Cleanup of the relation between accelerated request and transparently

intercepted request. The two are now handled separately from each other.

This fixes two issues:
  a) Transparently intercepted requests is no longer under the restrictions
     of accelerated requests in peering relations etc..
  b) No risk of confusion in authentication. Authentication is now allowed
     for accelerated requests but not transparently intercepted requests.

diff --git a/configure.in b/configure.in
index ab651107bba2dcf276c086cb97731b4e471ac01a..30f2675f8e5358196e7f517ddfe7facc3b3a8872 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -3,7 +3,7 @@ dnl  Configuration input file for Squid
 dnl
 dnl  Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9)
 dnl
-dnl  $Id: configure.in,v 1.324 2003/02/16 02:28:13 robertc Exp $
+dnl  $Id: configure.in,v 1.325 2003/02/22 14:59:32 hno Exp $
 dnl
 dnl
 dnl
@@ -13,7 +13,7 @@ AC_CONFIG_SRCDIR([src/main.cc])
 AC_CONFIG_AUX_DIR(cfgaux)
 AM_INIT_AUTOMAKE(squid, 3.0-DEVEL)
 AM_CONFIG_HEADER(include/autoconf.h)
-AC_REVISION($Revision: 1.324 $)dnl
+AC_REVISION($Revision: 1.325 $)dnl
 AC_PREFIX_DEFAULT(/usr/local/squid)
 AM_MAINTAINER_MODE
 
@@ -977,18 +977,6 @@ AC_ARG_ENABLE(default-hostsfile,
 ],[OPT_DEFAULT_HOSTS="/etc/hosts"])
 AC_SUBST(OPT_DEFAULT_HOSTS)
 
-AC_ARG_ENABLE(auth-on-acceleration,
-[  --enable-auth-on-acceleration
-                          Enable authentication in accelerators],
-[ if test "$enableval" = "yes" ; then
-    echo "AUTH_ON_ACCELERATION enabled"
-    AC_DEFINE(AUTH_ON_ACCELERATION, 1, [Enable authentication support in accelerators])
-  else
-    AC_DEFINE(AUTH_ON_ACCELERATION, 0, [Enable authentication support in accelerators])
-  fi
-])
-
-
 dnl Select auth schemes modules to build
 AC_ARG_ENABLE(auth,
 [  --enable-auth=\"list of auth scheme modules\"

diff --git a/src/ACLChecklist.cc b/src/ACLChecklist.cc
index b955a31c59f17e358cb833703ca18f752420861e..aa205bf74c3d8a1af819f60cfbc7bcd114dc2ddb 100644 (file)
--- a/src/ACLChecklist.cc
+++ b/src/ACLChecklist.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: ACLChecklist.cc,v 1.7 2003/02/21 22:50:04 robertc Exp $
+ * $Id: ACLChecklist.cc,v 1.8 2003/02/22 14:59:33 hno Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -47,22 +47,15 @@ ACLChecklist::authenticated()
     if (NULL == request) {
         fatal ("requiresRequest SHOULD have been true for this ACL!!");
         return 0;
-    } else if (!request->flags.accelerated) {
-        /* Proxy authorization on proxy requests */
-        headertype = HDR_PROXY_AUTHORIZATION;
-    } else if (request->flags.internal) {
-        /* WWW authorization on accelerated internal requests */
-        headertype = HDR_AUTHORIZATION;
-    } else {
-#if AUTH_ON_ACCELERATION
+    } else if (request->flags.accelerated) {
         /* WWW authorization on accelerated requests */
         headertype = HDR_AUTHORIZATION;
-#else
-
-        debug(28, 1) ("ACHChecklist::authenticated: authentication not applicable on accelerated requests.\n");
+    } else if (request->flags.transparent) {
+        debug(28, 1) ("ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests.\n");
         return -1;
-#endif
-
+    } else {
+        /* Proxy authorization on proxy requests */
+        headertype = HDR_PROXY_AUTHORIZATION;
     }
 
     /* get authed here */

diff --git a/src/cf.data.pre b/src/cf.data.pre
index d9d57f4c35931bb7a43d7e4d982d14c892b89437..3d69f41877302a9a316e53ee06430d6b65a62845 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.305 2003/02/21 21:01:16 hno Exp $
+# $Id: cf.data.pre,v 1.306 2003/02/22 14:59:33 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -2226,9 +2226,9 @@ DOC_START
          # to check username/password combinations (see
          # auth_param directive).
          #
-         # WARNING: proxy_auth can't be used in a transparent proxy. It
-         # collides with any authentication done by origin servers. It may
-         # seem like it works at first, but it doesn't.
+         # NOTE: proxy_auth can't be used in a transparent proxy as
+         # the browser needs to be configured for using a proxy in order
+         # to respond to proxy authentication.
 
        acl aclname snmp_community string ...
          # A community string to limit access to your SNMP Agent

diff --git a/src/client_side.cc b/src/client_side.cc
index ae6136606097d2823649a22d67a73d9b826092c3..ca0a40902add51bceac51629cbc6995b851d5f3a 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.624 2003/02/21 22:50:07 robertc Exp $
+ * $Id: client_side.cc,v 1.625 2003/02/22 14:59:34 hno Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -104,11 +104,10 @@ public:
     {
 
 int deferred:
-        1;             /* This is a pipelined request waiting for the
-                                                                                        * current object to complete */
+        1; /* This is a pipelined request waiting for the current object to complete */
 
 int parsed_ok:
-        1;        /* Was this parsed correctly? */
+        1; /* Was this parsed correctly? */
     }
 
     flags;
@@ -151,9 +150,7 @@ int parsed_ok:
 
 private:
     void prepareReply(HttpReply * rep);
-    bool mayUseConnection_; /* This request may use the connection -
-                                                    * don't read anymore requests for now
-                                                    */
+    bool mayUseConnection_; /* This request may use the connection. Don't read anymore requests for now */
 };
 
 CBDATA_TYPE(ClientSocketContext);
@@ -1690,7 +1687,7 @@ prepareTransparentURL(ConnStateData * conn, clientHttpRequest *http, char *url,
 {
     char *host;
 
-    http->flags.accel = 1;
+    http->flags.transparent = 1;
 
     if (*url != '/')
         return; /* already in good shape */
@@ -2087,6 +2084,8 @@ clientProcessRequest(ConnStateData *conn, ClientSocketContext *context, method_t
 
     request->flags.accelerated = http->flags.accel;
 
+    request->flags.transparent = http->flags.transparent;
+
     if (!http->flags.internal) {
         if (internalCheck(request->urlpath.buf())) {
             if (internalHostnameIs(request->host) &&
@@ -2230,8 +2229,7 @@ clientReadRequest(int fd, char *buf, size_t size, comm_err_t flag, int xerrno,
         if (size > 0) {
             kb_incr(&statCounter.client_http.kbytes_in, size);
             conn->in.notYetUsed += size;
-            conn->in.buf[conn->in.notYetUsed] = '\0';   /* Terminate the string
-                                                                               */
+            conn->in.buf[conn->in.notYetUsed] = '\0';   /* Terminate the string */
         } else if (size == 0) {
             debug(33, 5) ("clientReadRequest: FD %d closed?\n", fd);
 

diff --git a/src/client_side_request.h b/src/client_side_request.h
index 33805c69315a78c11b07c8fbd38adf4cf7dfd386..0b15d91e85939f9276990e8d6cd17601be34d2f4 100644 (file)
--- a/src/client_side_request.h
+++ b/src/client_side_request.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_request.h,v 1.7 2003/02/21 22:50:07 robertc Exp $
+ * $Id: client_side_request.h,v 1.8 2003/02/22 14:59:34 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -95,6 +95,9 @@ public:
 unsigned int accel:
         1;
 
+unsigned int transparent:
+        1;
+
 unsigned int internal:
         1;
 

diff --git a/src/structs.h b/src/structs.h
index edb477303ae62a313fa4405a85b18a21531308b6..6ef4490230aeb6f22a00b9a59f22d690395546fc 100644 (file)
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.452 2003/02/21 22:50:12 robertc Exp $
+ * $Id: structs.h,v 1.453 2003/02/22 14:59:35 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1079,8 +1079,7 @@ struct _ConnStateData
     }
 
     body;
-    auth_type_t auth_type;     /* Is this connection based authentication ? if so
-                                                        * what type it is. */
+    auth_type_t auth_type;     /* Is this connection based authentication? if so what type it is. */
     /* note this is ONLY connection based because NTLM is against HTTP spec */
     /* the user details for connection based authentication */
     auth_user_request_t *auth_user_request;
@@ -1591,7 +1590,7 @@ struct _RemovalPurgeWalker
 
 struct request_flags
 {
-    request_flags():range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),internal(0),internalclient(0),body_sent(0),destinationIPLookedUp_(0)
+    request_flags():range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),transparent(0),internal(0),internalclient(0),body_sent(0),destinationIPLookedUp_(0)
     {
 #if HTTP_VIOLATIONS
         nocache_hack = 1;
@@ -1643,6 +1642,9 @@ unsigned int nocache_hack:
 unsigned int accelerated:
     1;
 
+unsigned int transparent:
+    1;
+
 unsigned int internal:
     1;
 
@@ -2138,8 +2140,7 @@ struct _helper_stateful_request
 {
     char *buf;
     HLPSCB *callback;
-    int placeholder;           /* if 1, this is a dummy request waiting for a stateful helper
-                                                        * to become available for deferred requests.*/
+    int placeholder;           /* if 1, this is a dummy request waiting for a stateful helper to become available for deferred requests.*/
     void *data;
 };