Fri Nov 12 01:07:12 CET 1999 Modified Files in squid/src acl.c Oops. The code for ident_regex broke reconfigure for snmp_community ACLs (segfaulted) ----------------------------------------------------------------- Sun Oct 17 15:49:47 CEST 1999 Modified Files in squid/src acl.c Oops.. did not include code for printing ACL lists, possibly causing an assert when "current squid configuration" was selected in cachemgr. ----------------------------------------------------------------- Sun Oct 17 00:59:46 CEST 1999 Modified Files in squid/src cf.data.pre enums.h acl.c Adds proxy_auth_regex and ident_regex ACL types. ----------------------------------------------------------------- Index: squid/src/acl.c diff -u squid/src/acl.c:1.1.1.39 squid/src/acl.c:1.1.1.39.2.4 --- squid/src/acl.c:1.1.1.39 Sat Oct 30 13:24:49 1999 +++ squid/src/acl.c Fri Nov 12 01:07:11 1999 @@ -182,6 +182,8 @@ #if USE_IDENT if (!strcmp(s, "ident")) return ACL_IDENT; + if (!strcmp(s, "ident_regex")) + return ACL_IDENT_REGEX; #endif if (!strncmp(s, "proto", 5)) return ACL_PROTO; @@ -191,6 +193,8 @@ return ACL_BROWSER; if (!strcmp(s, "proxy_auth")) return ACL_PROXY_AUTH; + if (!strcmp(s, "proxy_auth_regex")) + return ACL_PROXY_AUTH_REGEX; if (!strcmp(s, "src_as")) return ACL_SRC_ASN; if (!strcmp(s, "dst_as")) @@ -240,6 +244,8 @@ #if USE_IDENT if (type == ACL_IDENT) return "ident"; + if (type == ACL_IDENT_REGEX) + return "ident_regex"; #endif if (type == ACL_PROTO) return "proto"; @@ -249,6 +255,8 @@ return "browser"; if (type == ACL_PROXY_AUTH) return "proxy_auth"; + if (type == ACL_PROXY_AUTH_REGEX) + return "proxy_auth_regex"; if (type == ACL_SRC_ASN) return "src_as"; if (type == ACL_DST_ASN) @@ -720,6 +728,9 @@ case ACL_IDENT: aclParseWordList(&A->data); break; + case ACL_IDENT_REGEX: + aclParseRegexList(&A->data); + break; #endif case ACL_PROTO: aclParseProtoList(&A->data); @@ -735,6 +746,14 @@ assert(proxy_auth_cache); } break; + case ACL_PROXY_AUTH_REGEX: + aclParseRegexList(&A->data); + if (!proxy_auth_cache) { + /* First time around, 7921 should be big enough */ + proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); + assert(proxy_auth_cache); + } + break; #if SQUID_SNMP case ACL_SNMP_COMMUNITY: aclParseWordList(&A->data); @@ -1051,7 +1070,7 @@ */ static int -aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist) +aclMatchProxyAuth(void * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist, squid_acl acltype) { /* checklist is used to register user name when identified, nothing else */ LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ); @@ -1118,7 +1137,15 @@ auth_user->ipaddr = checklist->src_addr; /* copy username to request for logging on client-side */ xstrncpy(checklist->request->user_ident, user, USER_IDENT_SZ); - return aclMatchUser(data, user); + switch(acltype) { + case ACL_PROXY_AUTH: + return aclMatchUser(data, user); + case ACL_PROXY_AUTH_REGEX: + return aclMatchRegex(data, user); + default: + fatal("aclMatchProxyAuth: unknown ACL type"); + return 0; /* NOTREACHED */ + } } else { /* user has switched to another IP addr */ debug(28, 1) ("aclMatchProxyAuth: user '%s' has changed IP address\n", user); @@ -1390,6 +1417,14 @@ return 0; } /* NOTREACHED */ + case ACL_IDENT_REGEX: + if (checklist->ident[0]) { + return aclMatchRegex(ae->data, checklist->ident); + } else { + checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED; + return 0; + } + /* NOTREACHED */ #endif case ACL_PROTO: return aclMatchInteger(ae->data, r->protocol); @@ -1401,6 +1436,7 @@ return aclMatchRegex(ae->data, checklist->browser); /* NOTREACHED */ case ACL_PROXY_AUTH: + case ACL_PROXY_AUTH_REGEX: if (NULL == r) { return -1; } else if (!r->flags.accelerated) { @@ -1430,7 +1466,8 @@ switch (aclMatchProxyAuth(ae->data, header, checklist->auth_user, - checklist)) { + checklist, + ae->type)) { case 0: /* Correct password, but was not allowed in this ACL */ return 0; @@ -1841,6 +1878,10 @@ case ACL_TIME: aclDestroyTimeList(a->data); break; +#if USE_IDENT + case ACL_IDENT_REGEX: +#endif + case ACL_PROXY_AUTH_REGEX: case ACL_URL_REGEX: case ACL_URLPATH_REGEX: case ACL_BROWSER: @@ -2166,6 +2193,11 @@ #endif #if USE_IDENT case ACL_IDENT: + return wordlistDup(a->data); + break; + case ACL_IDENT_REGEX: + return aclDumpRegexList(a->data); + break; #endif case ACL_PROXY_AUTH: return wordlistDup(a->data); @@ -2173,6 +2205,7 @@ case ACL_TIME: return aclDumpTimeSpecList(a->data); break; + case ACL_PROXY_AUTH_REGEX: case ACL_URL_REGEX: case ACL_URLPATH_REGEX: case ACL_BROWSER: Index: squid/src/cf.data.pre diff -u squid/src/cf.data.pre:1.1.1.39.2.8 squid/src/cf.data.pre:1.1.1.39.2.10 --- squid/src/cf.data.pre:1.1.1.39.2.8 Sun Sep 19 19:27:46 1999 +++ squid/src/cf.data.pre Sun Oct 17 15:08:46 1999 @@ -1581,6 +1584,7 @@ acl aclname browser [-i] regexp # pattern match on User-Agent header acl aclname ident username ... + acl aclname ident_regex [-i] pattern ... # string match on ident output. # use REQUIRED to accept any non-null ident. acl aclname src_as number ... @@ -1594,6 +1598,7 @@ # cache_peer_access mycache_mydomain.net deny all acl aclname proxy_auth username ... + acl aclname proxy_auth_regex [-i] pattern ... # list of valid usernames # use REQUIRED to accept any valid username. # Index: squid/src/enums.h diff -u squid/src/enums.h:1.1.1.35.2.3 squid/src/enums.h:1.1.1.35.2.4 --- squid/src/enums.h:1.1.1.35.2.3 Sun Aug 8 02:51:16 1999 +++ squid/src/enums.h Sun Oct 17 00:59:44 1999 @@ -105,11 +105,13 @@ ACL_MY_PORT, #if USE_IDENT ACL_IDENT, + ACL_IDENT_REGEX, #endif ACL_PROTO, ACL_METHOD, ACL_BROWSER, ACL_PROXY_AUTH, + ACL_PROXY_AUTH_REGEX, ACL_SRC_ASN, ACL_DST_ASN, ACL_SRC_ARP,