projects / thirdparty / squid.git / blame
| Commit | Line | Data |
|---|---|---|
| 928f3421 | 1 | #include "config.h" |
| 928f3421 | 2 | #include "auth/basic/auth_basic.h" |
| 616cfc4c AJ |
3 | #include "auth/basic/UserRequest.h" |
| 4 | #include "SquidTime.h" | |
| 928f3421 AJ |
5 | |
| 6 | int | |
| 7 | AuthBasicUserRequest::authenticated() const | |
| 8 | { | |
| 56a49fda | 9 | BasicUser const *basic_auth = dynamic_cast<BasicUser const *>(user().getRaw()); |
| 928f3421 AJ |
10 | |
| 11 | if (basic_auth && basic_auth->authenticated()) | |
| 12 | return 1; | |
| 13 | ||
| 14 | return 0; | |
| 15 | } | |
| 16 | ||
| 17 | /* log a basic user in | |
| 18 | */ | |
| 19 | void | |
| 20 | AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) | |
| 21 | { | |
| 22 | assert(user() != NULL); | |
| 23 | ||
| 928f3421 | 24 | /* if the password is not ok, do an identity */ |
| d232141d | 25 | if (!user() || user()->credentials() != AuthUser::Ok) |
| 928f3421 AJ |
26 | return; |
| 27 | ||
| 28 | /* are we about to recheck the credentials externally? */ | |
| 372fccd6 | 29 | if ((user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL) <= squid_curtime) { |
| d232141d | 30 | debugs(29, 4, HERE << "credentials expired - rechecking"); |
| 928f3421 AJ |
31 | return; |
| 32 | } | |
| 33 | ||
| 34 | /* we have been through the external helper, and the credentials haven't expired */ | |
| d232141d | 35 | debugs(29, 9, HERE << "user '" << user()->username() << "' authenticated"); |
| 928f3421 AJ |
36 | |
| 37 | /* Decode now takes care of finding the AuthUser struct in the cache */ | |
| 38 | /* after external auth occurs anyway */ | |
| d232141d | 39 | user()->expiretime = current_time.tv_sec; |
| 928f3421 AJ |
40 | |
| 41 | return; | |
| 42 | } | |
| 43 | ||
| 44 | int | |
| 45 | AuthBasicUserRequest::module_direction() | |
| 46 | { | |
| 47 | /* null auth_user is checked for by authenticateDirection */ | |
| 616cfc4c | 48 | if (user()->auth_type != Auth::AUTH_BASIC) |
| d232141d | 49 | return -2; |
| 928f3421 | 50 | |
| d232141d | 51 | switch (user()->credentials()) { |
| 928f3421 | 52 | |
| d232141d AJ |
53 | case AuthUser::Unchecked: |
| 54 | case AuthUser::Pending: | |
| 928f3421 AJ |
55 | return -1; |
| 56 | ||
| d232141d | 57 | case AuthUser::Ok: |
| 372fccd6 | 58 | if (user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime) |
| 928f3421 | 59 | return -1; |
| 928f3421 AJ |
60 | return 0; |
| 61 | ||
| d232141d | 62 | case AuthUser::Failed: |
| 928f3421 | 63 | return 0; |
| 928f3421 | 64 | |
| d232141d AJ |
65 | default: |
| 66 | return -2; | |
| 67 | } | |
| 928f3421 AJ |
68 | } |
| 69 | ||
| 70 | /* send the initial data to a basic authenticator module */ | |
| 71 | void | |
| 72 | AuthBasicUserRequest::module_start(RH * handler, void *data) | |
| 73 | { | |
| 616cfc4c | 74 | assert(user()->auth_type == Auth::AUTH_BASIC); |
| 56a49fda | 75 | BasicUser *basic_auth = dynamic_cast<BasicUser *>(user().getRaw()); |
| 928f3421 AJ |
76 | assert(basic_auth != NULL); |
| 77 | debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'"); | |
| 78 | ||
| 372fccd6 | 79 | if (static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->authenticateProgram == NULL) { |
| d232141d | 80 | debugs(29, DBG_CRITICAL, "ERROR: No Basic authentication program configured."); |
| 928f3421 AJ |
81 | handler(data, NULL); |
| 82 | return; | |
| 83 | } | |
| 84 | ||
| 85 | /* check to see if the auth_user already has a request outstanding */ | |
| d232141d | 86 | if (user()->credentials() == AuthUser::Pending) { |
| 928f3421 AJ |
87 | /* there is a request with the same credentials already being verified */ |
| 88 | basic_auth->queueRequest(this, handler, data); | |
| 89 | return; | |
| 90 | } | |
| 91 | ||
| 56a49fda | 92 | basic_auth->submitRequest(this, handler, data); |
| 928f3421 AJ |
93 | } |
| 94 |