hno squid-2.3.DEVEL3.auth_regex.patch

Squid-2.3.DEVEL3: proxy_auth_regex and ident_regex ACL types

Added proxy_auth_regex and ident_regex ACL types

diff --git a/ChangeLog b/ChangeLog
index 63b7b91ae0286971bad25e7bc93b7ddfa81081c1..cd0b690d214fd425e822abba9939aa3059d6138d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,7 @@ Changes to Squid-2.4.DEVEL3 ():
        - no_cache is now a full ACL check without, allowing most ACL types
          to be used.
        - The CONNECT method now obeys miss_access requirements
+       - proxy_auth_regex and ident_regex ACL types
 
 Changes to Squid-2.4.DEVEL2 ():
 

diff --git a/src/acl.cc b/src/acl.cc
index 278bbc447d20053f7cd23fe72763b401c062b29f..3c48300bd6b56918dcd4926c03414bf3e8539587 100644 (file)
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.cc,v 1.213 2000/05/01 05:11:55 wessels Exp $
+ * $Id: acl.cc,v 1.214 2000/05/02 19:58:13 hno Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -182,6 +182,8 @@ aclStrToType(const char *s)
 #if USE_IDENT
     if (!strcmp(s, "ident"))
        return ACL_IDENT;
+    if (!strcmp(s, "ident_regex"))
+       return ACL_IDENT_REGEX;
 #endif
     if (!strncmp(s, "proto", 5))
        return ACL_PROTO;
@@ -191,6 +193,8 @@ aclStrToType(const char *s)
        return ACL_BROWSER;
     if (!strcmp(s, "proxy_auth"))
        return ACL_PROXY_AUTH;
+    if (!strcmp(s, "proxy_auth_regex"))
+       return ACL_PROXY_AUTH_REGEX;
     if (!strcmp(s, "src_as"))
        return ACL_SRC_ASN;
     if (!strcmp(s, "dst_as"))
@@ -240,6 +244,8 @@ aclTypeToStr(squid_acl type)
 #if USE_IDENT
     if (type == ACL_IDENT)
        return "ident";
+    if (type == ACL_IDENT_REGEX)
+       return "ident_regex";
 #endif
     if (type == ACL_PROTO)
        return "proto";
@@ -249,6 +255,8 @@ aclTypeToStr(squid_acl type)
        return "browser";
     if (type == ACL_PROXY_AUTH)
        return "proxy_auth";
+    if (type == ACL_PROXY_AUTH_REGEX)
+       return "proxy_auth_regex";
     if (type == ACL_SRC_ASN)
        return "src_as";
     if (type == ACL_DST_ASN)
@@ -718,6 +726,9 @@ aclParseAclLine(acl ** head)
     case ACL_IDENT:
        aclParseWordList(&A->data);
        break;
+    case ACL_IDENT_REGEX:
+       aclParseRegexList(&A->data);
+       break;
 #endif
     case ACL_PROTO:
        aclParseProtoList(&A->data);
@@ -733,6 +744,14 @@ aclParseAclLine(acl ** head)
            assert(proxy_auth_cache);
        }
        break;
+    case ACL_PROXY_AUTH_REGEX:
+       aclParseRegexList(&A->data);
+       if (!proxy_auth_cache) {
+           /* First time around, 7921 should be big enough */
+           proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
+           assert(proxy_auth_cache);
+       }
+       break;
 #if SQUID_SNMP
     case ACL_SNMP_COMMUNITY:
        aclParseWordList(&A->data);
@@ -1049,7 +1068,7 @@ aclDecodeProxyAuth(const char *proxy_auth, char **user, char **password, char *b
  */
 
 static int
-aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
+aclMatchProxyAuth(void * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist, squid_acl acltype)
 {
     /* checklist is used to register user name when identified, nothing else */
     LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ);
@@ -1116,7 +1135,15 @@ aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user *
            auth_user->ipaddr = checklist->src_addr;
            /* copy username to request for logging on client-side */
            xstrncpy(checklist->request->user_ident, user, USER_IDENT_SZ);
-           return aclMatchUser(data, user);
+           switch(acltype) {
+           case ACL_PROXY_AUTH:
+               return aclMatchUser(data, user);
+           case ACL_PROXY_AUTH_REGEX:
+               return aclMatchRegex(data, user);
+           default:
+               fatal("aclMatchProxyAuth: unknown ACL type");
+               return 0; /* NOTREACHED */
+           }
        } else {
            /* user has switched to another IP addr */
            debug(28, 1) ("aclMatchProxyAuth: user '%s' has changed IP address\n", user);
@@ -1389,6 +1416,14 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist)
            return 0;
        }
        /* NOTREACHED */
+    case ACL_IDENT_REGEX:
+       if (checklist->ident[0]) {
+           return aclMatchRegex(ae->data, checklist->ident);
+       } else {
+           checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED;
+           return 0;
+       }
+       /* NOTREACHED */
 #endif
     case ACL_PROTO:
        return aclMatchInteger(ae->data, r->protocol);
@@ -1403,6 +1438,7 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist)
        return aclMatchRegex(ae->data, browser);
        /* NOTREACHED */
     case ACL_PROXY_AUTH:
+    case ACL_PROXY_AUTH_REGEX:
        if (NULL == r) {
            return -1;
        } else if (!r->flags.accelerated) {
@@ -1432,7 +1468,8 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist)
        switch (aclMatchProxyAuth(ae->data,
                header,
                checklist->auth_user,
-               checklist)) {
+               checklist,
+               ae->type)) {
        case 0:
            /* Correct password, but was not allowed in this ACL */
            return 0;
@@ -1840,6 +1877,10 @@ aclDestroyAcls(acl ** head)
        case ACL_TIME:
            aclDestroyTimeList(a->data);
            break;
+#if USE_IDENT
+       case ACL_IDENT_REGEX:
+#endif
+       case ACL_PROXY_AUTH_REGEX:
        case ACL_URL_REGEX:
        case ACL_URLPATH_REGEX:
        case ACL_BROWSER:
@@ -2165,6 +2206,11 @@ aclDumpGeneric(const acl * a)
 #endif
 #if USE_IDENT
     case ACL_IDENT:
+       return wordlistDup(a->data);
+       break;
+    case ACL_IDENT_REGEX:
+       return aclDumpRegexList(a->data);
+       break;
 #endif
     case ACL_PROXY_AUTH:
        return wordlistDup(a->data);
@@ -2172,6 +2218,7 @@ aclDumpGeneric(const acl * a)
     case ACL_TIME:
        return aclDumpTimeSpecList(a->data);
        break;
+    case ACL_PROXY_AUTH_REGEX:
     case ACL_URL_REGEX:
     case ACL_URLPATH_REGEX:
     case ACL_BROWSER:

diff --git a/src/cf.data.pre b/src/cf.data.pre
index 3b83ab07e5dcbd7a03acd98c8ed88048446a09a2..34138e4915f35dbeb4a325840beab992a6038bfa 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.172 2000/05/02 19:43:30 hno Exp $
+# $Id: cf.data.pre,v 1.173 2000/05/02 19:58:13 hno Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -1651,6 +1651,7 @@ DOC_START
        acl aclname browser  [-i] regexp
          # pattern match on User-Agent header
        acl aclname ident    username ...
+       acl aclname ident_regex [-i] pattern ...
          # string match on ident output.
          # use REQUIRED to accept any non-null ident.
        acl aclname src_as   number ... 
@@ -1664,6 +1665,7 @@ DOC_START
          # cache_peer_access mycache_mydomain.net deny all
 
        acl aclname proxy_auth username ...
+       acl aclname proxy_auth_regex [-i] pattern ...
          # list of valid usernames
          # use REQUIRED to accept any valid username.
          #

diff --git a/src/enums.h b/src/enums.h
index 5e206906654254e4fe06906112288324f2e03945..43bc453524b08100ee8ec7684b276986b2151b24 100644 (file)
--- a/src/enums.h
+++ b/src/enums.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: enums.h,v 1.163 2000/03/06 16:23:31 wessels Exp $
+ * $Id: enums.h,v 1.164 2000/05/02 19:58:13 hno Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -108,11 +108,13 @@ typedef enum {
     ACL_MY_PORT,
 #if USE_IDENT
     ACL_IDENT,
+    ACL_IDENT_REGEX,
 #endif
     ACL_PROTO,
     ACL_METHOD,
     ACL_BROWSER,
     ACL_PROXY_AUTH,
+    ACL_PROXY_AUTH_REGEX,
     ACL_SRC_ASN,
     ACL_DST_ASN,
     ACL_SRC_ARP,