpProcessRequest(int, clientHttpRequest *);
+static char *clientConstructProxyAuthReply(clientHttpRequest * http);
aclNBCheck(http->acl_checklist, clientAccessCheckDone, http);
}
+static char *
+clientConstructProxyAuthReply(clientHttpRequest * http)
+{
+ LOCAL_ARRAY(char, buf, 8192);
+ LOCAL_ARRAY(char, content, 4096);
+ char *hdr;
+ memset(buf, '\0', 8192);
+ memset(content, '\0', 4096);
+ snprintf(content, 4096,
+ "<TITLE>Cache Access Denied</TITLE>\n"
+ "<H2>Cache Access Denied</H2>\n"
+ "<P>\n"
+ "Sorry, you are not currently allowed to request:\n"
+ "<PRE> %s</PRE>\n"
+ "from this cache until you have authenticated yourself.\n"
+ "\n<p>"
+ "You need to use Netscape version 2.0 or greater, or Microsoft\n"
+ "Internet Explorer 3.0 or an HTTP/1.1 compliant browser for this\n"
+ "to work. Please contact the <a href=\"mailto:%s\">cache\n"
+ "administrator</a> if you have difficulties authenticating\n"
+ "yourself, or\n"
+ "<a href=\"http://%s/cgi-bin/chpasswd.cgi\">change</a> your\n"
+ "default password.\n"
+ "<P>\n"
+ "%s\n"
+ "<HR>\n"
+ "<ADDRESS>\n"
+ "Generated by %s/%s@%s\n"
+ "</ADDRESS>\n",
+ http->url,
+ Config.adminEmail,
+ getMyHostname(),
+ Config.errHtmlText,
+ appname,
+ version_string,
+ getMyHostname());
+ hdr = httpReplyHeader(1.0,
+ HTTP_PROXY_AUTHENTICATION_REQUIRED,
+ "text/html",
+ strlen(content),
+ -1,
+ squid_curtime);
+ snprintf(buf, 8192, "%s%s\r\n%s",
+ hdr,
+ proxy_auth_line,
+ content);
+ return buf;
+}
+
void
clientAccessCheckDone(int answer, void *data)
{
ConnStateData *conn = http->conn;
int fd = conn->fd;
char *redirectUrl = NULL;
+ char *buf;
ErrorState *err = NULL;
debug(33, 5) ("clientAccessCheckDone: '%s' answer=%d\n", http->url, answer);
http->acl_checklist = NULL;
- if (answer) {
+ if (answer == ACCESS_ALLOWED) {
urlCanonical(http->request, http->url);
if (http->redirect_state != REDIRECT_NONE)
fatal_dump("clientAccessCheckDone: wrong redirect_state");
http->redirect_state = REDIRECT_PENDING;
redirectStart(http, clientRedirectDone, http);
+ } else if (answer == ACCESS_REQ_PROXY_AUTH) {
+ http->al.http.code = HTTP_PROXY_AUTHENTICATION_REQUIRED;
+ http->log_type = LOG_TCP_DENIED;
+ buf = clientConstructProxyAuthReply(http);
+ comm_write(fd,
+ xstrdup(buf),
+ strlen(buf),
+ clientShortWriteComplete,
+ http,
+ xfree);
} else {
debug(33, 5) ("Access Denied: %s\n", http->url);
http->log_type = LOG_TCP_DENIED;
comm_write(fd, buf, writelen, clientWriteComplete, http, freefunc);
}
-void
+static void
clientWriteComplete(int fd, char *bufnotused, size_t size, int errflag, void *data)
{
clientHttpRequest *http = data;
comm_close(fd);
}
+static void
+clientShortWriteComplete(int fd, char *bufnotused, size_t size, int flag, void *data)
+{
+ clientHttpRequest *http = data;
+ http->out.size += size;
+ if (flag != COMM_ERR_CLOSING)
+ comm_close(fd);
+}
+
/*
* Below, we check whether the object is a hit or a miss. If it's a hit,
* we check whether the object is still valid or whether it is a MISS_TTL.
{
LOCAL_ARRAY(char, line, 256);
LOCAL_ARRAY(char, reply, 8192);
-
memset(reply, '\0', 8192);
strcpy(reply, "HTTP/1.0 304 Not Modified\r\n");
if (source->date > -1) {
/*
- * $Id: http.cc,v 1.220 1997/11/12 00:08:52 wessels Exp $
+ * $Id: http.cc,v 1.221 1997/11/12 18:58:41 wessels Exp $
*
* DEBUG: section 11 Hypertext Transfer Protocol (HTTP)
* AUTHOR: Harvest Derived
time_t expires)
{
LOCAL_ARRAY(char, buf, HTTP_REPLY_BUF_SZ);
- LOCAL_ARRAY(char, float_buf, 64);
int l = 0;
int s = HTTP_REPLY_BUF_SZ;
- /* argh, ../lib/snprintf.c doesn't support '%f' */
- snprintf(float_buf, 64, "%3.1f", ver);
- assert(strlen(float_buf) == 3);
- l += snprintf(buf + l, s - l, "HTTP/%s %d %s\r\n",
- float_buf,
+ l += snprintf(buf + l, s - l, "HTTP/%3.1f %d %s\r\n",
+ ver,
(int) status,
httpStatusString(status));
l += snprintf(buf + l, s - l, "Server: Squid/%s\r\n", SQUID_VERSION);
projects / thirdparty / squid.git / commitdiff
