]>
Commit | Line | Data |
---|---|---|
f5691f9c | 1 | /* |
5b74111a | 2 | * Copyright (C) 1996-2018 The Squid Software Foundation and contributors |
f5691f9c | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
f5691f9c | 7 | */ |
bbc27441 | 8 | |
dc79fed8 AJ |
9 | #ifndef SQUID_SRC_AUTH_SCHEMECONFIG_H |
10 | #define SQUID_SRC_AUTH_SCHEMECONFIG_H | |
f5691f9c | 11 | |
2f1431ea AJ |
12 | #if USE_AUTH |
13 | ||
d4806c91 | 14 | #include "AccessLogEntry.h" |
dc79fed8 | 15 | #include "auth/forward.h" |
a33a428a | 16 | #include "auth/UserRequest.h" |
76d9b994 | 17 | #include "helper/ChildConfig.h" |
a33a428a | 18 | |
e1f7507e AJ |
19 | class StoreEntry; |
20 | class HttpReply; | |
21 | class HttpRequest; | |
ea0695f2 | 22 | class wordlist; |
e1f7507e | 23 | |
789217a2 | 24 | /* for Http::HdrType parameters-by-value */ |
e1f7507e AJ |
25 | #include "HttpHeader.h" |
26 | ||
d4806c91 CT |
27 | namespace Format |
28 | { | |
86c63190 | 29 | class Format; |
d4806c91 CT |
30 | } |
31 | ||
9f3d2b2e AJ |
32 | namespace Auth |
33 | { | |
e1f7507e AJ |
34 | |
35 | /** | |
9f3d2b2e AJ |
36 | * \ingroup AuthAPI |
37 | * \par | |
f5691f9c | 38 | * I am the configuration for an auth scheme. |
39 | * Currently each scheme has only one instance of me, | |
40 | * but this may change. | |
9f3d2b2e | 41 | * \par |
e1f7507e | 42 | * This class is treated like a ref counted class. |
f5691f9c | 43 | * If the children ever stop being singletons, implement the |
44 | * ref counting... | |
45 | */ | |
dc79fed8 | 46 | class SchemeConfig |
f5691f9c | 47 | { |
48 | ||
49 | public: | |
d4806c91 | 50 | static UserRequest::Pointer CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al); |
f5691f9c | 51 | |
dc79fed8 | 52 | static SchemeConfig *Find(const char *proxy_auth); |
5bfc3dbd EB |
53 | /// Call this method if you need a guarantee that all auth schemes has been |
54 | /// already configured. | |
dc79fed8 | 55 | static SchemeConfig *GetParsed(const char *proxy_auth); |
b2b09838 | 56 | SchemeConfig() : authenticateChildren(20) {} |
f5691f9c | 57 | |
dc79fed8 | 58 | virtual ~SchemeConfig() {} |
f5691f9c | 59 | |
63be0a78 | 60 | /** |
61 | * Used by squid to determine whether the auth module has successfully initialised itself with the current configuration. | |
62 | * | |
f53969cc SM |
63 | \retval true Authentication Module loaded and running. |
64 | \retval false No Authentication Module loaded. | |
63be0a78 | 65 | */ |
f5691f9c | 66 | virtual bool active() const = 0; |
63be0a78 | 67 | |
68 | /** | |
69 | * new decode API: virtual factory pattern | |
70 | \par | |
71 | * Responsible for decoding the passed authentication header, creating or | |
72 | * linking to a AuthUser object and for storing any needed details to complete | |
c7baff40 | 73 | * authentication in Auth::UserRequest::authenticate(). |
63be0a78 | 74 | * |
f53969cc SM |
75 | \param proxy_auth Login Pattern to parse. |
76 | \retval * Details needed to authenticate. | |
63be0a78 | 77 | */ |
d4806c91 | 78 | virtual UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm) = 0; |
63be0a78 | 79 | |
80 | /** | |
81 | * squid is finished with this config, release any unneeded resources. | |
f5691f9c | 82 | * If a singleton, delete will not occur. if not a singleton (future), |
83 | * delete will occur when no references are held. | |
63be0a78 | 84 | * |
85 | \todo we need a 'done for reconfigure' and a 'done permanently' concept. | |
f5691f9c | 86 | */ |
d4806c91 | 87 | virtual void done(); |
63be0a78 | 88 | |
89 | /** | |
90 | * The configured function is used to see if the auth module has been given valid | |
91 | * parameters and is able to handle authentication requests. | |
92 | * | |
f53969cc SM |
93 | \retval true Authentication Module configured ready for use. |
94 | \retval false Not configured or Configuration Error. | |
95 | * No other module functions except Shutdown/Dump/Parse/FreeConfig will be called by Squid. | |
63be0a78 | 96 | */ |
f5691f9c | 97 | virtual bool configured() const = 0; |
63be0a78 | 98 | |
0bcb6908 AJ |
99 | /** |
100 | * Shutdown just the auth helpers. | |
101 | * For use by log rotate etc. where auth needs to stay running, with the helpers restarted. | |
102 | */ | |
103 | virtual void rotateHelpers(void) = 0; | |
104 | ||
63be0a78 | 105 | /** |
106 | * Responsible for writing to the StoreEntry the configuration parameters that a user | |
107 | * would put in a config file to recreate the running configuration. | |
3616c90c | 108 | * Returns whether the scheme is configured. |
63be0a78 | 109 | */ |
dc79fed8 | 110 | virtual bool dump(StoreEntry *, const char *, SchemeConfig *) const; |
63be0a78 | 111 | |
112 | /** add headers as needed when challenging for auth */ | |
789217a2 | 113 | virtual void fixHeader(UserRequest::Pointer, HttpReply *, Http::HdrType, HttpRequest *) = 0; |
9f3d2b2e | 114 | |
63be0a78 | 115 | /** prepare to handle requests */ |
dc79fed8 | 116 | virtual void init(SchemeConfig *) = 0; |
9f3d2b2e | 117 | |
63be0a78 | 118 | /** expose any/all statistics to a CacheManager */ |
15fab853 | 119 | virtual void registerWithCacheManager(void); |
9f3d2b2e | 120 | |
63be0a78 | 121 | /** parse config options */ |
dc79fed8 | 122 | virtual void parse(SchemeConfig *, int, char *); |
9f3d2b2e | 123 | |
63be0a78 | 124 | /** the http string id */ |
f5691f9c | 125 | virtual const char * type() const = 0; |
ea0695f2 AJ |
126 | |
127 | public: | |
76d9b994 | 128 | Helper::ChildConfig authenticateChildren; |
b2b09838 | 129 | wordlist *authenticateProgram = nullptr; ///< Helper program to run, includes all parameters |
d4806c91 | 130 | String keyExtrasLine; ///< The format of the request to the auth helper |
b2b09838 AJ |
131 | Format::Format *keyExtras = nullptr; ///< The compiled request format |
132 | int keep_alive = 1; ///< whether to close the connection on auth challenges. default: on | |
133 | int utf8 = 0; ///< wheter to accept UTF-8 characterset instead of ASCII. default: off | |
ec980001 AJ |
134 | |
135 | protected: | |
136 | /// RFC 7235 section 2.2 - Protection Space (Realm) | |
137 | SBuf realm; | |
f5691f9c | 138 | }; |
139 | ||
e5519212 | 140 | } // namespace Auth |
5817ee13 | 141 | |
2f1431ea | 142 | #endif /* USE_AUTH */ |
dc79fed8 | 143 | #endif /* SQUID_SRC_AUTH_SCHEMECONFIG_H */ |
f53969cc | 144 |