]>
Commit | Line | Data |
---|---|---|
e6ccf245 | 1 | |
2 | /* | |
190154cf | 3 | * $Id: authenticate.h,v 1.13 2003/08/10 11:00:42 robertc Exp $ |
e6ccf245 | 4 | * |
5 | * | |
6 | * SQUID Web Proxy Cache http://www.squid-cache.org/ | |
7 | * ---------------------------------------------------------- | |
8 | * | |
9 | * Squid is the result of efforts by numerous individuals from | |
10 | * the Internet community; see the CONTRIBUTORS file for full | |
11 | * details. Many organizations have provided support for Squid's | |
12 | * development; see the SPONSORS file for full details. Squid is | |
13 | * Copyrighted (C) 2001 by the Regents of the University of | |
14 | * California; see the COPYRIGHT file for full details. Squid | |
15 | * incorporates software developed and/or copyrighted by other | |
16 | * sources; see the CREDITS file for full details. | |
17 | * | |
18 | * This program is free software; you can redistribute it and/or modify | |
19 | * it under the terms of the GNU General Public License as published by | |
20 | * the Free Software Foundation; either version 2 of the License, or | |
21 | * (at your option) any later version. | |
22 | * | |
23 | * This program is distributed in the hope that it will be useful, | |
24 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
26 | * GNU General Public License for more details. | |
27 | * | |
28 | * You should have received a copy of the GNU General Public License | |
29 | * along with this program; if not, write to the Free Software | |
30 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
31 | * | |
32 | */ | |
33 | ||
34 | #ifndef SQUID_AUTHENTICATE_H | |
35 | #define SQUID_AUTHENTICATE_H | |
36 | ||
a2ac85d9 | 37 | #include "client_side.h" |
38 | ||
e6ccf245 | 39 | class AuthUser; |
e6ccf245 | 40 | |
62e76326 | 41 | struct AuthUserHashPointer : public hash_link |
42 | { | |
e6ccf245 | 43 | /* first two items must be same as hash_link */ |
62e76326 | 44 | |
e6ccf245 | 45 | public: |
46 | static void removeFromCache (void *anAuthUserHashPointer); | |
62e76326 | 47 | |
e6ccf245 | 48 | AuthUserHashPointer (AuthUser *); |
62e76326 | 49 | |
35db0b4e | 50 | void *operator new (size_t byteCount); |
e6ccf245 | 51 | void operator delete (void *address); |
52 | AuthUser *user() const; | |
62e76326 | 53 | |
e6ccf245 | 54 | private: |
55 | static MemPool *pool; | |
56 | ||
57 | AuthUser *auth_user; | |
e6ccf245 | 58 | }; |
59 | ||
62e76326 | 60 | struct AuthUserIP |
61 | { | |
e6ccf245 | 62 | dlink_node node; |
63 | /* IP addr this user authenticated from */ | |
62e76326 | 64 | |
e6ccf245 | 65 | struct in_addr ipaddr; |
66 | time_t ip_expiretime; | |
67 | }; | |
68 | ||
7d9b0628 | 69 | class AuthUser |
62e76326 | 70 | { |
7d9b0628 | 71 | |
72 | public: | |
e6ccf245 | 73 | /* extra fields for proxy_auth */ |
74 | /* this determines what scheme owns the user data. */ | |
75 | auth_type_t auth_type; | |
76 | /* the index +1 in the authscheme_list to the authscheme entry */ | |
77 | int auth_module; | |
78 | /* we only have one username associated with a given auth_user struct */ | |
79 | auth_user_hash_pointer *usernamehash; | |
80 | /* we may have many proxy-authenticate strings that decode to the same user */ | |
81 | dlink_list proxy_auth_list; | |
82 | dlink_list proxy_match_cache; | |
83 | /* what ip addresses has this user been seen at?, plus a list length cache */ | |
84 | dlink_list ip_list; | |
85 | size_t ipcount; | |
86 | long expiretime; | |
87 | /* how many references are outstanding to this instance */ | |
88 | size_t references; | |
89 | /* the auth scheme has it's own private data area */ | |
90 | void *scheme_data; | |
91 | /* the auth_user_request structures that link to this. Yes it could be a splaytree | |
92 | * but how many requests will a single username have in parallel? */ | |
93 | dlink_list requests; | |
62e76326 | 94 | |
e6ccf245 | 95 | public: |
96 | static void cacheInit (); | |
658d5a21 | 97 | static void CachedACLsReset(); |
62e76326 | 98 | |
e6ccf245 | 99 | void absorb(auth_user_t *from); |
100 | AuthUser (const char *); | |
101 | ~AuthUser (); | |
35db0b4e | 102 | void *operator new (size_t byteCount); |
e6ccf245 | 103 | void operator delete (void *address); |
104 | char const *username() const; | |
62e76326 | 105 | |
e6ccf245 | 106 | private: |
107 | static void cacheCleanup (void *unused); | |
108 | static MemPool *pool; | |
e6ccf245 | 109 | }; |
110 | ||
82b045dc | 111 | /* Per scheme request data ABC */ |
112 | ||
924f73bc | 113 | class ConnStateData; |
114 | ||
82b045dc | 115 | class AuthUserRequestState |
116 | { | |
117 | ||
118 | public: | |
119 | void *operator new (size_t); | |
120 | void operator delete (void *); | |
82b045dc | 121 | virtual ~AuthUserRequestState(){} |
122 | ||
123 | virtual int authenticated() const = 0; | |
190154cf | 124 | virtual void authenticate(HttpRequest * request, ConnStateData::Pointer conn, http_hdr_type type) = 0; |
82b045dc | 125 | virtual int direction() = 0; |
126 | virtual void addHeader(HttpReply * rep, int accel) {}} | |
127 | ||
128 | ; | |
129 | ||
62e76326 | 130 | class AuthUserRequest |
131 | { | |
132 | ||
133 | public: | |
e6ccf245 | 134 | /* this is the object passed around by client_side and acl functions */ |
135 | /* it has request specific data, and links to user specific data */ | |
136 | /* the user */ | |
137 | auth_user_t *auth_user; | |
82b045dc | 138 | AuthUserRequestState *state() const { return state_;} |
139 | ||
140 | void state( AuthUserRequestState *aState) {assert ((!state() && aState) || (state() && !aState)); state_ = aState;} | |
62e76326 | 141 | |
e6ccf245 | 142 | public: |
62e76326 | 143 | |
190154cf | 144 | static auth_acl_t tryToAuthenticateAndSetAuthUser(auth_user_request_t **, http_hdr_type, HttpRequest *, ConnStateData::Pointer, struct in_addr); |
145 | static void addReplyAuthHeader(HttpReply * rep, auth_user_request_t * auth_user_request, HttpRequest * request, int accelerated, int internal); | |
e6ccf245 | 146 | |
147 | ~AuthUserRequest(); | |
35db0b4e | 148 | void *operator new (size_t byteCount); |
e6ccf245 | 149 | void operator delete (void *address); |
150 | void start ( RH * handler, void *data); | |
151 | void setDenyMessage (char const *); | |
152 | char const * getDenyMessage (); | |
153 | size_t refCount() const; | |
62e76326 | 154 | |
155 | void lock () | |
156 | ||
157 | ; | |
e6ccf245 | 158 | void unlock (); |
62e76326 | 159 | |
e6ccf245 | 160 | char const *username() const; |
62e76326 | 161 | |
e6ccf245 | 162 | private: |
62e76326 | 163 | |
190154cf | 164 | static auth_acl_t authenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData::Pointer conn, struct in_addr src_addr); |
62e76326 | 165 | |
e6ccf245 | 166 | static auth_user_request_t *createAuthUser (const char *proxy_auth); |
62e76326 | 167 | |
e6ccf245 | 168 | static MemPool *pool; |
169 | ||
170 | AuthUserRequest(); | |
62e76326 | 171 | |
e6ccf245 | 172 | void decodeAuth (const char *proxy_auth); |
173 | ||
174 | /* return a message on the 407 error pages */ | |
175 | char *message; | |
176 | ||
177 | /* how many 'processes' are working on this data */ | |
178 | size_t references; | |
62e76326 | 179 | |
180 | /* We only attempt authentication once per http request. This | |
e6ccf245 | 181 | * is to allow multiple auth acl references from different _access areas |
182 | * when using connection based authentication | |
183 | */ | |
184 | auth_acl_t lastReply; | |
82b045dc | 185 | |
186 | AuthUserRequestState *state_; | |
e6ccf245 | 187 | }; |
188 | ||
189 | /* authenticate.c authenticate scheme routines typedefs */ | |
190 | typedef int AUTHSACTIVE(void); | |
191 | typedef int AUTHSAUTHED(auth_user_request_t *); | |
190154cf | 192 | typedef void AUTHSAUTHUSER(auth_user_request_t *, HttpRequest *, ConnStateData::Pointer, http_hdr_type); |
e6ccf245 | 193 | typedef int AUTHSCONFIGURED(void); |
194 | typedef void AUTHSDECODE(auth_user_request_t *, const char *); | |
195 | typedef int AUTHSDIRECTION(auth_user_request_t *); | |
196 | typedef void AUTHSDUMP(StoreEntry *, const char *, authScheme *); | |
190154cf | 197 | typedef void AUTHSFIXERR(auth_user_request_t *, HttpReply *, http_hdr_type, HttpRequest *); |
e6ccf245 | 198 | typedef void AUTHSADDTRAILER(auth_user_request_t *, HttpReply *, int); |
199 | typedef void AUTHSFREE(auth_user_t *); | |
200 | typedef void AUTHSFREECONFIG(authScheme *); | |
201 | typedef char const *AUTHSUSERNAME(auth_user_t const *); | |
202 | typedef void AUTHSONCLOSEC(ConnStateData *); | |
203 | typedef void AUTHSPARSE(authScheme *, int, char *); | |
204 | typedef void AUTHSINIT(authScheme *); | |
205 | typedef void AUTHSREQFREE(auth_user_request_t *); | |
206 | typedef void AUTHSSETUP(authscheme_entry_t *); | |
207 | typedef void AUTHSSHUTDOWN(void); | |
208 | typedef void AUTHSSTART(auth_user_request_t *, RH *, void *); | |
209 | typedef void AUTHSSTATS(StoreEntry *); | |
210 | typedef const char *AUTHSCONNLASTHEADER(auth_user_request_t *); | |
211 | ||
a2ac85d9 | 212 | /* subsumed by the C++ interface */ |
213 | extern void authenticateAuthUserMerge(auth_user_t *, auth_user_t *); | |
214 | extern auth_user_t *authenticateAuthUserNew(const char *); | |
215 | ||
216 | /* AuthUserRequest */ | |
217 | extern void authenticateStart(auth_user_request_t *, RH *, void *); | |
218 | ||
190154cf | 219 | extern auth_acl_t authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t **, http_hdr_type, HttpRequest *, ConnStateData::Pointer, struct in_addr); |
a2ac85d9 | 220 | extern void authenticateSetDenyMessage (auth_user_request_t *, char const *); |
221 | extern size_t authenticateRequestRefCount (auth_user_request_t *); | |
222 | extern char const *authenticateAuthUserRequestMessage(auth_user_request_t *); | |
223 | ||
224 | extern int authenticateAuthSchemeId(const char *typestr); | |
225 | extern void authenticateSchemeInit(void); | |
226 | extern void authenticateInit(authConfig *); | |
227 | extern void authenticateShutdown(void); | |
190154cf | 228 | extern void authenticateFixHeader(HttpReply *, auth_user_request_t *, HttpRequest *, int, int); |
229 | extern void authenticateAddTrailer(HttpReply *, auth_user_request_t *, HttpRequest *, int); | |
a2ac85d9 | 230 | extern void authenticateAuthUserUnlock(auth_user_t * auth_user); |
231 | extern void authenticateAuthUserLock(auth_user_t * auth_user); | |
232 | extern void authenticateAuthUserRequestUnlock(auth_user_request_t *); | |
233 | extern void authenticateAuthUserRequestLock(auth_user_request_t *); | |
234 | extern int authenticateAuthUserInuse(auth_user_t * auth_user); | |
235 | ||
236 | extern void authenticateAuthUserRequestRemoveIp(auth_user_request_t *, struct in_addr); | |
237 | extern void authenticateAuthUserRequestClearIp(auth_user_request_t *); | |
238 | extern size_t authenticateAuthUserRequestIPCount(auth_user_request_t *); | |
239 | extern int authenticateDirection(auth_user_request_t *); | |
240 | extern void authenticateFreeProxyAuthUserACLResults(void *data); | |
241 | extern int authenticateActiveSchemeCount(void); | |
242 | extern int authenticateSchemeCount(void); | |
243 | extern void authenticateUserNameCacheAdd(auth_user_t * auth_user); | |
244 | ||
245 | extern int authenticateCheckAuthUserIP(struct in_addr request_src_addr, auth_user_request_t * auth_user); | |
246 | extern int authenticateUserAuthenticated(auth_user_request_t *); | |
247 | extern void authenticateUserCacheRestart(void); | |
248 | extern char const *authenticateUserRequestUsername(auth_user_request_t *); | |
249 | extern int authenticateValidateUser(auth_user_request_t *); | |
250 | extern void authenticateOnCloseConnection(ConnStateData * conn); | |
251 | extern void authSchemeAdd(const char *type, AUTHSSETUP * setup); | |
252 | ||
253 | /* AuthUserHashPointer */ | |
254 | extern auth_user_t* authUserHashPointerUser(auth_user_hash_pointer *); | |
e6ccf245 | 255 | |
256 | /* auth_modules.c */ | |
257 | SQUIDCEXTERN void authSchemeSetup(void); | |
258 | ||
259 | /* | |
260 | * This defines an auth scheme module | |
261 | */ | |
262 | ||
62e76326 | 263 | struct _authscheme_entry |
264 | { | |
e6ccf245 | 265 | const char *typestr; |
266 | AUTHSACTIVE *Active; | |
e6ccf245 | 267 | AUTHSADDTRAILER *AddTrailer; |
268 | AUTHSAUTHED *authenticated; | |
269 | AUTHSAUTHUSER *authAuthenticate; | |
270 | AUTHSCONFIGURED *configured; | |
271 | AUTHSDUMP *dump; | |
272 | AUTHSFIXERR *authFixHeader; | |
273 | AUTHSFREE *FreeUser; | |
274 | AUTHSFREECONFIG *freeconfig; | |
275 | AUTHSUSERNAME *authUserUsername; | |
276 | AUTHSONCLOSEC *oncloseconnection; /*optional */ | |
277 | AUTHSCONNLASTHEADER *authConnLastHeader; | |
278 | AUTHSDECODE *decodeauth; | |
279 | AUTHSDIRECTION *getdirection; | |
280 | AUTHSPARSE *parse; | |
281 | AUTHSINIT *init; | |
282 | AUTHSREQFREE *requestFree; | |
283 | AUTHSSHUTDOWN *donefunc; | |
284 | AUTHSSTART *authStart; | |
285 | AUTHSSTATS *authStats; | |
286 | }; | |
62e76326 | 287 | |
288 | /* | |
e6ccf245 | 289 | * This is a configured auth scheme |
290 | */ | |
62e76326 | 291 | |
e6ccf245 | 292 | /* private data types */ |
62e76326 | 293 | |
294 | struct _authScheme | |
295 | { | |
e6ccf245 | 296 | /* pointer to the authscheme_list's string entry */ |
297 | const char *typestr; | |
298 | /* the scheme id in the authscheme_list */ | |
299 | int Id; | |
300 | /* the scheme's configuration details. */ | |
301 | void *scheme_data; | |
302 | }; | |
303 | ||
e6ccf245 | 304 | #endif /* SQUID_AUTHENTICATE_H */ |