[thirdparty/squid.git] / src / auth / basic / User.cc

/*
 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

#include "squid.h"
#include "auth/basic/Config.h"
#include "auth/basic/User.h"
#include "auth/Config.h"
#include "auth/CredentialsCache.h"
#include "debug/Stream.h"

Auth::Basic::User::User(Auth::SchemeConfig *aConfig, const char *aRequestRealm) :
    Auth::User(aConfig, aRequestRealm),
    passwd(nullptr),
    queue(nullptr),
    currentRequest(nullptr)
{}

Auth::Basic::User::~User()
{
    safe_free(passwd);
}

int32_t
Auth::Basic::User::ttl() const
{
    if (credentials() != Auth::Ok && credentials() != Auth::Pending)
        return -1; // TTL is obsolete NOW.

    int32_t basic_ttl = expiretime - squid_curtime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL;
    int32_t global_ttl = static_cast<int32_t>(expiretime - squid_curtime + Auth::TheConfig.credentialsTtl);

    return min(basic_ttl, global_ttl);
}

bool
Auth::Basic::User::authenticated() const
{
    if ((credentials() == Auth::Ok) && (expiretime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL > squid_curtime))
        return true;

    debugs(29, 4, "User not authenticated or credentials need rechecking.");

    return false;
}

bool
Auth::Basic::User::valid() const
{
    if (username() == nullptr)
        return false;
    if (passwd == nullptr)
        return false;
    return true;
}

void
Auth::Basic::User::updateCached(Auth::Basic::User *from)
{
    debugs(29, 9, "Found user '" << from->username() << "' already in the user cache as '" << this << "'");

    assert(strcmp(from->username(), username()) == 0);

    if (strcmp(from->passwd, passwd)) {
        debugs(29, 4, "new password found. Updating in user master record and resetting auth state to unchecked");
        credentials(Auth::Unchecked);
        xfree(passwd);
        passwd = from->passwd;
        from->passwd = nullptr;
    }

    if (credentials() == Auth::Failed) {
        debugs(29, 4, "last attempt to authenticate this user failed, resetting auth state to unchecked");
        credentials(Auth::Unchecked);
    }
}

CbcPointer<Auth::CredentialsCache>
Auth::Basic::User::Cache()
{
    static CbcPointer<Auth::CredentialsCache> p(new Auth::CredentialsCache("basic", "GC Basic user credentials"));
    return p;
}

void
Auth::Basic::User::addToNameCache()
{
    Cache()->insert(userKey(), this);
}
Commit	Line	Data
	1	/*
	2	* Copyright (C) 1996-2025 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	#include "squid.h"
	10	#include "auth/basic/Config.h"
	11	#include "auth/basic/User.h"
	12	#include "auth/Config.h"
	13	#include "auth/CredentialsCache.h"
	14	#include "debug/Stream.h"
	15
	16	Auth::Basic::User::User(Auth::SchemeConfig aConfig, const char aRequestRealm) :
	17	Auth::User(aConfig, aRequestRealm),
	18	passwd(nullptr),
	19	queue(nullptr),
	20	currentRequest(nullptr)
	21	{}
	22
	23	Auth::Basic::User::~User()
	24	{
	25	safe_free(passwd);
	26	}
	27
	28	int32_t
	29	Auth::Basic::User::ttl() const
	30	{
	31	if (credentials() != Auth::Ok && credentials() != Auth::Pending)
	32	return -1; // TTL is obsolete NOW.
	33
	34	int32_t basic_ttl = expiretime - squid_curtime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL;
	35	int32_t global_ttl = static_cast<int32_t>(expiretime - squid_curtime + Auth::TheConfig.credentialsTtl);
	36
	37	return min(basic_ttl, global_ttl);
	38	}
	39
	40	bool
	41	Auth::Basic::User::authenticated() const
	42	{
	43	if ((credentials() == Auth::Ok) && (expiretime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL > squid_curtime))
	44	return true;
	45
	46	debugs(29, 4, "User not authenticated or credentials need rechecking.");
	47
	48	return false;
	49	}
	50
	51	bool
	52	Auth::Basic::User::valid() const
	53	{
	54	if (username() == nullptr)
	55	return false;
	56	if (passwd == nullptr)
	57	return false;
	58	return true;
	59	}
	60
	61	void
	62	Auth::Basic::User::updateCached(Auth::Basic::User *from)
	63	{
	64	debugs(29, 9, "Found user '" << from->username() << "' already in the user cache as '" << this << "'");
	65
	66	assert(strcmp(from->username(), username()) == 0);
	67
	68	if (strcmp(from->passwd, passwd)) {
	69	debugs(29, 4, "new password found. Updating in user master record and resetting auth state to unchecked");
	70	credentials(Auth::Unchecked);
	71	xfree(passwd);
	72	passwd = from->passwd;
	73	from->passwd = nullptr;
	74	}
	75
	76	if (credentials() == Auth::Failed) {
	77	debugs(29, 4, "last attempt to authenticate this user failed, resetting auth state to unchecked");
	78	credentials(Auth::Unchecked);
	79	}
	80	}
	81
	82	CbcPointer<Auth::CredentialsCache>
	83	Auth::Basic::User::Cache()
	84	{
	85	static CbcPointer<Auth::CredentialsCache> p(new Auth::CredentialsCache("basic", "GC Basic user credentials"));
	86	return p;
	87	}
	88
	89	void
	90	Auth::Basic::User::addToNameCache()
	91	{
	92	Cache()->insert(userKey(), this);
	93	}
	94