Added support for username handling when URL requests are submitted v…

…ia Websense v4 from Cisco ASA using user-identity (Identity Firwall)
jeroennijhof · Aug 3, 2013 · d72d7ab · d72d7ab
1 parent 7ef78b8
commit d72d7ab
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 2 deletions.
diff --git a/n2h2.c b/n2h2.c
@@ -57,7 +57,7 @@ void n2h2_deny(int fd, struct n2h2_req *n2h2_request, char *redirect_url) {
 }
 
 struct uf_request n2h2_validate(struct n2h2_req *n2h2_request, int msgsize) {
-    struct uf_request request = { 0, {0}, {0}, "" };
+    struct uf_request request = { 0, {0}, {0}, "", "" };
     struct in_addr srcip, dstip;
     int i;
 

diff --git a/squidguard.c b/squidguard.c
@@ -70,6 +70,11 @@ int squidguard_closefd(FILE *sg_fd[2]) {
 int squidguard_backend(FILE *sg_fd[2], char srcip[15], char url[URL_SIZE], int debug) {
     char redirect_url[URL_SIZE];
 
+    if (debug > 2)
+    {
+	syslog(LOG_INFO, "squidguard: url check using IP only: %s for url %s", srcip, url);
+    }
+
     if (sg_fd[1] == NULL) {
         syslog(LOG_WARNING, "squidguard: could not open fd for input.");
         return 0;
@@ -96,3 +101,36 @@ int squidguard_backend(FILE *sg_fd[2], char srcip[15], char url[URL_SIZE], int d
     return 0;
 }
 
+int squidguard_backend_uid(FILE *sg_fd[2], char srcip[15], char srcusr[URL_SIZE], char url[URL_SIZE], int debug) {
+    char redirect_url[URL_SIZE];
+
+    if (debug > 2)
+    {
+        syslog(LOG_INFO, "squidguard: url check using IP and Username : IP: %s User: %s for url %s", srcip, srcusr, url);
+	syslog(LOG_INFO, "squidguard input: %s %s/ %s - GET\n", url, srcip, srcusr);
+    }
+
+    if (sg_fd[1] == NULL) {
+        syslog(LOG_WARNING, "squidguard: could not open fd for input.");
+        return 0;
+    }
+    fprintf(sg_fd[1], "%s %s/ %s - GET\n", url, srcip, srcusr);
+    fflush(sg_fd[1]);
+
+    if (sg_fd[0] == NULL) {
+        syslog(LOG_WARNING, "squidguard: could not open fd for output.");
+        return 0;
+    }
+    while (fgets(redirect_url, URL_SIZE, sg_fd[0]) != NULL) {
+        if (strlen(redirect_url) > 2) {
+            if (debug > 0)
+                syslog(LOG_INFO, "squidguard: url blocked.");
+            return 1;
+        }
+        if (debug > 0)
+            syslog(LOG_INFO, "squidguard: url accepted.");
+        return 0;
+    }
+    return 0;
+}
+
diff --git a/squidguard.h b/squidguard.h
@@ -9,4 +9,4 @@
 extern int squidguard_getfd(FILE *sg_fd[2]);
 extern int squidguard_closefd(FILE *sg_fd[2]);
 extern int squidguard_backend(FILE *sg_fd[2], char srcip[15], char url[URL_SIZE], int debug);
-
+extern int squidguard_backend_uid(FILE *sg_fd[2], char srcip[15], char srcusr[URL_SIZE], char url[URL_SIZE], int debug);