[unrecognized argument to --enable-auth: $enableval])
])
AC_MSG_NOTICE([Authentication support enabled: ${enable_auth:=yes}])
-SQUID_DEFINE_BOOL(USE_AUTH,$enable_auth,
- [Enable support for authentication])
+SQUID_DEFINE_BOOL(USE_AUTH,$enable_auth,[Enable support for authentication])
+AM_CONDITIONAL(ENABLE_AUTH, test "x$enable_auth" != "xno")
AUTH_MODULES=""
AC_ARG_ENABLE(auth-basic,
#include "acl/DestinationDomain.h"
#include "acl/DestinationIp.h"
#include "acl/DomainData.h"
+#if USE_AUTH
#include "acl/ExtUser.h"
+#endif
#include "acl/FilledChecklist.h"
#include "acl/Gadgets.h"
#include "acl/HierCodeData.h"
#include "acl/UrlPath.h"
#include "acl/UrlPort.h"
#include "acl/UserData.h"
+#if USE_AUTH
#include "auth/AclProxyAuth.h"
#include "auth/AclMaxUserIp.h"
+#endif
#if USE_IDENT
#include "ident/AclIdent.h"
#endif
ACLStrategised<char const *> ACLDestinationDomain::RegexRegistryEntry_(new ACLRegexData,ACLDestinationDomainStrategy::Instance() ,"dstdom_regex");
ACL::Prototype ACLDestinationIP::RegistryProtoype(&ACLDestinationIP::RegistryEntry_, "dst");
ACLDestinationIP ACLDestinationIP::RegistryEntry_;
+#if USE_AUTH
ACL::Prototype ACLExtUser::UserRegistryProtoype(&ACLExtUser::UserRegistryEntry_, "ext_user");
ACLExtUser ACLExtUser::UserRegistryEntry_(new ACLUserData, "ext_user");
ACL::Prototype ACLExtUser::RegexRegistryProtoype(&ACLExtUser::RegexRegistryEntry_, "ext_user_regex" );
ACLExtUser ACLExtUser::RegexRegistryEntry_(new ACLRegexData, "ext_user_regex");
+#endif
ACL::Prototype ACLHierCode::RegistryProtoype(&ACLHierCode::RegistryEntry_, "hier_code");
ACLStrategised<hier_code> ACLHierCode::RegistryEntry_(new ACLHierCodeData, ACLHierCodeStrategy::Instance(), "hier_code");
ACL::Prototype ACLHTTPRepHeader::RegistryProtoype(&ACLHTTPRepHeader::RegistryEntry_, "rep_header");
ACLIdent ACLIdent::RegexRegistryEntry_(new ACLRegexData, "ident_regex");
#endif
-
+#if USE_AUTH
ACL::Prototype ACLProxyAuth::UserRegistryProtoype(&ACLProxyAuth::UserRegistryEntry_, "proxy_auth");
ACLProxyAuth ACLProxyAuth::UserRegistryEntry_(new ACLUserData, "proxy_auth");
ACL::Prototype ACLProxyAuth::RegexRegistryProtoype(&ACLProxyAuth::RegexRegistryEntry_, "proxy_auth_regex" );
ACL::Prototype ACLMaxUserIP::RegistryProtoype(&ACLMaxUserIP::RegistryEntry_, "max_user_ip");
ACLMaxUserIP ACLMaxUserIP::RegistryEntry_("max_user_ip");
+#endif
ACL::Prototype ACLTag::RegistryProtoype(&ACLTag::RegistryEntry_, "tag");
ACLStrategised<const char *> ACLTag::RegistryEntry_(new ACLStringData, ACLTagStrategy::Instance(), "tag");
#include "config.h"
+
+#if USE_AUTH
+
#include "Debug.h"
#include "protos.h"
#endif
debugs(29,1,"Initializing Authentication Schemes Complete.");
}
+
+#endif /* USE_AUTH */
{
date = squid_curtime;
result = someData.result;
-
+#if USE_AUTH
user = someData.user;
password = someData.password;
+#endif
message = someData.message;
tag = someData.tag;
log = someData.log;
ExternalACLEntryData() : result (-1) {}
int result;
+#if USE_AUTH
+ // TODO use an AuthUser to hold this info
String user;
String password;
+#endif
String message;
String tag;
String log;
dlink_node lru;
int result;
time_t date;
+#if USE_AUTH
String user;
String password;
+#endif
String message;
String tag;
String log;
#include "squid.h"
#include "HttpRequest.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "HttpHeaderRange.h"
#include "MemBuf.h"
#include "Store.h"
login[0] = '\0';
host[0] = '\0';
host_is_numeric = -1;
+#if USE_AUTH
auth_user_request = NULL;
+#endif
pinned_connection = NULL;
port = 0;
canonical = NULL;
vary_headers = NULL;
myportname = null_string;
tag = null_string;
+#if USE_AUTH
extacl_user = null_string;
extacl_passwd = null_string;
+#endif
extacl_log = null_string;
extacl_message = null_string;
pstate = psReadyToParseStartLine;
// we used to assert that the pipe is NULL, but now the request only
// points to a pipe that is owned and initiated by another object.
body_pipe = NULL;
-
+#if USE_AUTH
auth_user_request = NULL;
-
+#endif
safe_free(canonical);
safe_free(vary_headers);
myportname.clean();
tag.clean();
-
+#if USE_AUTH
extacl_user.clean();
-
extacl_passwd.clean();
-
+#endif
extacl_log.clean();
extacl_message.clean();
copy->myportname = myportname;
copy->tag = tag;
+#if USE_AUTH
copy->extacl_user = extacl_user;
copy->extacl_passwd = extacl_passwd;
+#endif
copy->extacl_log = extacl_log;
copy->extacl_message = extacl_message;
errType = aReq->errType;
errDetail = aReq->errDetail;
-
+#if USE_AUTH
auth_user_request = aReq->auth_user_request;
-
+#endif
if (aReq->pinned_connection) {
pinned_connection = cbdataReference(aReq->pinned_connection);
}
public:
Ip::Address host_addr;
-
+#if USE_AUTH
AuthUserRequest::Pointer auth_user_request;
-
+#endif
u_short port;
String urlpath;
LoadableModules.h \
LoadableModules.cc
-SUBDIRS = base comm eui acl fs repl auth ip icmp ident log ipc mgr
+SUBDIRS = base comm eui acl fs repl
+DIST_SUBDIRS = base comm eui acl fs repl
+
+if ENABLE_AUTH
+SUBDIRS += auth
+AUTH_LIBS= auth/libauth.la
+AUTH_ACL_LIBS= auth/libacls.la
+check_PROGRAMS+= tests/testAuth tests/testACLMaxUserIP
+endif
+DIST_SUBDIRS += auth
+
+SUBDIRS += ip icmp ident log ipc mgr
+DIST_SUBDIRS += ip icmp ident log ipc mgr
if ENABLE_SSL
SUBDIRS += ssl
else
SSL_LOCAL_LIBS =
endif
+DIST_SUBDIRS += ssl
+
+SNMP_ALL_SOURCE = \
+ snmp_core.h \
+ snmp_core.cc \
+ snmp_agent.cc
+if ENABLE_SNMP
+SNMP_SOURCE = $(SNMP_ALL_SOURCE)
+SUBDIRS += snmp
+SNMP_LIBS = snmp/libsnmp.la
+else
+SNMP_SOURCE =
+endif
+DIST_SUBDIRS += snmp
SNMP_ALL_SOURCE = \
snmp_core.h \
if USE_ADAPTATION
SUBDIRS += adaptation
endif
+DIST_SUBDIRS += adaptation
if USE_ESI
SUBDIRS += esi
else
ESI_LIBS =
endif
+DIST_SUBDIRS += esi
DELAY_POOL_ALL_SOURCE = \
CommonPool.h \
# libraries used by many targets
COMMON_LIBS = \
- auth/libacls.la \
+ $(AUTH_ACL_LIBS) \
ident/libident.la \
acl/libacls.la \
eui/libeui.la \
acl/libstate.la \
- auth/libauth.la \
+ $(AUTH_LIBS) \
acl/libapi.la \
base/libbase.la \
libsquid.la \
TEST_CALL_SOURCES = \
event.cc
-
-check_PROGRAMS+= tests/testAuth \
- tests/testACLMaxUserIP \
+check_PROGRAMS+=\
tests/testBoilerplate \
tests/testCacheManager \
tests/testDiskIO \
tests_testHttpReply_LDADD=\
acl/libapi.la \
acl/libstate.la \
- auth/libauth.la \
+ $(AUTH_LIBS) \
ip/libip.la \
base/libbase.la \
$(top_builddir)/lib/libmisccontainers.la \
nodist_tests_testACLMaxUserIP_SOURCES= \
$(TESTSOURCES)
tests_testACLMaxUserIP_LDADD= \
- auth/libacls.la \
+ $(AUTH_ACL_LIBS) \
ident/libident.la \
acl/libacls.la \
eui/libeui.la \
acl/libstate.la \
- auth/libauth.la \
+ $(AUTH_LIBS) \
acl/libapi.la \
base/libbase.la \
libsquid.la \
$(BUILT_SOURCES)
# comm.cc only requires comm/libcomm.la until fdc_table is dead.
tests_testCacheManager_LDADD = \
- auth/libacls.la \
+ $(AUTH_ACL_LIBS) \
ident/libident.la \
acl/libacls.la \
eui/libeui.la \
acl/libstate.la \
- auth/libauth.la \
+ $(AUTH_LIBS) \
acl/libapi.la \
base/libbase.la \
libsquid.la \
SquidConfig.o \
CommCalls.o \
DnsLookupDetails.o \
- auth/libacls.la \
+ $(AUTH_ACL_LIBS) \
ident/libident.la \
acl/libacls.la \
eui/libeui.la \
acl/libstate.la \
- auth/libauth.la \
+ $(AUTH_LIBS) \
base/libbase.la \
libsquid.la \
ip/libip.la \
*/
#include "squid.h"
+
+#if USE_AUTH
+
#include "acl/ExtUser.h"
#include "acl/FilledChecklist.h"
#include "acl/RegexData.h"
return new ACLExtUser(*this);
}
+#endif /* USE_AUTH */
#ifndef SQUID_EXTUSER_H
#define SQUID_EXTUSER_H
+#if USE_AUTH
+
#include "acl/Acl.h"
#include "acl/Checklist.h"
#include "acl/Data.h"
MEMPROXY_CLASS_INLINE(ACLExtUser);
+#endif /* USE_AUTH */
#endif /* SQUID_EXTUSER_H */
#include "HttpRequest.h"
#include "HttpReply.h"
#include "client_side.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
#include "auth/AclProxyAuth.h"
+#endif
#include "acl/FilledChecklist.h"
CBDATA_CLASS_INIT(ACLFilledChecklist);
{
debugs(28, 5, HERE << this << " answer=" << answer);
+#if USE_AUTH
/* During reconfigure, we can end up not finishing call
* sequences into the auth code */
conn()->auth_user_request = NULL;
}
}
+#endif
ACLChecklist::checkCallback(answer); // may delete us
}
dst_rdns(NULL),
request (NULL),
reply (NULL),
+#if USE_AUTH
auth_user_request (NULL),
+#endif
#if SQUID_SNMP
snmp_community(NULL),
#endif
dst_rdns(NULL),
request(NULL),
reply(NULL),
+#if USE_AUTh
auth_user_request(NULL),
+#endif
#if SQUID_SNMP
snmp_community(NULL),
#endif
#define SQUID_ACLFILLED_CHECKLIST_H
#include "acl/Checklist.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
class ExternalACLEntry;
class ConnStateData;
HttpReply *reply;
char rfc931[USER_IDENT_SZ];
+#if USE_AUTH
AuthUserRequest::Pointer auth_user_request;
-
+#endif
#if SQUID_SNMP
char *snmp_community;
#endif
#ifndef SQUID_AUTH_ACL_H
#define SQUID_AUTH_ACL_H
+#if USE_AUTH
+
// ACL-related code used by authentication-related code. This code is not in
// auth/Gadgets to avoid making auth/libauth dependent on acl/libstate because
// acl/libstate already depends on auth/libauth.
/// \ingroup AuthAPI
extern int AuthenticateAcl(ACLChecklist *ch);
+#endif /* USE_AUTH */
#endif /* SQUID_AUTH_ACL_H */
#ifndef SQUID_ACLMAXUSERIP_H
#define SQUID_ACLMAXUSERIP_H
+#if USE_AUTH
+
#include "acl/Acl.h"
#include "acl/Checklist.h"
#include "auth/UserRequest.h"
MEMPROXY_CLASS_INLINE(ACLMaxUserIP);
+#endif /* USE_AUTH */
#endif /* SQUID_ACLMAXUSERIP_H */
#ifndef SQUID_ACLPROXYAUTH_H
#define SQUID_ACLPROXYAUTH_H
+
+#if USE_AUTH
+
#include "acl/Acl.h"
#include "acl/Data.h"
#include "acl/Checklist.h"
MEMPROXY_CLASS_INLINE(ACLProxyAuth);
+#endif /* USE_AUTH */
#endif /* SQUID_ACLPROXYAUTH_H */
#ifndef _SQUID__SRC_AUTH_AUTHACLSTATE_H
#define _SQUID__SRC_AUTH_AUTHACLSTATE_H
+#if USE_AUTH
+
typedef enum {
AUTH_ACL_CHALLENGE = -2,
AUTH_ACL_HELPER = -1,
AUTH_AUTHENTICATED = 1
} AuthAclState;
-#endif
+#endif /* USE_AUTH */
+#endif /* _SQUID__SRC_AUTH_AUTHACLSTATE_H */
#ifndef _SQUID__SRC_AUTH_AUTHTYPE_H
#define _SQUID__SRC_AUTH_AUTHTYPE_H
+#if USE_AUTH
+
typedef enum {
AUTH_UNKNOWN, /* default */
AUTH_BASIC,
extern const char *AuthType_str[];
+#endif /* USE_AUTH */
#endif
#ifndef SQUID_AUTHCONFIG_H
#define SQUID_AUTHCONFIG_H
+#if USE_AUTH
+
#include "auth/UserRequest.h"
#include "HelperChildConfig.h"
} // namespace Auth
+#endif /* USE_AUTH */
#endif /* SQUID_AUTHCONFIG_H */
#ifndef SQUID_AUTH_GADGETS_H
#define SQUID_AUTH_GADGETS_H
+#if USE_AUTH
+
#include "hash.h"
#include "MemPool.h"
#include "auth/Config.h"
/// \ingroup AuthAPI
extern void authenticateOnCloseConnection(ConnStateData * conn);
+#endif /* USE_AUTH */
#endif /* SQUID_AUTH_GADGETS_H */
#ifndef SQUID_AUTHSCHEME_H
#define SQUID_AUTHSCHEME_H
+#if USE_AUTH
+
#include "Array.h"
#include "RefCount.h"
static Vector<AuthScheme::Pointer> *_Schemes;
};
+#endif /* USE_AUTH */
#endif /* SQUID_AUTHSCHEME_H */
#ifndef __AUTH_AUTHENTICATE_STATE_T__
#define __AUTH_AUTHENTICATE_STATE_T__
+#if USE_AUTH
+
#include "auth/UserRequest.h"
/**
extern void authenticateStateFree(authenticateStateData * r);
+#endif /* USE_AUTH */
#endif /* __AUTH_AUTHENTICATE_STATE_T__ */
#ifndef SQUID_AUTHUSER_H
#define SQUID_AUTHUSER_H
+#if USE_AUTH
+
#include "auth/AuthType.h"
#include "dlink.h"
#include "ip/Address.h"
#include "auth/User.cci"
#endif
+#endif /* USE_AUTH */
#endif /* SQUID_AUTHUSER_H */
#ifndef SQUID_AUTHUSERREQUEST_H
#define SQUID_AUTHUSERREQUEST_H
+#if USE_AUTH
+
#include "auth/AuthAclState.h"
#include "auth/Scheme.h"
#include "auth/User.h"
/// See AuthUserRequest::authenticated()
extern int authenticateUserAuthenticated(AuthUserRequest::Pointer);
-
+#endif /* USE_AUTH */
#endif /* SQUID_AUTHUSERREQUEST_H */
#include "ssl/support.h"
#include "ssl/Config.h"
#endif
+#if USE_AUTH
#include "auth/Config.h"
#include "auth/Scheme.h"
+#endif
#include "ConfigParser.h"
#include "CpuAffinityMap.h"
#include "eui/Config.h"
(uint32_t)Config.maxRequestBufferSize, (uint32_t)Config.maxRequestHeaderSize);
}
+#if USE_AUTH
/*
* disable client side request pipelining. There is a race with
* Negotiate and NTLM when the client sends a second request on an
Config.onoff.pipeline_prefetch = 0;
}
}
+#endif
}
/** Parse a line containing an obsolete directive.
return s == NULL;
}
+#if USE_AUTH
static void
parse_authparam(Auth::authConfig * config)
{
for (authConfig::iterator i = cfg.begin(); i != cfg.end(); ++i)
(*i)->dump(entry, name, (*i));
}
+#endif /* USE_AUTH */
/* TODO: just return the object, the # is irrelevant */
static int
fatalf("parse_peer: non-parent carp peer %s/%d\n", p->host, p->http_port);
p->options.carp = 1;
-
} else if (!strcasecmp(token, "userhash")) {
+#if USE_AUTH
if (p->type != PEER_PARENT)
fatalf("parse_peer: non-parent userhash peer %s/%d\n", p->host, p->http_port);
p->options.userhash = 1;
-
+#else
+ fatalf("parse_peer: userhash requires authentication. peer %s/%d\n", p->host, p->http_port);
+#endif
} else if (!strcasecmp(token, "sourcehash")) {
if (p->type != PEER_PARENT)
fatalf("parse_peer: non-parent sourcehash peer %s/%d\n", p->host, p->http_port);
NAME: auth_param
TYPE: authparam
+IFDEF: USE_AUTH
LOC: Auth::TheConfig
DEFAULT: none
DOC_START
#include "squid.h"
#include "acl/FilledChecklist.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "base/TextException.h"
#include "ChunkedCodingParser.h"
#include "client_side.h"
aLogEntry->cache.requestSize += request->content_length;
aLogEntry->cache.extuser = request->extacl_user.termedBuf();
+#if USE_AUTH
if (request->auth_user_request != NULL) {
-
if (request->auth_user_request->username())
aLogEntry->cache.authuser = xstrdup(request->auth_user_request->username());
-
-// WTF?? request->auth_user_request = NULL;
}
+#endif
if (aLogEntry->request) {
aLogEntry->request->errType = request->errType;
clientdbEstablished(peer, -1); /* decrement */
assert(areAllContextsForThisConnection());
freeAllContexts();
-
+#if USE_AUTH
if (auth_user_request != NULL) {
debugs(33, 4, "ConnStateData::swanSong: freeing auth_user_request '" << auth_user_request << "' (this is '" << this << "')");
auth_user_request->onConnectionClose(this);
}
-
+#endif
if (pinning.fd >= 0)
comm_close(pinning.fd);
clientStreamNode *node = context->getClientReplyContext();
clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
assert (repContext);
- repContext->setReplyToError(ERR_INVALID_REQ, HTTP_EXPECTATION_FAILED, request->method, http->uri, conn->peer, request, NULL, NULL);
+ repContext->setReplyToError(ERR_INVALID_REQ, HTTP_EXPECTATION_FAILED, request->method,
+ http->uri, conn->peer, request, NULL, NULL);
assert(context->http->out.offset == 0);
context->pullData();
goto finish;
#ifndef SQUID_CLIENTSIDE_H
#define SQUID_CLIENTSIDE_H
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "base/AsyncJob.h"
#include "BodyPipe.h"
#include "comm.h"
*/
int64_t mayNeedToReadMoreBody() const;
+#if USE_AUTH
/**
* note this is ONLY connection based because NTLM and Negotiate is against HTTP spec.
* the user details for connection based authentication
*/
AuthUserRequest::Pointer auth_user_request;
+#endif
/**
* used by the owner of the connection, opaque otherwise
#include "squid.h"
#include "acl/FilledChecklist.h"
#include "acl/Gadgets.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "client_side.h"
#include "client_side_reply.h"
#include "clientStream.h"
clientReplyContext::setReplyToError(
err_type err, http_status status, const HttpRequestMethod& method, char const *uri,
Ip::Address &addr, HttpRequest * failedrequest, const char *unparsedrequest,
- AuthUserRequest::Pointer auth_user_request)
+#if USE_AUTH
+ AuthUserRequest::Pointer auth_user_request
+#else
+ int
+#endif
+ )
{
ErrorState *errstate = clientBuildError(err, status, uri, addr, failedrequest);
http->al.http.code = errstate->httpStatus;
createStoreEntry(method, request_flags());
-
+#if USE_AUTH
errstate->auth_user_request = auth_user_request;
-
+#endif
assert(errstate->callback_data == NULL);
errorAppendEntry(http->storeEntry(), errstate);
/* Now the caller reads to get this */
}
/* Filter unproxyable authentication types */
-
if (http->logType != LOG_TCP_DENIED &&
hdr->has(HDR_WWW_AUTHENTICATE)) {
HttpHeaderPos pos = HttpHeaderInitPos;
hdr->refreshMask();
}
+#if USE_AUTH
/* Handle authentication headers */
if (http->logType == LOG_TCP_DENIED &&
( reply->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED ||
authenticateFixHeader(reply, request->auth_user_request, request, 0, 1);
} else if (request->auth_user_request != NULL)
authenticateFixHeader(reply, request->auth_user_request, request, http->flags.accel, 0);
+#endif
/* Append X-Cache */
httpHeaderPutStrf(hdr, HDR_X_CACHE, "%s from %s",
void identifyFoundObject(StoreEntry *entry);
int storeOKTransferDone() const;
int storeNotOKTransferDone() const;
-
- void setReplyToError(err_type, http_status, const HttpRequestMethod&, char const *, Ip::Address &, HttpRequest *, const char *, AuthUserRequest::Pointer);
+ void setReplyToError(err_type, http_status, const HttpRequestMethod&, char const *, Ip::Address &, HttpRequest *, const char *,
+#if USE_AUTH
+ AuthUserRequest::Pointer);
+#else
+ int unused);
+#endif
void createStoreEntry(const HttpRequestMethod& m, request_flags flags);
void removeStoreReference(store_client ** scp, StoreEntry ** ep);
void removeClientStoreReference(store_client **scp, ClientHttpRequest *http);
#include "adaptation/icap/History.h"
#endif
#endif
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "clientStream.h"
#include "client_side.h"
#include "client_side_reply.h"
(answer == ACCESS_ALLOWED ? "ALLOWED" : "DENIED") <<
", because it matched '" <<
(AclMatchedName ? AclMatchedName : "NO ACL's") << "'" );
- char const *proxy_auth_msg = "<null>";
+#if USE_AUTH
+ char const *proxy_auth_msg = "<null>";
if (http->getConn() != NULL && http->getConn()->auth_user_request != NULL)
proxy_auth_msg = http->getConn()->auth_user_request->denyMessage("<null>");
else if (http->request->auth_user_request != NULL)
proxy_auth_msg = http->request->auth_user_request->denyMessage("<null>");
+#endif
if (answer != ACCESS_ALLOWED) {
/* Send an error */
int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName));
debugs(85, 5, "Access Denied: " << http->uri);
debugs(85, 5, "AclMatchedName = " << (AclMatchedName ? AclMatchedName : "<null>"));
-
+#if USE_AUTH
if (require_auth)
debugs(33, 5, "Proxy Auth Message = " << (proxy_auth_msg ? proxy_auth_msg : "<null>"));
+#endif
/*
* NOTE: get page_id here, based on AclMatchedName because if
http->logType = LOG_TCP_DENIED;
if (require_auth) {
+#if USE_AUTH
if (!http->flags.accel) {
/* Proxy authorisation needed */
status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
/* WWW authorisation needed */
status = HTTP_UNAUTHORIZED;
}
-
+#else
+ // need auth, but not possible to do.
+ status = HTTP_FORBIDDEN;
+#endif
if (page_id == ERR_NONE)
page_id = ERR_CACHE_ACCESS_DENIED;
} else {
http->getConn() != NULL ? http->getConn()->peer : tmpnoaddr,
http->request,
NULL,
+#if USE_AUTH
http->getConn() != NULL && http->getConn()->auth_user_request != NULL ?
http->getConn()->auth_user_request : http->request->auth_user_request);
-
+#else
+ NULL);
+#endif
node = (clientStreamNode *)http->client_stream.tail->data;
clientStreamRead(node, http, node->readBuffer);
return;
new_request->my_addr = old_request->my_addr;
new_request->flags = old_request->flags;
new_request->flags.redirected = 1;
+#if USE_AUTH
new_request->auth_user_request = old_request->auth_user_request;
-
+#endif
if (old_request->body_pipe != NULL) {
new_request->body_pipe = old_request->body_pipe;
old_request->body_pipe = NULL;
#include "config.h"
#include "comm/Write.h"
#include "errorpage.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "SquidTime.h"
#include "Store.h"
#include "html_quote.h"
wordlistDestroy(&err->ftp.server_msg);
safe_free(err->ftp.request);
safe_free(err->ftp.reply);
+#if USE_AUTH
err->auth_user_request = NULL;
+#endif
safe_free(err->err_msg);
#if USE_ERR_LOCALES
if (err->err_language != Config.errorDefaultLanguage)
} else {
str.Printf("Err: [none]\r\n");
}
-
+#if USE_AUTH
if (auth_user_request->denyMessage())
str.Printf("Auth ErrMsg: %s\r\n", auth_user_request->denyMessage());
-
+#endif
if (dnsError.size() > 0)
str.Printf("DNS ErrMsg: %s\r\n", dnsError.termedBuf());
switch (token) {
case 'a':
+#if USE_AUTH
if (request && request->auth_user_request != NULL)
p = request->auth_user_request->username();
if (!p)
+#endif
p = "-";
break;
-
case 'B':
if (building_deny_info_url) break;
p = request ? ftpUrlWith2f(request) : "[no URL]";
case 'm':
if (building_deny_info_url) break;
+#if USE_AUTH
p = auth_user_request->denyMessage("[not available]");
+#else
+ p = "-";
+#endif
break;
case 'M':
#define SQUID_ERRORPAGE_H
#include "squid.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "cbdata.h"
#include "ip/Address.h"
#if USE_SSL
int page_id;
char *err_language;
http_status httpStatus;
+#if USE_AUTH
AuthUserRequest::Pointer auth_user_request;
+#endif
HttpRequest *request;
char *url;
int xerrno;
#include "mgr/Registration.h"
#include "ExternalACL.h"
#include "ExternalACLEntry.h"
+#if USE_AUTH
+#include "auth/Acl.h"
+#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
+#endif
#include "SquidTime.h"
#include "Store.h"
#include "fde.h"
#include "client_side.h"
#include "HttpRequest.h"
#include "HttpReply.h"
-#include "auth/Acl.h"
-#include "auth/Gadgets.h"
#include "helper.h"
#include "MemBuf.h"
#include "rfc1738.h"
dlink_list queue;
+#if USE_AUTH
/**
* Configuration flag. May only be altered by the configuration parser.
*
* details to be processed. If none are available its a fail match.
*/
bool require_auth;
+#endif
enum {
QUOTE_METHOD_SHELL = 1,
struct _external_acl_format {
enum format_type {
EXT_ACL_UNKNOWN,
+#if USE_AUTH
EXT_ACL_LOGIN,
+#endif
#if USE_IDENT
EXT_ACL_IDENT,
#endif
EXT_ACL_USER_CERT_RAW,
EXT_ACL_USER_CERTCHAIN_RAW,
#endif
+#if USE_AUTH
EXT_ACL_EXT_USER,
+#endif
EXT_ACL_END
} type;
external_acl_format *next;
parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REQUEST);
} else if (strncmp(token, "%<{", 3) == 0) {
parse_header_token(format, (token+3), _external_acl_format::EXT_ACL_HEADER_REPLY);
+#if USE_AUTH
} else if (strcmp(token, "%LOGIN") == 0) {
format->type = _external_acl_format::EXT_ACL_LOGIN;
a->require_auth = true;
+#endif
}
#if USE_IDENT
format->header = xstrdup(token + 11);
}
#endif
+#if USE_AUTH
else if (strcmp(token, "%EXT_USER") == 0)
format->type = _external_acl_format::EXT_ACL_EXT_USER;
+#endif
else {
debugs(0,0, "ERROR: Unknown Format token " << token);
self_destruct();
case _external_acl_format::EXT_ACL_##a: \
storeAppendPrintf(sentry, " %%%s", #a); \
break
-
+#if USE_AUTH
DUMP_EXT_ACL_TYPE(LOGIN);
+#endif
#if USE_IDENT
DUMP_EXT_ACL_TYPE(IDENT);
storeAppendPrintf(sentry, " %%USER_CERT_%s", format->header);
break;
#endif
-
+#if USE_AUTH
DUMP_EXT_ACL_TYPE(EXT_USER);
-
+#endif
default:
fatal("unknown external_acl format error");
break;
bool
ACLExternal::valid () const
{
+#if USE_AUTH
if (data->def->require_auth) {
if (authenticateSchemeCount() == 0) {
debugs(28, 0, "Can't use proxy auth because no authentication schemes were compiled.");
return false;
}
}
+#endif
return true;
}
if (!entry) {
debugs(82, 9, HERE << "No helper entry available");
+#if USE_AUTH
if (acl->def->require_auth) {
int ti;
/* Make sure the user is authenticated */
debugs(82, 3, "aclMatchExternal: " << acl->def->name << " check user authenticated.");
-
if ((ti = AuthenticateAcl(ch)) != 1) {
debugs(82, 2, "aclMatchExternal: " << acl->def->name << " user not authenticated (" << ti << ")");
return ti;
}
debugs(82, 3, "aclMatchExternal: " << acl->def->name << " user is authenticated.");
}
-
+#endif
key = makeExternalAclKey(ch, acl);
if (!key) {
debugs(82, 2, "aclMatchExternal: " << acl->def->name << " = " << result);
if (ch->request) {
+#if USE_AUTH
if (entry->user.size())
ch->request->extacl_user = entry->user;
if (entry->password.size())
ch->request->extacl_passwd = entry->password;
-
+#endif
if (!ch->request->tag.size())
ch->request->tag = entry->tag;
String sb;
switch (format->type) {
-
+#if USE_AUTH
case _external_acl_format::EXT_ACL_LOGIN:
assert (ch->auth_user_request != NULL);
str = ch->auth_user_request->username();
break;
+#endif
#if USE_IDENT
-
case _external_acl_format::EXT_ACL_IDENT:
str = ch->rfc931;
break;
#endif
-
+#if USE_AUTH
case _external_acl_format::EXT_ACL_EXT_USER:
str = request->extacl_user.termedBuf();
break;
-
+#endif
case _external_acl_format::EXT_ACL_UNKNOWN:
case _external_acl_format::EXT_ACL_END:
if (state->def->quote == external_acl::QUOTE_METHOD_URL)
rfc1738_unescape(value);
- if (strcmp(token, "user") == 0)
- entryData.user = value;
- else if (strcmp(token, "message") == 0)
+ if (strcmp(token, "message") == 0)
entryData.message = value;
else if (strcmp(token, "error") == 0)
entryData.message = value;
entryData.tag = value;
else if (strcmp(token, "log") == 0)
entryData.log = value;
+#if USE_AUTH
+ else if (strcmp(token, "user") == 0)
+ entryData.user = value;
else if (strcmp(token, "password") == 0)
entryData.password = value;
else if (strcmp(token, "passwd") == 0)
entryData.password = value;
else if (strcmp(token, "login") == 0)
entryData.user = value;
+#endif
}
}
}
bool graceful = 0;
ACLFilledChecklist *ch = Filled(checklist);
+#if USE_AUTH
if (acl->def->require_auth) {
int ti;
/* Make sure the user is authenticated */
}
debugs(82, 3, "aclMatchExternal: " << acl->def->name << " user is authenticated.");
}
+#endif
const char *key = makeExternalAclKey(ch, acl);
debugs(82, 4, "externalAclLookup: using cached entry " << entry);
if (entry != NULL) {
- debugs(82, 4, "externalAclLookup: entry = { date=" <<
- (long unsigned int) entry->date << ", result=" <<
- entry->result << ", user=" << entry->user << " tag=" <<
- entry->tag << " log=" << entry->log << " }");
+ debugs(82, 4, "externalAclLookup: entry = { date=" << (long unsigned int) entry->date <<
+ ", result=" << entry->result <<
+#if USE_AUTH
+ ", user=" << entry->user <<
+#endif
+ " tag=" << entry->tag <<
+ " log=" << entry->log << " }");
}
bool
ACLExternal::isProxyAuth() const
{
+#if USE_AUTH
return data->def->require_auth;
+#else
+ return false;
+#endif
}
#include "squid.h"
#include "acl/FilledChecklist.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "base/AsyncJobCalls.h"
#include "base/TextException.h"
#include "base64.h"
if (orig_request->extacl_user.size())
username = orig_request->extacl_user.termedBuf();
+#if USE_AUTH
else if (orig_request->auth_user_request != NULL)
username = orig_request->auth_user_request->username();
+#endif
snprintf(loginbuf, sizeof(loginbuf), "%s%s", username, orig_request->peer_login + 1);
}
/* Kerberos login to peer */
-#if HAVE_KRB5 && HAVE_GSSAPI
+#if HAVE_AUTH_MODULE_NEGOTIATE && HAVE_KRB5 && HAVE_GSSAPI
if (strncmp(orig_request->peer_login, "NEGOTIATE",strlen("NEGOTIATE")) == 0) {
char *Token=NULL;
char *PrincipalName=NULL,*p;
#if ICAP_CLIENT
#include "adaptation/icap/icap_log.h"
#endif
+#if USE_AUTH
#include "auth/Gadgets.h"
+#endif
#include "base/TextException.h"
#if USE_DELAY_POOLS
#include "ClientDelayConfig.h"
/* run the closure code which can be shared with reconfigure */
serverConnectionsClose();
-
+#if USE_AUTH
/* detach the auth components (only do this on full shutdown) */
AuthScheme::FreeAll();
-
+#endif
eventAdd("SquidShutdown", &StopEventLoop, this, (double) (wait + 1), 1, false);
}
peerSelectInit();
carpInit();
+#if USE_AUTH
peerUserHashInit();
+#endif
peerSourceHashInit();
}
}
Ssl::TheGlobalContextStorage.reconfigureStart();
#endif
redirectShutdown();
+#if USE_AUTH
authenticateReset();
+#endif
externalAclShutdown();
storeDirCloseSwapLogs();
storeLogClose();
#endif
redirectInit();
+#if USE_AUTH
authenticateInit(&Auth::TheConfig);
+#endif
externalAclInit();
if (IamPrimaryProcess()) {
dnsShutdown();
#endif
redirectShutdown();
+#if USE_AUTH
authenticateRotate();
+#endif
externalAclShutdown();
_db_rotate_log(); /* cache.log */
dnsInit();
#endif
redirectInit();
+#if USE_AUTH
authenticateInit(&Auth::TheConfig);
+#endif
externalAclInit();
}
#endif
redirectInit();
-
+#if USE_AUTH
authenticateInit(&Auth::TheConfig);
-
+#endif
externalAclInit();
httpHeaderInitModule(); /* must go before any header processing (e.g. the one in errorInitialize) */
/* we may want the parsing process to set this up in the future */
Store::Root(new StoreController);
-
+#if USE_AUTH
InitAuthSchemes(); /* required for config parsing */
-
+#endif
Ip::ProbeTransport(); // determine IPv4 or IPv6 capabilities before parsing.
parse_err = parseConfigFile(ConfigFile);
#if USE_DELAY_POOLS
DelayPools::FreePools();
#endif
-
+#if USE_AUTH
authenticateReset();
+#endif
#if USE_WIN32_SERVICE
WIN32_svcstatusupdate(SERVICE_STOP_PENDING, 10000);
if (p->options.carp)
storeAppendPrintf(sentry, " carp");
-
+#if USE_AUTH
if (p->options.userhash)
storeAppendPrintf(sentry, " userhash");
if (p->options.userhash)
storeAppendPrintf(sentry, " sourcehash");
-
+#endif
if (p->options.weighted_roundrobin)
storeAppendPrintf(sentry, " weighted-round-robin");
if ((p = getDefaultParent(request))) {
code = DEFAULT_PARENT;
+#if USE_AUTH
} else if ((p = peerUserHashSelectParent(request))) {
code = USERHASH_PARENT;
+#endif
} else if ((p = peerSourceHashSelectParent(request))) {
code = SOURCEHASH_PARENT;
} else if ((p = carpSelectParent(request))) {
*/
#include "squid.h"
+
+#if USE_AUTH
+
#include "mgr/Registration.h"
#include "Store.h"
#include "HttpRequest.h"
sumfetches ? (double) p->stats.fetches / sumfetches : -1.0);
}
}
+
+#endif /* USE_AUTH */
#endif
-#if HAVE_KRB5 && HAVE_GSSAPI
+#if USE_AUTH
+
+#if HAVE_AUTH_MODULE_NEGOTIATE && HAVE_KRB5 && HAVE_GSSAPI
/* upstream proxy authentication */
SQUIDCEXTERN char *peer_proxy_negotiate_auth(char *principal_name, char *proxy);
#endif
/* call to ensure the auth component schemes exist. */
SQUIDCEXTERN void InitAuthSchemes(void);
+#endif /* USE_AUTH */
#endif /* SQUID_PROTOS_H */
*/
#include "squid.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "mgr/Registration.h"
#include "Store.h"
#include "fde.h"
else
r->client_addr.SetNoAddr();
r->client_ident = NULL;
-
+#if USE_AUTH
if (http->request->auth_user_request != NULL)
r->client_ident = http->request->auth_user_request->username();
- else if (http->request->extacl_user.defined()) {
+ else
+#endif
+ if (http->request->extacl_user.defined()) {
r->client_ident = http->request->extacl_user.termedBuf();
}
http->getConn() != NULL ? http->getConn()->peer : tmpnoaddr,
http->request,
NULL,
+#if USE_AUTH
http->getConn() != NULL && http->getConn()->auth_user_request != NULL ?
http->getConn()->auth_user_request : http->request->auth_user_request);
+#else
+ NULL);
+#endif
node = (clientStreamNode *)http->client_stream.tail->data;
clientStreamRead(node, http, node->readBuffer);
#include "squid.h"
#include "event.h"
#include "StoreClient.h"
+#if USE_AUTH
#include "auth/UserRequest.h"
+#endif
#include "mgr/Registration.h"
#include "Store.h"
#include "HttpRequest.h"
Mgr::RegisterAction("active_requests",
"Client-side Active Requests",
statClientRequests, 0, 1);
+#if USE_AUTH
Mgr::RegisterAction("username_cache",
"Active Cached Usernames",
AuthUser::UsernameCacheStats, 0, 1);
+#endif
#if DEBUG_OPENFD
Mgr::RegisterAction("openfd_objects", "Objects with Swapout files open",
statOpenfdObj, 0, 0);
(long int) http->start_time.tv_sec,
(int) http->start_time.tv_usec,
tvSubDsec(http->start_time, current_time));
-
+#if USE_AUTH
if (http->request->auth_user_request != NULL)
p = http->request->auth_user_request->username();
- else if (http->request->extacl_user.defined()) {
+ else
+#endif
+ if (http->request->extacl_user.defined()) {
p = http->request->extacl_user.termedBuf();
}
#endif
unsigned int allow_miss:1;
unsigned int carp:1;
+#if USE_AUTH
unsigned int userhash:1;
+#endif
unsigned int sourcehash:1;
unsigned int originserver:1;
unsigned int no_tproxy:1;
double load_multiplier;
double load_factor; /* normalized weight value */
} carp;
-
+#if USE_AUTH
struct {
unsigned int hash;
double load_multiplier;
double load_factor; /* normalized weight value */
} userhash;
-
+#endif
struct {
unsigned int hash;
double load_multiplier;
#define SQUID_UNIT_TEST 1
#include "squid.h"
+
+#if USE_AUTH
+
#include "testACLMaxUserIP.h"
#include "auth/AclMaxUserIp.h"
CPPUNIT_ASSERT(anACL.valid());
xfree(line);
}
+
+#endif /* USE_AUTH */
#ifndef SQUID_SRC_TEST_ACLMAXUSERIP_H
#define SQUID_SRC_TEST_ACLMAXUSERIP_H
+#if USE_AUTH
+
#include <cppunit/extensions/HelperMacros.h>
/*
void testParseLine();
};
+#endif /* USE_AUTH */
#endif /* SQUID_SRC_TEST_ACLMAXUSERIP_H */
-
#define SQUID_UNIT_TEST 1
#include "squid.h"
+
+#if USE_AUTH
+
#include "testAuth.h"
#include "auth/Gadgets.h"
#include "auth/UserRequest.h"
}
#endif /* HAVE_AUTH_MODULE_NEGOTIATE */
+#endif /* USE_AUTH */
-
#ifndef SQUID_SRC_TEST_AUTH_H
#define SQUID_SRC_TEST_AUTH_H
+#if USE_AUTH
+
#include <cppunit/extensions/HelperMacros.h>
/*
};
#endif
-#endif
-
+#endif /* USE_AUTH */
+#endif /* SQUID_SRC_TEST_AUTH_H */
projects / thirdparty / squid.git / commitdiff
