[thirdparty/squid.git] / src / auth / User.h

/*
 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#ifndef SQUID_AUTH_USER_H
#define SQUID_AUTH_USER_H

#if USE_AUTH

#include "auth/CredentialState.h"
#include "auth/Type.h"
#include "base/RefCount.h"
#include "dlink.h"
#include "ip/Address.h"
#include "Notes.h"
#include "SBuf.h"

class AuthUserHashPointer;
class StoreEntry;

namespace Auth
{

class Config;

/**
 *  \ingroup AuthAPI
 * This is the main user related structure. It stores user-related data,
 * and is persistent across requests. It can even persist across
 * multiple external authentications. One major benefit of preserving this
 * structure is the cached ACL match results. This structure, is private to
 * the authentication framework.
 */
class User : public RefCountable
{
public:
    typedef RefCount<User> Pointer;

    /* extra fields for proxy_auth */
    /* auth_type and auth_module are deprecated. Do Not add new users of these fields.
     * Aim to remove shortly
     */
    /** \deprecated this determines what scheme owns the user data. */
    Auth::Type auth_type;
    /** the config for this user */
    Auth::Config *config;
    dlink_list proxy_match_cache;
    size_t ipcount;
    long expiretime;

    /// list of key=value pairs the helper produced
    NotePairs notes;

public:
    static void cacheInit();
    static void CachedACLsReset();
    static SBuf BuildUserKey(const char *username, const char *realm);

    void absorb(Auth::User::Pointer from);
    virtual ~User();
    char const *username() const { return username_; }
    void username(char const *);

    const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : username_;}

    /**
     * How long these credentials are still valid for.
     * Negative numbers means already expired.
     */
    virtual int32_t ttl() const = 0;

    /* Manage list of IPs using this username */
    void clearIp();
    void removeIp(Ip::Address);
    void addIp(Ip::Address);

    void addToNameCache();
    static void UsernameCacheStats(StoreEntry * output);

    CredentialState credentials() const;
    void credentials(CredentialState);

private:
    /**
     * The current state these credentials are in:
     *   Unchecked
     *   Authenticated
     *   Pending helper result
     *   Handshake happening in stateful auth.
     *   Failed auth
     */
    CredentialState credentials_state;

protected:
    User(Auth::Config *, const char *requestRealm);

private:
    /**
     * Garbage Collection for the username cache.
     */
    static void cacheCleanup(void *unused);
    static time_t last_discard; /// Time of last username cache garbage collection.

    /**
     * DPW 2007-05-08
     * The username_ memory will be allocated via
     * xstrdup().  It is our responsibility.
     */
    const char *username_;

    /**
     * A realm for the user depending on request, designed to identify users,
     * with the same username and different authentication domains.
     */
    SBuf requestRealm_;

    /**
     * A Unique key for the user, consist by username and requestRealm_
     */
    SBuf userKey_;

    /** what ip addresses has this user been seen at?, plus a list length cache */
    dlink_list ip_list;
};

} // namespace Auth

#endif /* USE_AUTH */
#endif /* SQUID_AUTH_USER_H */
Commit	Line	Data
f5691f9c	1	/*
bde978a6	2	* Copyright (C) 1996-2015 The Squid Software Foundation and contributors
f5691f9c	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
f5691f9c	7	*/
f5691f9c	8
d87154ee AJ	9	#ifndef SQUID_AUTH_USER_H
d87154ee AJ	10	#define SQUID_AUTH_USER_H
f5691f9c	11
2f1431ea AJ	12	#if USE_AUTH
2f1431ea AJ	13
d87154ee	14	#include "auth/CredentialState.h"
616cfc4c	15	#include "auth/Type.h"
8bf217bd	16	#include "base/RefCount.h"
56a49fda	17	#include "dlink.h"
80617cbd	18	#include "ip/Address.h"
71e7400c	19	#include "Notes.h"
d4806c91	20	#include "SBuf.h"
a33a428a	21
e1f7507e	22	class AuthUserHashPointer;
56a49fda	23	class StoreEntry;
9554bbf2	24
9f3d2b2e AJ	25	namespace Auth
9f3d2b2e AJ	26	{
d87154ee	27
9f3d2b2e	28	class Config;
9f3d2b2e	29
63be0a78	30	/**
	31	* \ingroup AuthAPI
	32	* This is the main user related structure. It stores user-related data,
	33	* and is persistent across requests. It can even persist across
	34	* multiple external authentications. One major benefit of preserving this
	35	* structure is the cached ACL match results. This structure, is private to
	36	* the authentication framework.
	37	*/
d87154ee	38	class User : public RefCountable
f5691f9c	39	{
f5691f9c	40	public:
d87154ee	41	typedef RefCount<User> Pointer;
56a49fda	42
f5691f9c	43	/* extra fields for proxy_auth */
	44	/* auth_type and auth_module are deprecated. Do Not add new users of these fields.
	45	* Aim to remove shortly
	46	*/
63be0a78	47	/** \deprecated this determines what scheme owns the user data. */
616cfc4c	48	Auth::Type auth_type;
63be0a78	49	/** the config for this user */
9f3d2b2e	50	Auth::Config *config;
f5691f9c	51	dlink_list proxy_match_cache;
f5691f9c	52	size_t ipcount;
f5691f9c	53	long expiretime;
f5691f9c	54
71e7400c AJ	55	/// list of key=value pairs the helper produced
	56	NotePairs notes;
	57
d87154ee	58	public:
e1f7507e	59	static void cacheInit();
f5691f9c	60	static void CachedACLsReset();
d4806c91	61	static SBuf BuildUserKey(const char username, const char realm);
f5691f9c	62
d87154ee AJ	63	void absorb(Auth::User::Pointer from);
d87154ee AJ	64	virtual ~User();
32113576 FC	65	char const *username() const { return username_; }
32113576 FC	66	void username(char const *);
ea0695f2	67
d4806c91 CT	68	const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : username_;}
d4806c91 CT	69
56a49fda AJ	70	/**
	71	* How long these credentials are still valid for.
	72	* Negative numbers means already expired.
	73	*/
	74	virtual int32_t ttl() const = 0;
	75
ea0695f2	76	/* Manage list of IPs using this username */
f5691f9c	77	void clearIp();
b7ac5457 AJ	78	void removeIp(Ip::Address);
b7ac5457 AJ	79	void addIp(Ip::Address);
ea0695f2	80
f5691f9c	81	void addToNameCache();
56a49fda	82	static void UsernameCacheStats(StoreEntry * output);
f5691f9c	83
d87154ee AJ	84	CredentialState credentials() const;
d87154ee AJ	85	void credentials(CredentialState);
d232141d AJ	86
	87	private:
	88	/**
	89	* The current state these credentials are in:
	90	* Unchecked
	91	* Authenticated
	92	* Pending helper result
	93	* Handshake happening in stateful auth.
	94	* Failed auth
	95	*/
d87154ee	96	CredentialState credentials_state;
d232141d	97
f5691f9c	98	protected:
d4806c91	99	User(Auth::Config , const char requestRealm);
f5691f9c	100
f5691f9c	101	private:
af70c154 AJ	102	/**
	103	* Garbage Collection for the username cache.
	104	*/
ea0695f2	105	static void cacheCleanup(void *unused);
af70c154	106	static time_t last_discard; /// Time of last username cache garbage collection.
f5691f9c	107
63be0a78	108	/**
3f5f1a01	109	* DPW 2007-05-08
	110	* The username_ memory will be allocated via
	111	* xstrdup(). It is our responsibility.
	112	*/
25f98340	113	const char *username_;
4c19ba24	114
d4806c91 CT	115	/**
	116	* A realm for the user depending on request, designed to identify users,
	117	* with the same username and different authentication domains.
	118	*/
	119	SBuf requestRealm_;
	120
	121	/**
	122	* A Unique key for the user, consist by username and requestRealm_
	123	*/
	124	SBuf userKey_;
	125
63be0a78	126	/** what ip addresses has this user been seen at?, plus a list length cache */
4c19ba24	127	dlink_list ip_list;
f5691f9c	128	};
f5691f9c	129
d87154ee	130	} // namespace Auth
d232141d	131
2f1431ea	132	#endif /* USE_AUTH */
d87154ee	133	#endif /* SQUID_AUTH_USER_H */
f53969cc	134