src/auth/digest/auth_digest.h

   1 /*
   2  * auth_digest.h
   3  * Internal declarations for the digest auth module
   4  */
   5
   6 #ifndef __AUTH_DIGEST_H__
   7 #define __AUTH_DIGEST_H__
   8 #include "rfc2617.h"
   9 #include "authenticate.h"
  10 #include "AuthUser.h"
  11 #include "AuthUserRequest.h"
  12 #include "AuthConfig.h"
  13 #include "helper.h"
  14
  15 /* Generic */
  16
  17 class DigestAuthenticateStateData
  18 {
  19
  20 public:
  21     void *data;
  22     AuthUserRequest *auth_user_request;
  23     RH *handler;
  24 };
  25
  26 typedef struct _digest_nonce_data digest_nonce_data;
  27
  28 typedef struct _digest_nonce_h digest_nonce_h;
  29
  30 class DigestUser : public AuthUser
  31 {
  32
  33 public:
  34     MEMPROXY_CLASS(DigestUser);
  35
  36     DigestUser(AuthConfig *);
  37     ~DigestUser();
  38     int authenticated() const;
  39     HASH HA1;
  40     int HA1created;
  41
  42     /* what nonces have been allocated to this user */
  43     dlink_list nonces;
  44
  45 };
  46
  47 MEMPROXY_CLASS_INLINE(DigestUser);
  48
  49 typedef class DigestUser digest_user_h;
  50
  51 /* the digest_request structure is what follows the http_request around */
  52
  53 class AuthDigestUserRequest : public AuthUserRequest
  54 {
  55
  56 public:
  57     enum CredentialsState {Unchecked, Ok, Pending, Failed};
  58     MEMPROXY_CLASS(AuthDigestUserRequest);
  59
  60     AuthDigestUserRequest();
  61     virtual ~AuthDigestUserRequest();
  62
  63     virtual int authenticated() const;
  64     virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type);
  65     virtual int module_direction();
  66     virtual void addHeader(HttpReply * rep, int accel);
  67 #if WAITING_FOR_TE
  68
  69     virtual void addTrailer(HttpReply * rep, int accel);
  70 #endif
  71
  72     virtual void module_start(RH *, void *);
  73     virtual AuthUser *user() {return _theUser;}
  74
  75     virtual const AuthUser *user() const {return _theUser;}
  76
  77     virtual void user(AuthUser *aUser) {_theUser=dynamic_cast<DigestUser *>(aUser);}
  78
  79     CredentialsState credentials() const;
  80     void credentials(CredentialsState);
  81
  82     void authUser(AuthUser *);
  83     AuthUser *authUser() const;
  84
  85     char *nonceb64;             /* "dcd98b7102dd2f0e8b11d0f600bfb0c093" */
  86     char *cnonce;               /* "0a4f113b" */
  87     char *realm;                /* = "testrealm@host.com" */
  88     char *pszPass;              /* = "Circle Of Life" */
  89     char *algorithm;            /* = "md5" */
  90     char nc[9];                 /* = "00000001" */
  91     char *pszMethod;            /* = "GET" */
  92     char *qop;                  /* = "auth" */
  93     char *uri;                  /* = "/dir/index.html" */
  94     char *response;
  95
  96     struct
  97     {
  98         unsigned int authinfo_sent:1;
  99         unsigned int invalid_password:1;
 100         unsigned int helper_queried:1;
 101     } flags;
 102     digest_nonce_h *nonce;
 103
 104 private:
 105     DigestUser *_theUser;
 106     CredentialsState credentials_ok;
 107 };
 108
 109 MEMPROXY_CLASS_INLINE(AuthDigestUserRequest)            /**DOCS_NOSEMI*/
 110
 111 /* data to be encoded into the nonce's b64 representation */
 112
 113 struct _digest_nonce_data
 114 {
 115     time_t creationtime;
 116     /* in memory address of the nonce struct (similar purpose to an ETag) */
 117     digest_nonce_h *self;
 118     long randomdata;
 119 };
 120
 121 /* the nonce structure we'll pass around */
 122
 123 struct _digest_nonce_h : public hash_link
 124 {
 125     digest_nonce_data noncedata;
 126     /* number of uses we've seen of this nonce */
 127     unsigned long nc;
 128     /* reference count */
 129     short references;
 130     /* the auth_user this nonce has been tied to */
 131     DigestUser *user;
 132     /* has this nonce been invalidated ? */
 133
 134     struct
 135     {
 136         unsigned int valid:1;
 137         unsigned int incache:1;
 138     } flags;
 139 };
 140
 141 /* configuration runtime data */
 142
 143 class AuthDigestConfig : public AuthConfig
 144 {
 145
 146 public:
 147     AuthDigestConfig();
 148     virtual bool active() const;
 149     virtual bool configured() const;
 150     virtual AuthUserRequest *decode(char const *proxy_auth);
 151     virtual void done();
 152     virtual void dump(StoreEntry *, const char *, AuthConfig *);
 153     virtual void fixHeader(AuthUserRequest *, HttpReply *, http_hdr_type, HttpRequest *);
 154     virtual void init(AuthConfig *);
 155     virtual void parse(AuthConfig *, int, char *);
 156     virtual void registerWithCacheManager(CacheManager & manager);
 157     virtual const char * type() const;
 158     int authenticateChildren;
 159     char *digestAuthRealm;
 160     wordlist *authenticate;
 161     time_t nonceGCInterval;
 162     time_t noncemaxduration;
 163     unsigned int noncemaxuses;
 164     int NonceStrictness;
 165     int CheckNonceCount;
 166     int PostWorkaround;
 167 };
 168
 169 typedef class AuthDigestConfig auth_digest_config;
 170
 171 /* strings */
 172 #define QOP_AUTH "auth"
 173
 174 #endif