From: hno <>
Date: Mon, 27 Sep 2004 03:35:41 +0000 (+0000)
Subject: Bug #431: case insensitive authentication
X-Git-Tag: SQUID_3_0_PRE4~1043
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=646583784bd1c6a5ae495ba2d50526130fd1f17e;p=thirdparty%2Fsquid.git

Bug #431: case insensitive authentication

Most authentication backends are case insensitive on the user name, and
so should Squid. (with option for case sensitive operation)

Patch ported to Squid-3 by Guido
---

diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc
index 4dcbbda676..db032ff4a3 100644
--- a/src/auth/basic/auth_basic.cc
+++ b/src/auth/basic/auth_basic.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: auth_basic.cc,v 1.31 2004/08/30 05:12:32 robertc Exp $
+ * $Id: auth_basic.cc,v 1.32 2004/09/26 21:35:42 hno Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Duane Wessels
@@ -300,6 +300,7 @@ AuthBasicConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
     storeAppendPrintf(entry, "%s basic children %d\n", name, authenticateChildren);
     storeAppendPrintf(entry, "%s basic concurrency %d\n", name, authenticateConcurrency);
     storeAppendPrintf(entry, "%s basic credentialsttl %d seconds\n", name, (int) credentialsTTL);
+    storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off");
 
 }
 
@@ -328,6 +329,8 @@ AuthBasicConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
         parse_eol(&basicAuthRealm);
     } else if (strcasecmp(param_str, "credentialsttl") == 0) {
         parse_time_t(&credentialsTTL);
+    } else if (strcasecmp(param_str, "casesensitive") == 0) {
+        parse_onoff(&casesensitive);
     } else {
         debug(28, 0) ("unrecognised basic auth scheme parameter '%s'\n", param_str);
     }
@@ -403,6 +406,9 @@ BasicUser::extractUsername()
 
     if ((cleartext = strchr(username(), ':')) != NULL)
         *(cleartext)++ = '\0';
+
+    if (!basicConfig.casesensitive)
+        Tolower((char *)username());
 }
 
 void
diff --git a/src/auth/basic/auth_basic.h b/src/auth/basic/auth_basic.h
index b143818824..f5736869c6 100644
--- a/src/auth/basic/auth_basic.h
+++ b/src/auth/basic/auth_basic.h
@@ -130,6 +130,7 @@ public:
     char *basicAuthRealm;
     wordlist *authenticate;
     time_t credentialsTTL;
+    int casesensitive;
 };
 
 #endif
diff --git a/src/cf.data.pre b/src/cf.data.pre
index e9f0cb03b9..3ff6dc186c 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.355 2004/09/25 15:46:44 hno Exp $
+# $Id: cf.data.pre,v 1.356 2004/09/26 21:35:41 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1746,6 +1746,13 @@ DOC_START
 	you will be vulnerable to replay attacks unless you also
 	use the max_user_ip ACL in an http_access rule.
 
+    "casesensitive" on|off
+    Specifies if usernames are case sensitive. Most user databases are
+    case insensitive allowing the same username to be spelled using both
+    lower and upper case letters, but some are case sensitive. This
+    makes a big difference for user_max_ip ACL processing and similar.
+    auth_param basic casesensitive off
+
 	=== Parameters for the digest scheme follow ===
 
 	"program" cmdline