From: hno <>
Date: Sat, 28 Jun 2003 04:42:08 +0000 (+0000)
Subject: * ext_user acl type to match user name returned by external acl
X-Git-Tag: SQUID_3_0_PRE1~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d95b862f93568f672a18f350a74fd5485ece4d09;p=thirdparty%2Fsquid.git

* ext_user acl type to match user name returned by external acl

* cleanup of how external acls present a user name to the
  Squid core to make the code more logical and fix a
  minor security issues if there is downstream proxies.

* concept of password returned by external acl type. Integrated
  with login= cache_peer option to have the password forwarded
  to peers (both proxies and origin type peers)
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index e6f4979f5b..c0bc6cf8fa 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.325 2003/06/27 20:54:45 hno Exp $
+# $Id: cf.data.pre,v 1.326 2003/06/27 22:42:08 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1803,6 +1803,7 @@ DOC_START
 	Defined keywords:
 
 	  user=		The users name (login)
+	  password=	The users password (for login= cache_peer option)
 	  message=	Message describing the reason
 	  tag=		Apply a tag to a request (for both ERR and OK results)
 	  		Only sets a tag, does not alter existing tags.
@@ -2321,6 +2322,11 @@ DOC_START
 	  # match against attributes a users issuing CA SSL certificate
 	  # attribute is one of DN/C/O/CN/L/ST
 
+	acl aclname ext_user username ...
+	acl aclname ext_user_regex [-i] pattern ...
+	  # string match on username returned by external acl processing
+	  # use REQUIRED to accept any non-null user name.
+
 Examples:
 acl myexample dst_as 1241
 acl password proxy_auth REQUIRED