]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
login=*:password cache_peer option to pass the authenticated username to
authorhno <>
Tue, 9 Jan 2001 21:41:33 +0000 (21:41 +0000)
committerhno <>
Tue, 9 Jan 2001 21:41:33 +0000 (21:41 +0000)
a upstream proxy in another adminstrative domain.

src/cf.data.pre
src/http.cc

index ff40101b1495b4c8fe19ce4afb9f53172b237a6d..f537bb27d5313605c567149d8c3c6d02a82ee144 100644 (file)
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.205 2001/01/07 23:36:37 hno Exp $
+# $Id: cf.data.pre,v 1.206 2001/01/09 14:41:33 hno Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -228,7 +228,7 @@ DOC_START
                     no-digest
                     no-netdb-exchange
                     no-delay
-                    login=user:password|PASS
+                    login=user:password | PASS | *:password
                     connect-timeout=nn
                     digest-url=url
                     allow-miss
@@ -287,6 +287,15 @@ DOC_START
                     Also be warned that this will expose your users proxy
                     password to the parent. USE WITH CAUTION
 
+                    use 'login=*:password' to pass the username to the
+                    upstream cache, but with a fixed password. This is meant
+                    to be used when the peer is in another administrative
+                    domain, but it is still needed to identify each user.
+                    The star can optionally be followed by some extra
+                    information which is added to the username. This can
+                    be used to identify this proxy to the peer, similar to
+                    the login=username:password option above.
+
                     use 'connect-timeout=nn' to specify a peer
                     specific connect timeout (also see the
                     peer_connect_timeout directive)
index a8e63eb3057f9d814cb5b57c8eb9d55bce18eec0..4df21dfa2c21cd671f5baec06dadc13b7e423006 100644 (file)
@@ -1,6 +1,6 @@
 
 /*
- * $Id: http.cc,v 1.375 2001/01/07 23:36:39 hno Exp $
+ * $Id: http.cc,v 1.376 2001/01/09 14:41:33 hno Exp $
  *
  * DEBUG: section 11    Hypertext Transfer Protocol (HTTP)
  * AUTHOR: Harvest Derived
@@ -789,9 +789,19 @@ httpBuildRequestHeader(request_t * request,
        }
     }
     /* append Proxy-Authorization if configured for peer, and proxying */
-    if (!httpHeaderHas(hdr_out, HDR_PROXY_AUTHORIZATION)) {
-       if (request->flags.proxying && orig_request->peer_login &&
+    if (request->flags.proxying && orig_request->peer_login &&
+           !httpHeaderHas(hdr_out, HDR_PROXY_AUTHORIZATION) &&
            strcmp(orig_request->peer_login, "PASS") != 0) {
+       if (*orig_request->peer_login == '*') {
+           /* Special mode, to pass the username to the upstream cache */
+           char loginbuf[256];
+           char *username = "-";
+           if (orig_request->auth_user_request)
+               username = authenticateUserRequestUsername(orig_request->auth_user_request);
+           snprintf(loginbuf, sizeof(loginbuf), "%s%s", username, orig_request->peer_login+1);
+           httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s",
+               base64_encode(loginbuf));
+       } else {
            httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s",
                base64_encode(orig_request->peer_login));
        }