hi,
could you please reply directly as well as to the list. I have tried
to subscribe, but have received no response bounce or otherwise from
the listserv software.
I've been trying to get squid to accept a group name along with the
authenticator's response.
I then want to use this group name instead of the username when
passing requests to the redirector.
forgive me if some of these questions are basic, as i'm still trying
to get my head arround how the internals of squid actually work.
I first modified the _acl_proxy_auth_user structure to take a group
name as below.
struct _acl_proxy_auth_user {
/* first two items must be same as hash_link */
char *user;
acl_proxy_auth_user *next;
/* extra fields for proxy_auth */
char *passwd;
char *group; /* to hold the group name returned from the authenticator */
int passwd_ok; /* 1 = passwd checked OK */
long expiretime;
};
next i commented out the two lines in the below function that truncate
the reply to the first word. my logic for doing this was that i need
to pass through the entire string returned by the authenticator to the
function handling the reply. please tell me if this is a bad way of
going about this?
static void
authenticateHandleReply(void *data, char *reply)
{
authenticateStateData *r = data;
int valid;
char *t = NULL;
debug(29, 5) ("authenticateHandleReply: {%s}\n", reply ? reply : "<NULL>");
if (reply) {
/* if ((t = strchr(reply, ' ')))
*t = '\0';
*/
if (*reply == '\0')
reply = NULL;
}
valid = cbdataValid(r->data);
cbdataUnlock(r->data);
if (valid)
r->handler(r->data, reply);
authenticateStateFree(r);
}
next i modified the aclLookupProxyAuthDone function in acl.c which
appears to handle the reply from the authenticator.
static void
aclLookupProxyAuthDone(void *data, char *result)
{
char *group ; /* added by bart */
aclCheck_t *checklist = data;
checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_DONE;
debug(28, 4) ("aclLookupProxyAuthDone: result = %s\n",
result ? result : "NULL");
if (result && (strncasecmp(result, "OK", 2) == 0)) {
if ((group = strchr(result, ' ')))
group ++; /* increment group pointer so we don't get the space. */
checklist->auth_user->group = strdup( group);
debug(28,4) ("group = %s %d\n", checklist->auth_user->group, strlen(group));
checklist->auth_user->passwd_ok = 1;
} else
checklist->auth_user->passwd_ok = 0;
aclCheck(checklist);
}
all the above code appears to work correctly. where i run into trouble is trying to get the group name back to pass it to the redirector. I'm guessing i've done something silly like not initialise one of the pointers correctly, but i'm totally stuck. below is the function in redirect.c that i modified and where i suspect the error is:
void
redirectStart(clientHttpRequest * http, RH * handler, void *data)
{
ConnStateData *conn = http->conn;
redirectStateData *r = NULL;
const char *fqdn;
char buf[8192];
assert(http);
assert(handler);
debug(29, 5) ("redirectStart: '%s'\n", http->uri);
if (Config.Program.redirect == NULL) {
handler(data, NULL);
return;
}
r = xcalloc(1, sizeof(redirectStateData));
cbdataAdd(r, cbdataXfree, 0);
r->orig_url = xstrdup(http->uri);
r->client_addr = conn->log_addr;
debug(29, 5) ("redirectStart: groupnamestart start'\n");
/* this is where squid dies. */
debug(29, 5) ("redirectStart: groupnamestart %s'\n", http->acl_checklist->auth_user->group);
if (http->request->user_ident == NULL || *http->request->user_ident == '\0') {
r->client_ident = dash_str;
} else {
debug(29, 5) ("redirectStart: groupname %s'\n", http->acl_checklist->auth_user->group);
r->client_ident = http->acl_checklist->auth_user->group;
debug(29, 5) ("redirectStart: 2ndgroupname %s'\n", r->client_ident);
/* r->client_ident = http->request->user_ident;*/
}
r->method_s = RequestMethodStr[http->request->method];
r->handler = handler;
r->data = data;
cbdataLock(r->data);
if ((fqdn = fqdncache_gethostbyaddr(r->client_addr, 0)) == NULL)
fqdn = dash_str;
snprintf(buf, 8192, "%s %s/%s %s %s\n",
r->orig_url,
inet_ntoa(r->client_addr),
fqdn,
r->client_ident,
r->method_s);
helperSubmit(redirectors, buf, redirectHandleReply, r);
}
and finally :) some of my cache.log which may help explain what is
going wrong:
1999/08/23 15:48:22| aclMatchAcl: checking ' acl ldap_auth proxy_auth REQUIRED ...'
1999/08/23 15:48:22| aclDecodeProxyAuth: cleartext = 'demo:demo'
1999/08/23 15:48:22| aclMatchProxyAuth: checking user 'demo'
1999/08/23 15:48:22| aclMatchProxyAuth: user 'demo' not yet known
1999/08/23 15:48:22| aclMatchAclList: returning 0
1999/08/23 15:48:22| aclCheck: checking password via authenticator
1999/08/23 15:48:22| aclDecodeProxyAuth: cleartext = 'demo:demo'
1999/08/23 15:48:22| aclLookupProxyAuthStart: going to ask authenticator on demo
1999/08/23 15:48:22| authenticateStart: 'demo:demo'
1999/08/23 15:48:22| cbdataAdd: 0x8547360
1999/08/23 15:48:22| cbdataLock: 0x856b6b8
1999/08/23 15:48:22| cbdataLock: 0x8547360
1999/08/23 15:48:22| cbdataValid: 0x8547360
1999/08/23 15:48:22| comm_write: FD 16: sz 20: hndl (nil): data (nil).
1999/08/23 15:48:22| commSetSelect: FD 16 type 2
1999/08/23 15:48:22| commSetSelect: FD 16 type 1
1999/08/23 15:48:22| helperDispatch: Request sent to authenticator #1, 20 bytes
1999/08/23 15:48:22| comm_select: 1 FDs ready at 935387302
1999/08/23 15:48:22| comm_select: FD 16 ready for writing
1999/08/23 15:48:22| commHandleWrite: FD 16: off 0, sz 20.
1999/08/23 15:48:22| commHandleWrite: write() returns 20
1999/08/23 15:48:22| comm_select: 0 FDs ready at 935387302
1999/08/23 15:48:22| comm_select: 0 FDs ready at 935387302
1999/08/23 15:48:22| comm_select: 1 FDs ready at 935387302
1999/08/23 15:48:22| comm_select: FD 16 ready for reading
1999/08/23 15:48:22| cbdataValid: 0x822dae0
1999/08/23 15:48:22| helperHandleRead: 11 bytes from authenticator #1.
1999/08/23 15:48:22| helperHandleRead: end of reply found
1999/08/23 15:48:22| cbdataValid: 0x8547360
1999/08/23 15:48:22| authenticateHandleReply: {OK student}
1999/08/23 15:48:22| cbdataValid: 0x856b6b8
1999/08/23 15:48:22| cbdataUnlock: 0x856b6b8
1999/08/23 15:48:22| aclLookupProxyAuthDone: result = OK student
1999/08/23 15:48:22| group = student 7
1999/08/23 15:48:22| cbdataValid: 0x8213a60
1999/08/23 15:48:22| aclCheck: checking 'http_access allow ldap_auth'
1999/08/23 15:48:22| aclMatchAclList: checking ldap_auth
1999/08/23 15:48:22| aclMatchAcl: checking ' acl ldap_auth proxy_auth REQUIRED ...'
1999/08/23 15:48:22| aclDecodeProxyAuth: cleartext = 'demo:demo'
1999/08/23 15:48:22| aclMatchProxyAuth: checking user 'demo'
1999/08/23 15:48:22| aclMatchProxyAuth: user 'demo' validated OK
1999/08/23 15:48:22| aclMatchProxyAuth: user 'demo' previously validated
1999/08/23 15:48:22| aclMatchUser: checking 'demo'
1999/08/23 15:48:22| aclMatchUser: looking for 'REQUIRED'
1999/08/23 15:48:22| aclMatchAclList: returning 1
1999/08/23 15:48:22| cbdataUnlock: 0x8213a60
1999/08/23 15:48:22| aclCheck: match found, returning 1
1999/08/23 15:48:22| aclCheckCallback: answer=1
1999/08/23 15:48:22| cbdataValid: 0x850c0c8
1999/08/23 15:48:22| clientAccessCheckDone: 'http://www.altavista.com' answer=1
1999/08/23 15:48:22| redirectStart: 'http://www.altavista.com'
1999/08/23 15:48:22| cbdataAdd: 0x85489a0
1999/08/23 15:48:22| redirectStart: groupnamestart start'
FATAL: Received Segment Violation...dying.
1999/08/23 15:48:22| storeDirWriteCleanLogs: Starting...
1999/08/23 15:48:22| fileOpenComplete: FD 20, data 0x8537588, errcode 0
1999/08/23 15:48:22| fileOpenComplete: FD 20
Any hints/explanations/suggestions are most welcome.
Thanks in advance
Bart
Received on Tue Jul 29 2003 - 13:16:00 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:17 MST