]>
Commit | Line | Data |
---|---|---|
928f3421 | 1 | #include "config.h" |
928f3421 | 2 | #include "auth/basic/auth_basic.h" |
616cfc4c AJ |
3 | #include "auth/basic/UserRequest.h" |
4 | #include "SquidTime.h" | |
928f3421 AJ |
5 | |
6 | int | |
7 | AuthBasicUserRequest::authenticated() const | |
8 | { | |
56a49fda | 9 | BasicUser const *basic_auth = dynamic_cast<BasicUser const *>(user().getRaw()); |
928f3421 AJ |
10 | |
11 | if (basic_auth && basic_auth->authenticated()) | |
12 | return 1; | |
13 | ||
14 | return 0; | |
15 | } | |
16 | ||
17 | /* log a basic user in | |
18 | */ | |
19 | void | |
20 | AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) | |
21 | { | |
22 | assert(user() != NULL); | |
23 | ||
928f3421 | 24 | /* if the password is not ok, do an identity */ |
d232141d | 25 | if (!user() || user()->credentials() != AuthUser::Ok) |
928f3421 AJ |
26 | return; |
27 | ||
28 | /* are we about to recheck the credentials externally? */ | |
372fccd6 | 29 | if ((user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL) <= squid_curtime) { |
d232141d | 30 | debugs(29, 4, HERE << "credentials expired - rechecking"); |
928f3421 AJ |
31 | return; |
32 | } | |
33 | ||
34 | /* we have been through the external helper, and the credentials haven't expired */ | |
d232141d | 35 | debugs(29, 9, HERE << "user '" << user()->username() << "' authenticated"); |
928f3421 AJ |
36 | |
37 | /* Decode now takes care of finding the AuthUser struct in the cache */ | |
38 | /* after external auth occurs anyway */ | |
d232141d | 39 | user()->expiretime = current_time.tv_sec; |
928f3421 AJ |
40 | |
41 | return; | |
42 | } | |
43 | ||
44 | int | |
45 | AuthBasicUserRequest::module_direction() | |
46 | { | |
47 | /* null auth_user is checked for by authenticateDirection */ | |
616cfc4c | 48 | if (user()->auth_type != Auth::AUTH_BASIC) |
d232141d | 49 | return -2; |
928f3421 | 50 | |
d232141d | 51 | switch (user()->credentials()) { |
928f3421 | 52 | |
d232141d AJ |
53 | case AuthUser::Unchecked: |
54 | case AuthUser::Pending: | |
928f3421 AJ |
55 | return -1; |
56 | ||
d232141d | 57 | case AuthUser::Ok: |
372fccd6 | 58 | if (user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime) |
928f3421 | 59 | return -1; |
928f3421 AJ |
60 | return 0; |
61 | ||
d232141d | 62 | case AuthUser::Failed: |
928f3421 | 63 | return 0; |
928f3421 | 64 | |
d232141d AJ |
65 | default: |
66 | return -2; | |
67 | } | |
928f3421 AJ |
68 | } |
69 | ||
70 | /* send the initial data to a basic authenticator module */ | |
71 | void | |
72 | AuthBasicUserRequest::module_start(RH * handler, void *data) | |
73 | { | |
616cfc4c | 74 | assert(user()->auth_type == Auth::AUTH_BASIC); |
56a49fda | 75 | BasicUser *basic_auth = dynamic_cast<BasicUser *>(user().getRaw()); |
928f3421 AJ |
76 | assert(basic_auth != NULL); |
77 | debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'"); | |
78 | ||
372fccd6 | 79 | if (static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->authenticateProgram == NULL) { |
d232141d | 80 | debugs(29, DBG_CRITICAL, "ERROR: No Basic authentication program configured."); |
928f3421 AJ |
81 | handler(data, NULL); |
82 | return; | |
83 | } | |
84 | ||
85 | /* check to see if the auth_user already has a request outstanding */ | |
d232141d | 86 | if (user()->credentials() == AuthUser::Pending) { |
928f3421 AJ |
87 | /* there is a request with the same credentials already being verified */ |
88 | basic_auth->queueRequest(this, handler, data); | |
89 | return; | |
90 | } | |
91 | ||
56a49fda | 92 | basic_auth->submitRequest(this, handler, data); |
928f3421 AJ |
93 | } |
94 |