From d048c262db41798ca11c12f41f84d4bf6d83b8e5 Mon Sep 17 00:00:00 2001 From: hno <> Date: Sat, 22 Feb 2003 21:59:32 +0000 Subject: [PATCH] Cleanup of the relation between accelerated request and transparently intercepted request. The two are now handled separately from each other. This fixes two issues: a) Transparently intercepted requests is no longer under the restrictions of accelerated requests in peering relations etc.. b) No risk of confusion in authentication. Authentication is now allowed for accelerated requests but not transparently intercepted requests. --- configure.in | 16 ++-------------- src/ACLChecklist.cc | 21 +++++++-------------- src/cf.data.pre | 8 ++++---- src/client_side.cc | 18 ++++++++---------- src/client_side_request.h | 5 ++++- src/structs.h | 13 +++++++------ 6 files changed, 32 insertions(+), 49 deletions(-) diff --git a/configure.in b/configure.in index ab651107bb..30f2675f8e 100644 --- a/configure.in +++ b/configure.in @@ -3,7 +3,7 @@ dnl Configuration input file for Squid dnl dnl Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9) dnl -dnl $Id: configure.in,v 1.324 2003/02/16 02:28:13 robertc Exp $ +dnl $Id: configure.in,v 1.325 2003/02/22 14:59:32 hno Exp $ dnl dnl dnl @@ -13,7 +13,7 @@ AC_CONFIG_SRCDIR([src/main.cc]) AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE(squid, 3.0-DEVEL) AM_CONFIG_HEADER(include/autoconf.h) -AC_REVISION($Revision: 1.324 $)dnl +AC_REVISION($Revision: 1.325 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -977,18 +977,6 @@ AC_ARG_ENABLE(default-hostsfile, ],[OPT_DEFAULT_HOSTS="/etc/hosts"]) AC_SUBST(OPT_DEFAULT_HOSTS) -AC_ARG_ENABLE(auth-on-acceleration, -[ --enable-auth-on-acceleration - Enable authentication in accelerators], -[ if test "$enableval" = "yes" ; then - echo "AUTH_ON_ACCELERATION enabled" - AC_DEFINE(AUTH_ON_ACCELERATION, 1, [Enable authentication support in accelerators]) - else - AC_DEFINE(AUTH_ON_ACCELERATION, 0, [Enable authentication support in accelerators]) - fi -]) - - dnl Select auth schemes modules to build AC_ARG_ENABLE(auth, [ --enable-auth=\"list of auth scheme modules\" diff --git a/src/ACLChecklist.cc b/src/ACLChecklist.cc index b955a31c59..aa205bf74c 100644 --- a/src/ACLChecklist.cc +++ b/src/ACLChecklist.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLChecklist.cc,v 1.7 2003/02/21 22:50:04 robertc Exp $ + * $Id: ACLChecklist.cc,v 1.8 2003/02/22 14:59:33 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -47,22 +47,15 @@ ACLChecklist::authenticated() if (NULL == request) { fatal ("requiresRequest SHOULD have been true for this ACL!!"); return 0; - } else if (!request->flags.accelerated) { - /* Proxy authorization on proxy requests */ - headertype = HDR_PROXY_AUTHORIZATION; - } else if (request->flags.internal) { - /* WWW authorization on accelerated internal requests */ - headertype = HDR_AUTHORIZATION; - } else { -#if AUTH_ON_ACCELERATION + } else if (request->flags.accelerated) { /* WWW authorization on accelerated requests */ headertype = HDR_AUTHORIZATION; -#else - - debug(28, 1) ("ACHChecklist::authenticated: authentication not applicable on accelerated requests.\n"); + } else if (request->flags.transparent) { + debug(28, 1) ("ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests.\n"); return -1; -#endif - + } else { + /* Proxy authorization on proxy requests */ + headertype = HDR_PROXY_AUTHORIZATION; } /* get authed here */ diff --git a/src/cf.data.pre b/src/cf.data.pre index d9d57f4c35..3d69f41877 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.305 2003/02/21 21:01:16 hno Exp $ +# $Id: cf.data.pre,v 1.306 2003/02/22 14:59:33 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -2226,9 +2226,9 @@ DOC_START # to check username/password combinations (see # auth_param directive). # - # WARNING: proxy_auth can't be used in a transparent proxy. It - # collides with any authentication done by origin servers. It may - # seem like it works at first, but it doesn't. + # NOTE: proxy_auth can't be used in a transparent proxy as + # the browser needs to be configured for using a proxy in order + # to respond to proxy authentication. acl aclname snmp_community string ... # A community string to limit access to your SNMP Agent diff --git a/src/client_side.cc b/src/client_side.cc index ae61366060..ca0a40902a 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side.cc,v 1.624 2003/02/21 22:50:07 robertc Exp $ + * $Id: client_side.cc,v 1.625 2003/02/22 14:59:34 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -104,11 +104,10 @@ public: { int deferred: - 1; /* This is a pipelined request waiting for the - * current object to complete */ + 1; /* This is a pipelined request waiting for the current object to complete */ int parsed_ok: - 1; /* Was this parsed correctly? */ + 1; /* Was this parsed correctly? */ } flags; @@ -151,9 +150,7 @@ int parsed_ok: private: void prepareReply(HttpReply * rep); - bool mayUseConnection_; /* This request may use the connection - - * don't read anymore requests for now - */ + bool mayUseConnection_; /* This request may use the connection. Don't read anymore requests for now */ }; CBDATA_TYPE(ClientSocketContext); @@ -1690,7 +1687,7 @@ prepareTransparentURL(ConnStateData * conn, clientHttpRequest *http, char *url, { char *host; - http->flags.accel = 1; + http->flags.transparent = 1; if (*url != '/') return; /* already in good shape */ @@ -2087,6 +2084,8 @@ clientProcessRequest(ConnStateData *conn, ClientSocketContext *context, method_t request->flags.accelerated = http->flags.accel; + request->flags.transparent = http->flags.transparent; + if (!http->flags.internal) { if (internalCheck(request->urlpath.buf())) { if (internalHostnameIs(request->host) && @@ -2230,8 +2229,7 @@ clientReadRequest(int fd, char *buf, size_t size, comm_err_t flag, int xerrno, if (size > 0) { kb_incr(&statCounter.client_http.kbytes_in, size); conn->in.notYetUsed += size; - conn->in.buf[conn->in.notYetUsed] = '\0'; /* Terminate the string - */ + conn->in.buf[conn->in.notYetUsed] = '\0'; /* Terminate the string */ } else if (size == 0) { debug(33, 5) ("clientReadRequest: FD %d closed?\n", fd); diff --git a/src/client_side_request.h b/src/client_side_request.h index 33805c6931..0b15d91e85 100644 --- a/src/client_side_request.h +++ b/src/client_side_request.h @@ -1,6 +1,6 @@ /* - * $Id: client_side_request.h,v 1.7 2003/02/21 22:50:07 robertc Exp $ + * $Id: client_side_request.h,v 1.8 2003/02/22 14:59:34 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -95,6 +95,9 @@ public: unsigned int accel: 1; +unsigned int transparent: + 1; + unsigned int internal: 1; diff --git a/src/structs.h b/src/structs.h index edb477303a..6ef4490230 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.452 2003/02/21 22:50:12 robertc Exp $ + * $Id: structs.h,v 1.453 2003/02/22 14:59:35 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1079,8 +1079,7 @@ struct _ConnStateData } body; - auth_type_t auth_type; /* Is this connection based authentication ? if so - * what type it is. */ + auth_type_t auth_type; /* Is this connection based authentication? if so what type it is. */ /* note this is ONLY connection based because NTLM is against HTTP spec */ /* the user details for connection based authentication */ auth_user_request_t *auth_user_request; @@ -1591,7 +1590,7 @@ struct _RemovalPurgeWalker struct request_flags { - request_flags():range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),internal(0),internalclient(0),body_sent(0),destinationIPLookedUp_(0) + request_flags():range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),transparent(0),internal(0),internalclient(0),body_sent(0),destinationIPLookedUp_(0) { #if HTTP_VIOLATIONS nocache_hack = 1; @@ -1643,6 +1642,9 @@ unsigned int nocache_hack: unsigned int accelerated: 1; +unsigned int transparent: + 1; + unsigned int internal: 1; @@ -2138,8 +2140,7 @@ struct _helper_stateful_request { char *buf; HLPSCB *callback; - int placeholder; /* if 1, this is a dummy request waiting for a stateful helper - * to become available for deferred requests.*/ + int placeholder; /* if 1, this is a dummy request waiting for a stateful helper to become available for deferred requests.*/ void *data; }; -- 2.47.3