Index: src/cf.data.pre =================================================================== RCS file: /cvsroot/squid/squid/src/cf.data.pre,v retrieving revision 1.49.2.33.2.12 diff -u -r1.49.2.33.2.12 cf.data.pre --- src/cf.data.pre 15 Oct 2003 22:20:48 -0000 1.49.2.33.2.12 +++ src/cf.data.pre 7 Nov 2003 18:38:57 -0000 @@ -2587,6 +2587,39 @@ This adds the header "X-Client-IP" to ICAP requests. DOC_END +NAME: icap_send_auth_user +TYPE: onoff +IFDEF: HS_FEAT_ICAP +COMMENT: on|off +LOC: Config.icapcfg.send_auth_user +DEFAULT: off +DOC_START + This adds the header "X-Authenticated-User" to ICAP requests + if proxy access is authentified. +DOC_END + +NAME: icap_auth_scheme +TYPE: string +IFDEF: HS_FEAT_ICAP +LOC: Config.icapcfg.auth_scheme +DEFAULT: Local://%u +DOC_START + Authentification scheme to pass to ICAP requests if + icap_send_auth_user is enabled. The first occurence of "%u" + is replaced by the authentified user name. If no "%u" is found, + the username is added at the end of the scheme. + + See http://www.ietf.org/internet-drafts/draft-stecher-icap-subid-00.txt, + section 3.4 for details on this. + + Examples: + + icap_auth_scheme Local://%u + icap_auth_scheme LDAP://ldap-server/cn=%u,dc=company,dc=com + icap_auth_scheme WinNT://nt-domain/%u + icap_auth_scheme Radius://radius-server/%u +DOC_END + NAME: icap_service TYPE: icap_service_type IFDEF: HS_FEAT_ICAP Index: src/icap_common.c =================================================================== RCS file: /cvsroot/squid/squid/src/Attic/icap_common.c,v retrieving revision 1.1.2.22 diff -u -r1.1.2.22 icap_common.c --- src/icap_common.c 4 Nov 2003 18:22:33 -0000 1.1.2.22 +++ src/icap_common.c 7 Nov 2003 18:38:57 -0000 @@ -622,3 +622,41 @@ } return bw; } + +/* + * icapAddAuthUserHeader + * + * Builds and adds the X-Authenticated-User header to an ICAP request headers. + */ +void +icapAddAuthUserHeader(MemBuf * mb, auth_user_request_t *auth_user_request) +{ + char *user = authenticateUserRequestUsername(auth_user_request); + char *authuser; + size_t len, userlen, schemelen, userofslen; + char *userofs; + + if (user == NULL) { + debug(81, 5) ("icapAddAuthUserHeader: NULL username\n"); + return; + } + + userlen = strlen(user); + schemelen = strlen(Config.icapcfg.auth_scheme); + len = userlen + schemelen + 1; + authuser = xcalloc(len, 1); + + if ((userofs = strstr(Config.icapcfg.auth_scheme, "%u")) == NULL) { + /* simply add user at end of string */ + snprintf(authuser, len, "%s%s", Config.icapcfg.auth_scheme, user); + } else { + userofslen = userofs - Config.icapcfg.auth_scheme; + xmemcpy(authuser, Config.icapcfg.auth_scheme, userofslen); + xmemcpy(authuser + userofslen, user, userlen); + xmemcpy(authuser + userofslen + userlen, + userofs + 2, schemelen - (userofslen + 2) + 1); + } + + memBufPrintf(mb, "X-Authenticated-User: %s\r\n", base64_encode(authuser)); + xfree(authuser); +} Index: src/icap_reqmod.c =================================================================== RCS file: /cvsroot/squid/squid/src/Attic/icap_reqmod.c,v retrieving revision 1.1.2.22 diff -u -r1.1.2.22 icap_reqmod.c --- src/icap_reqmod.c 6 Nov 2003 22:26:28 -0000 1.1.2.22 +++ src/icap_reqmod.c 7 Nov 2003 18:38:57 -0000 @@ -288,6 +288,11 @@ request->my_addr = icap->request->my_addr; request->my_port = icap->request->my_port; request->class = icap->request->class; + if (icap->request->auth_user_request != NULL) { + /* Copy authentification info in new request */ + request->auth_user_request = icap->request->auth_user_request; + authenticateAuthUserRequestLock(request->auth_user_request); + } icapReqModInterpretHttpRequest(icap, request); xfree(inbuf); } @@ -609,6 +614,8 @@ memBufAppend(&mb, crlf, 2); if (Config.icapcfg.send_client_ip) memBufPrintf(&mb, "X-Client-IP: %s\r\n", client_addr); + if (Config.icapcfg.send_auth_user && icap->request->auth_user_request != NULL) + icapAddAuthUserHeader(&mb, icap->request->auth_user_request); icap->flags.keep_alive = 1; if (!icap->flags.keep_alive) memBufAppend(&mb, "Connection: close\r\n", 19); Index: src/icap_respmod.c =================================================================== RCS file: /cvsroot/squid/squid/src/Attic/icap_respmod.c,v retrieving revision 1.1.2.19 diff -u -r1.1.2.19 icap_respmod.c --- src/icap_respmod.c 7 Nov 2003 05:52:53 -0000 1.1.2.19 +++ src/icap_respmod.c 7 Nov 2003 18:38:57 -0000 @@ -45,7 +45,8 @@ const char *crlf = "\r\n"; void -getICAPRespModString(MemBuf * mb, int o1, int o2, int o3, char *service, char *client_addr) +getICAPRespModString(MemBuf * mb, int o1, int o2, int o3, char *service, char *client_addr, + IcapStateData * icap) { memBufPrintf(mb, "RESPMOD %s ICAP/1.0\r\nEncapsulated:", service); if (o1 >= 0) @@ -61,6 +62,9 @@ if (Config.icapcfg.send_client_ip) { memBufPrintf(mb, "X-Client-IP: %s\r\n", client_addr); } + if (Config.icapcfg.send_auth_user && icap->request->auth_user_request != NULL) { + icapAddAuthUserHeader(mb, icap->request->auth_user_request); + } #if NOT_YET_FINISHED if (Config.icapcfg.trailers) { memBufPrintf(mb, "X-TE: trailers\r\n"); @@ -127,9 +131,9 @@ icap->respmod.res_body_sz = httpReplyBodySize(icap->request->method, r); httpReplyDestroy(r); if (icap->respmod.res_body_sz) - getICAPRespModString(mb, 0, o2, o3, service->uri, client_addr); + getICAPRespModString(mb, 0, o2, o3, service->uri, client_addr, icap); else - getICAPRespModString(mb, 0, o2, -o3, service->uri, client_addr); + getICAPRespModString(mb, 0, o2, -o3, service->uri, client_addr, icap); if (Config.icapcfg.preview_enable) if (icap->preview_size >= 0) memBufPrintf(mb, "Preview: %d\r\n", icap->preview_size); Index: src/protos.h =================================================================== RCS file: /cvsroot/squid/squid/src/protos.h,v retrieving revision 1.41.6.13.2.18 diff -u -r1.41.6.13.2.18 protos.h --- src/protos.h 4 Nov 2003 18:22:33 -0000 1.41.6.13.2.18 +++ src/protos.h 7 Nov 2003 18:38:58 -0000 @@ -1368,6 +1368,7 @@ int icapParseKeepAlive(const IcapStateData *, const char *, const char *); void icapSetKeepAlive(IcapStateData * icap, const char *hdrs); size_t icapParseChunkedBody(IcapStateData *, STRCB *, void *); +void icapAddAuthUserHeader(MemBuf *, auth_user_request_t *); /* Index: src/structs.h =================================================================== RCS file: /cvsroot/squid/squid/src/structs.h,v retrieving revision 1.48.2.9.2.20 diff -u -r1.48.2.9.2.20 structs.h --- src/structs.h 7 Nov 2003 05:52:53 -0000 1.48.2.9.2.20 +++ src/structs.h 7 Nov 2003 18:38:58 -0000 @@ -383,6 +383,8 @@ icap_access *access_head; int preview_size; int send_client_ip; + int send_auth_user; + char *auth_scheme; }; #endif /* HS_FEAT_ICAP */