From: wessels <>
Date: Sun, 24 Jan 1999 09:44:10 +0000 (+0000)
Subject: make ident lookups an access list
X-Git-Tag: SQUID_3_0_PRE1~2353
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a40699cd21d70b6e6db39f4242ad0028e7227f1f;p=thirdparty%2Fsquid.git

make ident lookups an access list
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index f0f46fbacb..69557d6a4c 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.135 1999/01/24 02:22:54 wessels Exp $
+# $Id: cf.data.pre,v 1.136 1999/01/24 02:44:10 wessels Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -757,17 +757,25 @@ debug_options ALL,1
 DOC_END
 
 
-NAME: ident_lookup
-COMMENT: on|off
-TYPE: onoff
-DEFAULT: off
-LOC: Config.onoff.ident_lookup
-DOC_START
-	If you wish to make an RFC931/ident lookup of the client
-	username for each connection, enable this.  It is off by
-	default.
-
-ident_lookup off
+NAME: ident_lookup_access
+TYPE: acl_access
+DEFAULT: none
+LOC: Config.accessList.identLookup
+DOC_START
+	A list of ACL elements which, if matched, cause an ident
+	(RFC 931) lookup to be performed for this request.  For
+	example, you might choose to always perform ident lookups
+	for your main multi-user Unix boxes, but not for your Macs
+	and PCs.  By default, ident lookups are not performed for
+	any requests.
+
+	To enable ident lookups for specific client addresses, you
+	can follow this example:
+ 
+	acl ident_aware_hosts src 198.168.1.0/255.255.255.0
+	ident_lookup_access allow ident_aware_hosts
+	ident_lookup_access deny all
+ident_lookup_access deny all
 DOC_END
 
 
diff --git a/src/client_side.cc b/src/client_side.cc
index 103ad2e160..bf2b8ba379 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.435 1999/01/24 02:22:56 wessels Exp $
+ * $Id: client_side.cc,v 1.436 1999/01/24 02:44:11 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -2404,6 +2404,7 @@ httpAccept(int sock, void *data)
     struct sockaddr_in peer;
     struct sockaddr_in me;
     int max = INCOMING_HTTP_MAX;
+    static aclCheck_t identChecklist;
     commSetSelect(sock, COMM_SELECT_READ, httpAccept, NULL, 0);
     while (max-- && !httpAcceptDefer()) {
 	memset(&peer, '\0', sizeof(struct sockaddr_in));
@@ -2429,7 +2430,8 @@ httpAccept(int sock, void *data)
 	if (Config.onoff.log_fqdn)
 	    fqdncache_gethostbyaddr(peer.sin_addr, FQDN_LOOKUP_IF_MISS);
 	commSetTimeout(fd, Config.Timeout.request, requestTimeout, connState);
-	if (Config.onoff.ident_lookup)
+	identChecklist.src_addr = peer.sin_addr;
+	if (aclCheckFast(Config.accessList.identLookup, &identChecklist))
 	    identStart(&me, &peer, clientIdentDone, connState);
 	commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, connState, 0);
 	commSetDefer(fd, clientReadDefer, connState);
diff --git a/src/structs.h b/src/structs.h
index 7eb7bf3600..19edf816ef 100644
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.270 1999/01/24 02:26:26 wessels Exp $
+ * $Id: structs.h,v 1.271 1999/01/24 02:44:13 wessels Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -340,7 +340,6 @@ struct _SquidConfig {
 #endif
 	int common_log;
 	int log_mime_hdrs;
-	int ident_lookup;
 	int log_fqdn;
 	int announce;
 	int accel_with_proxy;
@@ -369,6 +368,7 @@ struct _SquidConfig {
 	acl_access *snmp;
 #endif
 	acl_access *brokenPosts;
+	acl_access *identLookup;
     } accessList;
     acl_deny_info_list *denyInfoList;
     char *proxyAuthRealm;