]>
Commit | Line | Data |
---|---|---|
1d620765 | 1 | |
2 | /* | |
63be0a78 | 3 | * $Id: authenticate.cc,v 1.69 2008/02/26 21:49:34 amosjeffries Exp $ |
1d620765 | 4 | * |
5 | * DEBUG: section 29 Authenticator | |
e6ccf245 | 6 | * AUTHOR: Robert Collins |
1d620765 | 7 | * |
2b6662ba | 8 | * SQUID Web Proxy Cache http://www.squid-cache.org/ |
1d620765 | 9 | * ---------------------------------------------------------- |
10 | * | |
2b6662ba | 11 | * Squid is the result of efforts by numerous individuals from |
12 | * the Internet community; see the CONTRIBUTORS file for full | |
13 | * details. Many organizations have provided support for Squid's | |
14 | * development; see the SPONSORS file for full details. Squid is | |
15 | * Copyrighted (C) 2001 by the Regents of the University of | |
16 | * California; see the COPYRIGHT file for full details. Squid | |
17 | * incorporates software developed and/or copyrighted by other | |
18 | * sources; see the CREDITS file for full details. | |
1d620765 | 19 | * |
20 | * This program is free software; you can redistribute it and/or modify | |
21 | * it under the terms of the GNU General Public License as published by | |
22 | * the Free Software Foundation; either version 2 of the License, or | |
23 | * (at your option) any later version. | |
24 | * | |
25 | * This program is distributed in the hope that it will be useful, | |
26 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
27 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
28 | * GNU General Public License for more details. | |
29 | * | |
30 | * You should have received a copy of the GNU General Public License | |
31 | * along with this program; if not, write to the Free Software | |
32 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
33 | * | |
34 | */ | |
35 | ||
94439e4e | 36 | /* The functions in this file handle authentication. |
37 | * They DO NOT perform access control or auditing. | |
38 | * See acl.c for access control and client_side.c for auditing */ | |
1d620765 | 39 | |
94439e4e | 40 | #include "squid.h" |
e6ccf245 | 41 | #include "authenticate.h" |
8000a965 | 42 | #include "ACL.h" |
a46d2c0e | 43 | #include "client_side.h" |
f5691f9c | 44 | #include "AuthConfig.h" |
45 | #include "AuthScheme.h" | |
46 | #include "AuthUser.h" | |
924f73bc | 47 | #include "HttpReply.h" |
a2ac85d9 | 48 | #include "HttpRequest.h" |
1d620765 | 49 | |
94439e4e | 50 | /**** PUBLIC FUNCTIONS (ALL GENERIC!) ****/ |
1d620765 | 51 | |
94439e4e | 52 | int |
2d72d4fd | 53 | authenticateActiveSchemeCount(void) |
94439e4e | 54 | { |
f5691f9c | 55 | int rv = 0; |
62e76326 | 56 | |
f5691f9c | 57 | for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i) |
58 | if ((*i)->configured()) | |
59 | ++rv; | |
62e76326 | 60 | |
bf8fe701 | 61 | debugs(29, 9, "authenticateActiveSchemeCount: " << rv << " active."); |
62e76326 | 62 | |
94439e4e | 63 | return rv; |
64 | } | |
65 | ||
66 | int | |
2d72d4fd | 67 | authenticateSchemeCount(void) |
94439e4e | 68 | { |
f5691f9c | 69 | int rv = AuthScheme::Schemes().size(); |
62e76326 | 70 | |
bf8fe701 | 71 | debugs(29, 9, "authenticateSchemeCount: " << rv << " active."); |
62e76326 | 72 | |
94439e4e | 73 | return rv; |
74 | } | |
75 | ||
5acc9f37 FC |
76 | static void |
77 | authenticateRegisterWithCacheManager(authConfig * config) | |
78 | { | |
79 | for (authConfig::iterator i = config->begin(); i != config->end(); ++i) { | |
80 | AuthConfig *scheme = *i; | |
81 | scheme->registerWithCacheManager(); | |
82 | } | |
83 | } | |
84 | ||
94439e4e | 85 | void |
86 | authenticateInit(authConfig * config) | |
87 | { | |
f5691f9c | 88 | for (authConfig::iterator i = config->begin(); i != config->end(); ++i) { |
89 | AuthConfig *scheme = *i; | |
62e76326 | 90 | |
f5691f9c | 91 | if (scheme->configured()) |
92 | scheme->init(scheme); | |
1d620765 | 93 | } |
62e76326 | 94 | |
94439e4e | 95 | if (!proxy_auth_username_cache) |
62e76326 | 96 | AuthUser::cacheInit(); |
97 | else | |
98 | AuthUser::CachedACLsReset(); | |
6fdc2d18 FC |
99 | |
100 | authenticateRegisterWithCacheManager(&Config.authConfiguration); | |
c623f072 | 101 | } |
102 | ||
1d620765 | 103 | void |
74addf6c | 104 | authenticateShutdown(void) |
1d620765 | 105 | { |
bf8fe701 | 106 | debugs(29, 2, "authenticateShutdown: shutting down auth schemes"); |
c623f072 | 107 | /* free the cache if we are shutting down */ |
62e76326 | 108 | |
f5691f9c | 109 | if (shutting_down) { |
62e76326 | 110 | hashFreeItems(proxy_auth_username_cache, AuthUserHashPointer::removeFromCache); |
f5691f9c | 111 | AuthScheme::FreeAll(); |
94439e4e | 112 | } else { |
f5691f9c | 113 | for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i) |
114 | (*i)->done(); | |
94439e4e | 115 | } |
e6ccf245 | 116 | } |
117 | ||
e1f7507e AJ |
118 | /** |
119 | \retval 0 not in use | |
120 | \retval ? in use | |
121 | */ | |
94439e4e | 122 | int |
e1f7507e | 123 | authenticateAuthUserInuse(AuthUser * auth_user) |
94439e4e | 124 | { |
125 | assert(auth_user != NULL); | |
126 | return auth_user->references; | |
127 | } | |
128 | ||
e6ccf245 | 129 | void |
e1f7507e | 130 | authenticateAuthUserMerge(AuthUser * from, AuthUser * to) |
62e76326 | 131 | { |
e6ccf245 | 132 | to->absorb (from); |
94439e4e | 133 | } |
134 | ||
e1f7507e AJ |
135 | /** |
136 | * Cleans all config-dependent data from the auth_user cache. | |
137 | \note It DOES NOT Flush the user cache. | |
94439e4e | 138 | */ |
94439e4e | 139 | void |
2d72d4fd | 140 | authenticateUserCacheRestart(void) |
94439e4e | 141 | { |
e6ccf245 | 142 | AuthUserHashPointer *usernamehash; |
e1f7507e AJ |
143 | AuthUser *auth_user; |
144 | debugs(29, 3, HERE << "Clearing config dependent cache data."); | |
94439e4e | 145 | hash_first(proxy_auth_username_cache); |
62e76326 | 146 | |
e6ccf245 | 147 | while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) { |
62e76326 | 148 | auth_user = usernamehash->user(); |
bf8fe701 | 149 | debugs(29, 5, "authenticateUserCacheRestat: Clearing cache ACL results for user: " << auth_user->username()); |
94439e4e | 150 | } |
94439e4e | 151 | } |
152 | ||
e6ccf245 | 153 | |
154 | void | |
155 | AuthUserHashPointer::removeFromCache(void *usernamehash_p) | |
156 | { | |
157 | AuthUserHashPointer *usernamehash = static_cast<AuthUserHashPointer *>(usernamehash_p); | |
63be0a78 | 158 | AuthUser *auth_user = usernamehash->auth_user; |
62e76326 | 159 | |
e6ccf245 | 160 | if ((authenticateAuthUserInuse(auth_user) - 1)) |
bf8fe701 | 161 | debugs(29, 1, "AuthUserHashPointer::removeFromCache: entry in use - not freeing"); |
62e76326 | 162 | |
f5691f9c | 163 | auth_user->unlock(); |
62e76326 | 164 | |
63be0a78 | 165 | /** \todo change behaviour - we remove from the auth user list here, and then unlock, and the |
e6ccf245 | 166 | * delete ourselves. |
167 | */ | |
168 | } | |
94439e4e | 169 | |
e1f7507e AJ |
170 | AuthUserHashPointer::AuthUserHashPointer(AuthUser * anAuth_user): |
171 | auth_user(anAuth_user) | |
e6ccf245 | 172 | { |
4a8b20e8 | 173 | key = (void *)anAuth_user->username(); |
174 | next = NULL; | |
e6ccf245 | 175 | hash_join(proxy_auth_username_cache, (hash_link *) this); |
f5691f9c | 176 | |
e1f7507e | 177 | /** lock for presence in the cache */ |
63be0a78 | 178 | auth_user->lock(); |
94439e4e | 179 | } |
e6ccf245 | 180 | |
181 | AuthUser * | |
182 | AuthUserHashPointer::user() const | |
183 | { | |
184 | return auth_user; | |
185 | } |