Re: username_regex acl

Rodney McDuff wrote:
>
> Hi
> Before I reinvent the wheel, does any body have a username_regex acl
> patch. Something along the lines of:

Good idea.

You could try the attached patch. Completely untested. It tries to add
proxy_auth_regex and ident_regex. Report any success of failure directly
to me.

--
Henrik Nordstrom
Squid hacker

Wed Oct 6 11:25:30 CEST 1999
Modified Files in squid/src
        enums.h acl.c

Added proxy_auth_regex and ident_regex ACL types.

-----------------------------------------------------------------

Index: squid/src/enums.h
diff -u squid/src/enums.h:1.1.1.34.2.3 squid/src/enums.h:1.1.1.34.2.4
--- squid/src/enums.h:1.1.1.34.2.3 Wed Aug 4 20:45:37 1999
+++ squid/src/enums.h Wed Oct 6 11:25:28 1999
@@ -104,11 +104,13 @@
     ACL_MY_PORT,
 #if USE_IDENT
     ACL_IDENT,
+ ACL_IDENT_REGEX,
 #endif
     ACL_PROTO,
     ACL_METHOD,
     ACL_BROWSER,
     ACL_PROXY_AUTH,
+ ACL_PROXY_AUTH_REGEX,
     ACL_SRC_ASN,
     ACL_DST_ASN,
     ACL_SRC_ARP,
Index: squid/src/acl.c
diff -u squid/src/acl.c:1.1.1.35.2.9 squid/src/acl.c:1.1.1.35.2.10
--- squid/src/acl.c:1.1.1.35.2.9 Fri Sep 17 03:22:27 1999
+++ squid/src/acl.c Wed Oct 6 11:25:29 1999
@@ -180,6 +180,8 @@
 #if USE_IDENT
     if (!strcmp(s, "ident"))
         return ACL_IDENT;
+ if (!strcmp(s, "ident_regex"))
+ return ACL_IDENT_REGEX;
 #endif
     if (!strncmp(s, "proto", 5))
         return ACL_PROTO;
@@ -189,6 +191,8 @@
         return ACL_BROWSER;
     if (!strcmp(s, "proxy_auth"))
         return ACL_PROXY_AUTH;
+ if (!strcmp(s, "proxy_auth_regex"))
+ return ACL_PROXY_AUTH_REGEX;
     if (!strcmp(s, "src_as"))
         return ACL_SRC_ASN;
     if (!strcmp(s, "dst_as"))
@@ -236,6 +240,8 @@
 #if USE_IDENT
     if (type == ACL_IDENT)
         return "ident";
+ if (type == ACL_IDENT_REGEX)
+ return "ident_regex";
 #endif
     if (type == ACL_PROTO)
         return "proto";
@@ -245,6 +251,8 @@
         return "browser";
     if (type == ACL_PROXY_AUTH)
         return "proxy_auth";
+ if (type == ACL_PROXY_AUTH_REGEX)
+ return "proxy_auth_regex";
     if (type == ACL_SRC_ASN)
         return "src_as";
     if (type == ACL_DST_ASN)
@@ -715,6 +723,9 @@
     case ACL_IDENT:
         aclParseWordList(&A->data);
         break;
+ case ACL_IDENT_REGEX:
+ aclParseRegexList(&A->data);
+ break;
 #endif
     case ACL_PROTO:
         aclParseProtoList(&A->data);
@@ -730,6 +741,14 @@
             assert(proxy_auth_cache);
         }
         break;
+ case ACL_PROXY_AUTH_REGEX:
+ aclParseRegexList(&A->data);
+ if (!proxy_auth_cache) {
+ /* First time around, 7921 should be big enough */
+ proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
+ assert(proxy_auth_cache);
+ }
+ break;
 #if SQUID_SNMP
     case ACL_SNMP_COMMUNITY:
         aclParseWordList(&A->data);
@@ -1037,7 +1056,7 @@
  */
 
 static int
-aclMatchProxyAuth(wordlist * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist)
+aclMatchProxyAuth(void * data, const char *proxy_auth, acl_proxy_auth_user * auth_user, aclCheck_t * checklist, squid_acl acltype)
 {
     /* checklist is used to register user name when identified, nothing else */
     LOCAL_ARRAY(char, login_buf, USER_IDENT_SZ);
@@ -1099,7 +1118,15 @@
             xstrncpy(checklist->request->user_ident, user, USER_IDENT_SZ);
             auth_user->ip_expiretime = squid_curtime + Config.authenticateIpTTL;
             auth_user->ipaddr = checklist->src_addr;
+ switch(acltype) {
+ case ACL_PROXY_AUTH:
             return aclMatchUser(data, user);
+ case ACL_PROXY_AUTH_REGEX:
+ return aclMatchRegex(data, user);
+ default:
+ fatal("aclMatchProxyAuth: unknown ACL type");
+ return 0; /* NOTREACHED */
+ }
         } else {
             /* user has switched to another IP addr */
             debug(28, 1) ("aclMatchProxyAuth: user '%s' has changed IP address\n", user);
@@ -1367,6 +1394,14 @@
             return 0;
         }
         /* NOTREACHED */
+ case ACL_IDENT_REGEX:
+ if (checklist->ident[0]) {
+ return aclMatchRegex(ae->data, checklist->ident);
+ } else {
+ checklist->state[ACL_IDENT] = ACL_LOOKUP_NEEDED;
+ return 0;
+ }
+ /* NOTREACHED */
 #endif
     case ACL_PROTO:
         return aclMatchInteger(ae->data, r->protocol);
@@ -1378,6 +1413,7 @@
         return aclMatchRegex(ae->data, checklist->browser);
         /* NOTREACHED */
     case ACL_PROXY_AUTH:
+ case ACL_PROXY_AUTH_REGEX:
         if (NULL == r) {
             return -1;
         } else if (!r->flags.accelerated) {
@@ -1407,7 +1443,8 @@
         switch (aclMatchProxyAuth(ae->data,
                 header,
                 checklist->auth_user,
- checklist)) {
+ checklist,
+ ae->type)) {
         case 0:
             /* Correct password, but was not allowed in this ACL */
             return 0;
Received on Wed Oct 06 1999 - 05:04:22 MDT