From 12b91c99f1a92940deca96f1a2cae3eca079324e Mon Sep 17 00:00:00 2001
From: wessels <>
Date: Fri, 2 Dec 2005 06:23:59 +0000
Subject: [PATCH] A few changes related to how the ICAP request header is
 built:

 - Added 'icap_persistent_connections' directive to squid.conf to turn
   on/off ICAP server connection reuse.

 - Renamed 'icap_send_auth_user' directive to 'icap_send_client_username'

 - Removed 'icap_auth_scheme' directive since it is not currently used.

 - Fixed ICAPModXact::makeRequestHeaders() to add X-Client-IP and
   X-Client-Username only when those options are enabled in squid.conf.
---
 src/ICAP/ICAPConfig.h   |  6 +++---
 src/ICAP/ICAPModXact.cc | 24 +++++++++++++++++++-----
 src/cf.data.pre         | 41 +++++++++++++++--------------------------
 3 files changed, 37 insertions(+), 34 deletions(-)

diff --git a/src/ICAP/ICAPConfig.h b/src/ICAP/ICAPConfig.h
index 7aef4fdac4..0b95ee8742 100644
--- a/src/ICAP/ICAPConfig.h
+++ b/src/ICAP/ICAPConfig.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ICAPConfig.h,v 1.4 2005/12/01 23:19:24 wessels Exp $
+ * $Id: ICAPConfig.h,v 1.5 2005/12/01 23:24:00 wessels Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -95,8 +95,8 @@ public:
     int preview_enable;
     int preview_size;
     int send_client_ip;
-    int auth_user;
-    char *auth_scheme;
+    int send_client_username;
+    int reuse_connections;
 
     Vector<ICAPServiceRep::Pointer> services;
     Vector<ICAPClass*> classes;
diff --git a/src/ICAP/ICAPModXact.cc b/src/ICAP/ICAPModXact.cc
index 90affe8445..b36156401d 100644
--- a/src/ICAP/ICAPModXact.cc
+++ b/src/ICAP/ICAPModXact.cc
@@ -14,6 +14,7 @@
 #include "ChunkedCodingParser.h"
 #include "TextException.h"
 #include "AuthUserRequest.h"
+#include "ICAPConfig.h"
 
 // flow and terminology:
 //     HTTP| --> receive --> encode --> write --> |network
@@ -28,6 +29,8 @@ CBDATA_CLASS_INIT(ICAPModXact);
 
 static const size_t TheBackupLimit = ICAP::MsgPipeBufSizeMax;
 
+extern ICAPConfig TheICAPConfig;
+
 
 ICAPModXact::State::State()
 {
@@ -872,12 +875,21 @@ void ICAPModXact::doStop()
 
 void ICAPModXact::makeRequestHeaders(MemBuf &buf)
 {
+    /*
+     * XXX These should use HttpHdr interfaces instead of Printfs
+     */
     const ICAPServiceRep &s = service();
     buf.Printf("%s %s ICAP/1.0\r\n", s.methodStr(), s.uri.buf());
     buf.Printf("Host: %s:%d\r\n", s.host.buf(), s.port);
+    buf.Printf("Date: %s\r\n", mkrfc1123(squid_curtime));
+
+    if (!TheICAPConfig.reuse_connections)
+        buf.Printf("Connection: close\r\n");
+
     buf.Printf("Encapsulated: ");
 
     MemBuf httpBuf;
+
     httpBuf.init();
 
     // build HTTP request header, if any
@@ -916,12 +928,14 @@ void ICAPModXact::makeRequestHeaders(MemBuf &buf)
                                  virgin->data->cause :
                                  dynamic_cast<const HttpRequest*>(virgin->data->header);
 
-    if (request->client_addr.s_addr != any_addr.s_addr)
-        buf.Printf("X-Client-IP: %s\r\n", inet_ntoa(request->client_addr));
+    if (TheICAPConfig.send_client_ip)
+        if (request->client_addr.s_addr != any_addr.s_addr)
+            buf.Printf("X-Client-IP: %s\r\n", inet_ntoa(request->client_addr));
 
-    if (request->auth_user_request)
-        if (request->auth_user_request->username())
-            buf.Printf("X-Client-Username: %s\r\n", request->auth_user_request->username());
+    if (TheICAPConfig.send_client_username)
+        if (request->auth_user_request)
+            if (request->auth_user_request->username())
+                buf.Printf("X-Client-Username: %s\r\n", request->auth_user_request->username());
 
     fprintf(stderr, "%s\n", buf.content());
 
diff --git a/src/cf.data.pre b/src/cf.data.pre
index a6d5142c0c..c5ea12afe4 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.407 2005/12/01 23:19:22 wessels Exp $
+# $Id: cf.data.pre,v 1.408 2005/12/01 23:23:59 wessels Exp $
 #
 #
 # SQUID Web Proxy Cache		http://www.squid-cache.org/
@@ -4789,6 +4789,17 @@ DOC_START
         basis by OPTIONS requests.
 DOC_END
 
+NAME: icap_persistent_connections
+TYPE: onoff
+IFDEF: ICAP_CLIENT
+COMMENT: on|off
+LOC: TheICAPConfig.reuse_connections
+DEFAULT: on
+DOC_START
+	Whether or not Squid should use persistent connections to
+	an ICAP server.
+DOC_END
+
 NAME: icap_send_client_ip
 TYPE: onoff
 IFDEF: ICAP_CLIENT
@@ -4799,39 +4810,17 @@ DOC_START
         This adds the header "X-Client-IP" to ICAP requests.
 DOC_END
 
-NAME: icap_send_auth_user
+NAME: icap_send_client_username
 TYPE: onoff
 IFDEF: ICAP_CLIENT
 COMMENT: on|off
-LOC: TheICAPConfig.auth_user
+LOC: TheICAPConfig.send_client_username
 DEFAULT: off
 DOC_START
-        This adds the header "X-Authenticated-User" to ICAP requests
+        This adds the header "X-Client-Username" to ICAP requests
         if proxy access is authentified.
 DOC_END
 
-NAME: icap_auth_scheme
-TYPE: string
-IFDEF: ICAP_CLIENT
-LOC: TheICAPConfig.auth_scheme
-DEFAULT: Local://%u
-DOC_START
-        Authentification scheme to pass to ICAP requests if
-        icap_send_auth_user is enabled. The first occurence of "%u"
-        is replaced by the authentified user name. If no "%u" is found,
-        the username is added at the end of the scheme.
-
-        See http://www.ietf.org/internet-drafts/draft-stecher-icap-subid-00.txt,
-        section 3.4 for details on this.
-
-        Examples:
-
-        icap_auth_scheme Local://%u
-        icap_auth_scheme LDAP://ldap-server/cn=%u,dc=company,dc=com
-        icap_auth_scheme WinNT://nt-domain/%u
-        icap_auth_scheme Radius://radius-server/%u
-DOC_END
-
 NAME: icap_service
 TYPE: icap_service_type
 IFDEF: ICAP_CLIENT
-- 
2.47.3