]>
Commit | Line | Data |
---|---|---|
f5691f9c | 1 | /* |
bde978a6 | 2 | * Copyright (C) 1996-2015 The Squid Software Foundation and contributors |
f5691f9c | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
f5691f9c | 7 | */ |
8 | ||
d87154ee AJ |
9 | #ifndef SQUID_AUTH_USER_H |
10 | #define SQUID_AUTH_USER_H | |
f5691f9c | 11 | |
2f1431ea AJ |
12 | #if USE_AUTH |
13 | ||
d87154ee | 14 | #include "auth/CredentialState.h" |
616cfc4c | 15 | #include "auth/Type.h" |
8bf217bd | 16 | #include "base/RefCount.h" |
56a49fda | 17 | #include "dlink.h" |
80617cbd | 18 | #include "ip/Address.h" |
71e7400c | 19 | #include "Notes.h" |
d4806c91 | 20 | #include "SBuf.h" |
a33a428a | 21 | |
e1f7507e | 22 | class AuthUserHashPointer; |
56a49fda | 23 | class StoreEntry; |
9554bbf2 | 24 | |
9f3d2b2e AJ |
25 | namespace Auth |
26 | { | |
d87154ee | 27 | |
9f3d2b2e | 28 | class Config; |
9f3d2b2e | 29 | |
63be0a78 | 30 | /** |
31 | * \ingroup AuthAPI | |
32 | * This is the main user related structure. It stores user-related data, | |
33 | * and is persistent across requests. It can even persist across | |
34 | * multiple external authentications. One major benefit of preserving this | |
35 | * structure is the cached ACL match results. This structure, is private to | |
36 | * the authentication framework. | |
37 | */ | |
d87154ee | 38 | class User : public RefCountable |
f5691f9c | 39 | { |
f5691f9c | 40 | public: |
d87154ee | 41 | typedef RefCount<User> Pointer; |
56a49fda | 42 | |
f5691f9c | 43 | /* extra fields for proxy_auth */ |
44 | /* auth_type and auth_module are deprecated. Do Not add new users of these fields. | |
45 | * Aim to remove shortly | |
46 | */ | |
63be0a78 | 47 | /** \deprecated this determines what scheme owns the user data. */ |
616cfc4c | 48 | Auth::Type auth_type; |
63be0a78 | 49 | /** the config for this user */ |
9f3d2b2e | 50 | Auth::Config *config; |
f5691f9c | 51 | dlink_list proxy_match_cache; |
f5691f9c | 52 | size_t ipcount; |
53 | long expiretime; | |
f5691f9c | 54 | |
71e7400c AJ |
55 | /// list of key=value pairs the helper produced |
56 | NotePairs notes; | |
57 | ||
d87154ee | 58 | public: |
e1f7507e | 59 | static void cacheInit(); |
f5691f9c | 60 | static void CachedACLsReset(); |
d4806c91 | 61 | static SBuf BuildUserKey(const char *username, const char *realm); |
f5691f9c | 62 | |
d87154ee AJ |
63 | void absorb(Auth::User::Pointer from); |
64 | virtual ~User(); | |
32113576 FC |
65 | char const *username() const { return username_; } |
66 | void username(char const *); | |
ea0695f2 | 67 | |
d4806c91 CT |
68 | const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : username_;} |
69 | ||
56a49fda AJ |
70 | /** |
71 | * How long these credentials are still valid for. | |
72 | * Negative numbers means already expired. | |
73 | */ | |
74 | virtual int32_t ttl() const = 0; | |
75 | ||
ea0695f2 | 76 | /* Manage list of IPs using this username */ |
f5691f9c | 77 | void clearIp(); |
b7ac5457 AJ |
78 | void removeIp(Ip::Address); |
79 | void addIp(Ip::Address); | |
ea0695f2 | 80 | |
f5691f9c | 81 | void addToNameCache(); |
56a49fda | 82 | static void UsernameCacheStats(StoreEntry * output); |
f5691f9c | 83 | |
d87154ee AJ |
84 | CredentialState credentials() const; |
85 | void credentials(CredentialState); | |
d232141d AJ |
86 | |
87 | private: | |
88 | /** | |
89 | * The current state these credentials are in: | |
90 | * Unchecked | |
91 | * Authenticated | |
92 | * Pending helper result | |
93 | * Handshake happening in stateful auth. | |
94 | * Failed auth | |
95 | */ | |
d87154ee | 96 | CredentialState credentials_state; |
d232141d | 97 | |
f5691f9c | 98 | protected: |
d4806c91 | 99 | User(Auth::Config *, const char *requestRealm); |
f5691f9c | 100 | |
101 | private: | |
af70c154 AJ |
102 | /** |
103 | * Garbage Collection for the username cache. | |
104 | */ | |
ea0695f2 | 105 | static void cacheCleanup(void *unused); |
af70c154 | 106 | static time_t last_discard; /// Time of last username cache garbage collection. |
f5691f9c | 107 | |
63be0a78 | 108 | /** |
3f5f1a01 | 109 | * DPW 2007-05-08 |
110 | * The username_ memory will be allocated via | |
111 | * xstrdup(). It is our responsibility. | |
112 | */ | |
25f98340 | 113 | const char *username_; |
4c19ba24 | 114 | |
d4806c91 CT |
115 | /** |
116 | * A realm for the user depending on request, designed to identify users, | |
117 | * with the same username and different authentication domains. | |
118 | */ | |
119 | SBuf requestRealm_; | |
120 | ||
121 | /** | |
122 | * A Unique key for the user, consist by username and requestRealm_ | |
123 | */ | |
124 | SBuf userKey_; | |
125 | ||
63be0a78 | 126 | /** what ip addresses has this user been seen at?, plus a list length cache */ |
4c19ba24 | 127 | dlink_list ip_list; |
f5691f9c | 128 | }; |
129 | ||
d87154ee | 130 | } // namespace Auth |
d232141d | 131 | |
2f1431ea | 132 | #endif /* USE_AUTH */ |
d87154ee | 133 | #endif /* SQUID_AUTH_USER_H */ |
f53969cc | 134 |