src/auth/basic/UserRequest.cc

   1 #include "config.h"
   2 #include "auth/basic/auth_basic.h"
   3 #include "auth/basic/User.h"
   4 #include "auth/basic/UserRequest.h"
   5 #include "SquidTime.h"
   6
   7 int
   8 AuthBasicUserRequest::authenticated() const
   9 {
  10     Auth::Basic::User const *basic_auth = dynamic_cast<Auth::Basic::User const *>(user().getRaw());
  11
  12     if (basic_auth && basic_auth->authenticated())
  13         return 1;
  14
  15     return 0;
  16 }
  17
  18 /* log a basic user in
  19  */
  20 void
  21 AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type)
  22 {
  23     assert(user() != NULL);
  24
  25     /* if the password is not ok, do an identity */
  26     if (!user() || user()->credentials() != Auth::Ok)
  27         return;
  28
  29     /* are we about to recheck the credentials externally? */
  30     if ((user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL) <= squid_curtime) {
  31         debugs(29, 4, HERE << "credentials expired - rechecking");
  32         return;
  33     }
  34
  35     /* we have been through the external helper, and the credentials haven't expired */
  36     debugs(29, 9, HERE << "user '" << user()->username() << "' authenticated");
  37
  38     /* Decode now takes care of finding the AuthUser struct in the cache */
  39     /* after external auth occurs anyway */
  40     user()->expiretime = current_time.tv_sec;
  41
  42     return;
  43 }
  44
  45 int
  46 AuthBasicUserRequest::module_direction()
  47 {
  48     /* null auth_user is checked for by authenticateDirection */
  49     if (user()->auth_type != Auth::AUTH_BASIC)
  50         return -2;
  51
  52     switch (user()->credentials()) {
  53
  54     case Auth::Unchecked:
  55     case Auth::Pending:
  56         return -1;
  57
  58     case Auth::Ok:
  59         if (user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime)
  60             return -1;
  61         return 0;
  62
  63     case Auth::Failed:
  64         return 0;
  65
  66     default:
  67         return -2;
  68     }
  69 }
  70
  71 /* send the initial data to a basic authenticator module */
  72 void
  73 AuthBasicUserRequest::module_start(RH * handler, void *data)
  74 {
  75     assert(user()->auth_type == Auth::AUTH_BASIC);
  76     Auth::Basic::User *basic_auth = dynamic_cast<Auth::Basic::User *>(user().getRaw());
  77     assert(basic_auth != NULL);
  78     debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'");
  79
  80     if (static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->authenticateProgram == NULL) {
  81         debugs(29, DBG_CRITICAL, "ERROR: No Basic authentication program configured.");
  82         handler(data, NULL);
  83         return;
  84     }
  85
  86     /* check to see if the auth_user already has a request outstanding */
  87     if (user()->credentials() == Auth::Pending) {
  88         /* there is a request with the same credentials already being verified */
  89         basic_auth->queueRequest(this, handler, data);
  90         return;
  91     }
  92
  93     basic_auth->submitRequest(this, handler, data);
  94 }
  95