]>
Commit | Line | Data |
---|---|---|
2d70df72 | 1 | /* |
2 | * auth_digest.h | |
3 | * Internal declarations for the digest auth module | |
4 | */ | |
5 | ||
6 | #ifndef __AUTH_DIGEST_H__ | |
7 | #define __AUTH_DIGEST_H__ | |
8 | #include "rfc2617.h" | |
82b045dc | 9 | #include "authenticate.h" |
f5691f9c | 10 | #include "AuthUser.h" |
11 | #include "AuthUserRequest.h" | |
12 | #include "AuthConfig.h" | |
aa839030 | 13 | #include "helper.h" |
14 | ||
2d70df72 | 15 | /* Generic */ |
62e76326 | 16 | |
17 | class DigestAuthenticateStateData | |
18 | { | |
19 | ||
e6ccf245 | 20 | public: |
2d70df72 | 21 | void *data; |
76f142cd | 22 | AuthUserRequest *auth_user_request; |
2d70df72 | 23 | RH *handler; |
e6ccf245 | 24 | }; |
2d70df72 | 25 | |
2d70df72 | 26 | typedef struct _digest_nonce_data digest_nonce_data; |
27 | ||
28 | typedef struct _digest_nonce_h digest_nonce_h; | |
29 | ||
f5691f9c | 30 | class DigestUser : public AuthUser |
62e76326 | 31 | { |
82b045dc | 32 | |
33 | public: | |
b001e822 | 34 | MEMPROXY_CLASS(DigestUser); |
82b045dc | 35 | |
f5691f9c | 36 | DigestUser(AuthConfig *); |
37 | ~DigestUser(); | |
82b045dc | 38 | int authenticated() const; |
2d70df72 | 39 | HASH HA1; |
40 | int HA1created; | |
62e76326 | 41 | |
2d70df72 | 42 | /* what nonces have been allocated to this user */ |
43 | dlink_list nonces; | |
82b045dc | 44 | |
2d70df72 | 45 | }; |
46 | ||
e1f7507e | 47 | MEMPROXY_CLASS_INLINE(DigestUser); |
b001e822 | 48 | |
f5691f9c | 49 | typedef class DigestUser digest_user_h; |
50 | ||
2d70df72 | 51 | /* the digest_request structure is what follows the http_request around */ |
62e76326 | 52 | |
f5691f9c | 53 | class AuthDigestUserRequest : public AuthUserRequest |
62e76326 | 54 | { |
82b045dc | 55 | |
56 | public: | |
57 | enum CredentialsState {Unchecked, Ok, Pending, Failed}; | |
b001e822 | 58 | MEMPROXY_CLASS(AuthDigestUserRequest); |
82b045dc | 59 | |
f5691f9c | 60 | AuthDigestUserRequest(); |
61 | virtual ~AuthDigestUserRequest(); | |
82b045dc | 62 | |
f5691f9c | 63 | virtual int authenticated() const; |
486bf0fb | 64 | virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type); |
f5691f9c | 65 | virtual int module_direction(); |
82b045dc | 66 | virtual void addHeader(HttpReply * rep, int accel); |
f5691f9c | 67 | #if WAITING_FOR_TE |
68 | ||
69 | virtual void addTrailer(HttpReply * rep, int accel); | |
70 | #endif | |
71 | ||
72 | virtual void module_start(RH *, void *); | |
73 | virtual AuthUser *user() {return _theUser;} | |
74 | ||
75 | virtual const AuthUser *user() const {return _theUser;} | |
76 | ||
e1f7507e | 77 | virtual void user(AuthUser *aUser) {_theUser=dynamic_cast<DigestUser *>(aUser);} |
82b045dc | 78 | |
79 | CredentialsState credentials() const; | |
80 | void credentials(CredentialsState); | |
81 | ||
e1f7507e AJ |
82 | void authUser(AuthUser *); |
83 | AuthUser *authUser() const; | |
82b045dc | 84 | |
6437ac71 | 85 | char *nonceb64; /* "dcd98b7102dd2f0e8b11d0f600bfb0c093" */ |
86 | char *cnonce; /* "0a4f113b" */ | |
87 | char *realm; /* = "testrealm@host.com" */ | |
88 | char *pszPass; /* = "Circle Of Life" */ | |
89 | char *algorithm; /* = "md5" */ | |
90 | char nc[9]; /* = "00000001" */ | |
91 | char *pszMethod; /* = "GET" */ | |
92 | char *qop; /* = "auth" */ | |
93 | char *uri; /* = "/dir/index.html" */ | |
2d70df72 | 94 | char *response; |
62e76326 | 95 | |
26ac0430 | 96 | struct { |
3d0ac046 | 97 | unsigned int authinfo_sent:1; |
26ac0430 | 98 | unsigned int invalid_password:1; |
3d0ac046 HN |
99 | unsigned int helper_queried:1; |
100 | } flags; | |
2d70df72 | 101 | digest_nonce_h *nonce; |
82b045dc | 102 | |
103 | private: | |
f5691f9c | 104 | DigestUser *_theUser; |
82b045dc | 105 | CredentialsState credentials_ok; |
2d70df72 | 106 | }; |
107 | ||
63be0a78 | 108 | MEMPROXY_CLASS_INLINE(AuthDigestUserRequest) /**DOCS_NOSEMI*/ |
b001e822 | 109 | |
2d70df72 | 110 | /* data to be encoded into the nonce's b64 representation */ |
62e76326 | 111 | |
26ac0430 | 112 | struct _digest_nonce_data { |
2d70df72 | 113 | time_t creationtime; |
114 | /* in memory address of the nonce struct (similar purpose to an ETag) */ | |
115 | digest_nonce_h *self; | |
116 | long randomdata; | |
117 | }; | |
118 | ||
119 | /* the nonce structure we'll pass around */ | |
62e76326 | 120 | |
26ac0430 | 121 | struct _digest_nonce_h : public hash_link { |
2d70df72 | 122 | digest_nonce_data noncedata; |
123 | /* number of uses we've seen of this nonce */ | |
e6ccf245 | 124 | unsigned long nc; |
2d70df72 | 125 | /* reference count */ |
126 | short references; | |
127 | /* the auth_user this nonce has been tied to */ | |
f5691f9c | 128 | DigestUser *user; |
2d70df72 | 129 | /* has this nonce been invalidated ? */ |
62e76326 | 130 | |
26ac0430 | 131 | struct { |
3d0ac046 HN |
132 | unsigned int valid:1; |
133 | unsigned int incache:1; | |
134 | } flags; | |
2d70df72 | 135 | }; |
136 | ||
137 | /* configuration runtime data */ | |
62e76326 | 138 | |
f5691f9c | 139 | class AuthDigestConfig : public AuthConfig |
62e76326 | 140 | { |
f5691f9c | 141 | |
142 | public: | |
5c926411 | 143 | AuthDigestConfig(); |
f5691f9c | 144 | virtual bool active() const; |
145 | virtual bool configured() const; | |
146 | virtual AuthUserRequest *decode(char const *proxy_auth); | |
147 | virtual void done(); | |
148 | virtual void dump(StoreEntry *, const char *, AuthConfig *); | |
76f142cd | 149 | virtual void fixHeader(AuthUserRequest *, HttpReply *, http_hdr_type, HttpRequest *); |
f5691f9c | 150 | virtual void init(AuthConfig *); |
151 | virtual void parse(AuthConfig *, int, char *); | |
15fab853 | 152 | virtual void registerWithCacheManager(void); |
f5691f9c | 153 | virtual const char * type() const; |
2d70df72 | 154 | int authenticateChildren; |
155 | char *digestAuthRealm; | |
156 | wordlist *authenticate; | |
157 | time_t nonceGCInterval; | |
158 | time_t noncemaxduration; | |
e6ccf245 | 159 | unsigned int noncemaxuses; |
d205783b | 160 | int NonceStrictness; |
f5292c64 | 161 | int CheckNonceCount; |
162 | int PostWorkaround; | |
f741d2f6 | 163 | int utf8; |
2d70df72 | 164 | }; |
165 | ||
f5691f9c | 166 | typedef class AuthDigestConfig auth_digest_config; |
2d70df72 | 167 | |
168 | /* strings */ | |
169 | #define QOP_AUTH "auth" | |
170 | ||
171 | #endif |