]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/SchemeConfig.cc
4b86c16c781bf7d6708dfc4793ba633dc1bdcd30
2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 29 Authenticator */
12 #include "auth/Config.h"
13 #include "auth/forward.h"
14 #include "auth/Gadgets.h"
15 #include "auth/UserRequest.h"
17 #include "ConfigParser.h"
19 #include "format/Format.h"
25 * Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header.
26 * Any decoding which needs to be done will be done.
28 * It may be a cached AuthUser or a new Unauthenticated object.
29 * It may also be NULL reflecting that no user could be created.
31 Auth::UserRequest::Pointer
32 Auth::SchemeConfig::CreateAuthUser(const char *proxy_auth
, AccessLogEntry::Pointer
&al
)
34 assert(proxy_auth
!= NULL
);
35 debugs(29, 9, HERE
<< "header = '" << proxy_auth
<< "'");
37 Auth::SchemeConfig
*config
= Find(proxy_auth
);
39 if (config
== NULL
|| !config
->active()) {
40 debugs(29, (shutting_down
?3:DBG_IMPORTANT
), (shutting_down
?"":"WARNING: ") <<
41 "Unsupported or unconfigured/inactive proxy-auth scheme, '" << proxy_auth
<< "'");
46 if (config
->keyExtras
) {
47 // %credentials and %username, which normally included in
48 // request_format, are - at this time, but that is OK
49 // because user name is added to key explicitly, and we do
50 // not want to store authenticated credentials at all.
51 config
->keyExtras
->assemble(rmb
, al
, 0);
54 return config
->decode(proxy_auth
, rmb
.hasContent() ? rmb
.content() : NULL
);
58 Auth::SchemeConfig::Find(const char *proxy_auth
)
60 for (auto *scheme
: Auth::TheConfig
.schemes
) {
61 if (strncasecmp(proxy_auth
, scheme
->type(), strlen(scheme
->type())) == 0)
69 Auth::SchemeConfig::GetParsed(const char *proxy_auth
)
71 if (auto *cfg
= Find(proxy_auth
))
73 fatalf("auth_schemes: required authentication method '%s' is not configured", proxy_auth
);
77 /** Default behaviour is to expose nothing */
79 Auth::SchemeConfig::registerWithCacheManager(void)
83 Auth::SchemeConfig::parse(Auth::SchemeConfig
* scheme
, int, char *param_str
)
85 if (strcmp(param_str
, "program") == 0) {
86 if (authenticateProgram
)
87 wordlistDestroy(&authenticateProgram
);
89 parse_wordlist(&authenticateProgram
);
91 requirePathnameExists("Authentication helper program", authenticateProgram
->key
);
93 } else if (strcmp(param_str
, "realm") == 0) {
96 char *token
= ConfigParser::NextQuotedOrToEol();
98 while (token
&& *token
&& xisspace(*token
))
101 if (!token
|| !*token
) {
102 debugs(29, DBG_PARSE_NOTE(DBG_IMPORTANT
), "ERROR: Missing auth_param " << scheme
->type() << " realm");
109 } else if (strcmp(param_str
, "children") == 0) {
110 authenticateChildren
.parseConfig();
112 } else if (strcmp(param_str
, "key_extras") == 0) {
113 keyExtrasLine
= ConfigParser::NextQuotedToken();
114 Format::Format
*nlf
= new ::Format::Format(scheme
->type());
115 if (!nlf
->parse(keyExtrasLine
.termedBuf())) {
116 debugs(29, DBG_CRITICAL
, "FATAL: Failed parsing key_extras formatting value");
125 if (char *t
= strtok(NULL
, w_space
)) {
126 debugs(29, DBG_CRITICAL
, "FATAL: Unexpected argument '" << t
<< "' after request_format specification");
129 } else if (strcmp(param_str
, "keep_alive") == 0) {
130 parse_onoff(&keep_alive
);
131 } else if (strcmp(param_str
, "utf8") == 0) {
134 debugs(29, DBG_CRITICAL
, "Unrecognised " << scheme
->type() << " auth scheme parameter '" << param_str
<< "'");
139 Auth::SchemeConfig::dump(StoreEntry
*entry
, const char *name
, Auth::SchemeConfig
*scheme
) const
141 if (!authenticateProgram
)
142 return false; // not configured
144 const char *schemeType
= scheme
->type();
146 wordlist
*list
= authenticateProgram
;
147 storeAppendPrintf(entry
, "%s %s", name
, schemeType
);
148 while (list
!= NULL
) {
149 storeAppendPrintf(entry
, " %s", list
->key
);
152 storeAppendPrintf(entry
, "\n");
154 storeAppendPrintf(entry
, "%s %s realm " SQUIDSBUFPH
"\n", name
, schemeType
, SQUIDSBUFPRINT(realm
));
156 storeAppendPrintf(entry
, "%s %s children %d startup=%d idle=%d concurrency=%d\n",
158 authenticateChildren
.n_max
, authenticateChildren
.n_startup
,
159 authenticateChildren
.n_idle
, authenticateChildren
.concurrency
);
161 if (keyExtrasLine
.size() > 0) // default is none
162 storeAppendPrintf(entry
, "%s %s key_extras \"%s\"\n", name
, schemeType
, keyExtrasLine
.termedBuf());
164 if (!keep_alive
) // default is on
165 storeAppendPrintf(entry
, "%s %s keep_alive off\n", name
, schemeType
);
167 if (utf8
) // default is off
168 storeAppendPrintf(entry
, "%s %s utf8 on\n", name
, schemeType
);
174 Auth::SchemeConfig::done()
178 keyExtrasLine
.clean();