static void authenticateAuthUserRequestLinkIp(auth_user_request_t * auth_user_request, const struct in_addr ipaddr, request_t * request) { auth_user_request_ip_hash_t *hash_entry; if (!Config.authenticateIpShortcircuitTTL) return; #ifdef CC_FRAMEWORK acl_access * acl = cc_get_acl_access_by_token_and_host("authenticate_ip_shortcircuit_access",request->host); if (acl && !aclCheckFastRequest(acl, request)) #else if (Config.accessList.auth_ip_shortcircuit && !aclCheckFastRequest(Config.accessList.auth_ip_shortcircuit, request)) #endif return; if (!auth_user_request_ip_hash) { auth_user_request_ip_hash = hash_create((HASHCMP *) cmp_in_addr, 7921, hash_in_addr); auth_user_request_ip_pool = memPoolCreate("auth_user_request_ip_hash_t", sizeof(auth_user_request_ip_hash_t)); } authenticateAuthUserRequestUnlinkIp(ipaddr); hash_entry = memPoolAlloc(auth_user_request_ip_pool); hash_entry->ipaddr = ipaddr; hash_entry->hash.key = &hash_entry->ipaddr; hash_entry->auth_user_request = auth_user_request; authenticateAuthUserRequestLock(hash_entry->auth_user_request); hash_entry->last_seen = squid_curtime; hash_join(auth_user_request_ip_hash, &hash_entry->hash); }
/* * httpHdrMangle checks the anonymizer (header_access) configuration. * Returns 1 if the header is allowed. */ static int httpHdrMangle(HttpHeaderEntry * e, request_t * request) { int retval = 1; /* check with anonymizer tables */ header_mangler *hm; assert(e); if (e->id == HDR_OTHER) { for (hm = Config.header_access[HDR_OTHER].next; hm; hm = hm->next) { if (strCmp(e->name, hm->name) == 0) break; } if (!hm) return 1; } else hm = &Config.header_access[e->id]; if (!hm->access_list) return 1; if (aclCheckFastRequest(hm->access_list, request)) { retval = 1; } else if (NULL == hm->replacement) { /* It was denied, and we don't have any replacement */ retval = 0; } else { /* It was denied, but we have a replacement. Replace the * header on the fly, and return that the new header * is allowed. */ stringReset(&e->value, hm->replacement); retval = -1; } return retval != 0; }
/* * peerAllowedToUse * * this function figures out if it is appropriate to fetch REQUEST * from PEER. */ int peerAllowedToUse(const peer * p, request_t * request) { const struct _domain_ping *d = NULL; int do_ping = 1; assert(request != NULL); if (neighborType(p, request) == PEER_SIBLING) { #if PEER_MULTICAST_SIBLINGS if (p->type == PEER_MULTICAST && p->options.mcast_siblings && (request->flags.nocache || request->flags.refresh || request->flags.loopdetect || request->flags.need_validation)) debug(15, 2) ("peerAllowedToUse(%s, %s) : multicast-siblings optimization match\n", p->name, request->host); #endif if (request->flags.nocache) return 0; if (request->flags.refresh) return 0; if (request->flags.loopdetect) return 0; if (request->flags.need_validation) return 0; } if (p->peer_domain == NULL && p->access == NULL) return do_ping; do_ping = 0; for (d = p->peer_domain; d; d = d->next) { if (0 == matchDomainName(request->host, d->domain)) { do_ping = d->do_ping; break; } do_ping = !d->do_ping; } if (p->peer_domain && 0 == do_ping) return do_ping; if (p->access == NULL) return do_ping; return aclCheckFastRequest(p->access, request); }