src/auth/User.h

   1 /*
   2  *
   3  * SQUID Web Proxy Cache          http://www.squid-cache.org/
   4  * ----------------------------------------------------------
   5  *
   6  *  Squid is the result of efforts by numerous individuals from
   7  *  the Internet community; see the CONTRIBUTORS file for full
   8  *  details.   Many organizations have provided support for Squid's
   9  *  development; see the SPONSORS file for full details.  Squid is
  10  *  Copyrighted (C) 2001 by the Regents of the University of
  11  *  California; see the COPYRIGHT file for full details.  Squid
  12  *  incorporates software developed and/or copyrighted by other
  13  *  sources; see the CREDITS file for full details.
  14  *
  15  *  This program is free software; you can redistribute it and/or modify
  16  *  it under the terms of the GNU General Public License as published by
  17  *  the Free Software Foundation; either version 2 of the License, or
  18  *  (at your option) any later version.
  19  *
  20  *  This program is distributed in the hope that it will be useful,
  21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23  *  GNU General Public License for more details.
  24  *
  25  *  You should have received a copy of the GNU General Public License
  26  *  along with this program; if not, write to the Free Software
  27  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  28  *
  29  * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
  30  */
  31
  32 #ifndef SQUID_AUTH_USER_H
  33 #define SQUID_AUTH_USER_H
  34
  35 #if USE_AUTH
  36
  37 #include "auth/CredentialState.h"
  38 #include "auth/Type.h"
  39 #include "base/RefCount.h"
  40 #include "dlink.h"
  41 #include "ip/Address.h"
  42
  43 class AuthUserHashPointer;
  44 class StoreEntry;
  45
  46 namespace Auth
  47 {
  48
  49 class Config;
  50
  51 /**
  52  *  \ingroup AuthAPI
  53  * This is the main user related structure. It stores user-related data,
  54  * and is persistent across requests. It can even persist across
  55  * multiple external authentications. One major benefit of preserving this
  56  * structure is the cached ACL match results. This structure, is private to
  57  * the authentication framework.
  58  */
  59 class User : public RefCountable
  60 {
  61 public:
  62     typedef RefCount<User> Pointer;
  63
  64     /* extra fields for proxy_auth */
  65     /* auth_type and auth_module are deprecated. Do Not add new users of these fields.
  66      * Aim to remove shortly
  67      */
  68     /** \deprecated this determines what scheme owns the user data. */
  69     Auth::Type auth_type;
  70     /** the config for this user */
  71     Auth::Config *config;
  72     /** we may have many proxy-authenticate strings that decode to the same user */
  73     dlink_list proxy_auth_list;
  74     dlink_list proxy_match_cache;
  75     size_t ipcount;
  76     long expiretime;
  77
  78 public:
  79     static void cacheInit();
  80     static void CachedACLsReset();
  81
  82     void absorb(Auth::User::Pointer from);
  83     virtual ~User();
  84     char const *username() const { return username_; }
  85     void username(char const * u) {
  86         if (u) {
  87             assert(!username_);
  88             username_ = xstrdup(u);
  89         } else {
  90             safe_free(username_);
  91         }
  92     }
  93
  94     /**
  95      * How long these credentials are still valid for.
  96      * Negative numbers means already expired.
  97      */
  98     virtual int32_t ttl() const = 0;
  99
 100     /* Manage list of IPs using this username */
 101     void clearIp();
 102     void removeIp(Ip::Address);
 103     void addIp(Ip::Address);
 104
 105     void addToNameCache();
 106     static void UsernameCacheStats(StoreEntry * output);
 107
 108     CredentialState credentials() const;
 109     void credentials(CredentialState);
 110
 111 private:
 112     /**
 113      * The current state these credentials are in:
 114      *   Unchecked
 115      *   Authenticated
 116      *   Pending helper result
 117      *   Handshake happening in stateful auth.
 118      *   Failed auth
 119      */
 120     CredentialState credentials_state;
 121
 122 protected:
 123     User(Auth::Config *);
 124
 125 private:
 126     /**
 127      * Garbage Collection for the username cache.
 128      */
 129     static void cacheCleanup(void *unused);
 130     static time_t last_discard; /// Time of last username cache garbage collection.
 131
 132     /**
 133      * DPW 2007-05-08
 134      * The username_ memory will be allocated via
 135      * xstrdup().  It is our responsibility.
 136      */
 137     const char *username_;
 138
 139     /** what ip addresses has this user been seen at?, plus a list length cache */
 140     dlink_list ip_list;
 141 };
 142
 143 } // namespace Auth
 144
 145 #endif /* USE_AUTH */
 146 #endif /* SQUID_AUTH_USER_H */