From: hno <> Date: Tue, 9 Jan 2001 21:41:33 +0000 (+0000) Subject: login=*:password cache_peer option to pass the authenticated username to X-Git-Tag: SQUID_3_0_PRE1~1665 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c3b33cb704d74286976cfd795ba083a7c04e94a2;p=thirdparty%2Fsquid.git login=*:password cache_peer option to pass the authenticated username to a upstream proxy in another adminstrative domain. --- diff --git a/src/cf.data.pre b/src/cf.data.pre index ff40101b14..f537bb27d5 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.205 2001/01/07 23:36:37 hno Exp $ +# $Id: cf.data.pre,v 1.206 2001/01/09 14:41:33 hno Exp $ # # # SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -228,7 +228,7 @@ DOC_START no-digest no-netdb-exchange no-delay - login=user:password|PASS + login=user:password | PASS | *:password connect-timeout=nn digest-url=url allow-miss @@ -287,6 +287,15 @@ DOC_START Also be warned that this will expose your users proxy password to the parent. USE WITH CAUTION + use 'login=*:password' to pass the username to the + upstream cache, but with a fixed password. This is meant + to be used when the peer is in another administrative + domain, but it is still needed to identify each user. + The star can optionally be followed by some extra + information which is added to the username. This can + be used to identify this proxy to the peer, similar to + the login=username:password option above. + use 'connect-timeout=nn' to specify a peer specific connect timeout (also see the peer_connect_timeout directive) diff --git a/src/http.cc b/src/http.cc index a8e63eb305..4df21dfa2c 100644 --- a/src/http.cc +++ b/src/http.cc @@ -1,6 +1,6 @@ /* - * $Id: http.cc,v 1.375 2001/01/07 23:36:39 hno Exp $ + * $Id: http.cc,v 1.376 2001/01/09 14:41:33 hno Exp $ * * DEBUG: section 11 Hypertext Transfer Protocol (HTTP) * AUTHOR: Harvest Derived @@ -789,9 +789,19 @@ httpBuildRequestHeader(request_t * request, } } /* append Proxy-Authorization if configured for peer, and proxying */ - if (!httpHeaderHas(hdr_out, HDR_PROXY_AUTHORIZATION)) { - if (request->flags.proxying && orig_request->peer_login && + if (request->flags.proxying && orig_request->peer_login && + !httpHeaderHas(hdr_out, HDR_PROXY_AUTHORIZATION) && strcmp(orig_request->peer_login, "PASS") != 0) { + if (*orig_request->peer_login == '*') { + /* Special mode, to pass the username to the upstream cache */ + char loginbuf[256]; + char *username = "-"; + if (orig_request->auth_user_request) + username = authenticateUserRequestUsername(orig_request->auth_user_request); + snprintf(loginbuf, sizeof(loginbuf), "%s%s", username, orig_request->peer_login+1); + httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s", + base64_encode(loginbuf)); + } else { httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s", base64_encode(orig_request->peer_login)); }