Re: [squid-users] Using external ACL helper w/ "user=" result keyword to modify cache_peer "login=*:pass" from Henrik Nordstrom on 2007-11-18 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sun, 18 Nov 2007 22:58:12 +0100

On sön, 2007-11-18 at 11:57 -0700, Glenn Zazulia wrote:

> What I'd like to do, though, is to modify/normalize the user name after
> successful authentication by the child proxy so that the parent proxy
> receives the user's email address instead of the less globally-unique
> domain\user info. I'm experimenting with an external ACL helper script
> that attempts to dynamically modify the user name by returning strings
> such as "OK user=foo@bar.com". However, doing this seems to have no
> effect: nothing that I return for "user=" in the helper script appears
> in the parent proxy's log file. Instead, the original authenticated
> user name string continues to be logged.

You need to make a slight change in the source for this.

In src/http.c httpBuildRequestHeader() change

            if (orig_request->auth_user_request)
                username = authenticateUserRequestUsername(orig_request->auth_user_request);
            else if (orig_request->extacl_user)
                username = orig_request->extacl_user;

            if (orig_request->extacl_user)
                username = orig_request->extacl_user;
            else if (orig_request->auth_user_request)
                username = authenticateUserRequestUsername(orig_request->auth_user_request);

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Sun Nov 18 2007 - 14:58:17 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST