From: Dan Searle <dan.searle@censornet.com>
Date: Mon, 4 Jun 2012 10:54:52 +0000 (-0600)
Subject: Pass external_acl_type credentials to ICAP
X-Git-Tag: SQUID_3_2_0_18~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cdb3adc9511d2184afe3af3efbd6771b338ca792;p=thirdparty%2Fsquid.git

Pass external_acl_type credentials to ICAP

Pass user credentials obtained from external ACLs to the ICAP service
using Proxy-Authorization and X-Client-Username ICAP headers.
---

diff --git a/src/adaptation/ecap/XactionRep.cc b/src/adaptation/ecap/XactionRep.cc
index df0276223f..ceb5668cbd 100644
--- a/src/adaptation/ecap/XactionRep.cc
+++ b/src/adaptation/ecap/XactionRep.cc
@@ -144,6 +144,9 @@ Adaptation::Ecap::XactionRep::usernameValue() const
     if (request->auth_user_request != NULL) {
         if (char const *name = request->auth_user_request->username())
             return libecap::Area::FromTempBuffer(name, strlen(name));
+        else if (request->extacl_user.defined() && request->extacl_user.size())
+            return libecap::Area::FromTempBuffer(request->extacl_user.rawBuf(), 
+                                                 request->extacl_user.size());
     }
 #endif
     return libecap::Area();
diff --git a/src/adaptation/icap/ModXact.cc b/src/adaptation/icap/ModXact.cc
index 89f16d4401..b2c0502a9c 100644
--- a/src/adaptation/icap/ModXact.cc
+++ b/src/adaptation/icap/ModXact.cc
@@ -1332,6 +1332,8 @@ void Adaptation::Icap::ModXact::makeRequestHeaders(MemBuf &buf)
     if (!TheConfig.reuse_connections)
         buf.Printf("Connection: close\r\n");
 
+    const HttpRequest *request = &virginRequest();
+
     // we must forward "Proxy-Authenticate" and "Proxy-Authorization"
     // as ICAP headers.
     if (virgin.header->header.has(HDR_PROXY_AUTHENTICATE)) {
@@ -1342,10 +1344,14 @@ void Adaptation::Icap::ModXact::makeRequestHeaders(MemBuf &buf)
     if (virgin.header->header.has(HDR_PROXY_AUTHORIZATION)) {
         String vh=virgin.header->header.getByName("Proxy-Authorization");
         buf.Printf("Proxy-Authorization: " SQUIDSTRINGPH "\r\n", SQUIDSTRINGPRINT(vh));
+    } else if (request->extacl_user.defined() && request->extacl_user.size() && request->extacl_passwd.defined() && request->extacl_passwd.size()) {
+      char loginbuf[256];
+      snprintf(loginbuf, sizeof(loginbuf), SQUIDSTRINGPH ":" SQUIDSTRINGPH,
+              SQUIDSTRINGPRINT(request->extacl_user),
+              SQUIDSTRINGPRINT(request->extacl_passwd));
+      buf.Printf("Proxy-Authorization: Basic %s\r\n", old_base64_encode(loginbuf));
     }
 
-    const HttpRequest *request = &virginRequest();
-
     // share the cross-transactional database records if needed
     if (Adaptation::Config::masterx_shared_name) {
         Adaptation::History::Pointer ah = request->adaptHistory(false);
@@ -1488,6 +1494,9 @@ void Adaptation::Icap::ModXact::makeUsernameHeader(const HttpRequest *request, M
             const char *value = TheConfig.client_username_encode ? old_base64_encode(name) : name;
             buf.Printf("%s: %s\r\n", TheConfig.client_username_header, value);
         }
+    } else if (request->extacl_user.defined() && request->extacl_user.size()) {
+        const char *value = TheConfig.client_username_encode ? old_base64_encode(request->extacl_user.termedBuf()) : request->extacl_user.termedBuf();
+        buf.Printf("%s: %s\r\n", TheConfig.client_username_header, value);
     }
 #endif
 }