diff -ru squid-2.2.STABLE4/src/acl.c my2_squid-2.2.STABLE4/src/acl.c --- squid-2.2.STABLE4/src/acl.c Wed Jul 7 03:12:48 1999 +++ my2_squid-2.2.STABLE4/src/acl.c Tue Jul 13 19:22:18 1999 @@ -75,7 +75,7 @@ static IPH aclLookupDstIPforASNDone; static FQDNH aclLookupSrcFQDNDone; static FQDNH aclLookupDstFQDNDone; -static void aclLookupProxyAuthStart(aclCheck_t * checklist); +static void aclLookupProxyAuthStart(aclCheck_t * checklist,const char *acl_name); static void aclLookupProxyAuthDone(void *data, char *result); static wordlist *aclDumpIpList(void *); static wordlist *aclDumpDomainList(void *data); @@ -1029,12 +1029,14 @@ */ static int -aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist) +aclMatchProxyAuth(acl * ae, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist) { /* checklist is used to register user name when identified, nothing else */ LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ); char *user, *password; - + LOCAL_ARRAY(char, acl_name_buf, USER_IDENT_SZ + ACL_NAME_SZ + 1); + wordlist *data = ae->data; + if (!aclDecodeProxyAuth(proxy_auth, &user, &password, login_buf, sizeof(login_buf))) /* No or invalid Proxy-Auth header */ return -2; @@ -1072,7 +1074,8 @@ } } /* see if we already know this user */ - auth_user = hash_lookup(proxy_auth_cache, user); + snprintf(acl_name_buf,sizeof(acl_name_buf),"%s:%s",user,ae->name); + auth_user = hash_lookup(proxy_auth_cache, acl_name_buf); if (!auth_user) { /* user not yet known, ask external authenticator */ @@ -1102,12 +1105,12 @@ } static void -aclLookupProxyAuthStart(aclCheck_t * checklist) +aclLookupProxyAuthStart(aclCheck_t * checklist,const char *acl_name) { LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ); const char *proxy_auth; char *user, *password; - int ok; + int ok,len; acl_proxy_auth_user *auth_user; assert(!checklist->auth_user); if (!checklist->request->flags.accelerated) { @@ -1129,8 +1132,12 @@ debug(28, 4) ("aclLookupProxyAuthStart: going to ask authenticator on %s\n", user); /* we must still check this user's password */ auth_user = memAllocate(MEM_ACL_PROXY_AUTH_USER); + len = strlen(user) + strlen(acl_name) + 2; + auth_user->user_acl_name = xmalloc(len); + snprintf(auth_user->user_acl_name,len,"%s:%s",user,acl_name); auth_user->user = xstrdup(user); auth_user->passwd = xstrdup(password); + auth_user->acl_name = xstrdup(acl_name); auth_user->passwd_ok = -1; auth_user->expiretime = -1; checklist->auth_user = auth_user; @@ -1378,7 +1385,7 @@ */ r->flags.used_proxy_auth = 1; /* Check the password */ - switch (aclMatchProxyAuth(ae->data, + switch (aclMatchProxyAuth(ae, header, checklist->auth_user, checklist)) { @@ -1478,6 +1485,7 @@ const acl_access *A; int match; ipcache_addrs *ia; + acl_list *scan; while ((A = checklist->access_list) != NULL) { /* * If the _acl_access is no longer valid (i.e. its been @@ -1523,7 +1531,11 @@ return; } else if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED) { debug(28, 3) ("aclCheck: checking password via authenticator\n"); - aclLookupProxyAuthStart(checklist); + for (scan = A->acl_list ; scan && + scan->acl->type != ACL_PROXY_AUTH; scan = scan->next) ; + + assert(scan); /* This system works on this assumption */ + aclLookupProxyAuthStart(checklist,scan->acl->name); checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_PENDING; return; } else if (checklist->state[ACL_PROXY_AUTH] == ACL_PROXY_AUTH_NEEDED) { @@ -1750,8 +1762,10 @@ aclFreeProxyAuthUser(void *data) { acl_proxy_auth_user *u = data; + xfree(u->user_acl_name); xfree(u->user); xfree(u->passwd); + xfree(u->acl_name); memFree(u, MEM_ACL_PROXY_AUTH_USER); } diff -ru squid-2.2.STABLE4/src/authenticate.c my2_squid-2.2.STABLE4/src/authenticate.c --- squid-2.2.STABLE4/src/authenticate.c Sat Dec 5 00:54:15 1998 +++ my2_squid-2.2.STABLE4/src/authenticate.c Tue Jul 13 19:08:56 1999 @@ -88,8 +88,8 @@ char buf[8192]; assert(auth_user); assert(handler); - debug(29, 5) ("authenticateStart: '%s:%s'\n", auth_user->user, - auth_user->passwd); + debug(29, 5) ("authenticateStart: '%s:%s:%s'\n", auth_user->acl_name, + auth_user->user, auth_user->passwd); if (Config.Program.authenticate == NULL) { handler(data, NULL); return; @@ -100,7 +100,8 @@ cbdataLock(data); r->data = data; r->auth_user = auth_user; - snprintf(buf, 8192, "%s %s\n", r->auth_user->user, r->auth_user->passwd); + snprintf(buf, 8192, "%s %s %s\n", r->auth_user->acl_name, + r->auth_user->user, r->auth_user->passwd); helperSubmit(authenticators, buf, authenticateHandleReply, r); } Only in my2_squid-2.2.STABLE4/src: squid.conf diff -ru squid-2.2.STABLE4/src/structs.h my2_squid-2.2.STABLE4/src/structs.h --- squid-2.2.STABLE4/src/structs.h Fri Feb 19 22:35:36 1999 +++ my2_squid-2.2.STABLE4/src/structs.h Tue Jul 13 19:08:55 1999 @@ -69,10 +69,12 @@ struct _acl_proxy_auth_user { /* first two items must be same as hash_link */ - char *user; + char *user_acl_name; acl_proxy_auth_user *next; /* extra fields for proxy_auth */ + char *user; char *passwd; + char *acl_name; int passwd_ok; /* 1 = passwd checked OK */ long expiretime; };