]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/AclProxyAuth.cc
2 * DEBUG: section 28 Access Control
3 * AUTHOR: Duane Wessels
5 * SQUID Web Proxy Cache http://www.squid-cache.org/
6 * ----------------------------------------------------------
8 * Squid is the result of efforts by numerous individuals from
9 * the Internet community; see the CONTRIBUTORS file for full
10 * details. Many organizations have provided support for Squid's
11 * development; see the SPONSORS file for full details. Squid is
12 * Copyrighted (C) 2001 by the Regents of the University of
13 * California; see the COPYRIGHT file for full details. Squid
14 * incorporates software developed and/or copyrighted by other
15 * sources; see the CREDITS file for full details.
17 * This program is free software; you can redistribute it and/or modify
18 * it under the terms of the GNU General Public License as published by
19 * the Free Software Foundation; either version 2 of the License, or
20 * (at your option) any later version.
22 * This program is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
27 * You should have received a copy of the GNU General Public License
28 * along with this program; if not, write to the Free Software
29 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
32 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
36 #include "auth/AclProxyAuth.h"
37 #include "auth/Gadgets.h"
38 #include "acl/FilledChecklist.h"
39 #include "acl/UserData.h"
40 #include "acl/RegexData.h"
41 #include "client_side.h"
42 #include "HttpRequest.h"
44 #include "auth/User.h"
45 #include "auth/UserRequest.h"
47 ACLProxyAuth::~ACLProxyAuth()
52 ACLProxyAuth::ACLProxyAuth(ACLData
<char const *> *newData
, char const *theType
) : data (newData
), type_(theType
) {}
54 ACLProxyAuth::ACLProxyAuth (ACLProxyAuth
const &old
) : data (old
.data
->clone()), type_(old
.type_
)
58 ACLProxyAuth::operator= (ACLProxyAuth
const &rhs
)
60 data
= rhs
.data
->clone();
66 ACLProxyAuth::typeString() const
78 ACLProxyAuth::match(ACLChecklist
*checklist
)
80 allow_t answer
= AuthenticateAcl(checklist
);
82 // convert to tri-state ACL match 1,0,-1
86 return matchProxyAuth(checklist
);
89 return 0; // non-match
92 case ACCESS_AUTH_REQUIRED
:
94 // If the answer is not allowed or denied (matches/not matches) and
95 // async authentication is not needed (asyncNeeded), then we are done.
96 if (!checklist
->asyncNeeded())
97 checklist
->markFinished(answer
, "AuthenticateAcl exception");
103 ACLProxyAuth::dump() const
109 ACLProxyAuth::empty () const
111 return data
->empty();
115 ACLProxyAuth::valid () const
117 if (authenticateSchemeCount() == 0) {
118 debugs(28, DBG_CRITICAL
, "Can't use proxy auth because no authentication schemes were compiled.");
122 if (authenticateActiveSchemeCount() == 0) {
123 debugs(28, DBG_CRITICAL
, "Can't use proxy auth because no authentication schemes are fully configured.");
130 ProxyAuthLookup
ProxyAuthLookup::instance_
;
133 ProxyAuthLookup::Instance()
139 ProxyAuthLookup::checkForAsync(ACLChecklist
*cl
)const
141 ACLFilledChecklist
*checklist
= Filled(cl
);
143 checklist
->asyncInProgress(true);
144 debugs(28, 3, HERE
<< "checking password via authenticator");
146 /* make sure someone created auth_user_request for us */
147 assert(checklist
->auth_user_request
!= NULL
);
148 assert(checklist
->auth_user_request
->valid());
149 checklist
->auth_user_request
->start(LookupDone
, checklist
);
153 ProxyAuthLookup::LookupDone(void *data
)
155 ACLFilledChecklist
*checklist
= Filled(static_cast<ACLChecklist
*>(data
));
157 assert (checklist
->asyncState() == ProxyAuthLookup::Instance());
159 if (checklist
->auth_user_request
== NULL
|| !checklist
->auth_user_request
->valid() || checklist
->conn() == NULL
) {
160 /* credentials could not be checked either way
161 * restart the whole process */
162 /* OR the connection was closed, there's no way to continue */
163 checklist
->auth_user_request
= NULL
;
165 if (checklist
->conn() != NULL
) {
166 checklist
->conn()->auth_user_request
= NULL
;
170 checklist
->asyncInProgress(false);
171 checklist
->changeState (ACLChecklist::NullState::Instance());
172 checklist
->matchNonBlocking();
176 ACLProxyAuth::clone() const
178 return new ACLProxyAuth(*this);
182 ACLProxyAuth::matchForCache(ACLChecklist
*cl
)
184 ACLFilledChecklist
*checklist
= Filled(cl
);
185 assert (checklist
->auth_user_request
!= NULL
);
186 return data
->match(checklist
->auth_user_request
->username());
189 /* aclMatchProxyAuth can return two exit codes:
190 * 0 : Authorisation for this ACL failed. (Did not match)
191 * 1 : Authorisation OK. (Matched)
194 ACLProxyAuth::matchProxyAuth(ACLChecklist
*cl
)
196 ACLFilledChecklist
*checklist
= Filled(cl
);
197 if (!authenticateUserAuthenticated(Filled(checklist
)->auth_user_request
)) {
200 /* check to see if we have matched the user-acl before */
201 int result
= cacheMatchAcl(&checklist
->auth_user_request
->user()->proxy_match_cache
, checklist
);
202 checklist
->auth_user_request
= NULL
;