From: hno <>
Date: Wed, 3 May 2000 01:58:13 +0000 (+0000)
Subject: hno squid-2.3.DEVEL3.auth_regex.patch
X-Git-Tag: SQUID_3_0_PRE1~2019
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=145cf92;p=thirdparty%2Fsquid.git

hno squid-2.3.DEVEL3.auth_regex.patch

Squid-2.3.DEVEL3: proxy_auth_regex and ident_regex ACL types

Added proxy_auth_regex and ident_regex ACL types
---

diff --git a/ChangeLog b/ChangeLog
index 63b7b91ae0..cd0b690d21 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -34,6 +34,7 @@ Changes to Squid-2.4.DEVEL3 ():
 	- no_cache is now a full ACL check without, allowing most ACL types
 	  to be used.
 	- The CONNECT method now obeys miss_access requirements
+	- proxy_auth_regex and ident_regex ACL types
 
 Changes to Squid-2.4.DEVEL2 ():
 
diff --git a/src/acl.cc b/src/acl.cc
index 278bbc447d..3c48300bd6 100644
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.cc,v 1.213 2000/05/01 05:11:55 wessels Exp $
+ * $Id: acl.cc,v 1.214 2000/05/02 19:58:13 hno Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -182,6 +182,8 @@ aclStrToType(const char *s)
 #if USE_IDENT
     if (!strcmp(s, "ident"))
 	return ACL_IDENT;
+    if (!strcmp(s, "ident_regex"))
+	return ACL_IDENT_REGEX;
 #endif
     if (!strncmp(s, "proto", 5))
 	return ACL_PROTO;
@@ -191,6 +193,8 @@ aclStrToType(const char *s)
 	return ACL_BROWSER;
     if (!strcmp(s, "proxy_auth"))
 	return ACL_PROXY_AUTH;
+    if (!strcmp(s, "proxy_auth_regex"))
+	return ACL_PROXY_AUTH_REGEX;
     if (!strcmp(s, "src_as"))
 	return ACL_SRC_ASN;
     if (!strcmp(s, "dst_as"))
@@ -240,6 +244,8 @@ aclTypeToStr(squid_acl type)
 #if USE_IDENT
     if (type == ACL_IDENT)
 	return "ident";
+    if (type == ACL_IDENT_REGEX)
+	return "ident_regex";
 #endif
     if (type == ACL_PROTO)
 	return "proto";
@@ -249,6 +255,8 @@ aclTypeToStr(squid_acl type)
 	return "browser";
     if (type == ACL_PROXY_AUTH)
 	return "proxy_auth";
+    if (type == ACL_PROXY_AUTH_REGEX)
+	return "proxy_auth_regex";
     if (type == ACL_SRC_ASN)
 	return "src_as";
     if (type == ACL_DST_ASN)
@@ -718,6 +726,9 @@ aclParseAclLine(acl ** head)
     case ACL_IDENT:
 	aclParseWordList(&A->data);
 	break;
+    case ACL_IDENT_REGEX:
+	aclParseRegexList(&A->data);
+	break;
 #endif
     case ACL_PROTO:
 	aclParseProtoList(&A->data);
@@ -733,6 +744,14 @@ aclParseAclLine(acl ** head)
 	    assert(proxy_auth_cache);
 	}
 	break;
+    case ACL_PROXY_AUTH_REGEX:
+	aclParseRegexList(&A->data);
+	if (!proxy_auth_cache) {
+	    /* First time around, 7921 should be big enough */
+	    proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
+	    assert(proxy_auth_cache);
+	}
+	break;
 #if SQUID_SNMP
     case ACL_SNMP_COMMUNITY:
 	aclParseWordList(&A->data);
@@ -1049,7 +1068,7 @@ aclDecodeProxyAuth(const char *proxy_auth, char **user, char **password, char *b
  */
 
 static int
-aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
+aclMatchProxyAuth(void * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist, squid_acl acltype)
 {
     /* checklist is used to register user name when identified, nothing else */
     LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ);
@@ -1116,7 +1135,15 @@ aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user *
 	    auth_user->ipaddr = checklist->src_addr;
 	    /* copy username to request for logging on client-side */
 	    xstrncpy(checklist->request->user_ident, user, USER_IDENT_SZ);
-	    return aclMatchUser(data, user);
+	    switch(acltype) {
+	    case ACL_PROXY_AUTH:
+		return aclMatchUser(data, user);
+	    case ACL_PROXY_AUTH_REGEX:
+		return aclMatchRegex(data, user);
+	    default:
+		fatal("aclMatchProxyAuth: unknown ACL type");
+		return 0; /* NOTREACHED */
+	    }
 	} else {
 	    /* user has switched to another IP addr */
 	    debug(28, 1) ("aclMatchProxyAuth: user '%s' has changed IP address\n", user);
@@ -1389,6 +1416,14 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist)
 	    return 0;
 	}
 	/* NOTREACHED */
+    case ACL_IDENT_REGEX:
+	if (checklist->ident[0]) {
+	    return aclMatchRegex(ae->data, checklist->ident);
+	} else {
+	    checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED;
+	    return 0;
+	}
+	/* NOTREACHED */
 #endif
     case ACL_PROTO:
 	return aclMatchInteger(ae->data, r->protocol);
@@ -1403,6 +1438,7 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist)
 	return aclMatchRegex(ae->data, browser);
 	/* NOTREACHED */
     case ACL_PROXY_AUTH:
+    case ACL_PROXY_AUTH_REGEX:
 	if (NULL == r) {
 	    return -1;
 	} else if (!r->flags.accelerated) {
@@ -1432,7 +1468,8 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist)
 	switch (aclMatchProxyAuth(ae->data,
 		header,
 		checklist->auth_user,
-		checklist)) {
+		checklist,
+		ae->type)) {
 	case 0:
 	    /* Correct password, but was not allowed in this ACL */
 	    return 0;
@@ -1840,6 +1877,10 @@ aclDestroyAcls(acl ** head)
 	case ACL_TIME:
 	    aclDestroyTimeList(a->data);
 	    break;
+#if USE_IDENT
+	case ACL_IDENT_REGEX:
+#endif
+	case ACL_PROXY_AUTH_REGEX:
 	case ACL_URL_REGEX:
 	case ACL_URLPATH_REGEX:
 	case ACL_BROWSER:
@@ -2165,6 +2206,11 @@ aclDumpGeneric(const acl * a)
 #endif
 #if USE_IDENT
     case ACL_IDENT:
+	return wordlistDup(a->data);
+	break;
+    case ACL_IDENT_REGEX:
+	return aclDumpRegexList(a->data);
+	break;
 #endif
     case ACL_PROXY_AUTH:
 	return wordlistDup(a->data);
@@ -2172,6 +2218,7 @@ aclDumpGeneric(const acl * a)
     case ACL_TIME:
 	return aclDumpTimeSpecList(a->data);
 	break;
+    case ACL_PROXY_AUTH_REGEX:
     case ACL_URL_REGEX:
     case ACL_URLPATH_REGEX:
     case ACL_BROWSER:
diff --git a/src/cf.data.pre b/src/cf.data.pre
index 3b83ab07e5..34138e4915 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.172 2000/05/02 19:43:30 hno Exp $
+# $Id: cf.data.pre,v 1.173 2000/05/02 19:58:13 hno Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -1651,6 +1651,7 @@ DOC_START
 	acl aclname browser  [-i] regexp
 	  # pattern match on User-Agent header
 	acl aclname ident    username ...
+	acl aclname ident_regex [-i] pattern ...
 	  # string match on ident output.
 	  # use REQUIRED to accept any non-null ident.
 	acl aclname src_as   number ... 
@@ -1664,6 +1665,7 @@ DOC_START
 	  # cache_peer_access mycache_mydomain.net deny all
 
 	acl aclname proxy_auth username ...
+	acl aclname proxy_auth_regex [-i] pattern ...
 	  # list of valid usernames
 	  # use REQUIRED to accept any valid username.
 	  #
diff --git a/src/enums.h b/src/enums.h
index 5e20690665..43bc453524 100644
--- a/src/enums.h
+++ b/src/enums.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: enums.h,v 1.163 2000/03/06 16:23:31 wessels Exp $
+ * $Id: enums.h,v 1.164 2000/05/02 19:58:13 hno Exp $
  *
  *
  * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -108,11 +108,13 @@ typedef enum {
     ACL_MY_PORT,
 #if USE_IDENT
     ACL_IDENT,
+    ACL_IDENT_REGEX,
 #endif
     ACL_PROTO,
     ACL_METHOD,
     ACL_BROWSER,
     ACL_PROXY_AUTH,
+    ACL_PROXY_AUTH_REGEX,
     ACL_SRC_ASN,
     ACL_DST_ASN,
     ACL_SRC_ARP,