Re: [PATCH] Send 407 on url_rewrite_access/storeurl_access
It looks fine; could you dump it into bugzilla for the time being? (We're working on the Squid-2 -> bzr merge stuff at the moment!) Adrian 2008/9/7 Diego Woitasen <[EMAIL PROTECTED]>: > This patch apply to Squid 2.7.STABLE4. > > If we use a proxy_auth acl on {storeurl,url_rewrite}_access and the user > isn't authenticated previously, send 407. > > regards, >Diego > > > diff --git a/src/client_side.c b/src/client_side.c > index 23c4274..4f75ea0 100644 > --- a/src/client_side.c > +++ b/src/client_side.c > @@ -448,19 +448,71 @@ clientFinishRewriteStuff(clientHttpRequest * http) > > } > > -static void > -clientAccessCheckDone(int answer, void *data) > +void > +clientSendErrorReply(clientHttpRequest * http, int answer) > { > -clientHttpRequest *http = data; > err_type page_id; > http_status status; > ErrorState *err = NULL; > char *proxy_auth_msg = NULL; > + > +proxy_auth_msg = > authenticateAuthUserRequestMessage(http->conn->auth_user_request ? > http->conn->auth_user_request : http->request->auth_user_request); > + > +int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || > aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent; > + > +debug(33, 5) ("Access Denied: %s\n", http->uri); > +debug(33, 5) ("AclMatchedName = %s\n", > + AclMatchedName ? AclMatchedName : ""); > +debug(33, 5) ("Proxy Auth Message = %s\n", > + proxy_auth_msg ? proxy_auth_msg : ""); > + > +/* > + * NOTE: get page_id here, based on AclMatchedName because > + * if USE_DELAY_POOLS is enabled, then AclMatchedName gets > + * clobbered in the clientCreateStoreEntry() call > + * just below. Pedro Ribeiro <[EMAIL PROTECTED]> > + */ > +page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, > answer != ACCESS_REQ_PROXY_AUTH); > +http->log_type = LOG_TCP_DENIED; > +http->entry = clientCreateStoreEntry(http, http->request->method, > + null_request_flags); > +if (require_auth) { > + if (!http->flags.accel) { > + /* Proxy authorisation needed */ > + status = HTTP_PROXY_AUTHENTICATION_REQUIRED; > + } else { > + /* WWW authorisation needed */ > + status = HTTP_UNAUTHORIZED; > + } > + if (page_id == ERR_NONE) > + page_id = ERR_CACHE_ACCESS_DENIED; > +} else { > + status = HTTP_FORBIDDEN; > + if (page_id == ERR_NONE) > + page_id = ERR_ACCESS_DENIED; > +} > +err = errorCon(page_id, status, http->orig_request); > +if (http->conn->auth_user_request) > + err->auth_user_request = http->conn->auth_user_request; > +else if (http->request->auth_user_request) > + err->auth_user_request = http->request->auth_user_request; > +/* lock for the error state */ > +if (err->auth_user_request) > + authenticateAuthUserRequestLock(err->auth_user_request); > +err->callback_data = NULL; > +errorAppendEntry(http->entry, err); > + > +} > + > +static void > +clientAccessCheckDone(int answer, void *data) > +{ > +clientHttpRequest *http = data; > + > debug(33, 2) ("The request %s %s is %s, because it matched '%s'\n", >RequestMethods[http->request->method].str, http->uri, >answer == ACCESS_ALLOWED ? "ALLOWED" : "DENIED", >AclMatchedName ? AclMatchedName : "NO ACL's"); > -proxy_auth_msg = > authenticateAuthUserRequestMessage(http->conn->auth_user_request ? > http->conn->auth_user_request : http->request->auth_user_request); > http->acl_checklist = NULL; > if (answer == ACCESS_ALLOWED) { >safe_free(http->uri); > @@ -469,47 +521,7 @@ clientAccessCheckDone(int answer, void *data) >http->redirect_state = REDIRECT_PENDING; >clientRedirectStart(http); > } else { > - int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || > aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent; > - debug(33, 5) ("Access Denied: %s\n", http->uri); > - debug(33, 5) ("AclMatchedName = %s\n", > - AclMatchedName ? AclMatchedName : ""); > - debug(33, 5) ("Proxy Auth Message = %s\n", > - proxy_auth_msg ? proxy_auth_msg : ""); > - /* > -* NOTE: get page_id here, based on AclMatchedName because > -* if USE_DELAY_POOLS is enabled, then AclMatchedName gets > -* clobbered in the clientCreateStoreEntry() call > -* just below. Pedro Ribeiro <[EMAIL PROTECTED]> > -*/ > - page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, > answer != ACCESS_REQ_PROXY_AUTH); > - http->log_type = LOG_TCP_DENIED; > - http->entry = clientCreateStoreEntry(http, http->request->method, > - null_request_flags); > - if (require_auth) { > - if (!http->flags.accel) { > - /* Proxy authorisation needed */ > - status = HTTP_PROXY_AUTHENTICATION_REQUIRED; > - } else { > - /* WWW
Re: [PATCH] Send 407 on url_rewrite_access/storeurl_access
Bundle Buggy has detected this merge request. For details, see: http://bundlebuggy.aaronbentley.com/project/squid/request/%3C20080907005501.GB8733%40motherbox.xtech.com.ar%3E Project: Squid
[PATCH] Send 407 on url_rewrite_access/storeurl_access
This patch apply to Squid 2.7.STABLE4. If we use a proxy_auth acl on {storeurl,url_rewrite}_access and the user isn't authenticated previously, send 407. regards, Diego diff --git a/src/client_side.c b/src/client_side.c index 23c4274..4f75ea0 100644 --- a/src/client_side.c +++ b/src/client_side.c @@ -448,19 +448,71 @@ clientFinishRewriteStuff(clientHttpRequest * http) } -static void -clientAccessCheckDone(int answer, void *data) +void +clientSendErrorReply(clientHttpRequest * http, int answer) { -clientHttpRequest *http = data; err_type page_id; http_status status; ErrorState *err = NULL; char *proxy_auth_msg = NULL; + +proxy_auth_msg = authenticateAuthUserRequestMessage(http->conn->auth_user_request ? http->conn->auth_user_request : http->request->auth_user_request); + +int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent; + +debug(33, 5) ("Access Denied: %s\n", http->uri); +debug(33, 5) ("AclMatchedName = %s\n", + AclMatchedName ? AclMatchedName : ""); +debug(33, 5) ("Proxy Auth Message = %s\n", + proxy_auth_msg ? proxy_auth_msg : ""); + +/* + * NOTE: get page_id here, based on AclMatchedName because + * if USE_DELAY_POOLS is enabled, then AclMatchedName gets + * clobbered in the clientCreateStoreEntry() call + * just below. Pedro Ribeiro <[EMAIL PROTECTED]> + */ +page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, answer != ACCESS_REQ_PROXY_AUTH); +http->log_type = LOG_TCP_DENIED; +http->entry = clientCreateStoreEntry(http, http->request->method, + null_request_flags); +if (require_auth) { + if (!http->flags.accel) { + /* Proxy authorisation needed */ + status = HTTP_PROXY_AUTHENTICATION_REQUIRED; + } else { + /* WWW authorisation needed */ + status = HTTP_UNAUTHORIZED; + } + if (page_id == ERR_NONE) + page_id = ERR_CACHE_ACCESS_DENIED; +} else { + status = HTTP_FORBIDDEN; + if (page_id == ERR_NONE) + page_id = ERR_ACCESS_DENIED; +} +err = errorCon(page_id, status, http->orig_request); +if (http->conn->auth_user_request) + err->auth_user_request = http->conn->auth_user_request; +else if (http->request->auth_user_request) + err->auth_user_request = http->request->auth_user_request; +/* lock for the error state */ +if (err->auth_user_request) + authenticateAuthUserRequestLock(err->auth_user_request); +err->callback_data = NULL; +errorAppendEntry(http->entry, err); + +} + +static void +clientAccessCheckDone(int answer, void *data) +{ +clientHttpRequest *http = data; + debug(33, 2) ("The request %s %s is %s, because it matched '%s'\n", RequestMethods[http->request->method].str, http->uri, answer == ACCESS_ALLOWED ? "ALLOWED" : "DENIED", AclMatchedName ? AclMatchedName : "NO ACL's"); -proxy_auth_msg = authenticateAuthUserRequestMessage(http->conn->auth_user_request ? http->conn->auth_user_request : http->request->auth_user_request); http->acl_checklist = NULL; if (answer == ACCESS_ALLOWED) { safe_free(http->uri); @@ -469,47 +521,7 @@ clientAccessCheckDone(int answer, void *data) http->redirect_state = REDIRECT_PENDING; clientRedirectStart(http); } else { - int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) && !http->request->flags.transparent; - debug(33, 5) ("Access Denied: %s\n", http->uri); - debug(33, 5) ("AclMatchedName = %s\n", - AclMatchedName ? AclMatchedName : ""); - debug(33, 5) ("Proxy Auth Message = %s\n", - proxy_auth_msg ? proxy_auth_msg : ""); - /* -* NOTE: get page_id here, based on AclMatchedName because -* if USE_DELAY_POOLS is enabled, then AclMatchedName gets -* clobbered in the clientCreateStoreEntry() call -* just below. Pedro Ribeiro <[EMAIL PROTECTED]> -*/ - page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, answer != ACCESS_REQ_PROXY_AUTH); - http->log_type = LOG_TCP_DENIED; - http->entry = clientCreateStoreEntry(http, http->request->method, - null_request_flags); - if (require_auth) { - if (!http->flags.accel) { - /* Proxy authorisation needed */ - status = HTTP_PROXY_AUTHENTICATION_REQUIRED; - } else { - /* WWW authorisation needed */ - status = HTTP_UNAUTHORIZED; - } - if (page_id == ERR_NONE) - page_id = ERR_CACHE_ACCESS_DENIED; - } else { - status = HTTP_FORBIDDEN; - if (page_id == ERR_NONE) - page_id = ERR_ACCESS_DENIED; - } - err = errorCon(page_id, status, http->orig_request); - if (http->conn->auth_user_
Re: pseudo-specs for a String class: char *buf
On ons, 2008-09-03 at 16:53 +0200, Kinkie wrote: > I didn't really think of different buffer types. Do you have in mind > any scenario where it would be useful? One example is if KBuf gets implemented using a mallocator that may reallocate the memory area to reduce fragmentation. > On the other hand, char* are significantly more efficient for common > operations, consistently with the design goals.. Agreed. Regards Henrik
Re: [RFC] COSS removal from 3.0
On fre, 2008-09-05 at 23:12 +1200, Amos Jeffries wrote: > Well, Henrik stated it was not supposed to be in 3.0 in the first place. We had a vote on this some (several) months before 3.0 got branched, and it was decided to drop COSS from the Squid-3.0 branch once branched. Then the branching got delayed, and this task was forgotten when it finally branched. Until COSS gets significantly updated it's counter-productive to ship it in STABLE releases. But the current code needs to be kept in trunk as reference on how things got refactored for the day the current COSS code gets forward ported to Squid-3. Regards Henrik