src/auth/User.h

   1 /*
   2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_AUTH_USER_H
  10 #define SQUID_AUTH_USER_H
  11
  12 #if USE_AUTH
  13
  14 #include "auth/CredentialState.h"
  15 #include "auth/forward.h"
  16 #include "auth/Type.h"
  17 #include "base/CbcPointer.h"
  18 #include "base/RefCount.h"
  19 #include "dlink.h"
  20 #include "ip/Address.h"
  21 #include "Notes.h"
  22 #include "sbuf/SBuf.h"
  23
  24 class StoreEntry;
  25
  26 namespace Auth
  27 {
  28
  29 /**
  30  * This is the main user related structure. It stores user-related data,
  31  * and is persistent across requests. It can even persist across
  32  * multiple external authentications. One major benefit of preserving this
  33  * structure is the cached ACL match results. This structure, is private to
  34  * the authentication framework.
  35  */
  36 class User : public RefCountable
  37 {
  38 public:
  39     typedef RefCount<User> Pointer;
  40
  41 protected:
  42     User(Auth::SchemeConfig *, const char *requestRealm);
  43 public:
  44     virtual ~User();
  45
  46     /* extra fields for proxy_auth */
  47     /** \deprecated this determines what scheme owns the user data. */
  48     Auth::Type auth_type;
  49     /** the config for this user */
  50     Auth::SchemeConfig *config;
  51     dlink_list proxy_match_cache;
  52     size_t ipcount;
  53     long expiretime;
  54
  55     /// list of key=value pairs the helper produced
  56     NotePairs notes;
  57
  58 public:
  59     static SBuf BuildUserKey(const char *username, const char *realm);
  60
  61     void absorb(Auth::User::Pointer from);
  62     char const *username() const { return username_; }
  63     void username(char const *); ///< set stored username and userKey
  64
  65     // NP: key is set at the same time as username_. Until then both are empty/NULL.
  66     const SBuf userKey() const {return userKey_;}
  67
  68     /**
  69      * How long these credentials are still valid for.
  70      * Negative numbers means already expired.
  71      */
  72     virtual int32_t ttl() const = 0;
  73
  74     /* Manage list of IPs using this username */
  75     void clearIp();
  76     void removeIp(Ip::Address);
  77     void addIp(Ip::Address);
  78
  79     /// add the Auth::User to the protocol-specific username cache.
  80     virtual void addToNameCache() = 0;
  81     static void CredentialsCacheStats(StoreEntry * output);
  82
  83     // userKey ->Auth::User::Pointer cache
  84     // must be reimplemented in subclasses
  85     static CbcPointer<Auth::CredentialsCache> Cache();
  86
  87     CredentialState credentials() const;
  88     void credentials(CredentialState);
  89
  90 private:
  91     /**
  92      * The current state these credentials are in:
  93      *   Unchecked
  94      *   Authenticated
  95      *   Pending helper result
  96      *   Handshake happening in stateful auth.
  97      *   Failed auth
  98      */
  99     CredentialState credentials_state;
 100
 101 private:
 102     /**
 103      * DPW 2007-05-08
 104      * The username_ memory will be allocated via
 105      * xstrdup().  It is our responsibility.
 106      */
 107     const char *username_;
 108
 109     /**
 110      * A realm for the user depending on request, designed to identify users,
 111      * with the same username and different authentication domains.
 112      */
 113     SBuf requestRealm_;
 114
 115     /**
 116      * A Unique key for the user, consist by username and requestRealm_
 117      */
 118     SBuf userKey_;
 119
 120     /** what ip addresses has this user been seen at?, plus a list length cache */
 121     dlink_list ip_list;
 122 };
 123
 124 } // namespace Auth
 125
 126 #endif /* USE_AUTH */
 127 #endif /* SQUID_AUTH_USER_H */
 128