]>
Commit | Line | Data |
---|---|---|
f5691f9c | 1 | /* |
f5691f9c | 2 | * DEBUG: section 29 Authenticator |
3 | * AUTHOR: Robert Collins | |
4 | * | |
5 | * SQUID Web Proxy Cache http://www.squid-cache.org/ | |
6 | * ---------------------------------------------------------- | |
7 | * | |
8 | * Squid is the result of efforts by numerous individuals from | |
9 | * the Internet community; see the CONTRIBUTORS file for full | |
10 | * details. Many organizations have provided support for Squid's | |
11 | * development; see the SPONSORS file for full details. Squid is | |
12 | * Copyrighted (C) 2001 by the Regents of the University of | |
13 | * California; see the COPYRIGHT file for full details. Squid | |
14 | * incorporates software developed and/or copyrighted by other | |
15 | * sources; see the CREDITS file for full details. | |
16 | * | |
17 | * This program is free software; you can redistribute it and/or modify | |
18 | * it under the terms of the GNU General Public License as published by | |
19 | * the Free Software Foundation; either version 2 of the License, or | |
20 | * (at your option) any later version. | |
26ac0430 | 21 | * |
f5691f9c | 22 | * This program is distributed in the hope that it will be useful, |
23 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
24 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
25 | * GNU General Public License for more details. | |
26ac0430 | 26 | * |
f5691f9c | 27 | * You should have received a copy of the GNU General Public License |
28 | * along with this program; if not, write to the Free Software | |
29 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
30 | * | |
31 | */ | |
32 | ||
582c2af2 | 33 | #include "squid.h" |
2d2b0bb7 | 34 | #include "auth/Config.h" |
d8d76b36 | 35 | #include "auth/Gadgets.h" |
2d2b0bb7 | 36 | #include "auth/UserRequest.h" |
d4806c91 CT |
37 | #include "cache_cf.h" |
38 | #include "ConfigParser.h" | |
582c2af2 | 39 | #include "Debug.h" |
d4806c91 | 40 | #include "format/Format.h" |
582c2af2 | 41 | #include "globals.h" |
d4806c91 | 42 | #include "Store.h" |
f5691f9c | 43 | |
9f3d2b2e | 44 | Auth::ConfigVector Auth::TheConfig; |
5817ee13 AJ |
45 | |
46 | /** | |
9f3d2b2e AJ |
47 | * Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header. |
48 | * Any decoding which needs to be done will be done. | |
49 | * | |
50 | * It may be a cached AuthUser or a new Unauthenticated object. | |
f5691f9c | 51 | * It may also be NULL reflecting that no user could be created. |
52 | */ | |
c7baff40 | 53 | Auth::UserRequest::Pointer |
d4806c91 | 54 | Auth::Config::CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al) |
f5691f9c | 55 | { |
56 | assert(proxy_auth != NULL); | |
9f3d2b2e | 57 | debugs(29, 9, HERE << "header = '" << proxy_auth << "'"); |
f5691f9c | 58 | |
9f3d2b2e | 59 | Auth::Config *config = Find(proxy_auth); |
f5691f9c | 60 | |
61 | if (config == NULL || !config->active()) { | |
c6cf8dee | 62 | debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") << |
8add28cd | 63 | "Unsupported or unconfigured/inactive proxy-auth scheme, '" << proxy_auth << "'"); |
f5691f9c | 64 | return NULL; |
65 | } | |
d4806c91 CT |
66 | static MemBuf rmb; |
67 | rmb.reset(); | |
68 | if (config->keyExtras) { | |
69 | // %credentials and %username, which normally included in | |
70 | // request_format, are - at this time, but that is OK | |
71 | // because user name is added to key explicitly, and we do | |
72 | // not want to store authenticated credentials at all. | |
73 | config->keyExtras->assemble(rmb, al, 0); | |
74 | } | |
f5691f9c | 75 | |
d4806c91 | 76 | return config->decode(proxy_auth, rmb.hasContent() ? rmb.content() : NULL); |
f5691f9c | 77 | } |
78 | ||
9f3d2b2e AJ |
79 | Auth::Config * |
80 | Auth::Config::Find(const char *proxy_auth) | |
f5691f9c | 81 | { |
9f3d2b2e | 82 | for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) |
f5691f9c | 83 | if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0) |
84 | return *i; | |
85 | ||
86 | return NULL; | |
87 | } | |
62ee09ca | 88 | |
9f3d2b2e | 89 | /** Default behaviour is to expose nothing */ |
62ee09ca | 90 | void |
9f3d2b2e | 91 | Auth::Config::registerWithCacheManager(void) |
62ee09ca | 92 | {} |
d4806c91 CT |
93 | |
94 | void | |
95 | Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str) | |
96 | { | |
0309fc40 AJ |
97 | if (strcmp(param_str, "children") == 0) { |
98 | authenticateChildren.parseConfig(); | |
99 | ||
100 | } else if (strcmp(param_str, "key_extras") == 0) { | |
d4806c91 CT |
101 | keyExtrasLine = ConfigParser::NextQuotedToken(); |
102 | Format::Format *nlf = new ::Format::Format(scheme->type()); | |
103 | if (!nlf->parse(keyExtrasLine.termedBuf())) { | |
104 | debugs(29, DBG_CRITICAL, "FATAL: Failed parsing key_extras formatting value"); | |
105 | self_destruct(); | |
106 | return; | |
107 | } | |
108 | if (keyExtras) | |
109 | delete keyExtras; | |
110 | ||
111 | keyExtras = nlf; | |
86c63190 | 112 | |
d4806c91 | 113 | if (char *t = strtok(NULL, w_space)) { |
86c63190 AJ |
114 | debugs(29, DBG_CRITICAL, "FATAL: Unexpected argument '" << t << "' after request_format specification"); |
115 | self_destruct(); | |
d4806c91 CT |
116 | } |
117 | } else { | |
118 | debugs(29, DBG_CRITICAL, "Unrecognised " << scheme->type() << " auth scheme parameter '" << param_str << "'"); | |
119 | } | |
120 | } | |
121 | ||
122 | void | |
123 | Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme) | |
124 | { | |
0309fc40 AJ |
125 | storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n", |
126 | name, scheme->type(), | |
127 | authenticateChildren.n_max, authenticateChildren.n_startup, | |
128 | authenticateChildren.n_idle, authenticateChildren.concurrency); | |
129 | ||
d4806c91 CT |
130 | if (keyExtrasLine.size() > 0) |
131 | storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, scheme->type(), keyExtrasLine.termedBuf()); | |
132 | } | |
133 | ||
134 | void | |
135 | Auth::Config::done() | |
136 | { | |
137 | delete keyExtras; | |
86c63190 | 138 | keyExtras = NULL; |
d4806c91 CT |
139 | keyExtrasLine.clean(); |
140 | } | |
d8d76b36 FB |
141 | |
142 | Auth::User::Pointer | |
8c60f60f | 143 | Auth::Config::findUserInCache(const char *nameKey, Auth::Type authType) |
d8d76b36 FB |
144 | { |
145 | AuthUserHashPointer *usernamehash; | |
146 | debugs(29, 9, "Looking for user '" << nameKey << "'"); | |
147 | ||
148 | if (nameKey && (usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, nameKey)))) { | |
149 | while (usernamehash) { | |
8c60f60f | 150 | if ((usernamehash->user()->auth_type == authType) && |
d8d76b36 FB |
151 | !strcmp(nameKey, (char const *)usernamehash->key)) |
152 | return usernamehash->user(); | |
153 | ||
154 | usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next); | |
155 | } | |
156 | } | |
157 | ||
158 | return NULL; | |
159 | } |