[PATCH] Squid Username Header - Try 3 from Ben Herrick on 2002-01-18 (squid-dev)

From: Ben Herrick <bherrick@dont-contact.us>
Date: Fri, 18 Jan 2002 11:41:05 -0600 (CST)
Please disregard my first message as I forgot to append the patch. Sorry.
It's appended to the end of this one.
--
Hey Folks,
        Here is the username headers patch as an ACL configuration option.
I've changed the patch to use the suggestions from Chemolli Francesco. His
email can be found here:
http://www.squid-cache.org/mail-archive/squid-dev/200201/0003.html
My original email, with a description of the patch, can be found here:
http://www.squid-cache.org/mail-archive/squid-dev/200201/0001.html
Please test this patch, as this is my first attempt at creating an ACL
configuration. It may be horribly broken, it may work perfectly, but it
works for me.
I'm interested in seeing this go into the main squid distribution, as I
think it has value. Please CC me on any replies, as I am not subscribed to
the list. Thanks!
-- 
Ben Herrick
System Administrator
Globalcom, Inc.
333 West Wacker Drive Suite 1500
Chicago, Il 60606-1231
Phone: 312.893.0176
Pager: 800.205.7564
Fax: 312.492.1414
Service: 800.589.1531
mailto:bherrick@global-com.com
================== CUT HERE ==================
--- squid-2.6-DEVEL-20020110/src/cf.data.pre	Mon Dec 24 23:46:35 2001
+++ squid-2.6-DEVEL-20020110/src/cf.data.pre.gc	Tue Jan 15 09:29:28 2002
@@ -2206,6 +2206,30 @@
 	no limit imposed.
 DOC_END
 
+NAME: username_header
+TYPE: acl_access
+DEFAULT: none
+LOC: Config.accessList.usernameHeader
+DOC_START
+	The username_header access control list specifies when squid should 
+	pass on its authenticated users name. It will pass the users name in 
+	an http header named HTTP-X-PROXY-USERNAME. This option is off by 
+	default. This option will only work if you have proxy authentication 
+	turned on.
+
+	username_header allow|deny [!]aclname ...
+
+	Example:
+
+	acl localdomain dstdomain .mydomain.com
+	acl localnet dst 192.168.0.0/255.255.255.0
+
+	username_header allow localdomain localnet
+
+	The above example will forward the authenticated users name on to 
+	localdomain and localnet.
+DOC_END
+
 COMMENT_START
  ADMINISTRATIVE PARAMETERS
  -----------------------------------------------------------------------------
--- squid-2.6-DEVEL-20020110/src/enums.h	Fri Dec 21 03:47:34 2001
+++ squid-2.6-DEVEL-20020110/src/enums.h.gc	Tue Jan 15 09:29:28 2002
@@ -237,6 +237,7 @@
     HDR_X_CACHE,
     HDR_X_CACHE_LOOKUP,		/* tmp hack, remove later */
     HDR_X_FORWARDED_FOR,
+    HDR_X_ON_BEHALF_OF,
     HDR_X_REQUEST_URI,		/* appended if ADD_X_REQUEST_URI is #defined */
     HDR_X_SQUID_ERROR,
     HDR_NEGOTIATE,
--- squid-2.6-DEVEL-20020110/src/http.c	Thu Dec 27 20:39:42 2001
+++ squid-2.6-DEVEL-20020110/src/http.c.gc	Tue Jan 15 09:29:28 2002
@@ -734,6 +734,7 @@
     const HttpHeaderEntry *e;
     String strVia;
     String strFwd;
+    aclCheck_t ch;
     HttpHeaderPos pos = HttpHeaderInitPos;
     httpHeaderInit(hdr_out, hoRequest);
     /* append our IMS header */
@@ -836,6 +837,20 @@
 	default:
 	    /* pass on all other header fields */
 	    httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
+	}
+    }
+
+    /* append X-Proxy-Username */
+    if (Config.accessList.usernameHeader) {
+	if (!httpHeaderHas(hdr_out, HDR_X_ON_BEHALF_OF) && 
+	    authenticateUserRequestUsername(request->auth_user_request)) {
+
+	    memset(&ch, '\0', sizeof(ch));
+	    ch.request = request;
+	    if (aclCheckFast(Config.accessList.usernameHeader, &ch)) {
+		httpHeaderPutStr(hdr_out, HDR_X_ON_BEHALF_OF, 
+		    authenticateUserRequestUsername(request->auth_user_request));
+	    }
 	}
     }
 
--- squid-2.6-DEVEL-20020110/src/HttpHeader.c	Wed Oct 24 03:19:07 2001
+++ squid-2.6-DEVEL-20020110/src/HttpHeader.c.gc	Tue Jan 15 09:29:28 2002
@@ -122,6 +122,7 @@
     {"X-Cache", HDR_X_CACHE, ftStr},
     {"X-Cache-Lookup", HDR_X_CACHE_LOOKUP, ftStr},
     {"X-Forwarded-For", HDR_X_FORWARDED_FOR, ftStr},
+    {"X-On-Behalf-Of", HDR_X_ON_BEHALF_OF, ftStr},
     {"X-Request-URI", HDR_X_REQUEST_URI, ftStr},
     {"X-Squid-Error", HDR_X_SQUID_ERROR, ftStr},
     {"Negotiate", HDR_NEGOTIATE, ftStr},
@@ -207,7 +208,7 @@
     HDR_IF_MATCH, HDR_IF_MODIFIED_SINCE, HDR_IF_NONE_MATCH,
     HDR_IF_RANGE, HDR_MAX_FORWARDS, HDR_PROXY_CONNECTION,
     HDR_PROXY_AUTHORIZATION, HDR_RANGE, HDR_REFERER, HDR_REQUEST_RANGE,
-    HDR_USER_AGENT, HDR_X_FORWARDED_FOR
+    HDR_USER_AGENT, HDR_X_FORWARDED_FOR, HDR_X_ON_BEHALF_OF
 };
 
 /* header accounting */
--- squid-2.6-DEVEL-20020110/src/structs.h	Sat Dec  1 12:03:10 2001
+++ squid-2.6-DEVEL-20020110/src/structs.h.gc	Tue Jan 15 09:29:28 2002
@@ -606,6 +606,7 @@
 	acl_access *reply;
 	acl_address *outgoing_address;
 	acl_tos *outgoing_tos;
+	acl_access *usernameHeader;
     } accessList;
     acl_deny_info_list *denyInfoList;
     struct _authConfig {
================== CUT HERE ==================
Received on Fri Jan 18 2002 - 14:50:24 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:46 MST