Rodney McDuff wrote:
>
> Hi
> Before I reinvent the wheel, does any body have a username_regex acl
> patch. Something along the lines of:
Good idea.
You could try the attached patch. Completely untested. It tries to add
proxy_auth_regex and ident_regex. Report any success of failure directly
to me.
-- Henrik Nordstrom Squid hacker
Wed Oct 6 11:25:30 CEST 1999
Modified Files in squid/src
enums.h acl.c
Added proxy_auth_regex and ident_regex ACL types.
-----------------------------------------------------------------
Index: squid/src/enums.h
diff -u squid/src/enums.h:1.1.1.34.2.3 squid/src/enums.h:1.1.1.34.2.4
--- squid/src/enums.h:1.1.1.34.2.3 Wed Aug 4 20:45:37 1999
+++ squid/src/enums.h Wed Oct 6 11:25:28 1999
@@ -104,11 +104,13 @@
ACL_MY_PORT,
#if USE_IDENT
ACL_IDENT,
+ ACL_IDENT_REGEX,
#endif
ACL_PROTO,
ACL_METHOD,
ACL_BROWSER,
ACL_PROXY_AUTH,
+ ACL_PROXY_AUTH_REGEX,
ACL_SRC_ASN,
ACL_DST_ASN,
ACL_SRC_ARP,
Index: squid/src/acl.c
diff -u squid/src/acl.c:1.1.1.35.2.9 squid/src/acl.c:1.1.1.35.2.10
--- squid/src/acl.c:1.1.1.35.2.9 Fri Sep 17 03:22:27 1999
+++ squid/src/acl.c Wed Oct 6 11:25:29 1999
@@ -180,6 +180,8 @@
#if USE_IDENT
if (!strcmp(s, "ident"))
return ACL_IDENT;
+ if (!strcmp(s, "ident_regex"))
+ return ACL_IDENT_REGEX;
#endif
if (!strncmp(s, "proto", 5))
return ACL_PROTO;
@@ -189,6 +191,8 @@
return ACL_BROWSER;
if (!strcmp(s, "proxy_auth"))
return ACL_PROXY_AUTH;
+ if (!strcmp(s, "proxy_auth_regex"))
+ return ACL_PROXY_AUTH_REGEX;
if (!strcmp(s, "src_as"))
return ACL_SRC_ASN;
if (!strcmp(s, "dst_as"))
@@ -236,6 +240,8 @@
#if USE_IDENT
if (type == ACL_IDENT)
return "ident";
+ if (type == ACL_IDENT_REGEX)
+ return "ident_regex";
#endif
if (type == ACL_PROTO)
return "proto";
@@ -245,6 +251,8 @@
return "browser";
if (type == ACL_PROXY_AUTH)
return "proxy_auth";
+ if (type == ACL_PROXY_AUTH_REGEX)
+ return "proxy_auth_regex";
if (type == ACL_SRC_ASN)
return "src_as";
if (type == ACL_DST_ASN)
@@ -715,6 +723,9 @@
case ACL_IDENT:
aclParseWordList(&A->data);
break;
+ case ACL_IDENT_REGEX:
+ aclParseRegexList(&A->data);
+ break;
#endif
case ACL_PROTO:
aclParseProtoList(&A->data);
@@ -730,6 +741,14 @@
assert(proxy_auth_cache);
}
break;
+ case ACL_PROXY_AUTH_REGEX:
+ aclParseRegexList(&A->data);
+ if (!proxy_auth_cache) {
+ /* First time around, 7921 should be big enough */
+ proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
+ assert(proxy_auth_cache);
+ }
+ break;
#if SQUID_SNMP
case ACL_SNMP_COMMUNITY:
aclParseWordList(&A->data);
@@ -1037,7 +1056,7 @@
*/
static int
-aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
+aclMatchProxyAuth(void * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist, squid_acl acltype)
{
/* checklist is used to register user name when identified, nothing else */
LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ);
@@ -1099,7 +1118,15 @@
xstrncpy(checklist->request->user_ident, user, USER_IDENT_SZ);
auth_user->ip_expiretime = squid_curtime + Config.authenticateIpTTL;
auth_user->ipaddr = checklist->src_addr;
+ switch(acltype) {
+ case ACL_PROXY_AUTH:
return aclMatchUser(data, user);
+ case ACL_PROXY_AUTH_REGEX:
+ return aclMatchRegex(data, user);
+ default:
+ fatal("aclMatchProxyAuth: unknown ACL type");
+ return 0; /* NOTREACHED */
+ }
} else {
/* user has switched to another IP addr */
debug(28, 1) ("aclMatchProxyAuth: user '%s' has changed IP address\n", user);
@@ -1367,6 +1394,14 @@
return 0;
}
/* NOTREACHED */
+ case ACL_IDENT_REGEX:
+ if (checklist->ident[0]) {
+ return aclMatchRegex(ae->data, checklist->ident);
+ } else {
+ checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED;
+ return 0;
+ }
+ /* NOTREACHED */
#endif
case ACL_PROTO:
return aclMatchInteger(ae->data, r->protocol);
@@ -1378,6 +1413,7 @@
return aclMatchRegex(ae->data, checklist->browser);
/* NOTREACHED */
case ACL_PROXY_AUTH:
+ case ACL_PROXY_AUTH_REGEX:
if (NULL == r) {
return -1;
} else if (!r->flags.accelerated) {
@@ -1407,7 +1443,8 @@
switch (aclMatchProxyAuth(ae->data,
header,
checklist->auth_user,
- checklist)) {
+ checklist,
+ ae->type)) {
case 0:
/* Correct password, but was not allowed in this ACL */
return 0;
Received on Wed Oct 06 1999 - 05:04:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:44 MST