Re: Proxy authentication with external programs (ALPHA version)

--MimeMultipartBoundary
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Can you please try to make a 1.2 version of this for inclusion in the
next generation Squid? Something like this is needed by several people
wanting to do various kinds of directory lookups to validate the users.

---
Henrik Nordstr=F6m
Sparetime Squid Hacker
>=20
> Proxy authentication with external programs (ALPHA)
> ---------------------------------------------------
>=20
> NOTE: this is ALPHA code, it is unfinished and not very well tested.
>=20
> Patch relative to Squid 1.1.20:
>=20
>         http://www.iae.nl/users/devet/squid/proxy_auth/proxy_auth.new
>=20
> This is a further generalization of my proxy authentication code for Sq=
uid.
>=20
> The authentication is moved into external 'authenticator' programs whic=
h are
> allowed to block on e.g. remote lookups. The authenticate.c file is a
> reworked version of the redirect.c file.
>=20
> Uncomment -DUSE_PROXY_AUTH in src/Makefile before compiling. A good set=
ting
> for debug_options is "ALL,1 28,9 33,5 44,5"
>=20
> New squid.conf settings:
>=20
>     acl password proxy_auth [timeout]
>=20
>     authenticator_program /home/squid/bin/authenticate
>     authenticator_children 5
>=20
> An authenticator program should behave as such:
>=20
> Input:
>         username cleartextpassword
>=20
> Output:
>         OK              (in case the password was OK)
>         ERR             (in case the password was NOT OK)
>=20
> Example for testing:
>=20
>     #!/usr/bin/perl
>=20
>     open(L, ">>/tmp/authenticate.log") || die "$!";
>     select(L); $| =3D 1;
>     select(STDOUT); $| =3D 1;
>=20
>     while (<>) {
>             print L;
>             chop;
>             ($user, $passwd) =3D split;
>             if ($user eq "devet" && $passwd eq "test234") {
>                     print "OK\n";
>             } else {
>                     print "ERR\n";
>             }
>     }
>     exit(0);
>=20
> A correct username/cleartextpassword is cached within Squid until
> reconfigure, shutdown (of course :-), a failed proxy-authentication or
> the timeout period.
>=20
> TODO:
>=20
> - Fix possible bugs.
>=20
> - Test and clean up the code.
>=20
> - Make example authenticator programs like ncsa_auth, radius_auth,
>   ldap_auth, pam_auth, etc.
>=20
> Arjan
>=20
> --
> Arjan de Vet, Eindhoven, The Netherlands            <Arjan.deVet@adv.IA=
Ehv.nl>
> URL: http://www.IAEhv.nl/users/devet/       for PGP key: finger devet@I=
AEhv.nl
--MimeMultipartBoundary--