From 3d22ae30f1ebc192009822e4d0ab49e5e12fefa7 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 9 Nov 2012 21:33:25 -0700 Subject: [PATCH] Ported: urllogin ACL from squid 2.7 --- doc/release-notes/release-3.2.sgml | 5 +- src/AclRegs.cc | 3 ++ src/acl/Makefile.am | 2 + src/acl/UrlLogin.cc | 56 +++++++++++++++++++++++ src/acl/UrlLogin.h | 73 ++++++++++++++++++++++++++++++ src/cf.data.pre | 2 + 6 files changed, 137 insertions(+), 4 deletions(-) create mode 100644 src/acl/UrlLogin.cc create mode 100644 src/acl/UrlLogin.h diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml index 95875367ad..a12767ca96 100644 --- a/doc/release-notes/release-3.2.sgml +++ b/doc/release-notes/release-3.2.sgml @@ -588,6 +588,7 @@ This section gives a thorough account of those changes in three categories:

New type random. Pseudo-randomly match requests based on a configured probability.

Renamed myip to localip. It matches the IP which the client connected to.

Renamed myport to localport. It matches the port which the client connected to. +

Ported urllogin option from Squid 2.7, to match a regex pattern on the URL login field (if any).

The localip/localport differ from earlier releases where they matched a mix of of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port. This definition is now consistent across all modes of traffic received by Squid. @@ -1030,10 +1031,6 @@ This section gives an account of those changes in three categories: Missing squid.conf options available in Squid-2.7

- acl -

urllogin option not yet ported from 2.6 -

urlgroup option not yet ported from 2.6 - broken_vary_encoding

Not yet ported from 2.6 diff --git a/src/AclRegs.cc b/src/AclRegs.cc index c5ff7ae94f..37e943582c 100644 --- a/src/AclRegs.cc +++ b/src/AclRegs.cc @@ -63,6 +63,7 @@ #include "acl/TimeData.h" #include "acl/Time.h" #include "acl/Url.h" +#include "acl/UrlLogin.h" #include "acl/UrlPath.h" #include "acl/UrlPort.h" #include "acl/UserData.h" @@ -129,6 +130,8 @@ ACL::Prototype ACLTime::RegistryProtoype(&ACLTime::RegistryEntry_, "time"); ACLStrategised ACLTime::RegistryEntry_(new ACLTimeData, ACLTimeStrategy::Instance(), "time"); ACL::Prototype ACLUrl::RegistryProtoype(&ACLUrl::RegistryEntry_, "url_regex"); ACLStrategised ACLUrl::RegistryEntry_(new ACLRegexData, ACLUrlStrategy::Instance(), "url_regex"); +ACL::Prototype ACLUrlLogin::RegistryProtoype(&ACLUrlLogin::RegistryEntry_, "urllogin"); +ACLStrategised ACLUrlLogin::RegistryEntry_(new ACLRegexData, ACLUrlLoginStrategy::Instance(), "urllogin"); ACL::Prototype ACLUrlPath::LegacyRegistryProtoype(&ACLUrlPath::RegistryEntry_, "pattern"); ACL::Prototype ACLUrlPath::RegistryProtoype(&ACLUrlPath::RegistryEntry_, "urlpath_regex"); ACLStrategised ACLUrlPath::RegistryEntry_(new ACLRegexData, ACLUrlPathStrategy::Instance(), "urlpath_regex"); diff --git a/src/acl/Makefile.am b/src/acl/Makefile.am index 8b861e3d34..ddc9b43345 100644 --- a/src/acl/Makefile.am +++ b/src/acl/Makefile.am @@ -98,6 +98,8 @@ libacls_la_SOURCES = \ Tag.h \ Url.cc \ Url.h \ + UrlLogin.cc \ + UrlLogin.h \ UrlPath.cc \ UrlPath.h \ UrlPort.cc \ diff --git a/src/acl/UrlLogin.cc b/src/acl/UrlLogin.cc new file mode 100644 index 0000000000..b40a4b6baa --- /dev/null +++ b/src/acl/UrlLogin.cc @@ -0,0 +1,56 @@ +/* + * DEBUG: section 28 Access Control + * AUTHOR: Duane Wessels + * + * SQUID Web Proxy Cache http://www.squid-cache.org/ + * ---------------------------------------------------------- + * + * Squid is the result of efforts by numerous individuals from + * the Internet community; see the CONTRIBUTORS file for full + * details. Many organizations have provided support for Squid's + * development; see the SPONSORS file for full details. Squid is + * Copyrighted (C) 2001 by the Regents of the University of + * California; see the COPYRIGHT file for full details. Squid + * incorporates software developed and/or copyrighted by other + * sources; see the CREDITS file for full details. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + */ + +#include "squid.h" +#include "acl/UrlLogin.h" +#include "acl/Checklist.h" +#include "acl/RegexData.h" +#include "HttpRequest.h" +#include "rfc1738.h" + +int +ACLUrlLoginStrategy::match (ACLData * &data, ACLFilledChecklist *checklist) +{ + char *esc_buf = xstrdup(checklist->request->login); + rfc1738_unescape(esc_buf); + int result = data->match(esc_buf); + safe_free(esc_buf); + return result; +} + +ACLUrlLoginStrategy * +ACLUrlLoginStrategy::Instance() +{ + return &Instance_; +} + +ACLUrlLoginStrategy ACLUrlLoginStrategy::Instance_; diff --git a/src/acl/UrlLogin.h b/src/acl/UrlLogin.h new file mode 100644 index 0000000000..c29b745816 --- /dev/null +++ b/src/acl/UrlLogin.h @@ -0,0 +1,73 @@ + +/* + * $Id$ + * + * + * SQUID Web Proxy Cache http://www.squid-cache.org/ + * ---------------------------------------------------------- + * + * Squid is the result of efforts by numerous individuals from + * the Internet community; see the CONTRIBUTORS file for full + * details. Many organizations have provided support for Squid's + * development; see the SPONSORS file for full details. Squid is + * Copyrighted (C) 2001 by the Regents of the University of + * California; see the COPYRIGHT file for full details. Squid + * incorporates software developed and/or copyrighted by other + * sources; see the CREDITS file for full details. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + * + * Copyright (c) 2003, Robert Collins + */ + +#ifndef SQUID_ACLURLLOGIN_H +#define SQUID_ACLURLLOGIN_H + +#include "acl/Acl.h" +#include "acl/Data.h" +#include "acl/Strategy.h" +#include "acl/Strategised.h" + +class ACLUrlLoginStrategy : public ACLStrategy +{ + +public: + virtual int match (ACLData * &, ACLFilledChecklist *); + virtual bool requiresRequest() const {return true;} + + static ACLUrlLoginStrategy *Instance(); + /* Not implemented to prevent copies of the instance. */ + /* Not private to prevent brain dead g+++ warnings about + * private constructors with no friends */ + ACLUrlLoginStrategy(ACLUrlLoginStrategy const &); + +private: + static ACLUrlLoginStrategy Instance_; + ACLUrlLoginStrategy() {} + + ACLUrlLoginStrategy&operator=(ACLUrlLoginStrategy const &); +}; + +class ACLUrlLogin +{ + +public: + static ACL::Prototype RegistryProtoype; + static ACL::Prototype LegacyRegistryProtoype; + static ACLStrategised RegistryEntry_; +}; + +#endif /* SQUID_ACLURLLOGIN_H */ diff --git a/src/cf.data.pre b/src/cf.data.pre index 5487a97068..8d2ee22dec 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -747,6 +747,8 @@ DOC_START acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL [fast] + acl aclname urllogin [-i] [^a-zA-Z0-9] ... + # regex matching on URL login field acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path [fast] -- 2.47.2