* ext_user acl type to match user name returned by external acl

* cleanup of how external acls present a user name to the
  Squid core to make the code more logical and fix a
  minor security issues if there is downstream proxies.

* concept of password returned by external acl type. Integrated
  with login= cache_peer option to have the password forwarded
  to peers (both proxies and origin type peers)

diff --git a/src/cf.data.pre b/src/cf.data.pre
index e6f4979f5bb9542c51f0b174b00e2099c56e768e..c0bc6cf8fab035ab7f11d0efca4902fa931172fb 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.325 2003/06/27 20:54:45 hno Exp $
+# $Id: cf.data.pre,v 1.326 2003/06/27 22:42:08 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1803,6 +1803,7 @@ DOC_START
        Defined keywords:
 
          user=         The users name (login)
+         password=     The users password (for login= cache_peer option)
          message=      Message describing the reason
          tag=          Apply a tag to a request (for both ERR and OK results)
                        Only sets a tag, does not alter existing tags.
@@ -2321,6 +2322,11 @@ DOC_START
          # match against attributes a users issuing CA SSL certificate
          # attribute is one of DN/C/O/CN/L/ST
 
+       acl aclname ext_user username ...
+       acl aclname ext_user_regex [-i] pattern ...
+         # string match on username returned by external acl processing
+         # use REQUIRED to accept any non-null user name.
+
 Examples:
 acl myexample dst_as 1241
 acl password proxy_auth REQUIRED