Re: [PATCH] [2.5] external_acl_type cannot deal with client's source port from Henrik Nordstrom on 2004-07-27 (squid-dev)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 27 Jul 2004 23:00:23 +0200 (CEST)

Thanks for the patch but I am sorry to say this is a duplicated effort.

Please see

http://devel.squid-cache.org/projects.html#external_acl_fuzzy
and
http://devel.squid-cache.org/external_acl/

This work includes

- %SRCPORT and a few other similar external_acl_format tags needed for
this kind of operations.

- An ident based external acl helper

- A special cache mode for caching the ident reply and reuse it for all
requests from the same client IP (optional, indended for use in Windows
and other single-user environments).

The new external_acl_type format tags has already been merged into
Squid-3. The special cache mode has not yet been merged as it needs to be
generalized a little more to fulfill the final goal of this feature.

Regards
Henrik

On Thu, 22 Jul 2004, Vincent Deffontaines wrote:

> Greetings!
>
> In the scope of the NuFW (http://www.nufw.org) project, I am working on
> building Single Sign On modules for open source projects.
>
> Right now, only an Apache module exists, but the Squid module is on the
> way, and will be available very soon, thanks to the external acl features.
>
> There is though a small problem in this design : for proper SSO, the Nufw
> "auth module" needs to know about the source port of the client which
> performed the request. Right now external_acl_type does not allow for this
> information to be passed.
>
> This is what this (minimal) patch is about : add usability of %SRCPORT to
> the FORMAT string of the external_acl_type directive.
>
> Attached are also patches for cf.data.pre and squid.conf.default, so that
> things in the package are all up to date. If you accept this patch, you'll
> probably want to update
> http://devel.squid-cache.org/external_acl/config.html as well.
>
> This patch is against 2.5.5.
>
> I will post another patch, for 3.0-PRE3, in the next few days.
> And I will announce to this list the availability of the Nufw external acl
> program, with the hope some people here will be interested in testing Nufw
> and its SSO capabilities.
>
> Please Cc: any reply to me, as I am not a list subscriber.
> Your comments, flames or questions will be welcome.
>
>
> Regards,
>
>
> Vincent
>
>
Received on Tue Jul 27 2004 - 15:00:26 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 31 2004 - 12:00:03 MDT