src/auth/User.h

   1 /*
   2  * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_AUTH_USER_H
  10 #define SQUID_AUTH_USER_H
  11
  12 #if USE_AUTH
  13
  14 #include "auth/CredentialState.h"
  15 #include "auth/Type.h"
  16 #include "base/RefCount.h"
  17 #include "dlink.h"
  18 #include "ip/Address.h"
  19 #include "Notes.h"
  20 #include "SBuf.h"
  21
  22 class AuthUserHashPointer;
  23 class StoreEntry;
  24
  25 namespace Auth
  26 {
  27
  28 class Config;
  29
  30 /**
  31  *  \ingroup AuthAPI
  32  * This is the main user related structure. It stores user-related data,
  33  * and is persistent across requests. It can even persist across
  34  * multiple external authentications. One major benefit of preserving this
  35  * structure is the cached ACL match results. This structure, is private to
  36  * the authentication framework.
  37  */
  38 class User : public RefCountable
  39 {
  40 public:
  41     typedef RefCount<User> Pointer;
  42
  43     /* extra fields for proxy_auth */
  44     /* auth_type and auth_module are deprecated. Do Not add new users of these fields.
  45      * Aim to remove shortly
  46      */
  47     /** \deprecated this determines what scheme owns the user data. */
  48     Auth::Type auth_type;
  49     /** the config for this user */
  50     Auth::Config *config;
  51     dlink_list proxy_match_cache;
  52     size_t ipcount;
  53     long expiretime;
  54
  55     /// list of key=value pairs the helper produced
  56     NotePairs notes;
  57
  58 public:
  59     static void cacheInit();
  60     static void CachedACLsReset();
  61     static SBuf BuildUserKey(const char *username, const char *realm);
  62
  63     void absorb(Auth::User::Pointer from);
  64     virtual ~User();
  65     char const *username() const { return username_; }
  66     void username(char const *);
  67
  68     const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : username_;}
  69
  70     /**
  71      * How long these credentials are still valid for.
  72      * Negative numbers means already expired.
  73      */
  74     virtual int32_t ttl() const = 0;
  75
  76     /* Manage list of IPs using this username */
  77     void clearIp();
  78     void removeIp(Ip::Address);
  79     void addIp(Ip::Address);
  80
  81     void addToNameCache();
  82     static void UsernameCacheStats(StoreEntry * output);
  83
  84     CredentialState credentials() const;
  85     void credentials(CredentialState);
  86
  87 private:
  88     /**
  89      * The current state these credentials are in:
  90      *   Unchecked
  91      *   Authenticated
  92      *   Pending helper result
  93      *   Handshake happening in stateful auth.
  94      *   Failed auth
  95      */
  96     CredentialState credentials_state;
  97
  98 protected:
  99     User(Auth::Config *, const char *requestRealm);
 100
 101 private:
 102     /**
 103      * Garbage Collection for the username cache.
 104      */
 105     static void cacheCleanup(void *unused);
 106     static time_t last_discard; /// Time of last username cache garbage collection.
 107
 108     /**
 109      * DPW 2007-05-08
 110      * The username_ memory will be allocated via
 111      * xstrdup().  It is our responsibility.
 112      */
 113     const char *username_;
 114
 115     /**
 116      * A realm for the user depending on request, designed to identify users,
 117      * with the same username and different authentication domains.
 118      */
 119     SBuf requestRealm_;
 120
 121     /**
 122      * A Unique key for the user, consist by username and requestRealm_
 123      */
 124     SBuf userKey_;
 125
 126     /** what ip addresses has this user been seen at?, plus a list length cache */
 127     dlink_list ip_list;
 128 };
 129
 130 } // namespace Auth
 131
 132 #endif /* USE_AUTH */
 133 #endif /* SQUID_AUTH_USER_H */
 134