[thirdparty/squid.git] / src / auth / Config.cc

/*
 * DEBUG: section 29    Authenticator
 * AUTHOR:  Robert Collins
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "squid.h"
#include "auth/Config.h"
#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
#include "cache_cf.h"
#include "ConfigParser.h"
#include "Debug.h"
#include "format/Format.h"
#include "globals.h"
#include "Store.h"

Auth::ConfigVector Auth::TheConfig;

/**
 * Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header.
 * Any decoding which needs to be done will be done.
 *
 * It may be a cached AuthUser or a new Unauthenticated object.
 * It may also be NULL reflecting that no user could be created.
 */
Auth::UserRequest::Pointer
Auth::Config::CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al)
{
    assert(proxy_auth != NULL);
    debugs(29, 9, HERE << "header = '" << proxy_auth << "'");

    Auth::Config *config = Find(proxy_auth);

    if (config == NULL || !config->active()) {
        debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") <<
               "Unsupported or unconfigured/inactive proxy-auth scheme, '" << proxy_auth << "'");
        return NULL;
    }
    static MemBuf rmb;
    rmb.reset();
    if (config->keyExtras) {
        // %credentials and %username, which normally included in
        // request_format, are - at this time, but that is OK
        // because user name is added to key explicitly, and we do
        // not want to store authenticated credentials at all.
        config->keyExtras->assemble(rmb, al, 0);
    }

    return config->decode(proxy_auth, rmb.hasContent() ? rmb.content() : NULL);
}

Auth::Config *
Auth::Config::Find(const char *proxy_auth)
{
    for (Auth::ConfigVector::iterator  i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
        if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0)
            return *i;

    return NULL;
}

/** Default behaviour is to expose nothing */
void
Auth::Config::registerWithCacheManager(void)
{}

void
Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
    if (strcmp(param_str, "children") == 0) {
        authenticateChildren.parseConfig();

    } else if (strcmp(param_str, "key_extras") == 0) {
        keyExtrasLine = ConfigParser::NextQuotedToken();
        Format::Format *nlf =  new ::Format::Format(scheme->type());
        if (!nlf->parse(keyExtrasLine.termedBuf())) {
            debugs(29, DBG_CRITICAL, "FATAL: Failed parsing key_extras formatting value");
            self_destruct();
            return;
        }
        if (keyExtras)
            delete keyExtras;

        keyExtras = nlf;

        if (char *t = strtok(NULL, w_space)) {
            debugs(29, DBG_CRITICAL, "FATAL: Unexpected argument '" << t << "' after request_format specification");
            self_destruct();
        }
    } else {
        debugs(29, DBG_CRITICAL, "Unrecognised " << scheme->type() << " auth scheme parameter '" << param_str << "'");
    }
}

void
Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme)
{
    storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n",
                      name, scheme->type(),
                      authenticateChildren.n_max, authenticateChildren.n_startup,
                      authenticateChildren.n_idle, authenticateChildren.concurrency);

    if (keyExtrasLine.size() > 0)
        storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, scheme->type(), keyExtrasLine.termedBuf());
}

void
Auth::Config::done()
{
    delete keyExtras;
    keyExtras = NULL;
    keyExtrasLine.clean();
}

Auth::User::Pointer
Auth::Config::findUserInCache(const char *nameKey, Auth::Type authType)
{
    AuthUserHashPointer *usernamehash;
    debugs(29, 9, "Looking for user '" << nameKey << "'");

    if (nameKey && (usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, nameKey)))) {
        while (usernamehash) {
            if ((usernamehash->user()->auth_type == authType) &&
                    !strcmp(nameKey, (char const *)usernamehash->key))
                return usernamehash->user();

            usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
        }
    }

    return NULL;
}
Commit	Line	Data
f5691f9c	1	/*
f5691f9c	2	* DEBUG: section 29 Authenticator
	3	* AUTHOR: Robert Collins
	4	*
	5	* SQUID Web Proxy Cache http://www.squid-cache.org/
	6	* ----------------------------------------------------------
	7	*
	8	* Squid is the result of efforts by numerous individuals from
	9	* the Internet community; see the CONTRIBUTORS file for full
	10	* details. Many organizations have provided support for Squid's
	11	* development; see the SPONSORS file for full details. Squid is
	12	* Copyrighted (C) 2001 by the Regents of the University of
	13	* California; see the COPYRIGHT file for full details. Squid
	14	* incorporates software developed and/or copyrighted by other
	15	* sources; see the CREDITS file for full details.
	16	*
	17	* This program is free software; you can redistribute it and/or modify
	18	* it under the terms of the GNU General Public License as published by
	19	* the Free Software Foundation; either version 2 of the License, or
	20	* (at your option) any later version.
26ac0430	21	*
f5691f9c	22	* This program is distributed in the hope that it will be useful,
	23	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	24	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	25	* GNU General Public License for more details.
26ac0430	26	*
f5691f9c	27	* You should have received a copy of the GNU General Public License
	28	* along with this program; if not, write to the Free Software
	29	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	30	*
	31	*/
	32
582c2af2	33	#include "squid.h"
2d2b0bb7	34	#include "auth/Config.h"
d8d76b36	35	#include "auth/Gadgets.h"
2d2b0bb7	36	#include "auth/UserRequest.h"
d4806c91 CT	37	#include "cache_cf.h"
d4806c91 CT	38	#include "ConfigParser.h"
582c2af2	39	#include "Debug.h"
d4806c91	40	#include "format/Format.h"
582c2af2	41	#include "globals.h"
d4806c91	42	#include "Store.h"
f5691f9c	43
9f3d2b2e	44	Auth::ConfigVector Auth::TheConfig;
5817ee13 AJ	45
5817ee13 AJ	46	/**
9f3d2b2e AJ	47	* Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header.
	48	* Any decoding which needs to be done will be done.
	49	*
	50	* It may be a cached AuthUser or a new Unauthenticated object.
f5691f9c	51	* It may also be NULL reflecting that no user could be created.
f5691f9c	52	*/
c7baff40	53	Auth::UserRequest::Pointer
d4806c91	54	Auth::Config::CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al)
f5691f9c	55	{
f5691f9c	56	assert(proxy_auth != NULL);
9f3d2b2e	57	debugs(29, 9, HERE << "header = '" << proxy_auth << "'");
f5691f9c	58
9f3d2b2e	59	Auth::Config *config = Find(proxy_auth);
f5691f9c	60
f5691f9c	61	if (config == NULL \|\| !config->active()) {
c6cf8dee	62	debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") <<
8add28cd	63	"Unsupported or unconfigured/inactive proxy-auth scheme, '" << proxy_auth << "'");
f5691f9c	64	return NULL;
f5691f9c	65	}
d4806c91 CT	66	static MemBuf rmb;
	67	rmb.reset();
	68	if (config->keyExtras) {
	69	// %credentials and %username, which normally included in
	70	// request_format, are - at this time, but that is OK
	71	// because user name is added to key explicitly, and we do
	72	// not want to store authenticated credentials at all.
	73	config->keyExtras->assemble(rmb, al, 0);
	74	}
f5691f9c	75
d4806c91	76	return config->decode(proxy_auth, rmb.hasContent() ? rmb.content() : NULL);
f5691f9c	77	}
f5691f9c	78
9f3d2b2e AJ	79	Auth::Config *
9f3d2b2e AJ	80	Auth::Config::Find(const char *proxy_auth)
f5691f9c	81	{
9f3d2b2e	82	for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
f5691f9c	83	if (strncasecmp(proxy_auth, (i)->type(), strlen((i)->type())) == 0)
	84	return *i;
	85
	86	return NULL;
	87	}
62ee09ca	88
9f3d2b2e	89	/** Default behaviour is to expose nothing */
62ee09ca	90	void
9f3d2b2e	91	Auth::Config::registerWithCacheManager(void)
62ee09ca	92	{}
d4806c91 CT	93
	94	void
	95	Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
	96	{
0309fc40 AJ	97	if (strcmp(param_str, "children") == 0) {
	98	authenticateChildren.parseConfig();
	99
	100	} else if (strcmp(param_str, "key_extras") == 0) {
d4806c91 CT	101	keyExtrasLine = ConfigParser::NextQuotedToken();
	102	Format::Format *nlf = new ::Format::Format(scheme->type());
	103	if (!nlf->parse(keyExtrasLine.termedBuf())) {
	104	debugs(29, DBG_CRITICAL, "FATAL: Failed parsing key_extras formatting value");
	105	self_destruct();
	106	return;
	107	}
	108	if (keyExtras)
	109	delete keyExtras;
	110
	111	keyExtras = nlf;
86c63190	112
d4806c91	113	if (char *t = strtok(NULL, w_space)) {
86c63190 AJ	114	debugs(29, DBG_CRITICAL, "FATAL: Unexpected argument '" << t << "' after request_format specification");
86c63190 AJ	115	self_destruct();
d4806c91 CT	116	}
	117	} else {
	118	debugs(29, DBG_CRITICAL, "Unrecognised " << scheme->type() << " auth scheme parameter '" << param_str << "'");
	119	}
	120	}
	121
	122	void
	123	Auth::Config::dump(StoreEntry entry, const char name, Auth::Config *scheme)
	124	{
0309fc40 AJ	125	storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n",
	126	name, scheme->type(),
	127	authenticateChildren.n_max, authenticateChildren.n_startup,
	128	authenticateChildren.n_idle, authenticateChildren.concurrency);
	129
d4806c91 CT	130	if (keyExtrasLine.size() > 0)
	131	storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, scheme->type(), keyExtrasLine.termedBuf());
	132	}
	133
	134	void
	135	Auth::Config::done()
	136	{
	137	delete keyExtras;
86c63190	138	keyExtras = NULL;
d4806c91 CT	139	keyExtrasLine.clean();
d4806c91 CT	140	}
d8d76b36 FB	141
d8d76b36 FB	142	Auth::User::Pointer
8c60f60f	143	Auth::Config::findUserInCache(const char *nameKey, Auth::Type authType)
d8d76b36 FB	144	{
	145	AuthUserHashPointer *usernamehash;
	146	debugs(29, 9, "Looking for user '" << nameKey << "'");
	147
	148	if (nameKey && (usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, nameKey)))) {
	149	while (usernamehash) {
8c60f60f	150	if ((usernamehash->user()->auth_type == authType) &&
d8d76b36 FB	151	!strcmp(nameKey, (char const *)usernamehash->key))
	152	return usernamehash->user();
	153
	154	usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
	155	}
	156	}
	157
	158	return NULL;
	159	}