diff -ur ../../squid-1.1.9-orig/src/acl.c ./acl.c --- ../../squid-1.1.9-orig/src/acl.c Wed Mar 26 08:29:32 1997 +++ ./acl.c Sat Apr 5 22:07:30 1997 @@ -100,6 +100,10 @@ static void aclParseTimeSpec _PARAMS((void *curlist)); static char *strtokFile _PARAMS((void)); +#ifdef USE_PROXY_AUTH +static int aclReadProxyAuth _PARAMS((struct _acl_proxy_auth *p)); +#endif + static char * strtokFile(void) { @@ -170,6 +174,10 @@ return ACL_METHOD; if (!strcmp(s, "browser")) return ACL_BROWSER; +#ifdef USE_PROXY_AUTH + if (!strcmp(s, "proxy_auth")) + return ACL_PROXY_AUTH; +#endif /* USE_PROXY_AUTH */ return ACL_NONE; } @@ -572,6 +605,47 @@ #endif /* USE_SPLAY_TREE */ +#ifdef USE_PROXY_AUTH + +/* check for change password file each 300 seconds */ +#define CHECK_PROXY_FILE_TIME 300 + +static void +aclParseProxyAuth(void *data) +{ + struct _acl_proxy_auth *p; + struct _acl_proxy_auth **q = data; + char *t; + + t = strtok(NULL, w_space); + if (t) { + p = xcalloc(1, sizeof(struct _acl_proxy_auth)); + p->filename = xstrdup(t); + p->last_time = 0; + p->change_time = 0; + t = strtok(NULL, w_space); + if (t == NULL) { + p->check_interval = CHECK_PROXY_FILE_TIME; + } else { + p->check_interval = atoi(t); + } + if (p->check_interval < 1) + p->check_interval = 1; + p->hash = 0; /* force creation of a new hash table */ + if (aclReadProxyAuth(p)) { + *q = p; + return; + } else { + debug(28, 0, "cannot read proxy_auth %s, ignoring\n", p->filename); + } + } else { + debug(28, 0, "no filename in acl proxy_auth, ignoring\n"); + } + *q = NULL; + return; +} +#endif /* USE_PROXY_AUTH */ + void aclParseAclLine(void) { @@ -650,6 +724,11 @@ case ACL_BROWSER: aclParseRegexList(&A->data, 0); break; +#ifdef USE_PROXY_AUTH + case ACL_PROXY_AUTH: + aclParseProxyAuth(&A->data); + break; +#endif /* USE_PROXY_AUTH */ case ACL_NONE: default: debug_trap("Bad ACL type"); @@ -998,6 +1077,51 @@ return 0; } +#ifdef USE_PROXY_AUTH +static int +aclMatchProxyAuth(struct _acl_proxy_auth *p, const char *ident) +{ + LOCAL_ARRAY(char, sent_user, ICP_IDENT_SZ); + char *passwd = NULL; + hash_link *hashr = NULL; + + if (ident == NULL) + return 0; + xstrncpy(sent_user, ident, ICP_IDENT_SZ); + strtok(sent_user, ":"); /* Remove :password */ + debug(28, 5, "aclMatchProxyAuth: checking user %s\n", sent_user); + + /* reread password file if necessary */ + aclReadProxyAuth(p); + + hashr = hash_lookup(p->hash, sent_user); + if (hashr == NULL) { + /* User doesn't exist; deny them */ + debug(28, 4, "aclMatchProxyAuth: user %s does not exist\n", sent_user); + return 0; + } + passwd = strstr(ident, ":"); + passwd++; + + /* See if we've already validated them */ + if (strcmp(hashr->item, passwd) == 0) { + debug(28, 5, "aclMatchProxyAuth: user %s previously validated\n", sent_user); + return 1; + } + if (strcmp(hashr->item, (char *) crypt(passwd, hashr->item))) { + /* Passwords differ, deny access */ + debug(28, 4, "aclMatchProxyAuth: authentication failed: user %s: passwords differ\n", sent_user); + return 0; + } + + debug(28, 5, "proxyAuthenticate: user %s validated OK\n", sent_user); + hash_delete(p->hash, sent_user); + hash_insert(p->hash, xstrdup(sent_user), (void *) xstrdup(passwd)); + + return 1; +} +#endif /* USE_PROXY_AUTH */ + static int aclMatchInteger(intlist * data, int i) { @@ -1114,8 +1238,6 @@ return aclMatchInteger(acl->data, r->port); /* NOTREACHED */ case ACL_USER: - /* debug(28, 0, "aclMatchAcl: ACL_USER unimplemented\n"); */ - /* return 0; */ return aclMatchIdent(acl->data, checklist->ident); /* NOTREACHED */ case ACL_PROTO: @@ -1127,6 +1249,19 @@ case ACL_BROWSER: return aclMatchRegex(acl->data, checklist->browser); /* NOTREACHED */ +#ifdef USE_PROXY_AUTH + case ACL_PROXY_AUTH: + if (!aclMatchProxyAuth(acl->data, checklist->ident)) { + /* no such user OR we need a proxy authentication header */ + checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED; + return 0; + } else { + /* register that we used the proxy authentication header */ + checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_USED; + return 1; + } + /* NOTREACHED */ +#endif /* USE_PROXY_AUTH */ case ACL_NONE: default: debug(28, 0, "aclMatchAcl: '%s' has bad type %d\n", @@ -1222,6 +1357,23 @@ } } +#ifdef USE_PROXY_AUTH +void +aclDestroyProxyAuth(struct _acl_proxy_auth *p) +{ + int i; + hash_link *hashr = NULL; + + /* destroy hash list contents */ + for (i = 0, hashr = hash_first(p->hash); hashr; hashr = hash_next(p->hash)) + hash_delete(p->hash, hashr->key); + /* destroy and free the hash table itself */ + hash_destroy(p->hash); + safe_free(p->filename); + safe_free(p); +} +#endif + void aclDestroyAcls(void) { @@ -1267,6 +1419,11 @@ case ACL_METHOD: intlistDestroy((intlist **) & a->data); break; +#ifdef USE_PROXY_AUTH + case ACL_PROXY_AUTH: + aclDestroyProxyAuth(a->data); + break; +#endif /* USE_PROXY_AUTH */ case ACL_NONE: default: fatal_dump("aclDestroyAcls: Found ACL_NONE?"); @@ -1561,3 +1718,75 @@ } #endif /* USE_BIN_TREE */ + + +#ifdef USE_PROXY_AUTH + +/* Original ProxyAuth code by Jon Thackray */ +/* Generalized to ACL's by Arjan.deVet */ + +static int +aclReadProxyAuth(struct _acl_proxy_auth *p) +{ + struct stat buf; + static char *passwords = NULL; + char *user = NULL; + char *passwd = NULL; + int i; + hash_link *hashr = NULL; + FILE *f = NULL; + + if ((squid_curtime - p->last_time) >= p->check_interval) { + if (stat(p->filename, &buf) == 0) { + if (buf.st_mtime > p->change_time) { + debug(28, 1, "aclReadProxyAuth: reloading changed proxy authentication file %s\n", p->filename); + p->change_time = buf.st_mtime; + + if (p->hash != 0) { + debug(28, 5, "aclReadProxyAuth: invalidating old entries\n"); + for (i = 0, hashr = hash_first(p->hash); hashr; hashr = hash_next(p->hash)) { + debug(28, 6, "aclReadProxyAuth: deleting %s\n", hashr->key); + hash_delete(p->hash, hashr->key); + } + } else { + /* First time around, 7921 should be big enough */ + if ((p->hash = hash_create(urlcmp, 7921, hash_string)) < 0) { + debug(28, 0, "aclReadProxyAuth: can't create hash table, turning auth off\n"); + return 0; + } + } + + passwords = xmalloc((size_t) buf.st_size + 2); + f = fopen(p->filename, "r"); + fread(passwords, (size_t) buf.st_size, 1, f); + *(passwords + buf.st_size) = '\0'; + strcat(passwords, "\n"); + fclose(f); + + user = strtok(passwords, ":"); + passwd = strtok(NULL, "\n"); + + debug(28, 5, "aclReadProxyAuth: adding new passwords to hash table\n"); + while (user != NULL) { + if (strlen(user) > 1 && strlen(passwd) > 1) { + debug(28, 6, "aclReadProxyAuth: adding %s, %s to hash table\n", user, passwd); + hash_insert(p->hash, xstrdup(user), (void *) xstrdup(passwd)); + } + user = strtok(NULL, ":"); + passwd = strtok(NULL, "\n"); + } + xfree(passwords); + } else { + debug(28, 5, "aclReadProxyAuth: %s not changed (old=%d,new=%d)\n", + p->filename, p->change_time, buf.st_mtime); + } + } else { + debug(28, 0, "aclReadProxyAuth: can't access proxy_auth file %s, turning authentication off\n", p->filename); + return 0; + } + } + p->last_time = squid_curtime; + return 1; +} + +#endif /* USE_PROXY_AUTH */ diff -ur ../../squid-1.1.9-orig/src/acl.h ./acl.h --- ../../squid-1.1.9-orig/src/acl.h Thu Feb 20 22:03:10 1997 +++ ./acl.h Sat Apr 5 22:19:14 1997 @@ -44,6 +44,9 @@ ACL_PROTO, ACL_METHOD, ACL_BROWSER, +#ifdef USE_PROXY_AUTH + ACL_PROXY_AUTH, +#endif /* USE_PROXY_AUTH */ ACL_ENUM_MAX } squid_acl; @@ -78,6 +81,16 @@ struct _acl_name_list *next; }; +#ifdef USE_PROXY_AUTH +struct _acl_proxy_auth { + char *filename; + time_t last_time; + time_t change_time; + int check_interval; + HashID hash; +}; +#endif /* USE_PROXY_AUTH */ + struct _acl_deny_info_list { char url[MAX_URL]; struct _acl_name_list *acl_list; @@ -116,7 +129,9 @@ ACL_LOOKUP_NONE, ACL_LOOKUP_NEED, ACL_LOOKUP_PENDING, - ACL_LOOKUP_DONE + ACL_LOOKUP_DONE, + ACL_PROXY_AUTH_NEEDED, + ACL_PROXY_AUTH_USED } acl_lookup_state; struct _aclCheck_t { diff -ur ../../squid-1.1.9-orig/src/cache_cf.c ./cache_cf.c --- ../../squid-1.1.9-orig/src/cache_cf.c Fri Mar 28 21:28:11 1997 +++ ./cache_cf.c Sat Apr 5 22:13:39 1997 @@ -144,9 +144,6 @@ #define DefaultUseragentLogFile (char *)NULL /* default NONE */ #define DefaultStoreLogFile DEFAULT_STORE_LOG #define DefaultSwapLogFile (char *)NULL /* default swappath(0) */ -#if USE_PROXY_AUTH -#define DefaultProxyAuthFile (char *)NULL /* default NONE */ -#endif /* USE_PROXY_AUTH */ #define DefaultLogRotateNumber 10 #define DefaultAdminEmail "webmaster" #define DefaultFtpgetProgram DEFAULT_FTPGET @@ -655,22 +652,6 @@ Config.adminEmail = xstrdup(token); } -#if USE_PROXY_AUTH -static void -parseProxyAuthLine(void) -{ - char *token; - token = strtok(NULL, w_space); - if (token == NULL) - self_destruct(); - safe_free(Config.proxyAuth.File); - aclDestroyRegexList(Config.proxyAuth.IgnoreDomains); - Config.proxyAuth.IgnoreDomains = NULL; - Config.proxyAuth.File = xstrdup(token); - aclParseRegexList(&Config.proxyAuth.IgnoreDomains, 1); -} -#endif /* USE_PROXY_AUTH */ - static void parseHttpdAccelLine(void) { @@ -1251,13 +1232,6 @@ else if (!strcmp(token, "redirect_children")) parseIntegerValue(&Config.redirectChildren); -#if USE_PROXY_AUTH - else if (!strcmp(token, "proxy_auth")) - parseProxyAuthLine(); - else if (!strcmp(token, "proxy_auth_ignore")) - aclParseRegexList(&Config.proxyAuth.IgnoreDomains, 1); -#endif /* USE_PROXY_AUTH */ - else if (!strcmp(token, "source_ping")) parseOnOff(&Config.sourcePing); @@ -1495,11 +1469,6 @@ safe_free(Config.pidFilename); safe_free(Config.visibleHostname); safe_free(Config.ftpUser); -#if USE_PROXY_AUTH - safe_free(Config.proxyAuth.File); - aclDestroyRegexList(Config.proxyAuth.IgnoreDomains); - Config.proxyAuth.IgnoreDomains = NULL; -#endif /* USE_PROXY_AUTH */ safe_free(Config.Announce.host); safe_free(Config.Announce.file); safe_free(Config.errHtmlText); @@ -1589,10 +1558,6 @@ Config.Accel.withProxy = DefaultAccelWithProxy; Config.pidFilename = safe_xstrdup(DefaultPidFilename); Config.visibleHostname = safe_xstrdup(DefaultVisibleHostname); -#if USE_PROXY_AUTH - Config.proxyAuth.File = safe_xstrdup(DefaultProxyAuthFile); -/* Config.proxyAuth.IgnoreDomains = safe_xstrdup(DefaultproxyAuthIgnoreDomains); */ -#endif /* USE_PROXY_AUTH */ Config.ftpUser = safe_xstrdup(DefaultFtpUser); Config.Announce.host = safe_xstrdup(DefaultAnnounceHost); Config.Announce.port = DefaultAnnouncePort; diff -ur ../../squid-1.1.9-orig/src/cache_cf.h ./cache_cf.h --- ../../squid-1.1.9-orig/src/cache_cf.h Fri Mar 28 21:28:12 1997 +++ ./cache_cf.h Sat Apr 5 22:14:00 1997 @@ -177,12 +177,6 @@ int rotateNumber; int log_fqdn; } Log; -#if USE_PROXY_AUTH - struct { - char *File; - relist *IgnoreDomains; - } proxyAuth; -#endif /* USE_PROXY_AUTH */ char *adminEmail; char *effectiveUser; char *effectiveGroup; diff -ur ../../squid-1.1.9-orig/src/client_side.c ./client_side.c --- ../../squid-1.1.9-orig/src/client_side.c Thu Feb 27 18:49:41 1997 +++ ./client_side.c Sat Apr 5 21:50:33 1997 @@ -88,38 +88,6 @@ clientAccessCheck(icpState, icpState->aclHandler); } -#if USE_PROXY_AUTH -/* ProxyAuth code by Jon Thackray */ -/* return 1 if allowed, 0 if denied */ -static int -clientProxyAuthCheck(icpStateData * icpState) -{ - const char *proxy_user; - - /* Check that the user is allowed to access via this proxy-cache - * don't restrict if they're accessing a local domain or - * an object of type cacheobj:// */ - if (Config.proxyAuth.File == NULL) - return 1; - if (urlParseProtocol(icpState->url) == PROTO_CACHEOBJ) - return 1; - - if (Config.proxyAuth.IgnoreDomains) { - if (aclMatchRegex(Config.proxyAuth.IgnoreDomains, icpState->request->host)) { - debug(33, 2, "clientProxyAuthCheck: host \"%s\" matched proxyAuthIgnoreDomains\n", icpState->request->host); - return 1; - } - } - proxy_user = proxyAuthenticate(icpState->request_hdr); - xstrncpy(icpState->ident.ident, proxy_user, ICP_IDENT_SZ); - debug(33, 6, "clientProxyAuthCheck: user = %s\n", icpState->ident.ident); - - if (strcmp(icpState->ident.ident, dash_str) == 0) - return 0; - return 1; -} -#endif /* USE_PROXY_AUTH */ - static int checkAccelOnly(icpStateData * icpState) { @@ -143,6 +111,9 @@ aclCheck_t *ch = NULL; char *browser = NULL; const ipcache_addrs *ia = NULL; +#ifdef USE_PROXY_AUTH + int proxy_auth_hdr = 0; +#endif if (Config.identLookup && icpState->ident.state == IDENT_NONE) { icpState->aclHandler = handler; @@ -165,20 +136,37 @@ } /* This so we can have SRC ACLs for cache_host_acl. */ icpState->request->client_addr = icpState->peer.sin_addr; -#if USE_PROXY_AUTH - if (clientProxyAuthCheck(icpState) == 0) { - char *wbuf = NULL; - int fd = icpState->fd; - debug(33, 4, "Proxy Denied: %s\n", icpState->url); - icpState->log_type = ERR_PROXY_DENIED; - icpState->http_code = 407; - wbuf = xstrdup(proxy_denied_msg(icpState->http_code, - icpState->method, - icpState->url, - fd_table[fd].ipaddr)); - icpSendERROR(fd, icpState->log_type, wbuf, icpState, icpState->http_code); - safe_free(icpState->aclChecklist); - return; + +#ifdef USE_PROXY_AUTH + if (urlParseProtocol(icpState->url) != PROTO_CACHEOBJ) { + char *s = NULL; + /* Look for Proxy-authorization: Basic in the + * headers sent by the client + */ + if ((s = mime_get_header(icpState->request_hdr, + "Proxy-authorization:")) == NULL) { + debug(33, 5, "clientAccessCheck: Can't find authorization header\n"); + xstrncpy(icpState->aclChecklist->ident, "-:-", ICP_IDENT_SZ); + } else { + LOCAL_ARRAY(char, sent_user, ICP_IDENT_SZ); + char *sent_userandpw = NULL; + char *clear_userandpw = NULL; + /* Skip the 'Basic' part */ + s += strlen(" Basic"); + sent_userandpw = xstrdup(s); + /* Trim trailing \n before decoding */ + strtok(sent_userandpw, "\n"); + clear_userandpw = uudecode(sent_userandpw); + xfree(sent_userandpw); + debug(33, 5, "clientAccessCheck: auth = %s\n", clear_userandpw); + xstrncpy(icpState->aclChecklist->ident, clear_userandpw, + ICP_IDENT_SZ); + xstrncpy(sent_user, clear_userandpw, ICP_IDENT_SZ); + xfree(clear_userandpw); + strtok(sent_user, ":"); /* Remove :password */ + xstrncpy(icpState->ident.ident, sent_user, ICP_IDENT_SZ); + proxy_auth_hdr = 1; + } } #endif /* USE_PROXY_AUTH */ @@ -188,6 +176,31 @@ answer = 0; } else { answer = aclCheck(HTTPAccessList, ch); +#ifdef USE_PROXY_AUTH + /* We can have received a Proxy-authentication: header + * but there may be no proxy authentication needed. + * In that case we erase the username from icpState->ident.ident. + */ + if (proxy_auth_hdr && + (ch->state[ACL_PROXY_AUTH] != ACL_PROXY_AUTH_USED)) { + xstrncpy(icpState->ident.ident, "-", ICP_IDENT_SZ); + } + /* check whether we need a proxy authentication header */ + if (ch->state[ACL_PROXY_AUTH] == ACL_PROXY_AUTH_NEEDED) { + char *wbuf = NULL; + int fd = icpState->fd; + debug(33, 4, "Proxy Denied: %s\n", icpState->url); + icpState->log_type = ERR_PROXY_DENIED; + icpState->http_code = 407; + wbuf = xstrdup(proxy_denied_msg(icpState->http_code, + icpState->method, + icpState->url, + fd_table[fd].ipaddr)); + icpSendERROR(fd, icpState->log_type, wbuf, icpState, icpState->http_code); + safe_free(icpState->aclChecklist); + return; + } +#endif /* USE_PROXY_AUTH */ if (ch->state[ACL_DST_IP] == ACL_LOOKUP_NEED) { ch->state[ACL_DST_IP] = ACL_LOOKUP_PENDING; /* first */ ipcache_nbgethostbyname(icpState->request->host, @@ -280,142 +293,6 @@ } icpProcessRequest(fd, icpState); } - -#if USE_PROXY_AUTH -/* Check the modification time on the file that holds the proxy - * passwords every 'n' seconds, and if it has changed, reload it - */ -#define CHECK_PROXY_FILE_TIME 300 - -const char * -proxyAuthenticate(const char *headers) -{ - /* Keep the time measurements and the hash - * table of users and passwords handy */ - static time_t last_time = 0; - static time_t change_time = 0; - static HashID validated = 0; - static char *passwords = NULL; - LOCAL_ARRAY(char, sent_user, ICP_IDENT_SZ); - - char *s = NULL; - char *sent_userandpw = NULL; - char *user = NULL; - char *passwd = NULL; - char *clear_userandpw = NULL; - struct stat buf; - int i; - hash_link *hashr = NULL; - FILE *f = NULL; - - /* Look for Proxy-authorization: Basic in the - * headers sent by the client - */ - if ((s = mime_get_header(headers, "Proxy-authorization:")) == NULL) { - debug(33, 5, "proxyAuthenticate: Can't find authorization header\n"); - return (dash_str); - } - /* Skip the 'Basic' part */ - s += strlen(" Basic"); - sent_userandpw = xstrdup(s); - strtok(sent_userandpw, "\n"); /* Trim trailing \n before decoding */ - clear_userandpw = uudecode(sent_userandpw); - xfree(sent_userandpw); - - xstrncpy(sent_user, clear_userandpw, ICP_IDENT_SZ); - strtok(sent_user, ":"); /* Remove :password */ - debug(33, 5, "proxyAuthenticate: user = %s\n", sent_user); - - /* Look at the Last-modified time of the proxy.passwords - * file every five minutes, to see if it's been changed via - * a cgi-bin script, etc. If so, reload a fresh copy into memory - */ - - if ((squid_curtime - last_time) > CHECK_PROXY_FILE_TIME) { - debug(33, 5, "proxyAuthenticate: checking password file %s hasn't changed\n", Config.proxyAuth.File); - - if (stat(Config.proxyAuth.File, &buf) == 0) { - if (buf.st_mtime != change_time) { - debug(33, 0, "proxyAuthenticate: reloading changed proxy authentication password file %s \n", Config.proxyAuth.File); - change_time = buf.st_mtime; - - if (validated != 0) { - debug(33, 5, "proxyAuthenticate: invalidating old entries\n"); - for (i = 0, hashr = hash_first(validated); hashr; hashr = hash_next(validated)) { - debug(33, 6, "proxyAuthenticate: deleting %s\n", hashr->key); - hash_delete(validated, hashr->key); - } - } else { - /* First time around, 7921 should be big enough */ - if ((validated = hash_create(urlcmp, 7921, hash_string)) < 0) { - debug(33, 1, "ERK: can't create hash table. Turning auth off"); - xfree(Config.proxyAuth.File); - Config.proxyAuth.File = NULL; - return (dash_str); - } - } - - passwords = xmalloc((size_t) buf.st_size + 2); - f = fopen(Config.proxyAuth.File, "r"); - fread(passwords, (size_t) buf.st_size, 1, f); - *(passwords + buf.st_size) = '\0'; - strcat(passwords, "\n"); - fclose(f); - - user = strtok(passwords, ":"); - passwd = strtok(NULL, "\n"); - - debug(33, 5, "proxyAuthenticate: adding new passwords to hash table\n"); - while (user != NULL) { - if (strlen(user) > 1 && strlen(passwd) > 1) { - debug(33, 6, "proxyAuthenticate: adding %s, %s to hash table\n", user, passwd); - hash_insert(validated, xstrdup(user), (void *) xstrdup(passwd)); - } - user = strtok(NULL, ":"); - passwd = strtok(NULL, "\n"); - } - - xfree(passwords); - } - } else { - debug(33, 1, "ERK: can't access proxy_auth file %s. Turning authentication off", Config.proxyAuth.File); - xfree(Config.proxyAuth.File); - Config.proxyAuth.File = NULL; - return (dash_str); - } - } - last_time = squid_curtime; - - hashr = hash_lookup(validated, sent_user); - if (hashr == NULL) { - /* User doesn't exist; deny them */ - debug(33, 4, "proxyAuthenticate: user %s doesn't exist\n", sent_user); - xfree(clear_userandpw); - return (dash_str); - } - passwd = strstr(clear_userandpw, ":"); - passwd++; - - /* See if we've already validated them */ - if (strcmp(hashr->item, passwd) == 0) { - debug(33, 5, "proxyAuthenticate: user %s previously validated\n", sent_user); - xfree(clear_userandpw); - return sent_user; - } - if (strcmp(hashr->item, (char *) crypt(passwd, hashr->item))) { - /* Passwords differ, deny access */ - debug(33, 4, "proxyAuthenticate: authentication failed: user %s passwords differ\n", sent_user); - xfree(clear_userandpw); - return (dash_str); - } - debug(33, 5, "proxyAuthenticate: user %s validated\n", sent_user); - hash_delete(validated, sent_user); - hash_insert(validated, xstrdup(sent_user), (void *) xstrdup(passwd)); - - xfree(clear_userandpw); - return (sent_user); -} -#endif /* USE_PROXY_AUTH */ void icpProcessExpired(int fd, void *data) diff -ur ../../squid-1.1.9-orig/src/client_side.h ./client_side.h --- ../../squid-1.1.9-orig/src/client_side.h Tue Feb 4 00:03:06 1997 +++ ./client_side.h Sat Apr 5 22:14:19 1997 @@ -38,8 +38,4 @@ extern char *clientConstructTraceEcho _PARAMS((icpStateData *)); extern void clientPurgeRequest _PARAMS((icpStateData *)); -#if USE_PROXY_AUTH -const char *proxyAuthenticate(const char *headers); -#endif /* USE_PROXY_AUTH */ - #endif /* CLIENT_SIDE_H */ diff -ur ../../squid-1.1.9-orig/src/hash.c ./hash.c --- ../../squid-1.1.9-orig/src/hash.c Thu Nov 28 08:08:48 1996 +++ ./hash.c Sat Apr 5 15:54:05 1997 @@ -369,6 +369,21 @@ } /* + * hash_destroy - destroy hash list + */ +void +hash_destroy(HashID hid) +{ + if (hid >= MAX_HTABLE) + return; + if (htbl[hid].valid == 0) + return; + safe_free(htbl[hid].buckets); + htbl[hid].valid = 0; + return; +} + +/* * hash_insert - inserts the given item 'item' under the given key 'k' * into the hash table 'hid'. Returns non-zero on error; otherwise, * returns 0 and inserts the item. diff -ur ../../squid-1.1.9-orig/src/hash.h ./hash.h --- ../../squid-1.1.9-orig/src/hash.h Thu Nov 7 00:14:38 1996 +++ ./hash.h Sat Apr 5 15:49:37 1997 @@ -144,6 +144,7 @@ extern HashID hash_create _PARAMS((int (*)_PARAMS((const char *, const char *)), int, unsigned int (*)_PARAMS((const char *, HashID)))); +extern void hash_destroy _PARAMS((HashID)); /* insert/delete */ extern int hash_insert _PARAMS((HashID, const char *, void *)); Only in .: pinger diff -ur ../../squid-1.1.9-orig/src/squid.conf.pre.in ./squid.conf.pre.in --- ../../squid-1.1.9-orig/src/squid.conf.pre.in Fri Mar 28 21:29:07 1997 +++ ./squid.conf.pre.in Sat Apr 5 22:41:11 1997 @@ -765,6 +765,21 @@ # acl aclname user username ... # string match on ident output. # # use REQUIRED to accept any # # non-null ident. +# acl aclname proxy_auth passwd_file [ refresh ] +# 'passwd_file' is an Apache-style file of passwords for +# authenticated proxy access. Looks like user:password, with the +# password being standard crypt() format. 'refresh' is the time +# in seconds to check for a changes in the file (default = 300 secs). +# +# When using a proxy_auth ACL in an ACL list, make sure it is the +# *last* in the list and the only proxy_auth ACL in the list. +# +# NOTE: when a Proxy-Authentication header is sent but it is not +# needed during ACL checking the username is NOT logged in access.log. +# +# NOTE: proxy_auth support is not compiled into Squid by default. +# To use this feature you must enable the USE_PROXY_AUTH option +# near the top of src/Makefile. acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 @@ -984,23 +999,6 @@ # passthrough_proxy host:port # #passthrough_proxy - -# TAG: proxy_auth -# Usage: proxy_auth passwd_file [ ignore-domain ] -# -# 'passwd_file' is an apache-style file of passwords for -# authenticated proxy access Looks like user:password, with the -# password being standard crypt() format. Proxy authentication -# is disabled by default. -# -# 'ignore-domain' is a domain name for which authorization will -# *not* be required. -# -# NOTE, proxy_auth support is not compiled into Squid by default. -# To use this feature you must enable the USE_PROXY_AUTH option -# near the top of src/Makefile. -# -#proxy_auth /dev/null # TAG: err_html_text # HTML text to include in error messages. Make this a "mailto"