static void
authenticateAuthUserRequestLinkIp(auth_user_request_t * auth_user_request, const struct in_addr ipaddr, request_t * request)
{
auth_user_request_ip_hash_t *hash_entry;
if (!Config.authenticateIpShortcircuitTTL)
return;
#ifdef CC_FRAMEWORK
acl_access * acl = cc_get_acl_access_by_token_and_host("authenticate_ip_shortcircuit_access",request->host);
if (acl && !aclCheckFastRequest(acl, request))
#else
if (Config.accessList.auth_ip_shortcircuit && !aclCheckFastRequest(Config.accessList.auth_ip_shortcircuit, request))
#endif
return;
if (!auth_user_request_ip_hash)
{
auth_user_request_ip_hash = hash_create((HASHCMP *) cmp_in_addr, 7921, hash_in_addr);
auth_user_request_ip_pool = memPoolCreate("auth_user_request_ip_hash_t", sizeof(auth_user_request_ip_hash_t));
}
authenticateAuthUserRequestUnlinkIp(ipaddr);
hash_entry = memPoolAlloc(auth_user_request_ip_pool);
hash_entry->ipaddr = ipaddr;
hash_entry->hash.key = &hash_entry->ipaddr;
hash_entry->auth_user_request = auth_user_request;
authenticateAuthUserRequestLock(hash_entry->auth_user_request);
hash_entry->last_seen = squid_curtime;
hash_join(auth_user_request_ip_hash, &hash_entry->hash);
}
/*
* httpHdrMangle checks the anonymizer (header_access) configuration.
* Returns 1 if the header is allowed.
*/
static int
httpHdrMangle(HttpHeaderEntry * e, request_t * request)
{
int retval = 1;
/* check with anonymizer tables */
header_mangler *hm;
assert(e);
if (e->id == HDR_OTHER) {
for (hm = Config.header_access[HDR_OTHER].next; hm; hm = hm->next) {
if (strCmp(e->name, hm->name) == 0)
break;
}
if (!hm)
return 1;
} else
hm = &Config.header_access[e->id];
if (!hm->access_list)
return 1;
if (aclCheckFastRequest(hm->access_list, request)) {
retval = 1;
} else if (NULL == hm->replacement) {
/* It was denied, and we don't have any replacement */
retval = 0;
} else {
/* It was denied, but we have a replacement. Replace the
* header on the fly, and return that the new header
* is allowed.
*/
stringReset(&e->value, hm->replacement);
retval = -1;
}
return retval != 0;
}
/*
* peerAllowedToUse
*
* this function figures out if it is appropriate to fetch REQUEST
* from PEER.
*/
int
peerAllowedToUse(const peer * p, request_t * request)
{
const struct _domain_ping *d = NULL;
int do_ping = 1;
assert(request != NULL);
if (neighborType(p, request) == PEER_SIBLING) {
#if PEER_MULTICAST_SIBLINGS
if (p->type == PEER_MULTICAST && p->options.mcast_siblings &&
(request->flags.nocache || request->flags.refresh || request->flags.loopdetect || request->flags.need_validation))
debug(15, 2) ("peerAllowedToUse(%s, %s) : multicast-siblings optimization match\n",
p->name, request->host);
#endif
if (request->flags.nocache)
return 0;
if (request->flags.refresh)
return 0;
if (request->flags.loopdetect)
return 0;
if (request->flags.need_validation)
return 0;
}
if (p->peer_domain == NULL && p->access == NULL)
return do_ping;
do_ping = 0;
for (d = p->peer_domain; d; d = d->next) {
if (0 == matchDomainName(request->host, d->domain)) {
do_ping = d->do_ping;
break;
}
do_ping = !d->do_ping;
}
if (p->peer_domain && 0 == do_ping)
return do_ping;
if (p->access == NULL)
return do_ping;
return aclCheckFastRequest(p->access, request);
}
