src/auth/Config.cc

   1 /*
   2  * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 29    Authenticator */
  10
  11 #include "squid.h"
  12 #include "auth/Config.h"
  13 #include "auth/Gadgets.h"
  14 #include "auth/UserRequest.h"
  15 #include "cache_cf.h"
  16 #include "ConfigParser.h"
  17 #include "Debug.h"
  18 #include "format/Format.h"
  19 #include "globals.h"
  20 #include "Store.h"
  21 #include "wordlist.h"
  22
  23 Auth::ConfigVector Auth::TheConfig;
  24
  25 /**
  26  * Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header.
  27  * Any decoding which needs to be done will be done.
  28  *
  29  * It may be a cached AuthUser or a new Unauthenticated object.
  30  * It may also be NULL reflecting that no user could be created.
  31  */
  32 Auth::UserRequest::Pointer
  33 Auth::Config::CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al)
  34 {
  35     assert(proxy_auth != NULL);
  36     debugs(29, 9, HERE << "header = '" << proxy_auth << "'");
  37
  38     Auth::Config *config = Find(proxy_auth);
  39
  40     if (config == NULL || !config->active()) {
  41         debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") <<
  42                "Unsupported or unconfigured/inactive proxy-auth scheme, '" << proxy_auth << "'");
  43         return NULL;
  44     }
  45     static MemBuf rmb;
  46     rmb.reset();
  47     if (config->keyExtras) {
  48         // %credentials and %username, which normally included in
  49         // request_format, are - at this time, but that is OK
  50         // because user name is added to key explicitly, and we do
  51         // not want to store authenticated credentials at all.
  52         config->keyExtras->assemble(rmb, al, 0);
  53     }
  54
  55     return config->decode(proxy_auth, rmb.hasContent() ? rmb.content() : NULL);
  56 }
  57
  58 Auth::Config *
  59 Auth::Config::Find(const char *proxy_auth)
  60 {
  61     for (Auth::ConfigVector::iterator  i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
  62         if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0)
  63             return *i;
  64
  65     return NULL;
  66 }
  67
  68 /** Default behaviour is to expose nothing */
  69 void
  70 Auth::Config::registerWithCacheManager(void)
  71 {}
  72
  73 void
  74 Auth::Config::parse(Auth::Config * scheme, int, char *param_str)
  75 {
  76     if (strcmp(param_str, "program") == 0) {
  77         if (authenticateProgram)
  78             wordlistDestroy(&authenticateProgram);
  79
  80         parse_wordlist(&authenticateProgram);
  81
  82         requirePathnameExists("Authentication helper program", authenticateProgram->key);
  83
  84     } else if (strcmp(param_str, "realm") == 0) {
  85         realm.clear();
  86
  87         char *token = ConfigParser::NextQuotedOrToEol();
  88
  89         while (token && *token && xisspace(*token))
  90             ++token;
  91
  92         if (!token || !*token) {
  93             debugs(29, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: Missing auth_param " << scheme->type() << " realm");
  94             self_destruct();
  95             return;
  96         }
  97
  98         realm = token;
  99
 100     } else if (strcmp(param_str, "children") == 0) {
 101         authenticateChildren.parseConfig();
 102
 103     } else if (strcmp(param_str, "key_extras") == 0) {
 104         keyExtrasLine = ConfigParser::NextQuotedToken();
 105         Format::Format *nlf =  new ::Format::Format(scheme->type());
 106         if (!nlf->parse(keyExtrasLine.termedBuf())) {
 107             debugs(29, DBG_CRITICAL, "FATAL: Failed parsing key_extras formatting value");
 108             self_destruct();
 109             return;
 110         }
 111         if (keyExtras)
 112             delete keyExtras;
 113
 114         keyExtras = nlf;
 115
 116         if (char *t = strtok(NULL, w_space)) {
 117             debugs(29, DBG_CRITICAL, "FATAL: Unexpected argument '" << t << "' after request_format specification");
 118             self_destruct();
 119         }
 120     } else {
 121         debugs(29, DBG_CRITICAL, "Unrecognised " << scheme->type() << " auth scheme parameter '" << param_str << "'");
 122     }
 123 }
 124
 125 bool
 126 Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme) const
 127 {
 128     if (!authenticateProgram)
 129         return false; // not configured
 130
 131     wordlist *list = authenticateProgram;
 132     storeAppendPrintf(entry, "%s %s", name, scheme->type());
 133     while (list != NULL) {
 134         storeAppendPrintf(entry, " %s", list->key);
 135         list = list->next;
 136     }
 137     storeAppendPrintf(entry, "\n");
 138
 139     storeAppendPrintf(entry, "%s %s realm " SQUIDSBUFPH "\n", name, scheme->type(), SQUIDSBUFPRINT(realm));
 140
 141     storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n",
 142                       name, scheme->type(),
 143                       authenticateChildren.n_max, authenticateChildren.n_startup,
 144                       authenticateChildren.n_idle, authenticateChildren.concurrency);
 145
 146     if (keyExtrasLine.size() > 0)
 147         storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, scheme->type(), keyExtrasLine.termedBuf());
 148
 149     return true;
 150 }
 151
 152 void
 153 Auth::Config::done()
 154 {
 155     delete keyExtras;
 156     keyExtras = NULL;
 157     keyExtrasLine.clean();
 158 }
 159