[thirdparty/squid.git] / src / auth / SchemeConfig.h

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_SRC_AUTH_SCHEMECONFIG_H
#define SQUID_SRC_AUTH_SCHEMECONFIG_H

#if USE_AUTH

#include "AccessLogEntry.h"
#include "auth/forward.h"
#include "auth/UserRequest.h"
#include "helper/ChildConfig.h"

class StoreEntry;
class HttpReply;
class HttpRequest;
class wordlist;

/* for Http::HdrType parameters-by-value */
#include "HttpHeader.h"

namespace Format
{
class Format;
}

namespace Auth
{

/**
 * \ingroup AuthAPI
 * \par
 * I am the configuration for an auth scheme.
 * Currently each scheme has only one instance of me,
 * but this may change.
 * \par
 * This class is treated like a ref counted class.
 * If the children ever stop being singletons, implement the
 * ref counting...
 */
class SchemeConfig
{

public:
    static UserRequest::Pointer CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al);

    static SchemeConfig *Find(const char *proxy_auth);
    /// Call this method if you need a guarantee that all auth schemes has been
    /// already configured.
    static SchemeConfig *GetParsed(const char *proxy_auth);
    SchemeConfig() : authenticateChildren(20) {}

    virtual ~SchemeConfig() {}

    /**
     * Used by squid to determine whether the auth module has successfully initialised itself with the current configuration.
     *
     \retval true   Authentication Module loaded and running.
     \retval false  No Authentication Module loaded.
     */
    virtual bool active() const = 0;

    /**
     * new decode API: virtual factory pattern
     \par
     * Responsible for decoding the passed authentication header, creating or
     * linking to a AuthUser object and for storing any needed details to complete
     * authentication in Auth::UserRequest::authenticate().
     *
     \param proxy_auth  Login Pattern to parse.
     \retval *      Details needed to authenticate.
     */
    virtual UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm) = 0;

    /**
     * squid is finished with this config, release any unneeded resources.
     * If a singleton, delete will not occur. if not a singleton (future),
     * delete will occur when no references are held.
     *
     \todo we need a 'done for reconfigure' and a 'done permanently' concept.
     */
    virtual void done();

    /**
     * The configured function is used to see if the auth module has been given valid
     * parameters and is able to handle authentication requests.
     *
     \retval true   Authentication Module configured ready for use.
     \retval false  Not configured or Configuration Error.
     *          No other module functions except Shutdown/Dump/Parse/FreeConfig will be called by Squid.
     */
    virtual bool configured() const = 0;

    /**
     * Shutdown just the auth helpers.
     * For use by log rotate etc. where auth needs to stay running, with the helpers restarted.
     */
    virtual void rotateHelpers(void) = 0;

    /**
     * Responsible for writing to the StoreEntry the configuration parameters that a user
     * would put in a config file to recreate the running configuration.
     * Returns whether the scheme is configured.
     */
    virtual bool dump(StoreEntry *, const char *, SchemeConfig *) const;

    /** add headers as needed when challenging for auth */
    virtual void fixHeader(UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *) = 0;

    /** prepare to handle requests */
    virtual void init(SchemeConfig *) = 0;

    /** expose any/all statistics to a CacheManager */
    virtual void registerWithCacheManager(void);

    /** parse config options */
    virtual void parse(SchemeConfig *, int, char *);

    /** the http string id */
    virtual const char * type() const = 0;

public:
    Helper::ChildConfig authenticateChildren;
    wordlist *authenticateProgram = nullptr; ///< Helper program to run, includes all parameters
    String keyExtrasLine;  ///< The format of the request to the auth helper
    Format::Format *keyExtras = nullptr; ///< The compiled request format
    int keep_alive = 1; ///< whether to close the connection on auth challenges. default: on
    int utf8 = 0; ///< wheter to accept UTF-8 characterset instead of ASCII. default: off

protected:
    /// RFC 7235 section 2.2 - Protection Space (Realm)
    SBuf realm;
};

} // namespace Auth

#endif /* USE_AUTH */
#endif /* SQUID_SRC_AUTH_SCHEMECONFIG_H */
Commit	Line	Data
f5691f9c	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
f5691f9c	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
f5691f9c	7	*/
bbc27441	8
dc79fed8 AJ	9	#ifndef SQUID_SRC_AUTH_SCHEMECONFIG_H
dc79fed8 AJ	10	#define SQUID_SRC_AUTH_SCHEMECONFIG_H
f5691f9c	11
2f1431ea AJ	12	#if USE_AUTH
2f1431ea AJ	13
d4806c91	14	#include "AccessLogEntry.h"
dc79fed8	15	#include "auth/forward.h"
a33a428a	16	#include "auth/UserRequest.h"
76d9b994	17	#include "helper/ChildConfig.h"
a33a428a	18
e1f7507e AJ	19	class StoreEntry;
	20	class HttpReply;
	21	class HttpRequest;
ea0695f2	22	class wordlist;
e1f7507e	23
789217a2	24	/* for Http::HdrType parameters-by-value */
e1f7507e AJ	25	#include "HttpHeader.h"
e1f7507e AJ	26
d4806c91 CT	27	namespace Format
d4806c91 CT	28	{
86c63190	29	class Format;
d4806c91 CT	30	}
d4806c91 CT	31
9f3d2b2e AJ	32	namespace Auth
9f3d2b2e AJ	33	{
e1f7507e AJ	34
e1f7507e AJ	35	/**
9f3d2b2e AJ	36	* \ingroup AuthAPI
9f3d2b2e AJ	37	* \par
f5691f9c	38	* I am the configuration for an auth scheme.
	39	* Currently each scheme has only one instance of me,
	40	* but this may change.
9f3d2b2e	41	* \par
e1f7507e	42	* This class is treated like a ref counted class.
f5691f9c	43	* If the children ever stop being singletons, implement the
	44	* ref counting...
	45	*/
dc79fed8	46	class SchemeConfig
f5691f9c	47	{
	48
	49	public:
d4806c91	50	static UserRequest::Pointer CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al);
f5691f9c	51
dc79fed8	52	static SchemeConfig Find(const char proxy_auth);
5bfc3dbd EB	53	/// Call this method if you need a guarantee that all auth schemes has been
5bfc3dbd EB	54	/// already configured.
dc79fed8	55	static SchemeConfig GetParsed(const char proxy_auth);
b2b09838	56	SchemeConfig() : authenticateChildren(20) {}
f5691f9c	57
dc79fed8	58	virtual ~SchemeConfig() {}
f5691f9c	59
63be0a78	60	/**
	61	* Used by squid to determine whether the auth module has successfully initialised itself with the current configuration.
	62	*
f53969cc SM	63	\retval true Authentication Module loaded and running.
f53969cc SM	64	\retval false No Authentication Module loaded.
63be0a78	65	*/
f5691f9c	66	virtual bool active() const = 0;
63be0a78	67
	68	/**
	69	* new decode API: virtual factory pattern
	70	\par
	71	* Responsible for decoding the passed authentication header, creating or
	72	* linking to a AuthUser object and for storing any needed details to complete
c7baff40	73	* authentication in Auth::UserRequest::authenticate().
63be0a78	74	*
f53969cc SM	75	\param proxy_auth Login Pattern to parse.
f53969cc SM	76	\retval * Details needed to authenticate.
63be0a78	77	*/
d4806c91	78	virtual UserRequest::Pointer decode(char const proxy_auth, const char requestRealm) = 0;
63be0a78	79
	80	/**
	81	* squid is finished with this config, release any unneeded resources.
f5691f9c	82	* If a singleton, delete will not occur. if not a singleton (future),
f5691f9c	83	* delete will occur when no references are held.
63be0a78	84	*
63be0a78	85	\todo we need a 'done for reconfigure' and a 'done permanently' concept.
f5691f9c	86	*/
d4806c91	87	virtual void done();
63be0a78	88
	89	/**
	90	* The configured function is used to see if the auth module has been given valid
	91	* parameters and is able to handle authentication requests.
	92	*
f53969cc SM	93	\retval true Authentication Module configured ready for use.
	94	\retval false Not configured or Configuration Error.
	95	* No other module functions except Shutdown/Dump/Parse/FreeConfig will be called by Squid.
63be0a78	96	*/
f5691f9c	97	virtual bool configured() const = 0;
63be0a78	98
0bcb6908 AJ	99	/**
	100	* Shutdown just the auth helpers.
	101	* For use by log rotate etc. where auth needs to stay running, with the helpers restarted.
	102	*/
	103	virtual void rotateHelpers(void) = 0;
	104
63be0a78	105	/**
	106	* Responsible for writing to the StoreEntry the configuration parameters that a user
	107	* would put in a config file to recreate the running configuration.
3616c90c	108	* Returns whether the scheme is configured.
63be0a78	109	*/
dc79fed8	110	virtual bool dump(StoreEntry , const char , SchemeConfig *) const;
63be0a78	111
63be0a78	112	/** add headers as needed when challenging for auth */
789217a2	113	virtual void fixHeader(UserRequest::Pointer, HttpReply , Http::HdrType, HttpRequest ) = 0;
9f3d2b2e	114
63be0a78	115	/** prepare to handle requests */
dc79fed8	116	virtual void init(SchemeConfig *) = 0;
9f3d2b2e	117
63be0a78	118	/** expose any/all statistics to a CacheManager */
15fab853	119	virtual void registerWithCacheManager(void);
9f3d2b2e	120
63be0a78	121	/** parse config options */
dc79fed8	122	virtual void parse(SchemeConfig , int, char );
9f3d2b2e	123
63be0a78	124	/** the http string id */
f5691f9c	125	virtual const char * type() const = 0;
ea0695f2 AJ	126
ea0695f2 AJ	127	public:
76d9b994	128	Helper::ChildConfig authenticateChildren;
b2b09838	129	wordlist *authenticateProgram = nullptr; ///< Helper program to run, includes all parameters
d4806c91	130	String keyExtrasLine; ///< The format of the request to the auth helper
b2b09838 AJ	131	Format::Format *keyExtras = nullptr; ///< The compiled request format
	132	int keep_alive = 1; ///< whether to close the connection on auth challenges. default: on
	133	int utf8 = 0; ///< wheter to accept UTF-8 characterset instead of ASCII. default: off
ec980001 AJ	134
	135	protected:
	136	/// RFC 7235 section 2.2 - Protection Space (Realm)
	137	SBuf realm;
f5691f9c	138	};
f5691f9c	139
e5519212	140	} // namespace Auth
5817ee13	141
2f1431ea	142	#endif /* USE_AUTH */
dc79fed8	143	#endif /* SQUID_SRC_AUTH_SCHEMECONFIG_H */
f53969cc	144