---------------------
PatchSet 7208 
Date: 2006/02/16 17:21:45
Author: oliv3
Branch: icap-2_5
Tag: (none) 
Log:
Added X-Server-IP support.
Changed the "send ICAP..." semantics so that only allowed X-* headers
  are sent to the ICAP server.

Members: 
	src/cf.data.pre:1.49.2.33.2.32->1.49.2.33.2.33 
	src/icap_common.c:1.1.2.39->1.1.2.40 
	src/icap_opt.c:1.1.2.17->1.1.2.18 
	src/icap_reqmod.c:1.1.2.58->1.1.2.59 
	src/icap_respmod.c:1.1.2.60->1.1.2.61 
	src/protos.h:1.41.6.13.2.37->1.41.6.13.2.38 
	src/structs.h:1.48.2.9.2.48->1.48.2.9.2.49 

Index: squid/src/cf.data.pre
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/cf.data.pre,v
retrieving revision 1.49.2.33.2.32
retrieving revision 1.49.2.33.2.33
diff -u -r1.49.2.33.2.32 -r1.49.2.33.2.33
--- squid/src/cf.data.pre	24 Oct 2005 17:07:42 -0000	1.49.2.33.2.32
+++ squid/src/cf.data.pre	16 Feb 2006 17:21:45 -0000	1.49.2.33.2.33
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.49.2.33.2.32 2005/10/24 17:07:42 chtsanti Exp $
+# $Id: cf.data.pre,v 1.49.2.33.2.33 2006/02/16 17:21:45 oliv3 Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -2768,8 +2768,19 @@
 LOC: Config.icapcfg.send_client_ip
 DEFAULT: off
 DOC_START
-	This adds the header "X-Client-IP" to ICAP requests. Can also be
-	set from the server's response to OPTIONS.
+	Allows Squid to add the "X-Client-IP" header if requested by
+	an ICAP service in it's response to OPTIONS.
+DOC_END
+
+NAME: icap_send_server_ip
+TYPE: onoff
+IFDEF: HS_FEAT_ICAP
+COMMENT: on|off
+LOC: Config.icapcfg.send_server_ip
+DEFAULT: off
+DOC_START
+	Allows Squid to add the "X-Server-IP" header if requested by
+	an ICAP service in it's response to OPTIONS.
 DOC_END
 
 NAME: icap_send_auth_user
@@ -2779,9 +2790,8 @@
 LOC: Config.icapcfg.send_auth_user
 DEFAULT: off
 DOC_START
-	This adds the header "X-Authenticated-User" to ICAP requests 
-	if proxy access is authentified. Can also be set from the server's
-	response to OPTIONS.
+	Allows Squid to add the "X-Authenticated-User" header if requested
+	by an ICAP service in it's response to OPTIONS.
 DOC_END
 
 NAME: icap_auth_scheme
Index: squid/src/icap_common.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/Attic/icap_common.c,v
retrieving revision 1.1.2.39
retrieving revision 1.1.2.40
diff -u -r1.1.2.39 -r1.1.2.40
--- squid/src/icap_common.c	22 Nov 2005 22:41:48 -0000	1.1.2.39
+++ squid/src/icap_common.c	16 Feb 2006 17:21:45 -0000	1.1.2.40
@@ -1,5 +1,5 @@
 /*
- * $Id: icap_common.c,v 1.1.2.39 2005/11/22 22:41:48 dwsquid Exp $
+ * $Id: icap_common.c,v 1.1.2.40 2006/02/16 17:21:45 oliv3 Exp $
  *
  * DEBUG: section 81    Internet Content Adaptation Protocol (ICAP) Client
  * AUTHOR: Geetha Manjunath, Hewlett Packard Company
@@ -783,3 +783,35 @@
     memBufPrintf(mb, "X-Authenticated-User: %s\r\n", base64_encode(authuser));
     xfree(authuser);
 }
+
+/*
+ *  icapAddOriginIP
+ *
+ *  Builds and adds the X-Server-IP header to an ICAP request headers.
+ */
+void
+icapAddOriginIP(MemBuf *mb, const char *host)
+{
+  const ipcache_addrs *addrs;
+  struct in_addr s;
+
+  if (host == NULL) {
+    debug(81, 5)("icapAddOriginIP: NULL host\n");
+    return;
+  }
+    
+  addrs = ipcache_gethostbyname(host, IP_LOOKUP_IF_MISS);
+  if (addrs == NULL) {
+    /*
+     * http://www.i-cap.org/spec/draft-stecher-icap-subid-00.txt :
+     *
+     * [...] If the meta information for some header is not available,
+     * the header field MUST be omitted.
+     */
+    debug(81, 5)("icapAddOriginIP: can't tell IP address\n");
+    return;
+  }
+
+  s = addrs->in_addrs[0];
+  memBufPrintf(mb, "X-Server-IP: %s\r\n", inet_ntoa(s));
+}
Index: squid/src/icap_opt.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/Attic/icap_opt.c,v
retrieving revision 1.1.2.17
retrieving revision 1.1.2.18
diff -u -r1.1.2.17 -r1.1.2.18
--- squid/src/icap_opt.c	22 Nov 2005 22:41:48 -0000	1.1.2.17
+++ squid/src/icap_opt.c	16 Feb 2006 17:21:45 -0000	1.1.2.18
@@ -1,6 +1,6 @@
 
 /*
- * $Id: icap_opt.c,v 1.1.2.17 2005/11/22 22:41:48 dwsquid Exp $
+ * $Id: icap_opt.c,v 1.1.2.18 2006/02/16 17:21:45 oliv3 Exp $
  * 
  * DEBUG: section 81    Internet Content Adaptation Protocol (ICAP) Client OPTIONS
  * AUTHOR: Ralf Horstmann
@@ -435,6 +435,10 @@
 	    debug(81, 5) ("icapOptParseEntry: X-Include: found X-Client-IP\n");
 	    s->flags.need_x_client_ip = 1;
 	}
+	if (strstr(value_start, "X-Server-IP")) {
+	    debug(81, 5) ("icapOptParseEntry: X-Include: found X-Server-IP\n");
+	    s->flags.need_x_server_ip = 1;
+	}
 	if (strstr(value_start, "X-Authenticated-User")) {
 	    debug(81, 5) ("icapOptParseEntry: X-Include: found X-Authenticated-User\n");
 	    s->flags.need_x_authenticated_user = 1;
Index: squid/src/icap_reqmod.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/Attic/icap_reqmod.c,v
retrieving revision 1.1.2.58
retrieving revision 1.1.2.59
diff -u -r1.1.2.58 -r1.1.2.59
--- squid/src/icap_reqmod.c	6 Dec 2005 21:53:44 -0000	1.1.2.58
+++ squid/src/icap_reqmod.c	16 Feb 2006 17:21:45 -0000	1.1.2.59
@@ -1,6 +1,6 @@
 
 /*
- * $Id: icap_reqmod.c,v 1.1.2.58 2005/12/06 21:53:44 dwsquid Exp $
+ * $Id: icap_reqmod.c,v 1.1.2.59 2006/02/16 17:21:45 oliv3 Exp $
  *
  * DEBUG: section 81    Internet Content Adaptation Protocol (ICAP) Client
  * AUTHOR: Geetha Manjunath, Hewlett Packard Company
@@ -697,10 +697,15 @@
     else
 	memBufPrintf(&mb, ", null-body=%d", mb_hdr.size);
     memBufAppend(&mb, crlf, 2);
-    if (Config.icapcfg.send_client_ip || service->flags.need_x_client_ip)
+
+    if (service->flags.need_x_client_ip && Config.icapcfg.send_client_ip)
 	memBufPrintf(&mb, "X-Client-IP: %s\r\n", client_addr);
-    if ((Config.icapcfg.send_auth_user
-	    || service->flags.need_x_authenticated_user)
+
+    if (service->flags.need_x_server_ip && Config.icapcfg.send_server_ip)
+        icapAddOriginIP(&mb, icap->request->host);
+
+    if ((service->flags.need_x_authenticated_user)
+	    && Config.icapcfg.send_auth_user)
 	&& (icap->request->auth_user_request != NULL))
 	icapAddAuthUserHeader(&mb, icap->request->auth_user_request);
     if (service->keep_alive) {
Index: squid/src/icap_respmod.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/Attic/icap_respmod.c,v
retrieving revision 1.1.2.60
retrieving revision 1.1.2.61
diff -u -r1.1.2.60 -r1.1.2.61
--- squid/src/icap_respmod.c	23 Nov 2005 20:34:34 -0000	1.1.2.60
+++ squid/src/icap_respmod.c	16 Feb 2006 17:21:45 -0000	1.1.2.61
@@ -1,6 +1,6 @@
 
 /*
- * $Id: icap_respmod.c,v 1.1.2.60 2005/11/23 20:34:34 dwsquid Exp $
+ * $Id: icap_respmod.c,v 1.1.2.61 2006/02/16 17:21:45 oliv3 Exp $
  *
  * DEBUG: section 81    Internet Content Adaptation Protocol (ICAP) Client
  * AUTHOR: Geetha Manjunath, Hewlett Packard Company
@@ -58,13 +58,17 @@
 	memBufPrintf(mb, ", res-body=%1d", o3);
     else
 	memBufPrintf(mb, ", null-body=%1d", -o3);
-
     memBufPrintf(mb, crlf);
-    if (Config.icapcfg.send_client_ip || service->flags.need_x_client_ip) {
+
+    if (service->flags.need_x_client_ip && Config.icapcfg.send_client_ip) {
 	memBufPrintf(mb, "X-Client-IP: %s\r\n", client_addr);
     }
-    if ((Config.icapcfg.send_auth_user
-	    || service->flags.need_x_authenticated_user)
+
+    if (service->flags.need_x_server_ip && Config.icapcfg.send_server_ip)
+        icapAddOriginIP(mb, icap->request->host);
+
+    if ((service->flags.need_x_authenticated_user
+	    && Config.icapcfg.send_auth_user)
 	&& (icap->request->auth_user_request != NULL)) {
 	icapAddAuthUserHeader(mb, icap->request->auth_user_request);
     }
Index: squid/src/protos.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/protos.h,v
retrieving revision 1.41.6.13.2.37
retrieving revision 1.41.6.13.2.38
diff -u -r1.41.6.13.2.37 -r1.41.6.13.2.38
--- squid/src/protos.h	6 Dec 2005 21:53:44 -0000	1.41.6.13.2.37
+++ squid/src/protos.h	16 Feb 2006 17:21:45 -0000	1.41.6.13.2.38
@@ -1,6 +1,6 @@
 
 /*
- * $Id: protos.h,v 1.41.6.13.2.37 2005/12/06 21:53:44 dwsquid Exp $
+ * $Id: protos.h,v 1.41.6.13.2.38 2006/02/16 17:21:45 oliv3 Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1385,6 +1385,10 @@
 void icapOptInit(void);
 void icapOptShutdown(void);
 void icapOptSetUnreachable(icap_service * s);
+
+/* X-Server-IP support */
+void icapAddOriginIP(MemBuf *, const char *);
+
 /* for debugging purposes only */
 void dump_icap_config(IcapConfig * cfg);
 #endif
Index: squid/src/structs.h
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/structs.h,v
retrieving revision 1.48.2.9.2.48
retrieving revision 1.48.2.9.2.49
diff -u -r1.48.2.9.2.48 -r1.48.2.9.2.49
--- squid/src/structs.h	30 Nov 2005 21:52:15 -0000	1.48.2.9.2.48
+++ squid/src/structs.h	16 Feb 2006 17:21:45 -0000	1.48.2.9.2.49
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.48.2.9.2.48 2005/11/30 21:52:15 dwsquid Exp $
+ * $Id: structs.h,v 1.48.2.9.2.49 2006/02/16 17:21:45 oliv3 Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -394,6 +394,7 @@
     int preview_size;
     int check_interval;
     int send_client_ip;
+    int send_server_ip;
     int send_auth_user;
     char *auth_scheme;
 };
@@ -1085,6 +1086,7 @@
     struct {
 	unsigned int allow_204:1;
 	unsigned int need_x_client_ip:1;
+	unsigned int need_x_server_ip:1;
 	unsigned int need_x_authenticated_user:1;
     } flags;
     int preview;