ident_acl hack

From: Martin Hamilton <martin@dont-contact.us>
Date: Thu, 14 Jan 1999 16:04:00 +0000

-----BEGIN PGP SIGNED MESSAGE-----

Hi folks,

Here's a patch which adds support for a new type of ACL 'ident_acl' -
as per the DOCs below. My boss asked me to hack this into Squid, but
I thought other people might find it useful too.

Not sure if I got the aclCheckFast() call right - let me know if this
bit is bogus. It seems to work just fine with a test set of URLs
from one of our caches.

Sayonara!

Martin

diff -rcs squid-2.1.PATCH2/src/cf.data.pre squid-2.1.PATCH2-hack/src/cf.data.pre
*** squid-2.1.PATCH2/src/cf.data.pre Thu Nov 19 21:24:36 1998
- --- squid-2.1.PATCH2-hack/src/cf.data.pre Thu Jan 14 13:36:01 1999
***************
*** 772,777 ****
- --- 772,794 ----
  DOC_END
  
  
+ NAME: ident_acl
+ TYPE: acl_access
+ DEFAULT: none
+ LOC: Config.accessList.identLookup
+ DOC_START
+ A list of ACL elements which, if matched, cause an ident
+ lookup to be performed for this request. For example, you
+ might choose to always perform ident lookups for your main
+ multi-user Unix boxes, but not for your Macs and PCs.
+
+ acl ident_aware_hosts src 198.168.1.0/255.255.255.0
+ ident_acl allow ident_aware_hosts
+ ident_acl deny all
+
+ DOC_END
+
+
  NAME: log_fqdn
  COMMENT: on|off
  TYPE: onoff
diff -rcs squid-2.1.PATCH2/src/client_side.c squid-2.1.PATCH2-hack/src/client_side.c
*** squid-2.1.PATCH2/src/client_side.c Wed Dec 9 20:50:41 1998
- --- squid-2.1.PATCH2-hack/src/client_side.c Thu Jan 14 14:18:07 1999
***************
*** 114,123 ****
      clientHttpRequest *http = data;
      ConnStateData *conn = http->conn;
      const char *browser;
! if (Config.onoff.ident_lookup && conn->ident.state == IDENT_NONE) {
! identStart(-1, conn, clientAccessCheck, http);
! return;
      }
      if (checkAccelOnly(http)) {
          clientAccessCheckDone(0, http);
          return;
- --- 114,137 ----
      clientHttpRequest *http = data;
      ConnStateData *conn = http->conn;
      const char *browser;
! aclCheck_t ident_acl;
!
! if (conn->ident.state == IDENT_NONE) { /* not already doing ident check */
! if (Config.accessList.identLookup) { /* ident_acl set in squid.conf */
! ident_acl.src_addr = conn->peer.sin_addr;
! ident_acl.request = http->request;
!
! if (aclCheckFast(Config.accessList.identLookup, &ident_acl)) {
! /* schedule ident check if ACL matches */
! identStart(-1, conn, clientAccessCheck, http);
! return;
! }
! } else if (Config.onoff.ident_lookup) { /* 'ident on' in squid.conf */
! identStart(-1, conn, clientAccessCheck, http);
! return;
! }
      }
+
      if (checkAccelOnly(http)) {
          clientAccessCheckDone(0, http);
          return;
diff -rcs squid-2.1.PATCH2/src/structs.h squid-2.1.PATCH2-hack/src/structs.h
*** squid-2.1.PATCH2/src/structs.h Wed Dec 9 03:41:21 1998
- --- squid-2.1.PATCH2-hack/src/structs.h Thu Jan 14 13:36:11 1999
***************
*** 387,392 ****
- --- 387,393 ----
          acl_access *AlwaysDirect;
          acl_access *ASlists;
          acl_access *noCache;
+ acl_access *identLookup;
      } accessList;
      acl_deny_info_list *denyInfoList;
      char *proxyAuthRealm;

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNp4VbdZdpXZXTSjhAQHnVgQAmch4WBN8EiiZRj1UaZ2/s69DarUbfP9b
wmutAXyN/ssVcLrWe103l/WIqov+imcdzYkgutP/CfCWWhv0/yHAgRSlk6uxIVLW
QM41vfw789/H967R83nTTC/EOsFISP2myb8FAVU8Llaodpzpe6nhI21BxN874/ok
F/ynsto5uvY=
=9/up
-----END PGP SIGNATURE-----
Received on Tue Jul 29 2003 - 13:15:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:02 MST