[thirdparty/squid.git] / src / authenticate.cc


/*
 * $Id$
 *
 * DEBUG: section 29    Authenticator
 * AUTHOR:  Robert Collins
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

/* The functions in this file handle authentication.
 * They DO NOT perform access control or auditing.
 * See acl.c for access control and client_side.c for auditing */

#include "squid.h"
#include "authenticate.h"
#include "ACL.h"
#include "client_side.h"
#include "AuthConfig.h"
#include "AuthScheme.h"
#include "AuthUser.h"
#include "HttpReply.h"
#include "HttpRequest.h"

/**** PUBLIC FUNCTIONS (ALL GENERIC!)  ****/

int
authenticateActiveSchemeCount(void)
{
    int rv = 0;

    for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i)
        if ((*i)->configured())
            ++rv;

    debugs(29, 9, "authenticateActiveSchemeCount: " << rv << " active.");

    return rv;
}

int
authenticateSchemeCount(void)
{
    int rv = AuthScheme::Schemes().size();

    debugs(29, 9, "authenticateSchemeCount: " << rv << " active.");

    return rv;
}

static void
authenticateRegisterWithCacheManager(authConfig * config)
{
    for (authConfig::iterator i = config->begin(); i != config->end(); ++i) {
        AuthConfig *scheme = *i;
        scheme->registerWithCacheManager();
    }
}

void
authenticateInit(authConfig * config)
{
    for (authConfig::iterator i = config->begin(); i != config->end(); ++i) {
        AuthConfig *scheme = *i;

        if (scheme->configured())
            scheme->init(scheme);
    }

    if (!proxy_auth_username_cache)
        AuthUser::cacheInit();
    else
        AuthUser::CachedACLsReset();

    authenticateRegisterWithCacheManager(&Config.authConfiguration);
}

void
authenticateShutdown(void)
{
    debugs(29, 2, "authenticateShutdown: shutting down auth schemes");
    /* free the cache if we are shutting down */

    if (shutting_down) {
        hashFreeItems(proxy_auth_username_cache, AuthUserHashPointer::removeFromCache);
        AuthScheme::FreeAll();
    } else {
        for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i)
            (*i)->done();
    }
}

/**
 \retval 0 not in use
 \retval ? in use
 */
int
authenticateAuthUserInuse(AuthUser * auth_user)
{
    assert(auth_user != NULL);
    return auth_user->references;
}

void
authenticateAuthUserMerge(AuthUser * from, AuthUser * to)
{
    to->absorb (from);
}

/**
 * Cleans all config-dependent data from the auth_user cache.
 \note It DOES NOT Flush the user cache.
 */
void
authenticateUserCacheRestart(void)
{
    AuthUserHashPointer *usernamehash;
    AuthUser *auth_user;
    debugs(29, 3, HERE << "Clearing config dependent cache data.");
    hash_first(proxy_auth_username_cache);

    while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
        auth_user = usernamehash->user();
        debugs(29, 5, "authenticateUserCacheRestat: Clearing cache ACL results for user: " << auth_user->username());
    }
}


void
AuthUserHashPointer::removeFromCache(void *usernamehash_p)
{
    AuthUserHashPointer *usernamehash = static_cast<AuthUserHashPointer *>(usernamehash_p);
    AuthUser *auth_user = usernamehash->auth_user;

    if ((authenticateAuthUserInuse(auth_user) - 1))
        debugs(29, 1, "AuthUserHashPointer::removeFromCache: entry in use - not freeing");

    auth_user->unlock();

    /** \todo change behaviour - we remove from the auth user list here, and then unlock, and the
     * delete ourselves.
     */
}

AuthUserHashPointer::AuthUserHashPointer(AuthUser * anAuth_user):
        auth_user(anAuth_user)
{
    key = (void *)anAuth_user->username();
    next = NULL;
    hash_join(proxy_auth_username_cache, (hash_link *) this);

    /** lock for presence in the cache */
    auth_user->lock();
}

AuthUser *
AuthUserHashPointer::user() const
{
    return auth_user;
}
Commit	Line	Data
1d620765	1
1d620765	2	/*
262a0e14	3	* $Id$
1d620765	4	*
1d620765	5	* DEBUG: section 29 Authenticator
e6ccf245	6	* AUTHOR: Robert Collins
1d620765	7	*
2b6662ba	8	* SQUID Web Proxy Cache http://www.squid-cache.org/
1d620765	9	* ----------------------------------------------------------
1d620765	10	*
2b6662ba	11	* Squid is the result of efforts by numerous individuals from
	12	* the Internet community; see the CONTRIBUTORS file for full
	13	* details. Many organizations have provided support for Squid's
	14	* development; see the SPONSORS file for full details. Squid is
	15	* Copyrighted (C) 2001 by the Regents of the University of
	16	* California; see the COPYRIGHT file for full details. Squid
	17	* incorporates software developed and/or copyrighted by other
	18	* sources; see the CREDITS file for full details.
1d620765	19	*
	20	* This program is free software; you can redistribute it and/or modify
	21	* it under the terms of the GNU General Public License as published by
	22	* the Free Software Foundation; either version 2 of the License, or
	23	* (at your option) any later version.
26ac0430	24	*
1d620765	25	* This program is distributed in the hope that it will be useful,
	26	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	27	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	28	* GNU General Public License for more details.
26ac0430	29	*
1d620765	30	* You should have received a copy of the GNU General Public License
	31	* along with this program; if not, write to the Free Software
	32	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	33	*
	34	*/
	35
94439e4e	36	/* The functions in this file handle authentication.
	37	* They DO NOT perform access control or auditing.
	38	* See acl.c for access control and client_side.c for auditing */
1d620765	39
94439e4e	40	#include "squid.h"
e6ccf245	41	#include "authenticate.h"
8000a965	42	#include "ACL.h"
a46d2c0e	43	#include "client_side.h"
f5691f9c	44	#include "AuthConfig.h"
	45	#include "AuthScheme.h"
	46	#include "AuthUser.h"
924f73bc	47	#include "HttpReply.h"
a2ac85d9	48	#include "HttpRequest.h"
1d620765	49
94439e4e	50	/** PUBLIC FUNCTIONS (ALL GENERIC!) **/
1d620765	51
94439e4e	52	int
2d72d4fd	53	authenticateActiveSchemeCount(void)
94439e4e	54	{
f5691f9c	55	int rv = 0;
62e76326	56
f5691f9c	57	for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i)
	58	if ((*i)->configured())
	59	++rv;
62e76326	60
bf8fe701	61	debugs(29, 9, "authenticateActiveSchemeCount: " << rv << " active.");
62e76326	62
94439e4e	63	return rv;
	64	}
	65
	66	int
2d72d4fd	67	authenticateSchemeCount(void)
94439e4e	68	{
f5691f9c	69	int rv = AuthScheme::Schemes().size();
62e76326	70
bf8fe701	71	debugs(29, 9, "authenticateSchemeCount: " << rv << " active.");
62e76326	72
94439e4e	73	return rv;
	74	}
	75
5acc9f37 FC	76	static void
	77	authenticateRegisterWithCacheManager(authConfig * config)
	78	{
	79	for (authConfig::iterator i = config->begin(); i != config->end(); ++i) {
	80	AuthConfig scheme = i;
	81	scheme->registerWithCacheManager();
	82	}
	83	}
	84
94439e4e	85	void
	86	authenticateInit(authConfig * config)
	87	{
f5691f9c	88	for (authConfig::iterator i = config->begin(); i != config->end(); ++i) {
f5691f9c	89	AuthConfig scheme = i;
62e76326	90
f5691f9c	91	if (scheme->configured())
f5691f9c	92	scheme->init(scheme);
1d620765	93	}
62e76326	94
94439e4e	95	if (!proxy_auth_username_cache)
62e76326	96	AuthUser::cacheInit();
	97	else
	98	AuthUser::CachedACLsReset();
6fdc2d18 FC	99
6fdc2d18 FC	100	authenticateRegisterWithCacheManager(&Config.authConfiguration);
c623f072	101	}
c623f072	102
1d620765	103	void
74addf6c	104	authenticateShutdown(void)
1d620765	105	{
bf8fe701	106	debugs(29, 2, "authenticateShutdown: shutting down auth schemes");
c623f072	107	/* free the cache if we are shutting down */
62e76326	108
f5691f9c	109	if (shutting_down) {
62e76326	110	hashFreeItems(proxy_auth_username_cache, AuthUserHashPointer::removeFromCache);
f5691f9c	111	AuthScheme::FreeAll();
94439e4e	112	} else {
f5691f9c	113	for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i)
f5691f9c	114	(*i)->done();
94439e4e	115	}
e6ccf245	116	}
e6ccf245	117
e1f7507e AJ	118	/**
	119	\retval 0 not in use
	120	\retval ? in use
	121	*/
94439e4e	122	int
e1f7507e	123	authenticateAuthUserInuse(AuthUser * auth_user)
94439e4e	124	{
	125	assert(auth_user != NULL);
	126	return auth_user->references;
	127	}
	128
e6ccf245	129	void
e1f7507e	130	authenticateAuthUserMerge(AuthUser * from, AuthUser * to)
62e76326	131	{
e6ccf245	132	to->absorb (from);
94439e4e	133	}
94439e4e	134
e1f7507e AJ	135	/**
	136	* Cleans all config-dependent data from the auth_user cache.
	137	\note It DOES NOT Flush the user cache.
94439e4e	138	*/
94439e4e	139	void
2d72d4fd	140	authenticateUserCacheRestart(void)
94439e4e	141	{
e6ccf245	142	AuthUserHashPointer *usernamehash;
e1f7507e AJ	143	AuthUser *auth_user;
e1f7507e AJ	144	debugs(29, 3, HERE << "Clearing config dependent cache data.");
94439e4e	145	hash_first(proxy_auth_username_cache);
62e76326	146
e6ccf245	147	while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
62e76326	148	auth_user = usernamehash->user();
bf8fe701	149	debugs(29, 5, "authenticateUserCacheRestat: Clearing cache ACL results for user: " << auth_user->username());
94439e4e	150	}
94439e4e	151	}
94439e4e	152
e6ccf245	153
	154	void
	155	AuthUserHashPointer::removeFromCache(void *usernamehash_p)
	156	{
	157	AuthUserHashPointer usernamehash = static_cast<AuthUserHashPointer >(usernamehash_p);
63be0a78	158	AuthUser *auth_user = usernamehash->auth_user;
62e76326	159
e6ccf245	160	if ((authenticateAuthUserInuse(auth_user) - 1))
bf8fe701	161	debugs(29, 1, "AuthUserHashPointer::removeFromCache: entry in use - not freeing");
62e76326	162
f5691f9c	163	auth_user->unlock();
62e76326	164
63be0a78	165	/** \todo change behaviour - we remove from the auth user list here, and then unlock, and the
e6ccf245	166	* delete ourselves.
	167	*/
	168	}
94439e4e	169
e1f7507e AJ	170	AuthUserHashPointer::AuthUserHashPointer(AuthUser * anAuth_user):
e1f7507e AJ	171	auth_user(anAuth_user)
e6ccf245	172	{
4a8b20e8	173	key = (void *)anAuth_user->username();
4a8b20e8	174	next = NULL;
e6ccf245	175	hash_join(proxy_auth_username_cache, (hash_link *) this);
f5691f9c	176
e1f7507e	177	/** lock for presence in the cache */
63be0a78	178	auth_user->lock();
94439e4e	179	}
e6ccf245	180
	181	AuthUser *
	182	AuthUserHashPointer::user() const
	183	{
	184	return auth_user;
	185	}