* They DO NOT perform access control or auditing.
* See acl.c for access control and client_side.c for auditing */
-
#include "squid.h"
#include "auth/negotiate/auth_negotiate.h"
#include "auth/Gadgets.h"
#include "auth/State.h"
-#include "CacheManager.h"
+#include "mgr/Registration.h"
#include "Store.h"
#include "client_side.h"
#include "HttpReply.h"
#include "HttpRequest.h"
+#include "protos.h"
#include "SquidTime.h"
-/** \todo remove this include */
-#include "auth/negotiate/negotiateScheme.h"
-#include "auth/negotiate/negotiateUserRequest.h"
+#include "auth/negotiate/Scheme.h"
+#include "auth/negotiate/User.h"
+#include "auth/negotiate/UserRequest.h"
#include "wordlist.h"
/**
static int authnegotiate_initialised = 0;
/// \ingroup AuthNegotiateInternal
-AuthNegotiateConfig negotiateConfig;
+Auth::Negotiate::Config negotiateConfig;
/// \ingroup AuthNegotiateInternal
static hash_table *proxy_auth_cache = NULL;
*/
void
-AuthNegotiateConfig::done()
+Auth::Negotiate::Config::rotateHelpers()
+{
+ /* schedule closure of existing helpers */
+ if (negotiateauthenticators) {
+ helperStatefulShutdown(negotiateauthenticators);
+ }
+
+ /* NP: dynamic helper restart will ensure they start up again as needed. */
+}
+
+void
+Auth::Negotiate::Config::done()
{
authnegotiate_initialised = 0;
delete negotiateauthenticators;
negotiateauthenticators = NULL;
- if (authenticate)
- wordlistDestroy(&authenticate);
+ if (authenticateProgram)
+ wordlistDestroy(&authenticateProgram);
- debugs(29, 2, "negotiateScheme::done: Negotiate authentication Shutdown.");
+ debugs(29, DBG_IMPORTANT, "Reconfigure: Negotiate authentication configuration cleared.");
}
void
-AuthNegotiateConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+Auth::Negotiate::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
- wordlist *list = authenticate;
+ wordlist *list = authenticateProgram;
storeAppendPrintf(entry, "%s %s", name, "negotiate");
while (list != NULL) {
}
-AuthNegotiateConfig::AuthNegotiateConfig() : keep_alive(1)
+Auth::Negotiate::Config::Config() : keep_alive(1)
{ }
void
-AuthNegotiateConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+Auth::Negotiate::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
- if (authenticate)
- wordlistDestroy(&authenticate);
+ if (authenticateProgram)
+ wordlistDestroy(&authenticateProgram);
- parse_wordlist(&authenticate);
+ parse_wordlist(&authenticateProgram);
- requirePathnameExists("auth_param negotiate program", authenticate->key);
+ requirePathnameExists("auth_param negotiate program", authenticateProgram->key);
} else if (strcasecmp(param_str, "children") == 0) {
authenticateChildren.parseConfig();
} else if (strcasecmp(param_str, "keep_alive") == 0) {
parse_onoff(&keep_alive);
} else {
- debugs(29, 0, "AuthNegotiateConfig::parse: unrecognised negotiate auth scheme parameter '" << param_str << "'");
+ debugs(29, DBG_CRITICAL, "ERROR: unrecognised Negotiate auth scheme parameter '" << param_str << "'");
}
-
- /*
- * disable client side request pipelining. There is a race with
- * Negotiate when the client sends a second request on an Negotiate
- * connection before the authenticate challenge is sent. With
- * this patch, the client may fail to authenticate, but squid's
- * state will be preserved. Caveats: this should be a post-parse
- * test, but that can wait for the modular parser to be integrated.
- */
- if (authenticate)
- Config.onoff.pipeline_prefetch = 0;
}
const char *
-AuthNegotiateConfig::type() const
+Auth::Negotiate::Config::type() const
{
- return negotiateScheme::GetInstance()->type();
+ return Auth::Negotiate::Scheme::GetInstance()->type();
}
/**
* Called AFTER parsing the config file
*/
void
-AuthNegotiateConfig::init(AuthConfig * scheme)
+Auth::Negotiate::Config::init(Auth::Config * scheme)
{
- if (authenticate) {
+ if (authenticateProgram) {
authnegotiate_initialised = 1;
assert(proxy_auth_cache);
- negotiateauthenticators->cmdline = authenticate;
+ negotiateauthenticators->cmdline = authenticateProgram;
- negotiateauthenticators->childs = authenticateChildren;
+ negotiateauthenticators->childs.updateLimits(authenticateChildren);
negotiateauthenticators->ipc_type = IPC_STREAM;
helperStatefulOpenServers(negotiateauthenticators);
-
- CBDATA_INIT_TYPE(authenticateStateData);
}
}
void
-AuthNegotiateConfig::registerWithCacheManager(void)
+Auth::Negotiate::Config::registerWithCacheManager(void)
{
- CacheManager::GetInstance()->
- registerAction("negotiateauthenticator",
- "Negotiate User Authenticator Stats",
- authenticateNegotiateStats, 0, 1);
+ Mgr::RegisterAction("negotiateauthenticator",
+ "Negotiate User Authenticator Stats",
+ authenticateNegotiateStats, 0, 1);
}
bool
-AuthNegotiateConfig::active() const
+Auth::Negotiate::Config::active() const
{
return authnegotiate_initialised == 1;
}
bool
-AuthNegotiateConfig::configured() const
+Auth::Negotiate::Config::configured() const
{
- if ((authenticate != NULL) && (authenticateChildren.n_max != 0)) {
- debugs(29, 9, "AuthNegotiateConfig::configured: returning configured");
+ if (authenticateProgram && (authenticateChildren.n_max != 0)) {
+ debugs(29, 9, HERE << "returning configured");
return true;
}
- debugs(29, 9, "AuthNegotiateConfig::configured: returning unconfigured");
+ debugs(29, 9, HERE << "returning unconfigured");
return false;
}
/* Negotiate Scheme */
void
-AuthNegotiateConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request)
+Auth::Negotiate::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request)
{
- AuthNegotiateUserRequest *negotiate_request;
-
- if (!authenticate)
+ if (!authenticateProgram)
return;
/* Need keep-alive */
/* New request, no user details */
if (auth_user_request == NULL) {
- debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate");
if (!keep_alive) {
request->flags.proxy_keepalive = 0;
}
} else {
- negotiate_request = dynamic_cast<AuthNegotiateUserRequest *>(auth_user_request.getRaw());
+ Auth::Negotiate::UserRequest *negotiate_request = dynamic_cast<Auth::Negotiate::UserRequest *>(auth_user_request.getRaw());
assert(negotiate_request != NULL);
- switch (negotiate_request->auth_state) {
+ switch (negotiate_request->user()->credentials()) {
- case AUTHENTICATE_STATE_FAILED:
+ case Auth::Failed:
/* here it makes sense to drop the connection, as auth is
* tied to it, even if MAYBE the client could handle it - Kinkie */
rep->header.delByName("keep-alive");
request->flags.proxy_keepalive = 0;
/* fall through */
- case AUTHENTICATE_STATE_DONE:
+ case Auth::Ok:
/* Special case: authentication finished OK but disallowed by ACL.
* Need to start over to give the client another chance.
*/
-
if (negotiate_request->server_blob) {
- debugs(29, 9, "authenticateNegotiateFixErrorHeader: Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob);
safe_free(negotiate_request->server_blob);
} else {
- debugs(29, 9, "authenticateNegotiateFixErrorHeader: Connection authenticated");
+ debugs(29, 9, HERE << "Connection authenticated");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate");
}
-
break;
- case AUTHENTICATE_STATE_NONE:
+ case Auth::Unchecked:
/* semantic change: do not drop the connection.
* 2.5 implementation used to keep it open - Kinkie */
- debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate");
break;
- case AUTHENTICATE_STATE_IN_PROGRESS:
+ case Auth::Handshake:
/* we're waiting for a response from the client. Pass it the blob */
- debugs(29, 9, "AuthNegotiateConfig::fixHeader: Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
+ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob);
safe_free(negotiate_request->server_blob);
break;
-
default:
- debugs(29, 0, "AuthNegotiateConfig::fixHeader: state " << negotiate_request->auth_state << ".");
+ debugs(29, DBG_CRITICAL, "ERROR: Negotiate auth fixHeader: state " << negotiate_request->user()->credentials() << ".");
fatal("unexpected state in AuthenticateNegotiateFixErrorHeader.\n");
}
}
}
-NegotiateUser::~NegotiateUser()
-{
- debugs(29, 5, "NegotiateUser::~NegotiateUser: doing nothing to clearNegotiate scheme data for '" << this << "'");
-}
-
static void
authenticateNegotiateStats(StoreEntry * sentry)
{
* Decode a Negotiate [Proxy-]Auth string, placing the results in the passed
* Auth_user structure.
*/
-AuthUserRequest::Pointer
-AuthNegotiateConfig::decode(char const *proxy_auth)
+Auth::UserRequest::Pointer
+Auth::Negotiate::Config::decode(char const *proxy_auth)
{
- NegotiateUser *newUser = new NegotiateUser(&negotiateConfig);
- AuthUserRequest *auth_user_request = new AuthNegotiateUserRequest();
+ Auth::Negotiate::User *newUser = new Auth::Negotiate::User(&negotiateConfig);
+ Auth::UserRequest *auth_user_request = new Auth::Negotiate::UserRequest();
assert(auth_user_request->user() == NULL);
auth_user_request->user(newUser);
- auth_user_request->user()->auth_type = AUTH_NEGOTIATE;
-#if USER_REQUEST_LOOP_DEAD
- auth_user_request->user()->addRequest(auth_user_request);
-#endif
+ auth_user_request->user()->auth_type = Auth::AUTH_NEGOTIATE;
/* all we have to do is identify that it's Negotiate - the helper does the rest */
- debugs(29, 9, "AuthNegotiateConfig::decode: Negotiate authentication");
+ debugs(29, 9, HERE << "decode Negotiate authentication");
return auth_user_request;
}
-
-void
-NegotiateUser::deleteSelf() const
-{
- delete this;
-}
-
-NegotiateUser::NegotiateUser(AuthConfig *aConfig) : AuthUser (aConfig)
-{
- proxy_auth_list.head = proxy_auth_list.tail = NULL;
-}
projects / thirdparty / squid.git / blobdiff