]>
Commit | Line | Data |
---|---|---|
f5691f9c | 1 | /* |
4ac4a490 | 2 | * Copyright (C) 1996-2017 The Squid Software Foundation and contributors |
f5691f9c | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
f5691f9c | 7 | */ |
8 | ||
d87154ee AJ |
9 | #ifndef SQUID_AUTH_USER_H |
10 | #define SQUID_AUTH_USER_H | |
f5691f9c | 11 | |
2f1431ea AJ |
12 | #if USE_AUTH |
13 | ||
d87154ee | 14 | #include "auth/CredentialState.h" |
dc79fed8 | 15 | #include "auth/forward.h" |
616cfc4c | 16 | #include "auth/Type.h" |
92f59a05 | 17 | #include "base/CbcPointer.h" |
8bf217bd | 18 | #include "base/RefCount.h" |
56a49fda | 19 | #include "dlink.h" |
80617cbd | 20 | #include "ip/Address.h" |
71e7400c | 21 | #include "Notes.h" |
65e41a45 | 22 | #include "sbuf/SBuf.h" |
a33a428a | 23 | |
56a49fda | 24 | class StoreEntry; |
9554bbf2 | 25 | |
9f3d2b2e AJ |
26 | namespace Auth |
27 | { | |
d87154ee | 28 | |
63be0a78 | 29 | /** |
63be0a78 | 30 | * This is the main user related structure. It stores user-related data, |
31 | * and is persistent across requests. It can even persist across | |
32 | * multiple external authentications. One major benefit of preserving this | |
33 | * structure is the cached ACL match results. This structure, is private to | |
34 | * the authentication framework. | |
35 | */ | |
d87154ee | 36 | class User : public RefCountable |
f5691f9c | 37 | { |
f5691f9c | 38 | public: |
d87154ee | 39 | typedef RefCount<User> Pointer; |
56a49fda | 40 | |
39bfd3eb | 41 | protected: |
dc79fed8 | 42 | User(Auth::SchemeConfig *, const char *requestRealm); |
39bfd3eb AJ |
43 | public: |
44 | virtual ~User(); | |
45 | ||
f5691f9c | 46 | /* extra fields for proxy_auth */ |
63be0a78 | 47 | /** \deprecated this determines what scheme owns the user data. */ |
616cfc4c | 48 | Auth::Type auth_type; |
63be0a78 | 49 | /** the config for this user */ |
dc79fed8 | 50 | Auth::SchemeConfig *config; |
f5691f9c | 51 | dlink_list proxy_match_cache; |
f5691f9c | 52 | size_t ipcount; |
53 | long expiretime; | |
f5691f9c | 54 | |
71e7400c AJ |
55 | /// list of key=value pairs the helper produced |
56 | NotePairs notes; | |
57 | ||
d87154ee | 58 | public: |
d4806c91 | 59 | static SBuf BuildUserKey(const char *username, const char *realm); |
f5691f9c | 60 | |
d87154ee | 61 | void absorb(Auth::User::Pointer from); |
32113576 | 62 | char const *username() const { return username_; } |
0203ae29 | 63 | void username(char const *); ///< set stored username and userKey |
ea0695f2 | 64 | |
0203ae29 | 65 | // NP: key is set at the same time as username_. Until then both are empty/NULL. |
02aeb7ef | 66 | const SBuf userKey() const {return userKey_;} |
d4806c91 | 67 | |
56a49fda AJ |
68 | /** |
69 | * How long these credentials are still valid for. | |
70 | * Negative numbers means already expired. | |
71 | */ | |
72 | virtual int32_t ttl() const = 0; | |
73 | ||
ea0695f2 | 74 | /* Manage list of IPs using this username */ |
f5691f9c | 75 | void clearIp(); |
b7ac5457 AJ |
76 | void removeIp(Ip::Address); |
77 | void addIp(Ip::Address); | |
ea0695f2 | 78 | |
283c905d FC |
79 | /// add the Auth::User to the protocol-specific username cache. |
80 | virtual void addToNameCache() = 0; | |
638cfbc4 | 81 | static void CredentialsCacheStats(StoreEntry * output); |
f5691f9c | 82 | |
46b1e6bf FC |
83 | // userKey ->Auth::User::Pointer cache |
84 | // must be reimplemented in subclasses | |
638cfbc4 | 85 | static CbcPointer<Auth::CredentialsCache> Cache(); |
92f59a05 | 86 | |
d87154ee AJ |
87 | CredentialState credentials() const; |
88 | void credentials(CredentialState); | |
d232141d AJ |
89 | |
90 | private: | |
91 | /** | |
92 | * The current state these credentials are in: | |
93 | * Unchecked | |
94 | * Authenticated | |
95 | * Pending helper result | |
96 | * Handshake happening in stateful auth. | |
97 | * Failed auth | |
98 | */ | |
d87154ee | 99 | CredentialState credentials_state; |
d232141d | 100 | |
f5691f9c | 101 | private: |
63be0a78 | 102 | /** |
3f5f1a01 | 103 | * DPW 2007-05-08 |
104 | * The username_ memory will be allocated via | |
105 | * xstrdup(). It is our responsibility. | |
106 | */ | |
25f98340 | 107 | const char *username_; |
4c19ba24 | 108 | |
d4806c91 CT |
109 | /** |
110 | * A realm for the user depending on request, designed to identify users, | |
111 | * with the same username and different authentication domains. | |
112 | */ | |
113 | SBuf requestRealm_; | |
114 | ||
115 | /** | |
116 | * A Unique key for the user, consist by username and requestRealm_ | |
117 | */ | |
118 | SBuf userKey_; | |
119 | ||
63be0a78 | 120 | /** what ip addresses has this user been seen at?, plus a list length cache */ |
4c19ba24 | 121 | dlink_list ip_list; |
f5691f9c | 122 | }; |
123 | ||
d87154ee | 124 | } // namespace Auth |
d232141d | 125 | |
2f1431ea | 126 | #endif /* USE_AUTH */ |
d87154ee | 127 | #endif /* SQUID_AUTH_USER_H */ |
f53969cc | 128 |