Re: Proxy Authentication and Redirection Redux

From: Dancer <dancer@dont-contact.us>
Date: Tue, 14 Sep 1999 15:23:52 +1000

Wade Komisar wrote:
>
> Dancer and Henrik:
>
> I was looking for a solution to my authorization problem (authorizing
> particular authenticated users for certain URLs) when I cam across the
> patch below suggested by Sam Eaton. It looks like it would do the job
> for me.
>
> However, when looking at the source for Squid 2.2.STABLE4, I did not see
> the patch implemented. Did you guys find a different way of doing this,
> or is it / will it be part of later Squid distribution?

I also have a patch which does this. We've talked the idea backwards and
forwards a little a few times: Passing variable data to external
authenticators, recieving variable data back, handshaking protocols and
the like, but a couple of things got in the way:

1) Heaps of work on squid 2.3
2) Real Life (such as it is)
3) I had a couple of heart-attacks, and haven't been able to keep my end
of things up. I'm still hoping to come up with a solution that everyone
finds equitable for squid 2.3, but the doctor's got me on a Go Slow
until they can figure out _why_ I'm having the attacks. (I've got to be
different. It's nothing normal)

D

> Thanks.
>
> Wade
>
> > --jI8keyz6grp/JLjh
> > Content-Type: text/plain; charset=us-ascii
> >
> > I have a custom redirector that uses the ident information passed to the
> > redirector to make decisions about where to redirect the request to.
> >
> > I want to use the username returned by proxy-auth as the ident
> > information to pass to the redirector.
> >
> > I used to do this successfully with 1.1, but it seems that in 2.0 the
> > ident returned by a real ident lookup and the username returned by
> > proxy_auth are stored in different places, and the redirector only looks
> > at the ident lookup.
> >
> > What I've done is patched redirect.c to use the request->user_ident as
> > well as conn->ident.ident. Patch is attached.
> >
> > This works fine, but what I'd like to know is was this the right thing
> > to do, or am I missing something really obvious?
> >
> > Sam.
> > --
> > ------------------------------------------------------------------------
> > Sam Eaton Senior Systems Manager, Pavilion Internet Plc
> > "Fortified with essential bitterness and sarcasm"
> > ------------------------------------------------------------------------
> >
> > --jI8keyz6grp/JLjh
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: attachment; filename="redirect.patch"
> >
> > --- redirect.c Fri Oct 23 13:15:35 1998
> > +++ /tmp/redirect.c.sam Fri Oct 23 13:13:10 1998
> > @@ -262,6 +262,7 @@
> > redirectStart(clientHttpRequest * http, RH * handler, void *data)
> > {
> > ConnStateData *conn = http->conn;
> > + request_t *req = http->request;
> > redirectStateData *r = NULL;
> > redirector_t *redirector = NULL;
> > if (!http)
> > @@ -277,7 +278,11 @@
> > r->orig_url = xstrdup(http->uri);
> > r->client_addr = conn->log_addr;
> > if (conn->ident.ident == NULL || *conn->ident.ident == '\0') {
> > - r->client_ident = dash_str;
> > + if (req->user_ident == NULL ) {
> > + r->client_ident = dash_str;
> > + } else {
> > + r->client_ident = req->user_ident;
> > + }
> > } else {
> > r->client_ident = conn->ident.ident;
> > }
> >
> > --jI8keyz6grp/JLjh--
>
> --
> ========================================================================
> Wade B. Komisar Comp. Sys. Sr. Engineer, Advanced Technology Group
> Komisar@Virginia.EDU Office of Information Technology
> voice: 804.924.7171 University of Virginia
> fax: 804.982.2777 Carruthers Hall, 1001 N. Emmet St.
> http://www.people.virginia.edu/~wbk3a/ Charlottesville, VA 22906-9005
Received on Mon Sep 13 1999 - 23:39:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:24 MST