--------------------- PatchSet 6057 Date: 2003/11/28 14:34:39 Author: rhorstmann Branch: icap-2_5 Tag: (none) Log: Added X-Authenticated-User patch from Gaël Roualland Members: src/cf.data.pre:1.49.2.33.2.14->1.49.2.33.2.15 src/icap_common.c:1.1.2.23->1.1.2.24 src/icap_reqmod.c:1.1.2.24->1.1.2.25 src/icap_respmod.c:1.1.2.27->1.1.2.28 src/protos.h:1.41.6.13.2.20->1.41.6.13.2.21 src/structs.h:1.48.2.9.2.23->1.48.2.9.2.24 Index: squid/src/cf.data.pre =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cf.data.pre,v retrieving revision 1.49.2.33.2.14 retrieving revision 1.49.2.33.2.15 diff -u -r1.49.2.33.2.14 -r1.49.2.33.2.15 --- squid/src/cf.data.pre 28 Nov 2003 13:47:11 -0000 1.49.2.33.2.14 +++ squid/src/cf.data.pre 28 Nov 2003 14:34:39 -0000 1.49.2.33.2.15 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.49.2.33.2.14 2003/11/28 13:47:11 rhorstmann Exp $ +# $Id: cf.data.pre,v 1.49.2.33.2.15 2003/11/28 14:34:39 rhorstmann Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -2605,6 +2605,39 @@ This adds the header "X-Client-IP" to ICAP requests. DOC_END +NAME: icap_send_auth_user +TYPE: onoff +IFDEF: HS_FEAT_ICAP +COMMENT: on|off +LOC: Config.icapcfg.send_auth_user +DEFAULT: off +DOC_START + This adds the header "X-Authenticated-User" to ICAP requests + if proxy access is authentified. +DOC_END + +NAME: icap_auth_scheme +TYPE: string +IFDEF: HS_FEAT_ICAP +LOC: Config.icapcfg.auth_scheme +DEFAULT: Local://%u +DOC_START + Authentification scheme to pass to ICAP requests if + icap_send_auth_user is enabled. The first occurence of "%u" + is replaced by the authentified user name. If no "%u" is found, + the username is added at the end of the scheme. + + See http://www.ietf.org/internet-drafts/draft-stecher-icap-subid-00.txt, + section 3.4 for details on this. + + Examples: + + icap_auth_scheme Local://%u + icap_auth_scheme LDAP://ldap-server/cn=%u,dc=company,dc=com + icap_auth_scheme WinNT://nt-domain/%u + icap_auth_scheme Radius://radius-server/%u +DOC_END + NAME: icap_service TYPE: icap_service_type IFDEF: HS_FEAT_ICAP Index: squid/src/icap_common.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/Attic/icap_common.c,v retrieving revision 1.1.2.23 retrieving revision 1.1.2.24 diff -u -r1.1.2.23 -r1.1.2.24 --- squid/src/icap_common.c 11 Nov 2003 23:29:25 -0000 1.1.2.23 +++ squid/src/icap_common.c 28 Nov 2003 14:34:39 -0000 1.1.2.24 @@ -1,5 +1,5 @@ /* - * $Id: icap_common.c,v 1.1.2.23 2003/11/11 23:29:25 dwsquid Exp $ + * $Id: icap_common.c,v 1.1.2.24 2003/11/28 14:34:39 rhorstmann Exp $ * * DEBUG: section 81 Internet Content Adaptation Protocol (ICAP) Client * AUTHOR: Geetha Manjunath, Hewlett Packard Company @@ -631,3 +631,41 @@ } return bw; } + +/* + * icapAddAuthUserHeader + * + * Builds and adds the X-Authenticated-User header to an ICAP request headers. + */ +void +icapAddAuthUserHeader(MemBuf * mb, auth_user_request_t *auth_user_request) +{ + char *user = authenticateUserRequestUsername(auth_user_request); + char *authuser; + size_t len, userlen, schemelen, userofslen; + char *userofs; + + if (user == NULL) { + debug(81, 5) ("icapAddAuthUserHeader: NULL username\n"); + return; + } + + userlen = strlen(user); + schemelen = strlen(Config.icapcfg.auth_scheme); + len = userlen + schemelen + 1; + authuser = xcalloc(len, 1); + + if ((userofs = strstr(Config.icapcfg.auth_scheme, "%u")) == NULL) { + /* simply add user at end of string */ + snprintf(authuser, len, "%s%s", Config.icapcfg.auth_scheme, user); + } else { + userofslen = userofs - Config.icapcfg.auth_scheme; + xmemcpy(authuser, Config.icapcfg.auth_scheme, userofslen); + xmemcpy(authuser + userofslen, user, userlen); + xmemcpy(authuser + userofslen + userlen, + userofs + 2, schemelen - (userofslen + 2) + 1); + } + + memBufPrintf(mb, "X-Authenticated-User: %s\r\n", base64_encode(authuser)); + xfree(authuser); +} Index: squid/src/icap_reqmod.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/Attic/icap_reqmod.c,v retrieving revision 1.1.2.24 retrieving revision 1.1.2.25 diff -u -r1.1.2.24 -r1.1.2.25 --- squid/src/icap_reqmod.c 28 Nov 2003 13:47:18 -0000 1.1.2.24 +++ squid/src/icap_reqmod.c 28 Nov 2003 14:34:39 -0000 1.1.2.25 @@ -1,6 +1,6 @@ /* - * $Id: icap_reqmod.c,v 1.1.2.24 2003/11/28 13:47:18 rhorstmann Exp $ + * $Id: icap_reqmod.c,v 1.1.2.25 2003/11/28 14:34:39 rhorstmann Exp $ * * DEBUG: section 81 Internet Content Adaptation Protocol (ICAP) Client * AUTHOR: Geetha Manjunath, Hewlett Packard Company @@ -340,6 +340,11 @@ request->my_addr = icap->request->my_addr; request->my_port = icap->request->my_port; request->class = icap->request->class; + if (icap->request->auth_user_request != NULL) { + /* Copy authentification info in new request */ + request->auth_user_request = icap->request->auth_user_request; + authenticateAuthUserRequestLock(request->auth_user_request); + } icapReqModInterpretHttpRequest(icap, request); xfree(inbuf); } @@ -665,6 +670,8 @@ memBufAppend(&mb, crlf, 2); if (Config.icapcfg.send_client_ip) memBufPrintf(&mb, "X-Client-IP: %s\r\n", client_addr); + if (Config.icapcfg.send_auth_user && icap->request->auth_user_request != NULL) + icapAddAuthUserHeader(&mb, icap->request->auth_user_request); icap->flags.keep_alive = 1; if (!icap->flags.keep_alive) memBufAppend(&mb, "Connection: close\r\n", 19); Index: squid/src/icap_respmod.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/Attic/icap_respmod.c,v retrieving revision 1.1.2.27 retrieving revision 1.1.2.28 diff -u -r1.1.2.27 -r1.1.2.28 --- squid/src/icap_respmod.c 28 Nov 2003 13:47:18 -0000 1.1.2.27 +++ squid/src/icap_respmod.c 28 Nov 2003 14:34:39 -0000 1.1.2.28 @@ -1,6 +1,6 @@ /* - * $Id: icap_respmod.c,v 1.1.2.27 2003/11/28 13:47:18 rhorstmann Exp $ + * $Id: icap_respmod.c,v 1.1.2.28 2003/11/28 14:34:39 rhorstmann Exp $ * * DEBUG: section 81 Internet Content Adaptation Protocol (ICAP) Client * AUTHOR: Geetha Manjunath, Hewlett Packard Company @@ -46,7 +46,8 @@ const char *crlf = "\r\n"; void -getICAPRespModString(MemBuf * mb, int o1, int o2, int o3, char *service, char *client_addr) +getICAPRespModString(MemBuf * mb, int o1, int o2, int o3, char *service, char *client_addr, + IcapStateData * icap) { memBufPrintf(mb, "RESPMOD %s ICAP/1.0\r\nEncapsulated:", service); if (o1 >= 0) @@ -62,6 +63,9 @@ if (Config.icapcfg.send_client_ip) { memBufPrintf(mb, "X-Client-IP: %s\r\n", client_addr); } + if (Config.icapcfg.send_auth_user && icap->request->auth_user_request != NULL) { + icapAddAuthUserHeader(mb, icap->request->auth_user_request); + } #if NOT_YET_FINISHED if (Config.icapcfg.trailers) { memBufPrintf(mb, "X-TE: trailers\r\n"); @@ -128,9 +132,9 @@ icap->respmod.res_body_sz = httpReplyBodySize(icap->request->method, r); httpReplyDestroy(r); if (icap->respmod.res_body_sz) - getICAPRespModString(mb, 0, o2, o3, service->uri, client_addr); + getICAPRespModString(mb, 0, o2, o3, service->uri, client_addr, icap); else - getICAPRespModString(mb, 0, o2, -o3, service->uri, client_addr); + getICAPRespModString(mb, 0, o2, -o3, service->uri, client_addr, icap); if (Config.icapcfg.preview_enable) if (icap->preview_size >= 0) memBufPrintf(mb, "Preview: %d\r\n", icap->preview_size); Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.41.6.13.2.20 retrieving revision 1.41.6.13.2.21 diff -u -r1.41.6.13.2.20 -r1.41.6.13.2.21 --- squid/src/protos.h 28 Nov 2003 13:47:18 -0000 1.41.6.13.2.20 +++ squid/src/protos.h 28 Nov 2003 14:34:39 -0000 1.41.6.13.2.21 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.41.6.13.2.20 2003/11/28 13:47:18 rhorstmann Exp $ + * $Id: protos.h,v 1.41.6.13.2.21 2003/11/28 14:34:39 rhorstmann Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1368,6 +1368,7 @@ int icapParseKeepAlive(const IcapStateData *, const char *, const char *); void icapSetKeepAlive(IcapStateData * icap, const char *hdrs); size_t icapParseChunkedBody(IcapStateData *, STRCB *, void *); +void icapAddAuthUserHeader(MemBuf *, auth_user_request_t *); /* Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.48.2.9.2.23 retrieving revision 1.48.2.9.2.24 diff -u -r1.48.2.9.2.23 -r1.48.2.9.2.24 --- squid/src/structs.h 28 Nov 2003 13:47:18 -0000 1.48.2.9.2.23 +++ squid/src/structs.h 28 Nov 2003 14:34:40 -0000 1.48.2.9.2.24 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.48.2.9.2.23 2003/11/28 13:47:18 rhorstmann Exp $ + * $Id: structs.h,v 1.48.2.9.2.24 2003/11/28 14:34:40 rhorstmann Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -384,6 +384,8 @@ int preview_size; int check_interval; int send_client_ip; + int send_auth_user; + char *auth_scheme; }; #endif /* HS_FEAT_ICAP */