Re: Username Header [PATCH] from Robert Collins on 2002-01-02 (squid-dev)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 3 Jan 2002 14:56:05 +1100

Looks good - thank you.

Are there any objections to this going into 2.5 (it's quite trivial)?

I will rename the config directive to username_header_domains though -
username_header isn't specific enough.

Rob

===
----- Original Message -----
From: "Ben Herrick" <bherrick@global-com.com>
To: "Squid Developers" <squid-dev@squid-cache.org>
Sent: Thursday, January 03, 2002 10:06 AM
Subject: Username Header [PATCH]

> Hola Ladies and Gents,
> Below is a patch to squid-head-200201020000 which implements
> "Username Headers." The basic idea here is to specify a list of domain
> names which will receive a Proxy-Authenticated username. This is
useful in
> my company as a unified logon, and may be useful to others as well.
>
> This feature adds one configuration option which is a list of domain
> suffixes to try to match against. By default the list is empty, and
thus
> adds almost no overhead for folks who do not want this feature.
>
> If a list of domain names are present, the patch attempts to match the
> requested web page with any of the domains. If successful it will add
an
> HTTP header like this:
>
> HTTP_X_PROXY_USERNAME: bherrick
>
> This is, of course, not even close to a secure way to authenticate
users.
> However, in a small controlled intranet environment, it gives a useful
> hint for web scripts.
>
> Questions, comments and concerns are of course welcome. Please CC me
on
> any traffic concerning this patch as I am not subscribed to the list.
>
> --
> Ben Herrick
> System Administrator
> Globalcom, Inc.
> 333 West Wacker Drive Suite 1500
> Chicago, Il 60606-1231
> Phone: 312.893.0176
> Pager: 800.205.7564
> Fax: 312.492.1414
> Service: 800.589.1531
> mailto:bherrick@global-com.com
>
> ============== CUT HERE ==============
> --- squid-head-200201020000/src/HttpHeader.c Wed Jan 2 16:00:32 2002
> +++ squid-head-200201020000/src/HttpHeader.c.gc Wed Jan 2 16:02:07
2002
> @@ -122,6 +122,7 @@
> {"X-Cache", HDR_X_CACHE, ftStr},
> {"X-Cache-Lookup", HDR_X_CACHE_LOOKUP, ftStr},
> {"X-Forwarded-For", HDR_X_FORWARDED_FOR, ftStr},
> + {"X-Proxy-Username", HDR_X_PROXY_USERNAME, ftStr},
> {"X-Request-URI", HDR_X_REQUEST_URI, ftStr},
> {"X-Squid-Error", HDR_X_SQUID_ERROR, ftStr},
> {"Negotiate", HDR_NEGOTIATE, ftStr},
> @@ -207,7 +208,7 @@
> HDR_IF_MATCH, HDR_IF_MODIFIED_SINCE, HDR_IF_NONE_MATCH,
> HDR_IF_RANGE, HDR_MAX_FORWARDS, HDR_PROXY_CONNECTION,
> HDR_PROXY_AUTHORIZATION, HDR_RANGE, HDR_REFERER,
HDR_REQUEST_RANGE,
> - HDR_USER_AGENT, HDR_X_FORWARDED_FOR
> + HDR_USER_AGENT, HDR_X_FORWARDED_FOR, HDR_X_PROXY_USERNAME
> };
>
> /* header accounting */
> --- squid-head-200201020000/src/cf.data.pre Mon Dec 24 23:46:35 2001
> +++ squid-head-200201020000/src/cf.data.pre.gc Wed Jan 2 16:12:55
2002
> @@ -2466,6 +2466,20 @@
> DOC_END
>
>
> +NAME: username_header
> +TYPE: wordlist
> +LOC: Config.usernameHeader
> +DEFAULT: none
> +DOC_START
> + Appends an X-PROXY-USERNAME to the list of headers sent to
> + the upstream webserver. The argument is a list of one or more
> + domain names which should receive username information.
> +
> +Example
> + username_header yourdomain.com affiliatedomain.com
> +DOC_END
> +
> +
> NAME: append_domain
> TYPE: string
> LOC: Config.appendDomain
> --- squid-head-200201020000/src/enums.h Fri Dec 21 03:47:34 2001
> +++ squid-head-200201020000/src/enums.h.gc Wed Jan 2 16:06:02 2002
> @@ -237,6 +237,7 @@
> HDR_X_CACHE,
> HDR_X_CACHE_LOOKUP, /* tmp hack, remove later */
> HDR_X_FORWARDED_FOR,
> + HDR_X_PROXY_USERNAME,
> HDR_X_REQUEST_URI, /* appended if ADD_X_REQUEST_URI is #defined
*/
> HDR_X_SQUID_ERROR,
> HDR_NEGOTIATE,
> --- squid-head-200201020000/src/http.c Thu Dec 27 20:39:42 2001
> +++ squid-head-200201020000/src/http.c.gc Wed Jan 2 16:42:02 2002
> @@ -732,6 +732,7 @@
> const HttpHeader *hdr_in = &orig_request->header;
> int we_do_ranges;
> const HttpHeaderEntry *e;
> + wordlist *w = NULL;
> String strVia;
> String strFwd;
> HttpHeaderPos pos = HttpHeaderInitPos;
> @@ -836,6 +837,18 @@
> default:
> /* pass on all other header fields */
> httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
> + }
> + }
> +
> + /* append X-Proxy-Username */
> + if ((w = Config.usernameHeader) != NULL) {
> + if (!httpHeaderHas(hdr_out, HDR_X_PROXY_USERNAME) &&
request->user_ident) {
> + for (; w; w = w->next) {
> + if (strstr(request->host, w->key) != NULL) {
> + httpHeaderPutStr(hdr_out, HDR_X_PROXY_USERNAME,
request->user_ident);
> + break;
> + }
> + }
> }
> }
>
> --- squid-head-200201020000/src/structs.h Wed Jan 2 16:15:00 2002
> +++ squid-head-200201020000/src/structs.h.gc Wed Jan 2 16:14:49 2002
> @@ -489,6 +489,7 @@
> char *host;
> u_short port;
> } Accel;
> + wordlist *usernameHeader;
> char *appendDomain;
> size_t appendDomainLen;
> char *debugOptions;
> ============== CUT HERE ==============
>
>
Received on Wed Jan 02 2002 - 20:55:59 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:44 MST