diff -Nur ../squid-2.4.STABLE6.dist/acconfig.h ./acconfig.h --- ../squid-2.4.STABLE6.dist/acconfig.h Mon Jan 1 23:36:54 2001 +++ ./acconfig.h Mon Aug 26 22:13:11 2002 @@ -290,3 +290,9 @@ * Enable support for Transparent Proxy on Linux 2.4 systems */ #undef LINUX_NETFILTER + +/* + * Enable IP Authentication Hack + */ +#undef IP_AUTH_HACK + diff -Nur ../squid-2.4.STABLE6.dist/configure ./configure --- ../squid-2.4.STABLE6.dist/configure Thu Nov 29 00:56:25 2001 +++ ./configure Mon Aug 26 22:25:14 2002 @@ -147,6 +147,8 @@ --disable-unlinkd Do not use unlinkd" ac_help="$ac_help --enable-stacktraces Enable automatic call backtrace on fatal errors" +ac_help="$ac_help + --enable-ip_auth This option enables the IP Authentication Hack." # Initialize some variables set by options. # The variables have the same names as the options, with @@ -1800,6 +1802,21 @@ echo "Enabling automatic stack backtraces on fatal errors" cat >> confdefs.h <<\EOF #define PRINT_STACK_TRACE 1 +EOF + + fi + +fi + + + +# Check whether --enable-ip_auth or --disable-ip_auth was given. +if test "${enable_ip_auth+set}" = set; then + enableval="$enable_ip_auth" + if test "$enableval" = "yes" ; then + echo "Enable IP_AUTH HACK" + cat >> confdefs.h <<\EOF +#define IP_AUTH_HACK 1 EOF fi diff -Nur ../squid-2.4.STABLE6.dist/configure.in ./configure.in --- ../squid-2.4.STABLE6.dist/configure.in Mon Aug 26 22:01:33 2002 +++ ./configure.in Mon Aug 26 22:10:21 2002 @@ -737,6 +737,15 @@ fi ]) + +AC_ARG_ENABLE(ip_auth, +[ --enable-ip_auth Enable IP Authentication Hack], +[ if test "$enableval" = "yes" ; then + echo "Enable IP_AUTH HACK" + AC_DEFINE(IP_AUTH_HACK) + fi +]) + # Force some compilers to use ANSI features # case "$host" in diff -Nur ../squid-2.4.STABLE6.dist/include/autoconf.h.in ./include/autoconf.h.in --- ../squid-2.4.STABLE6.dist/include/autoconf.h.in Mon Aug 26 22:01:33 2002 +++ ./include/autoconf.h.in Mon Aug 26 22:10:21 2002 @@ -301,6 +301,11 @@ */ #undef LINUX_NETFILTER +/* + * Enable IP Authentication Hack + */ +#undef IP_AUTH_HACK + /* The number of bytes in a int. */ #undef SIZEOF_INT diff -Nur ../squid-2.4.STABLE6.dist/src/acl.c ./src/acl.c --- ../squid-2.4.STABLE6.dist/src/acl.c Tue Aug 21 07:55:47 2001 +++ ./src/acl.c Mon Aug 26 22:10:21 2002 @@ -1095,7 +1095,14 @@ if (!aclDecodeProxyAuth(proxy_auth, &user, &password, login_buf, sizeof(login_buf))) /* No or invalid Proxy-Auth header */ +#ifdef IP_AUTH_HACK + /* Set username to ip address */ + user = inet_ntoa(checklist->src_addr); + password = "IP_AUTH"; + debug(28, 4) ("aclMatchProxyAuth: IP_AUTH: trying '%s'\n", user); +#else return -2; +#endif debug(28, 5) ("aclMatchProxyAuth: checking user '%s'\n", user); @@ -1217,6 +1224,16 @@ } ok = aclDecodeProxyAuth(proxy_auth, &user, &password, login_buf, sizeof(login_buf)); + +#ifdef IP_AUTH_HACK + /* try IP_AUTH */ + if (!ok) { + user = inet_ntoa(checklist->src_addr); + password = "IP_AUTH"; + ok = 1; + } +#endif + /* * if aclDecodeProxyAuth() fails, the same call should have failed * in aclMatchProxyAuth, and we should never get this far. diff -Nur ../squid-2.4.STABLE6.dist/src/client_side.c ./src/client_side.c --- ../squid-2.4.STABLE6.dist/src/client_side.c Mon Aug 26 22:01:34 2002 +++ ./src/client_side.c Mon Aug 26 22:10:22 2002 @@ -245,8 +245,14 @@ null_request_flags); if (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName)) { if (!http->flags.accel) { +#ifdef IP_AUTH_HACK + /* Do not let the browser ask for a password */ + debug(33, 7)("IP_AUTH_HACK: sending HTTP_FORBIDDEN\n"); + status = HTTP_FORBIDDEN; +#else /* Proxy authorisation needed */ status = HTTP_PROXY_AUTHENTICATION_REQUIRED; +#endif } else { /* WWW authorisation needed */ status = HTTP_UNAUTHORIZED;