From 35122576f41731a56d04dbb8c83ad7a67d69cb79 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Wed, 26 Oct 2016 08:01:25 +0200 Subject: [PATCH] proxy: allow alt auth framework config file We fall back to the local authentication if not found. PR: https://github.com/opnsense/plugins/issues/43 --- plist | 1 + .../service/templates/OPNsense/Proxy/squid.conf | 14 +------------- .../OPNsense/Proxy/squid.user.local_auth.conf | 13 +++++++++++++ 3 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 src/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf diff --git a/plist b/plist index 407b6a5b1..db8bf02bd 100644 --- a/plist +++ b/plist @@ -674,6 +674,7 @@ /usr/local/opnsense/service/templates/OPNsense/Proxy/rc.conf.d /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf /usr/local/opnsense/service/templates/OPNsense/Proxy/squid.conf +/usr/local/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf /usr/local/opnsense/service/templates/OPNsense/Sample/+TARGETS /usr/local/opnsense/service/templates/OPNsense/Sample/example_config.txt /usr/local/opnsense/service/templates/OPNsense/Sample/example_parent.txt diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf index e58e95045..398148210 100644 --- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf +++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf @@ -255,19 +255,7 @@ icap_enable off # Authentication Settings {% if helpers.exists('OPNsense.proxy.forward.authentication.method') and OPNsense.proxy.forward.authentication.method != '' %} -# Configure Local User Authentication helper -auth_param basic program /usr/local/etc/inc/squid.auth-user.php -{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %} -auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}} -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %} -auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours -{% endif %} -{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %} -auth_param basic children {{OPNsense.proxy.forward.authentication.children}} -{% endif %} -# ACL - Local Authorized Users - local_auth -acl local_auth proxy_auth REQUIRED +{% include ['OPNsense/Proxy/squid.user.alt_auth.conf', 'OPNsense/Proxy/squid.user.local_auth.conf'] %} {% endif %} {% include "OPNsense/Proxy/squid.user.pre_auth.conf" ignore missing with context %} diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf new file mode 100644 index 000000000..0192325ac --- /dev/null +++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.user.local_auth.conf @@ -0,0 +1,13 @@ +# Configure Local User Authentication helper +auth_param basic program /usr/local/etc/inc/squid.auth-user.php +{% if helpers.exists('OPNsense.proxy.forward.authentication.realm') %} +auth_param basic realm {{OPNsense.proxy.forward.authentication.realm}} +{% endif %} +{% if helpers.exists('OPNsense.proxy.forward.authentication.credentialsttl') %} +auth_param basic credentialsttl {{OPNsense.proxy.forward.authentication.credentialsttl}} hours +{% endif %} +{% if helpers.exists('OPNsense.proxy.forward.authentication.children') %} +auth_param basic children {{OPNsense.proxy.forward.authentication.children}} +{% endif %} +# ACL - Local Authorized Users - local_auth +acl local_auth proxy_auth REQUIRED