#define SQUID_SQUIDCONFIG_H_
#include "acl/forward.h"
-#if USE_AUTH
-#include "auth/SchemesConfig.h"
-#endif
#include "base/RefCount.h"
#include "base/YesNoNone.h"
#include "ClientDelayConfig.h"
int v4_first; ///< Place IPv4 first in the order of DNS results.
ssize_t packet_max; ///< maximum size EDNS advertised for DNS replies.
} dns;
-
-#if USE_AUTH
- Auth::SchemesConfigs authSchemesConfigs;
-#endif
};
extern SquidConfig Config;
#include "acl/FilledChecklist.h"
#include "auth/AclProxyAuth.h"
#include "auth/basic/User.h"
-#include "auth/Config.h"
#include "auth/CredentialsCache.h"
#include "auth/digest/User.h"
#include "auth/Gadgets.h"
#include "auth/negotiate/User.h"
#include "auth/ntlm/User.h"
#include "auth/Scheme.h"
+#include "auth/SchemeConfig.h"
#include "auth/User.h"
#include "auth/UserRequest.h"
#include "client_side.h"
authenticateRegisterWithCacheManager(Auth::ConfigVector * config)
{
for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) {
- Auth::Config *scheme = *i;
+ Auth::SchemeConfig *scheme = *i;
scheme->registerWithCacheManager();
}
}
return;
for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) {
- Auth::Config *schemeCfg = *i;
+ Auth::SchemeConfig *schemeCfg = *i;
if (schemeCfg->configured())
schemeCfg->init(schemeCfg);
};
std::vector<Auth::User::Pointer> v1, v2, rv, u1, u2;
#if HAVE_AUTH_MODULE_BASIC
- if (Auth::Config::Find("basic") != nullptr)
+ if (Auth::SchemeConfig::Find("basic") != nullptr)
u1 = Auth::Basic::User::Cache()->sortedUsersList();
#endif
#if HAVE_AUTH_MODULE_DIGEST
- if (Auth::Config::Find("digest") != nullptr)
+ if (Auth::SchemeConfig::Find("digest") != nullptr)
u2 = Auth::Digest::User::Cache()->sortedUsersList();
#endif
if (u1.size() > 0 || u2.size() > 0) {
u2.clear();
}
#if HAVE_AUTH_MODULE_NEGOTIATE
- if (Auth::Config::Find("negotiate") != nullptr)
+ if (Auth::SchemeConfig::Find("negotiate") != nullptr)
u1 = Auth::Negotiate::User::Cache()->sortedUsersList();
#endif
#if HAVE_AUTH_MODULE_NTLM
- if (Auth::Config::Find("ntlm") != nullptr)
+ if (Auth::SchemeConfig::Find("ntlm") != nullptr)
u2 = Auth::Ntlm::User::Cache()->sortedUsersList();
#endif
if (u1.size() > 0 || u2.size() > 0) {
#if USE_AUTH
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/User.h"
#include "hash.h"
libauth_la_SOURCES = \
Type.h \
Type.cc \
- Config.cc \
- Config.h \
CredentialsCache.h \
CredentialsCache.cc \
CredentialState.cc \
CredentialState.h \
+ forward.h \
Gadgets.cc \
Gadgets.h \
QueueNode.h \
Scheme.cc \
Scheme.h \
+ SchemeConfig.cc \
+ SchemeConfig.h \
SchemesConfig.h \
SchemesConfig.cc \
State.h \
#ifndef SQUID_SRC_AUTH_QUEUENODE_H
#define SQUID_SRC_AUTH_QUEUENODE_H
+#include "auth/forward.h"
#include "cbdata.h"
namespace Auth
/* DEBUG: section 29 Authenticator */
#include "squid.h"
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Gadgets.h"
#include "auth/Scheme.h"
#include "globals.h"
#if USE_AUTH
+#include "auth/forward.h"
#include "base/RefCount.h"
-#include <vector>
-
-/**
- \defgroup AuthSchemeAPI Authentication Scheme API
- \ingroup AuthAPI
- */
-
namespace Auth
{
-class Config;
-
/**
- * \ingroup AuthAPI
- * \ingroup AuthSchemeAPI
- * \par
* I represent an authentication scheme. For now my children
* store the scheme metadata.
- * \par
+ *
* Should we need multiple configs of a single scheme,
* a new class should be made, and the config specific calls on Auth::Scheme moved to it.
*/
/* per scheme methods */
virtual char const *type() const = 0;
virtual void shutdownCleanup() = 0;
- virtual Auth::Config *createConfig() = 0;
+ virtual Auth::SchemeConfig *createConfig() = 0;
// Not implemented
Scheme(Scheme const &);
/* DEBUG: section 29 Authenticator */
#include "squid.h"
-#include "auth/Config.h"
+#include "auth/forward.h"
+#include "auth/SchemeConfig.h"
#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
#include "cache_cf.h"
* It may also be NULL reflecting that no user could be created.
*/
Auth::UserRequest::Pointer
-Auth::Config::CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al)
+Auth::SchemeConfig::CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al)
{
assert(proxy_auth != NULL);
debugs(29, 9, HERE << "header = '" << proxy_auth << "'");
- Auth::Config *config = Find(proxy_auth);
+ Auth::SchemeConfig *config = Find(proxy_auth);
if (config == NULL || !config->active()) {
debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") <<
return config->decode(proxy_auth, rmb.hasContent() ? rmb.content() : NULL);
}
-Auth::Config *
-Auth::Config::Find(const char *proxy_auth)
+Auth::SchemeConfig *
+Auth::SchemeConfig::Find(const char *proxy_auth)
{
for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0)
return NULL;
}
-Auth::Config *
-Auth::Config::GetParsed(const char *proxy_auth)
+Auth::SchemeConfig *
+Auth::SchemeConfig::GetParsed(const char *proxy_auth)
{
if (auto *cfg = Find(proxy_auth))
return cfg;
/** Default behaviour is to expose nothing */
void
-Auth::Config::registerWithCacheManager(void)
+Auth::SchemeConfig::registerWithCacheManager(void)
{}
void
-Auth::Config::parse(Auth::Config * scheme, int, char *param_str)
+Auth::SchemeConfig::parse(Auth::SchemeConfig * scheme, int, char *param_str)
{
if (strcmp(param_str, "program") == 0) {
if (authenticateProgram)
}
bool
-Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme) const
+Auth::SchemeConfig::dump(StoreEntry *entry, const char *name, Auth::SchemeConfig *scheme) const
{
if (!authenticateProgram)
return false; // not configured
}
void
-Auth::Config::done()
+Auth::SchemeConfig::done()
{
delete keyExtras;
keyExtras = NULL;
* Please see the COPYING and CONTRIBUTORS files for details.
*/
-#ifndef SQUID_AUTH_CONFIG_H
-#define SQUID_AUTH_CONFIG_H
+#ifndef SQUID_SRC_AUTH_SCHEMECONFIG_H
+#define SQUID_SRC_AUTH_SCHEMECONFIG_H
#if USE_AUTH
#include "AccessLogEntry.h"
+#include "auth/forward.h"
#include "auth/UserRequest.h"
#include "helper/ChildConfig.h"
* If the children ever stop being singletons, implement the
* ref counting...
*/
-class Config
+class SchemeConfig
{
public:
static UserRequest::Pointer CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al);
- static Config *Find(const char *proxy_auth);
+ static SchemeConfig *Find(const char *proxy_auth);
/// Call this method if you need a guarantee that all auth schemes has been
/// already configured.
- static Config *GetParsed(const char *proxy_auth);
- Config() : authenticateChildren(20), authenticateProgram(NULL), keyExtras(NULL) {}
+ static SchemeConfig *GetParsed(const char *proxy_auth);
+ SchemeConfig() : authenticateChildren(20), authenticateProgram(NULL), keyExtras(NULL) {}
- virtual ~Config() {}
+ virtual ~SchemeConfig() {}
/**
* Used by squid to determine whether the auth module has successfully initialised itself with the current configuration.
* would put in a config file to recreate the running configuration.
* Returns whether the scheme is configured.
*/
- virtual bool dump(StoreEntry *, const char *, Config *) const;
+ virtual bool dump(StoreEntry *, const char *, SchemeConfig *) const;
/** add headers as needed when challenging for auth */
virtual void fixHeader(UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *) = 0;
/** prepare to handle requests */
- virtual void init(Config *) = 0;
+ virtual void init(SchemeConfig *) = 0;
/** expose any/all statistics to a CacheManager */
virtual void registerWithCacheManager(void);
/** parse config options */
- virtual void parse(Config *, int, char *);
+ virtual void parse(SchemeConfig *, int, char *);
/** the http string id */
virtual const char * type() const = 0;
SBuf realm;
};
-typedef std::vector<Config *> ConfigVector;
-
extern ConfigVector TheConfig;
} // namespace Auth
#endif /* USE_AUTH */
-#endif /* SQUID_AUTHCONFIG_H */
+#endif /* SQUID_SRC_AUTH_SCHEMECONFIG_H */
*/
#include "squid.h"
-#include "auth/Config.h"
#include "auth/SchemesConfig.h"
#include "fatal.h"
#include "parser/Tokenizer.h"
+namespace Auth
+{
+std::vector<Auth::SchemesConfig> SchemeListConfig;
+}
+
static void
addUnique(const SBuf &scheme, std::vector<SBuf> &vec)
{
authConfigs.clear();
transform(expanded.begin(), expanded.end(),
back_inserter(authConfigs), [](SBuf &s) {
- return Auth::Config::GetParsed(s.c_str());
+ return Auth::SchemeConfig::GetParsed(s.c_str());
});
}
#if USE_AUTH
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
namespace Auth
{
const char *rawSchemes;
};
-typedef std::vector<SchemesConfig> SchemesConfigs;
+extern std::vector<Auth::SchemesConfig> SchemeListConfig;
} // namespace Auth
#include "squid.h"
#include "acl/Acl.h"
#include "acl/Gadgets.h"
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/CredentialsCache.h"
#include "auth/Gadgets.h"
#include "auth/User.h"
#include "SquidTime.h"
#include "Store.h"
-Auth::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+Auth::User::User(Auth::SchemeConfig *aConfig, const char *aRequestRealm) :
auth_type(Auth::AUTH_UNKNOWN),
config(aConfig),
ipcount(0),
#if USE_AUTH
#include "auth/CredentialState.h"
+#include "auth/forward.h"
#include "auth/Type.h"
#include "base/CbcPointer.h"
#include "base/RefCount.h"
namespace Auth
{
-class Config;
-class CredentialsCache;
-
/**
* This is the main user related structure. It stores user-related data,
* and is persistent across requests. It can even persist across
typedef RefCount<User> Pointer;
protected:
- User(Auth::Config *, const char *requestRealm);
+ User(Auth::SchemeConfig *, const char *requestRealm);
public:
virtual ~User();
/** \deprecated this determines what scheme owns the user data. */
Auth::Type auth_type;
/** the config for this user */
- Auth::Config *config;
+ Auth::SchemeConfig *config;
dlink_list proxy_match_cache;
size_t ipcount;
long expiretime;
#include "squid.h"
#include "acl/FilledChecklist.h"
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Scheme.h"
#include "auth/SchemesConfig.h"
#include "auth/User.h"
}
if (proxy_auth && request->auth_user_request == NULL && conn != NULL && conn->getAuth() != NULL) {
- Auth::Config * scheme = Auth::Config::Find(proxy_auth);
+ Auth::SchemeConfig * scheme = Auth::SchemeConfig::Find(proxy_auth);
if (conn->getAuth()->user() == NULL || conn->getAuth()->user()->config != scheme) {
debugs(29, DBG_IMPORTANT, "WARNING: Unexpected change of authentication scheme from '" <<
/* beginning of a new request check */
debugs(29, 4, HERE << "No connection authentication type");
- *auth_user_request = Auth::Config::CreateAuthUser(proxy_auth, al);
+ *auth_user_request = Auth::SchemeConfig::CreateAuthUser(proxy_auth, al);
if (*auth_user_request == NULL)
return AUTH_ACL_CHALLENGE;
else if (!(*auth_user_request)->valid()) {
static Auth::ConfigVector &
schemesConfig(HttpRequest *request, HttpReply *rep)
{
- if (::Config.accessList.authSchemes) {
+ if (!Auth::SchemeListConfig.empty()) {
ACLFilledChecklist ch(NULL, request, NULL);
ch.reply = rep;
HTTPMSGLOCK(ch.reply);
const allow_t answer = ch.fastCheck(::Config.accessList.authSchemes);
if (answer == ACCESS_ALLOWED)
- return ::Config.authSchemesConfigs.at(answer.kind).authConfigs;
+ return Auth::SchemeListConfig.at(answer.kind).authConfigs;
}
return Auth::TheConfig;
}
/* add the scheme specific challenge header to the response */
auth_user_request->user()->config->fixHeader(auth_user_request, rep, type, request);
else {
- /* call each configured & running authscheme */
+ /* call each configured & running auth scheme */
Auth::ConfigVector &configs = schemesConfig(request, rep);
- for (Auth::ConfigVector::iterator i = configs.begin(); i != configs.end(); ++i) {
- Auth::Config *scheme = *i;
-
+ for (auto *scheme : configs) {
if (scheme->active()) {
if (auth_user_request != NULL && auth_user_request->scheme()->type() == scheme->type())
scheme->fixHeader(auth_user_request, rep, type, request);
void
Auth::Basic::Config::done()
{
- Auth::Config::done();
+ Auth::SchemeConfig::done();
authbasic_initialised = 0;
}
bool
-Auth::Basic::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) const
+Auth::Basic::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeConfig * scheme) const
{
- if (!Auth::Config::dump(entry, name, scheme))
+ if (!Auth::SchemeConfig::dump(entry, name, scheme))
return false; // not configured
storeAppendPrintf(entry, "%s basic credentialsttl %d seconds\n", name, (int) credentialsTTL);
}
void
-Auth::Basic::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
+Auth::Basic::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char *param_str)
{
if (strcmp(param_str, "credentialsttl") == 0) {
parse_time_t(&credentialsTTL);
} else if (strcmp(param_str, "utf8") == 0) {
parse_onoff(&utf8);
} else
- Auth::Config::parse(scheme, n_configured, param_str);
+ Auth::SchemeConfig::parse(scheme, n_configured, param_str);
}
static void
/** Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-Auth::Basic::Config::init(Auth::Config *)
+Auth::Basic::Config::init(Auth::SchemeConfig *)
{
if (authenticateProgram) {
authbasic_initialised = 1;
#if HAVE_AUTH_MODULE_BASIC
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
#include "helper/forward.h"
{
/** Basic authentication configuration data */
-class Config : public Auth::Config
+class Config : public Auth::SchemeConfig
{
public:
Config();
virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
- virtual bool dump(StoreEntry *, const char *, Auth::Config *) const;
+ virtual bool dump(StoreEntry *, const char *, Auth::SchemeConfig *) const;
virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *);
- virtual void init(Auth::Config *);
- virtual void parse(Auth::Config *, int, char *);
+ virtual void init(Auth::SchemeConfig *);
+ virtual void parse(Auth::SchemeConfig *, int, char *);
void decode(char const *httpAuthHeader, Auth::UserRequest::Pointer);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
debugs(29, DBG_CRITICAL, "Shutdown: Basic authentication.");
}
-Auth::Config *
+Auth::SchemeConfig *
Auth::Basic::Scheme::createConfig()
{
Auth::Basic::Config *newCfg = new Auth::Basic::Config;
- return dynamic_cast<Auth::Config*>(newCfg);
+ return dynamic_cast<Auth::SchemeConfig*>(newCfg);
}
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual Auth::Config *createConfig();
+ virtual Auth::SchemeConfig *createConfig();
/* Not implemented */
Scheme(Scheme const &);
Scheme &operator=(Scheme const &);
#include "SquidConfig.h"
#include "SquidTime.h"
-Auth::Basic::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+Auth::Basic::User::User(Auth::SchemeConfig *aConfig, const char *aRequestRealm) :
Auth::User(aConfig, aRequestRealm),
passwd(NULL),
queue(NULL),
namespace Auth
{
-class Config;
+class SchemeConfig;
class QueueNode;
namespace Basic
MEMPROXY_CLASS(Auth::Basic::User);
public:
- User(Auth::Config *, const char *requestRealm);
+ User(Auth::SchemeConfig *, const char *requestRealm);
virtual ~User();
bool authenticated() const;
bool valid() const;
return;
/* are we about to recheck the credentials externally? */
- if ((user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL) <= squid_curtime) {
+ if ((user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::SchemeConfig::Find("basic"))->credentialsTTL) <= squid_curtime) {
debugs(29, 4, HERE << "credentials expired - rechecking");
return;
}
return Auth::CRED_LOOKUP;
case Auth::Ok:
- if (user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime)
+ if (user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::SchemeConfig::Find("basic"))->credentialsTTL <= squid_curtime)
return Auth::CRED_LOOKUP;
return Auth::CRED_VALID;
assert(basic_auth != NULL);
debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'");
- if (static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->authenticateProgram == NULL) {
+ if (static_cast<Auth::Basic::Config*>(Auth::SchemeConfig::Find("basic"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Basic authentication program configured.");
handler(data);
return;
if (!digest_nonce_cache) {
digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(digest_nonce_cache);
- eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->nonceGCInterval, 1);
}
}
debugs(29, 3, "Finished cleaning the nonce cache.");
- if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->active())
- eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
+ if (static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->active())
+ eventAdd("Digest nonce cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->nonceGCInterval, 1);
}
static void
}
/* is the nonce-count ok ? */
- if (!static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->CheckNonceCount) {
+ if (!static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->CheckNonceCount) {
/* Ignore client supplied NC */
intnc = nonce->nc + 1;
}
- if ((static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) ||
+ if ((static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) ||
intnc < nonce->nc + 1) {
debugs(29, 4, "Nonce count doesn't match");
nonce->flags.valid = false;
return -1;
/* has it's max duration expired? */
- if (nonce->noncedata.creationtime + static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->noncemaxduration < current_time.tv_sec) {
+ if (nonce->noncedata.creationtime + static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->noncemaxduration < current_time.tv_sec) {
debugs(29, 4, "Nonce is too old. " <<
nonce->noncedata.creationtime << " " <<
- static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->noncemaxduration << " " <<
+ static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->noncemaxduration << " " <<
current_time.tv_sec);
nonce->flags.valid = false;
return -1;
}
- if (nonce->nc > static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->noncemaxuses) {
+ if (nonce->nc > static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->noncemaxuses) {
debugs(29, 4, "Nonce count over user limit");
nonce->flags.valid = false;
return -1;
return -1;
}
- if (nonce->nc >= static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->noncemaxuses - 1) {
+ if (nonce->nc >= static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->noncemaxuses - 1) {
debugs(29, 4, "Nonce count about to hit user limit");
return -1;
}
}
bool
-Auth::Digest::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) const
+Auth::Digest::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeConfig * scheme) const
{
- if (!Auth::Config::dump(entry, name, scheme))
+ if (!Auth::SchemeConfig::dump(entry, name, scheme))
return false;
storeAppendPrintf(entry, "%s %s nonce_max_count %d\n%s %s nonce_max_duration %d seconds\n%s %s nonce_garbage_interval %d seconds\n",
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-Auth::Digest::Config::init(Auth::Config *)
+Auth::Digest::Config::init(Auth::SchemeConfig *)
{
if (authenticateProgram) {
authenticateDigestNonceSetup();
void
Auth::Digest::Config::done()
{
- Auth::Config::done();
+ Auth::SchemeConfig::done();
authdigest_initialised = 0;
{}
void
-Auth::Digest::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
+Auth::Digest::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char *param_str)
{
if (strcmp(param_str, "program") == 0) {
if (authenticateProgram)
} else if (strcmp(param_str, "utf8") == 0) {
parse_onoff(&utf8);
} else
- Auth::Config::parse(scheme, n_configured, param_str);
+ Auth::SchemeConfig::parse(scheme, n_configured, param_str);
}
const char *
/* log the username */
debugs(29, 9, "Creating new user for logging '" << (username?username:"[no username]") << "'");
- Auth::User::Pointer digest_user = new Auth::Digest::User(static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest")), requestRealm);
+ Auth::User::Pointer digest_user = new Auth::Digest::User(static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest")), requestRealm);
/* save the credentials */
digest_user->username(username);
/* set the auth_user type */
#if HAVE_AUTH_MODULE_DIGEST
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
#include "helper/forward.h"
{
/** Digest Authentication configuration data */
-class Config : public Auth::Config
+class Config : public Auth::SchemeConfig
{
public:
Config();
virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
- virtual bool dump(StoreEntry *, const char *, Auth::Config *) const;
+ virtual bool dump(StoreEntry *, const char *, Auth::SchemeConfig *) const;
virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *);
- virtual void init(Auth::Config *);
- virtual void parse(Auth::Config *, int, char *);
+ virtual void init(Auth::SchemeConfig *);
+ virtual void parse(Auth::SchemeConfig *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
debugs(29, DBG_CRITICAL, "Shutdown: Digest authentication.");
}
-Auth::Config *
+Auth::SchemeConfig *
Auth::Digest::Scheme::createConfig()
{
Auth::Digest::Config *digestCfg = new Auth::Digest::Config;
- return dynamic_cast<Auth::Config*>(digestCfg);
+ return dynamic_cast<Auth::SchemeConfig*>(digestCfg);
}
/* per scheme */
virtual char const *type () const;
virtual void shutdownCleanup();
- virtual Auth::Config *createConfig();
+ virtual Auth::SchemeConfig *createConfig();
/* Not implemented */
Scheme(Scheme const &);
#include "SquidConfig.h"
#include "SquidTime.h"
-Auth::Digest::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+Auth::Digest::User::User(Auth::SchemeConfig *aConfig, const char *aRequestRealm) :
Auth::User(aConfig, aRequestRealm),
HA1created(0)
{
if (latest_nonce == -1)
return min(-1, global_ttl);
- int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast<Config*>(Auth::Config::Find("digest"))->noncemaxduration;
+ int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast<Config*>(Auth::SchemeConfig::Find("digest"))->noncemaxduration;
return min(nonce_ttl, global_ttl);
}
MEMPROXY_CLASS(Auth::Digest::User);
public:
- User(Auth::Config *, const char *requestRealm);
+ User(Auth::SchemeConfig *, const char *requestRealm);
virtual ~User();
int authenticated() const;
virtual int32_t ttl() const override;
return;
}
- if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->PostWorkaround && request->method != Http::METHOD_GET) {
+ if (static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->PostWorkaround && request->method != Http::METHOD_GET) {
/* Ugly workaround for certain very broken browsers using the
* wrong method to calculate the request-digest on POST request.
* This should be deleted once Digest authentication becomes more
return;
#endif
- if ((static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
+ if ((static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
flags.authinfo_sent = true;
Auth::Digest::User *digest_user = dynamic_cast<Auth::Digest::User *>(user().getRaw());
if (!digest_user)
assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST);
debugs(29, 9, HERE << "'\"" << user()->username() << "\":\"" << realm << "\"'");
- if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram == NULL) {
+ if (static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured.");
handler(data);
return;
}
const char *keyExtras = helperRequestKeyExtras(request, al);
- if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->utf8) {
+ if (static_cast<Auth::Digest::Config*>(Auth::SchemeConfig::Find("digest"))->utf8) {
char userstr[1024];
latin1_to_utf8(userstr, sizeof(userstr), user()->username());
if (keyExtras)
--- /dev/null
+/*
+ * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
+ *
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
+ */
+
+#ifndef SQUID_SRC_AUTH_FORWARD_H
+#define SQUID_SRC_AUTH_FORWARD_H
+
+#if USE_AUTH
+
+#include <vector>
+
+/// HTTP Authentication
+namespace Auth
+{
+
+class CredentialsCache;
+
+class Scheme;
+class SchemeConfig;
+typedef std::vector<Auth::SchemeConfig *> ConfigVector;
+
+} // namespace Auth
+
+#endif /* USE_AUTH */
+#endif /* SQUID_SRC_AUTH_FORWARD_H */
+
void
Auth::Negotiate::Config::done()
{
- Auth::Config::done();
+ Auth::SchemeConfig::done();
authnegotiate_initialised = 0;
}
bool
-Auth::Negotiate::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) const
+Auth::Negotiate::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeConfig * scheme) const
{
- if (!Auth::Config::dump(entry, name, scheme))
+ if (!Auth::SchemeConfig::dump(entry, name, scheme))
return false;
storeAppendPrintf(entry, "%s negotiate keep_alive %s\n", name, keep_alive ? "on" : "off");
{ }
void
-Auth::Negotiate::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
+Auth::Negotiate::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char *param_str)
{
if (strcmp(param_str, "program") == 0) {
if (authenticateProgram)
} else if (strcmp(param_str, "keep_alive") == 0) {
parse_onoff(&keep_alive);
} else
- Auth::Config::parse(scheme, n_configured, param_str);
+ Auth::SchemeConfig::parse(scheme, n_configured, param_str);
}
const char *
* Called AFTER parsing the config file
*/
void
-Auth::Negotiate::Config::init(Auth::Config *)
+Auth::Negotiate::Config::init(Auth::SchemeConfig *)
{
if (authenticateProgram) {
Auth::UserRequest::Pointer
Auth::Negotiate::Config::decode(char const *proxy_auth, const char *aRequestRealm)
{
- Auth::Negotiate::User *newUser = new Auth::Negotiate::User(Auth::Config::Find("negotiate"), aRequestRealm);
+ Auth::Negotiate::User *newUser = new Auth::Negotiate::User(Auth::SchemeConfig::Find("negotiate"), aRequestRealm);
Auth::UserRequest *auth_user_request = new Auth::Negotiate::UserRequest();
assert(auth_user_request->user() == NULL);
#if HAVE_AUTH_MODULE_NEGOTIATE
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
#include "helper/forward.h"
{
/** Negotiate Authentication configuration data */
-class Config : public Auth::Config
+class Config : public Auth::SchemeConfig
{
public:
Config();
virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
- virtual bool dump(StoreEntry *, const char *, Auth::Config *) const;
+ virtual bool dump(StoreEntry *, const char *, Auth::SchemeConfig *) const;
virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *);
- virtual void init(Auth::Config *);
- virtual void parse(Auth::Config *, int, char *);
+ virtual void init(Auth::SchemeConfig *);
+ virtual void parse(Auth::SchemeConfig *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
debugs(29, DBG_CRITICAL, "Shutdown: Negotiate authentication.");
}
-Auth::Config *
+Auth::SchemeConfig *
Auth::Negotiate::Scheme::createConfig()
{
Auth::Negotiate::Config *negotiateCfg = new Auth::Negotiate::Config;
- return dynamic_cast<Auth::Config*>(negotiateCfg);
+ return dynamic_cast<Auth::SchemeConfig*>(negotiateCfg);
}
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual Auth::Config *createConfig();
+ virtual Auth::SchemeConfig *createConfig();
/* Not implemented */
Scheme (Scheme const &);
*/
#include "squid.h"
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/CredentialsCache.h"
#include "auth/negotiate/User.h"
#include "Debug.h"
-Auth::Negotiate::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+Auth::Negotiate::User::User(Auth::SchemeConfig *aConfig, const char *aRequestRealm) :
Auth::User(aConfig, aRequestRealm)
{
}
namespace Auth
{
-class Config;
+class SchemeConfig;
namespace Negotiate
{
MEMPROXY_CLASS(Auth::Negotiate::User);
public:
- User(Auth::Config *, const char *requestRealm);
+ User(Auth::SchemeConfig *, const char *requestRealm);
virtual ~User();
virtual int32_t ttl() const override;
assert(user() != NULL);
assert(user()->auth_type == Auth::AUTH_NEGOTIATE);
- if (static_cast<Auth::Negotiate::Config*>(Auth::Config::Find("negotiate"))->authenticateProgram == NULL) {
+ if (static_cast<Auth::Negotiate::Config*>(Auth::SchemeConfig::Find("negotiate"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Negotiate authentication program configured.");
handler(data);
return;
void
Auth::Ntlm::Config::done()
{
- Auth::Config::done();
+ Auth::SchemeConfig::done();
authntlm_initialised = 0;
}
bool
-Auth::Ntlm::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) const
+Auth::Ntlm::Config::dump(StoreEntry * entry, const char *name, Auth::SchemeConfig * scheme) const
{
- if (!Auth::Config::dump(entry, name, scheme))
+ if (!Auth::SchemeConfig::dump(entry, name, scheme))
return false;
storeAppendPrintf(entry, "%s ntlm keep_alive %s\n", name, keep_alive ? "on" : "off");
{ }
void
-Auth::Ntlm::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
+Auth::Ntlm::Config::parse(Auth::SchemeConfig * scheme, int n_configured, char *param_str)
{
if (strcmp(param_str, "program") == 0) {
if (authenticateProgram)
} else if (strcmp(param_str, "keep_alive") == 0) {
parse_onoff(&keep_alive);
} else
- Auth::Config::parse(scheme, n_configured, param_str);
+ Auth::SchemeConfig::parse(scheme, n_configured, param_str);
}
const char *
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-Auth::Ntlm::Config::init(Auth::Config *)
+Auth::Ntlm::Config::init(Auth::SchemeConfig *)
{
if (authenticateProgram) {
Auth::UserRequest::Pointer
Auth::Ntlm::Config::decode(char const *proxy_auth, const char *aRequestRealm)
{
- Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm"), aRequestRealm);
+ Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::SchemeConfig::Find("ntlm"), aRequestRealm);
Auth::UserRequest::Pointer auth_user_request = new Auth::Ntlm::UserRequest();
assert(auth_user_request->user() == NULL);
#if HAVE_AUTH_MODULE_NTLM
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
#include "helper/forward.h"
{
/** NTLM Authentication configuration data */
-class Config : public Auth::Config
+class Config : public Auth::SchemeConfig
{
public:
Config();
virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
- virtual bool dump(StoreEntry *, const char *, Auth::Config *) const;
+ virtual bool dump(StoreEntry *, const char *, Auth::SchemeConfig *) const;
virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *);
- virtual void init(Auth::Config *);
- virtual void parse(Auth::Config *, int, char *);
+ virtual void init(Auth::SchemeConfig *);
+ virtual void parse(Auth::SchemeConfig *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
debugs(29, DBG_CRITICAL, "Shutdown: NTLM authentication.");
}
-Auth::Config *
+Auth::SchemeConfig *
Auth::Ntlm::Scheme::createConfig()
{
Auth::Ntlm::Config *ntlmCfg = new Auth::Ntlm::Config;
- return dynamic_cast<Auth::Config*>(ntlmCfg);
+ return dynamic_cast<Auth::SchemeConfig*>(ntlmCfg);
}
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual Auth::Config *createConfig();
+ virtual Auth::SchemeConfig *createConfig();
/* Not implemented */
Scheme (Scheme const &);
*/
#include "squid.h"
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/CredentialsCache.h"
#include "auth/ntlm/User.h"
#include "Debug.h"
-Auth::Ntlm::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+Auth::Ntlm::User::User(Auth::SchemeConfig *aConfig, const char *aRequestRealm) :
Auth::User(aConfig, aRequestRealm)
{
}
namespace Auth
{
-class Config;
+class SchemeConfig;
namespace Ntlm
{
MEMPROXY_CLASS(Auth::Ntlm::User);
public:
- User(Auth::Config *, const char *requestRealm);
+ User(Auth::SchemeConfig *, const char *requestRealm);
virtual ~User();
virtual int32_t ttl() const override;
assert(data);
assert(handler);
- if (static_cast<Auth::Ntlm::Config*>(Auth::Config::Find("ntlm"))->authenticateProgram == NULL) {
+ if (static_cast<Auth::Ntlm::Config*>(Auth::SchemeConfig::Find("ntlm"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: NTLM Start: no NTLM program configured.");
handler(data);
return;
#include "acl/Tree.h"
#include "anyp/PortCfg.h"
#include "anyp/UriScheme.h"
+#include "auth/SchemesConfig.h"
#include "AuthReg.h"
#include "base/RunnersRegistry.h"
#include "cache_cf.h"
#include "ssl/support.h"
#endif
#if USE_AUTH
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Scheme.h"
#include "auth/SchemesConfig.h"
#endif
* state will be preserved.
*/
if (Config.pipeline_max_prefetch > 0) {
- Auth::Config *nego = Auth::Config::Find("Negotiate");
- Auth::Config *ntlm = Auth::Config::Find("NTLM");
+ Auth::SchemeConfig *nego = Auth::SchemeConfig::Find("Negotiate");
+ Auth::SchemeConfig *ntlm = Auth::SchemeConfig::Find("NTLM");
if ((nego && nego->active()) || (ntlm && ntlm->active())) {
debugs(3, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: pipeline_prefetch breaks NTLM and Negotiate authentication. Forced pipeline_prefetch 0.");
Config.pipeline_max_prefetch = 0;
}
}
- for (auto &authSchemes: Config.authSchemesConfigs) {
+ for (auto &authSchemes : Auth::SchemeListConfig) {
authSchemes.expand();
if (authSchemes.authConfigs.empty()) {
debugs(3, DBG_CRITICAL, "auth_schemes: at least one scheme name is required; got: " << authSchemes.rawSchemes);
}
/* find a configuration for the scheme in the currently parsed configs... */
- Auth::Config *schemeCfg = Auth::Config::Find(type_str);
+ Auth::SchemeConfig *schemeCfg = Auth::SchemeConfig::Find(type_str);
if (schemeCfg == NULL) {
/* Create a configuration based on the scheme info */
}
config->push_back(theScheme->createConfig());
- schemeCfg = Auth::Config::Find(type_str);
+ schemeCfg = Auth::SchemeConfig::Find(type_str);
if (schemeCfg == NULL) {
debugs(3, DBG_CRITICAL, "Parsing Config File: Corruption configuring authentication scheme '" << type_str << "'.");
self_destruct();
static void
dump_authparam(StoreEntry * entry, const char *name, Auth::ConfigVector cfg)
{
- for (Auth::ConfigVector::iterator i = cfg.begin(); i != cfg.end(); ++i)
- (*i)->dump(entry, name, (*i));
+ for (auto *scheme : cfg)
+ scheme->dump(entry, name, scheme);
}
static void
self_destruct();
return;
}
- Config.authSchemesConfigs.push_back(Auth::SchemesConfig(tok, ConfigParser::LastTokenWasQuoted()));
- const allow_t action = allow_t(ACCESS_ALLOWED, Config.authSchemesConfigs.size() - 1);
+ Auth::SchemeListConfig.emplace_back(tok, ConfigParser::LastTokenWasQuoted());
+ const allow_t action = allow_t(ACCESS_ALLOWED, Auth::SchemeListConfig.size() - 1);
ParseAclWithAction(authSchemes, action, "auth_schemes");
}
static void
free_AuthSchemes(acl_access **authSchemes)
{
- Config.authSchemesConfigs.clear();
+ Auth::SchemeListConfig.clear();
free_acl_access(authSchemes);
}
{
if (authSchemes)
dump_SBufList(entry, authSchemes->treeDump(name, [](const allow_t &action) {
- return Config.authSchemesConfigs.at(action.kind).rawSchemes;
+ return Auth::SchemeListConfig.at(action.kind).rawSchemes;
}));
}
#include "STUB.h"
#if USE_AUTH
-#include "auth/Config.h"
-Auth::UserRequest::Pointer Auth::Config::CreateAuthUser(const char *, AccessLogEntry::Pointer &al) STUB_RETVAL(NULL)
-Auth::Config * Auth::Config::Find(const char *) STUB_RETVAL(NULL)
-void Auth::Config::registerWithCacheManager(void) STUB_NOP
-Auth::ConfigVector Auth::TheConfig;
+#include "auth/SchemeConfig.h"
+namespace Auth
+{
+Auth::UserRequest::Pointer SchemeConfig::CreateAuthUser(const char *, AccessLogEntry::Pointer &al) STUB_RETVAL(NULL)
+Auth::SchemeConfig * SchemeConfig::Find(const char *) STUB_RETVAL(NULL)
+void SchemeConfig::registerWithCacheManager(void) STUB_NOP
+Auth::ConfigVector TheConfig;
+}
#include "auth/Gadgets.h"
int authenticateActiveSchemeCount(void) STUB_RETVAL(0)
void Auth::Scheme::FreeAll() STUB
#include "auth/User.h"
-Auth::User::User(Auth::Config *, const char *) STUB
+Auth::User::User(Auth::SchemeConfig *, const char *) STUB
Auth::CredentialState Auth::User::credentials() const STUB_RETVAL(credentials_state)
void Auth::User::credentials(CredentialState) STUB
void Auth::User::absorb(Auth::User::Pointer) STUB
void Auth::Init() STUB_NOP
#include "auth/SchemesConfig.h"
-void Auth::SchemesConfig::expand() STUB
+namespace Auth
+{
+std::vector<Auth::SchemesConfig> SchemeListConfig;
+void SchemesConfig::expand() STUB
+}
#endif /* USE_AUTH */
#if USE_AUTH
-#include "auth/Config.h"
+#include "auth/SchemeConfig.h"
#include "auth/Gadgets.h"
#include "auth/Scheme.h"
#include "auth/UserRequest.h"