if test "$SquidInline" = "yes" ; then
AC_DEFINE(_SQUID_INLINE_, inline, [Keyword used by squid for inlining methods])
- AC_DEFINE(_USE_INLINE_,, [Include inline methods into header file])
+ AC_DEFINE(_USE_INLINE_,1, [Include inline methods into header file])
else
AC_MSG_NOTICE([Inlining optimization disabled])
AC_DEFINE(_SQUID_INLINE_,, [Keyword used by squid for inlining methods])
#include "config.h"
+#if REFCOUNT_DEBUG
+#include "Debug.h"
+#endif
+
#if HAVE_IOSTREAM
#include <iostream>
#endif
-#include "squid.h"
+#include "config.h"
+#include "Debug.h"
+#include "protos.h"
-
-#ifdef HAVE_AUTH_MODULE_BASIC
+#if HAVE_AUTH_MODULE_BASIC
#include "auth/basic/basicScheme.h"
#endif
-
-#ifdef HAVE_AUTH_MODULE_NTLM
-#include "auth/ntlm/ntlmScheme.h"
-#endif
-
-#ifdef HAVE_AUTH_MODULE_DIGEST
+#if HAVE_AUTH_MODULE_DIGEST
#include "auth/digest/digestScheme.h"
#endif
-
-#ifdef HAVE_AUTH_MODULE_NEGOTIATE
+#if HAVE_AUTH_MODULE_NEGOTIATE
#include "auth/negotiate/negotiateScheme.h"
#endif
-
-#ifdef HAVE_AUTH_MODULE_BASIC
-static const char *basic_type = basicScheme::GetInstance().type();
-#endif
-
-#ifdef HAVE_AUTH_MODULE_NTLM
-static const char *ntlm_type = ntlmScheme::GetInstance().type();
-#endif
-
-#ifdef HAVE_AUTH_MODULE_DIGEST
-static const char *digest_type = digestScheme::GetInstance().type();
-#endif
-
-#ifdef HAVE_AUTH_MODULE_NEGOTIATE
-static const char *negotiate_type = negotiateScheme::GetInstance().type();
+#if HAVE_AUTH_MODULE_NTLM
+#include "auth/ntlm/ntlmScheme.h"
#endif
+/**
+ * Initialize the authentication modules (if any)
+ * This is required once, before any configuration actions are taken.
+ */
+void
+InitAuthSchemes()
+{
+ debugs(29,1,"Initializing Authentication Schemes ...");
+#if HAVE_AUTH_MODULE_BASIC
+ static const char *basic_type = basicScheme::GetInstance()->type();
+ debugs(29,1,"Initialized Authentication Scheme '" << basic_type << "'");
+#endif
+#if HAVE_AUTH_MODULE_DIGEST
+ static const char *digest_type = digestScheme::GetInstance()->type();
+ debugs(29,1,"Initialized Authentication Scheme '" << digest_type << "'");
+#endif
+#if HAVE_AUTH_MODULE_NEGOTIATE
+ static const char *negotiate_type = negotiateScheme::GetInstance()->type();
+ debugs(29,1,"Initialized Authentication Scheme '" << negotiate_type << "'");
+#endif
+#if HAVE_AUTH_MODULE_NTLM
+ static const char *ntlm_type = ntlmScheme::GetInstance()->type();
+ debugs(29,1,"Initialized Authentication Scheme '" << ntlm_type << "'");
+#endif
+ debugs(29,1,"Initializing Authentication Schemes Complete.");
+}
## Tests of the CacheManager module.
tests_testCacheManager_SOURCES = \
+ $(ACL_REGISTRATION_SOURCES) \
debug.cc \
HttpRequest.cc \
HttpRequestMethod.cc \
## Tests of the Even module.
tests_testEvent_SOURCES = \
+ $(ACL_REGISTRATION_SOURCES) \
debug.cc \
EventLoop.h \
EventLoop.cc \
## Tests of the EventLoop module.
tests_testEventLoop_SOURCES = \
+ $(ACL_REGISTRATION_SOURCES) \
debug.cc \
EventLoop.h \
EventLoop.cc \
$(SQUID_CPPUNIT_LA)
tests_test_http_range_SOURCES = \
+ $(ACL_REGISTRATION_SOURCES) \
tests/test_http_range.cc \
BodyPipe.cc \
cache_cf.cc \
## Tests of the HttpRequest module.
tests_testHttpRequest_SOURCES = \
+ $(ACL_REGISTRATION_SOURCES) \
debug.cc \
HttpRequest.cc \
HttpRequestMethod.cc \
## Tests of the URL module.
## TODO: Trim this down once the insanity is over.
tests_testURL_SOURCES = \
+ $(ACL_REGISTRATION_SOURCES) \
debug.cc \
url.cc \
URLScheme.cc \
-
/*
* $Id$
*
#include "auth/Config.h"
#include "auth/UserRequest.h"
-/* Get Auth User: Return a filled out auth_user structure for the given
+Auth::authConfig Auth::TheConfig;
+
+/**
+ * Get Auth User: Return a filled out auth_user structure for the given
* Proxy Auth (or Auth) header. It may be a cached Auth User or a new
* Unauthenticated structure. The structure is given an inital lock here.
* It may also be NULL reflecting that no user could be created.
AuthConfig *
AuthConfig::Find(const char *proxy_auth)
{
- for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i)
+ for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0)
return *i;
virtual const char * type() const = 0;
};
+namespace Auth
+{
+
+typedef Vector<AuthConfig *> authConfig;
+
+extern authConfig TheConfig;
+
+}; // namespace Auth
+
#endif /* SQUID_AUTHCONFIG_H */
-
/*
* $Id$
*
{
int rv = 0;
- for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i)
+ for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if ((*i)->configured())
++rv;
int
authenticateSchemeCount(void)
{
- int rv = AuthScheme::Schemes().size();
+ int rv = AuthScheme::GetSchemes().size();
debugs(29, 9, "authenticateSchemeCount: " << rv << " active.");
}
static void
-authenticateRegisterWithCacheManager(authConfig * config)
+authenticateRegisterWithCacheManager(Auth::authConfig * config)
{
- for (authConfig::iterator i = config->begin(); i != config->end(); ++i) {
+ for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) {
AuthConfig *scheme = *i;
scheme->registerWithCacheManager();
}
}
void
-authenticateInit(authConfig * config)
+authenticateInit(Auth::authConfig * config)
{
- for (authConfig::iterator i = config->begin(); i != config->end(); ++i) {
- AuthConfig *scheme = *i;
+ if (!config)
+ return;
+
+ for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) {
+ AuthConfig *schemeCfg = *i;
- if (scheme->configured())
- scheme->init(scheme);
+ if (schemeCfg->configured())
+ schemeCfg->init(schemeCfg);
}
if (!proxy_auth_username_cache)
else
AuthUser::CachedACLsReset();
- authenticateRegisterWithCacheManager(&Config.authConfiguration);
+ authenticateRegisterWithCacheManager(config);
}
void
hashFreeItems(proxy_auth_username_cache, AuthUserHashPointer::removeFromCache);
AuthScheme::FreeAll();
} else {
- for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i)
+ for (AuthScheme::iterator i = (AuthScheme::GetSchemes()).begin(); i != (AuthScheme::GetSchemes()).end(); ++i)
(*i)->done();
}
}
#include "hash.h"
#include "MemPool.h"
-#include "typedefs.h" /* for authConfig */
+#include "auth/Config.h"
class AuthUser;
extern void authenticateAuthUserMerge(AuthUser *, AuthUser *);
/// \ingroup AuthAPI
-extern void authenticateInit(authConfig *);
+extern void authenticateInit(Auth::authConfig *);
/// \ingroup AuthAPI
extern void authenticateShutdown(void);
/// \ingroup AuthAPI
-
/*
* $Id$
*
#include "auth/Gadgets.h"
#include "auth/Config.h"
-Vector<AuthScheme*> *AuthScheme::_Schemes = NULL;
+Vector<AuthScheme::Pointer> *AuthScheme::_Schemes = NULL;
void
-AuthScheme::AddScheme(AuthScheme &instance)
+AuthScheme::AddScheme(AuthScheme::Pointer instance)
{
iterator i = GetSchemes().begin();
while (i != GetSchemes().end()) {
- assert(strcmp((*i)->type(), instance.type()) != 0);
+ assert(strcmp((*i)->type(), instance->type()) != 0);
++i;
}
- GetSchemes().push_back (&instance);
+ GetSchemes().push_back(instance);
}
-AuthScheme *
+AuthScheme::Pointer
AuthScheme::Find(const char *typestr)
{
for (iterator i = GetSchemes().begin(); i != GetSchemes().end(); ++i) {
return *i;
}
- return NULL;
+ return AuthScheme::Pointer(NULL);
}
-Vector<AuthScheme *> const &
+#if 0 // with ref-counting we never have a constant version of *::Pointer
+Vector<AuthScheme::Pointer> const &
AuthScheme::Schemes()
{
return GetSchemes();
}
+#endif
-Vector<AuthScheme*> &
+Vector<AuthScheme::Pointer> &
AuthScheme::GetSchemes()
{
if (!_Schemes)
- _Schemes = new Vector<AuthScheme *>;
+ _Schemes = new Vector<AuthScheme::Pointer>;
return *_Schemes;
}
-/*
- * called when a graceful shutdown is to occur
- * of each scheme module.
+/**
+ * Called when a graceful shutdown is to occur of each scheme module.
+ * On completion the auth components are to be considered deleted.
+ * None will be available globally. Some may remain around for their
+ * currently active connections to close, but only those active
+ * connections will retain pointers to them.
*/
void
AuthScheme::FreeAll()
{
+ assert(false); // NP: this should NOT happen during regular progarm execution...
+
while (GetSchemes().size()) {
- AuthScheme *scheme = GetSchemes().back();
+ AuthScheme::Pointer scheme = GetSchemes().back();
GetSchemes().pop_back();
scheme->done();
}
-
/*
* $Id$
*
#include "squid.h"
#include "Array.h"
+#include "RefCount.h"
/**
\defgroup AuthSchemeAPI Authentication Scheme API
* a new class AuthConfiguration should be made, and the
* config specific calls on AuthScheme moved to it.
*/
-class AuthScheme
+class AuthScheme : public RefCountable
{
+public:
+ typedef RefCount<AuthScheme> Pointer;
public:
- static void AddScheme(AuthScheme &);
- static void FreeAll();
- static Vector<AuthScheme*> const &Schemes();
- static AuthScheme *Find(const char *);
- typedef Vector<AuthScheme*>::iterator iterator;
- typedef Vector<AuthScheme*>::const_iterator const_iterator;
- AuthScheme() : initialised (false) {}
+ AuthScheme() : initialised (false) {};
+ virtual ~AuthScheme() {};
- virtual ~AuthScheme() {}
+ static void AddScheme(AuthScheme::Pointer);
+ static void FreeAll();
+// static Vector<AuthScheme::Pointer> const &Schemes();
+ static AuthScheme::Pointer Find(const char *);
+ typedef Vector<AuthScheme::Pointer>::iterator iterator;
+ typedef Vector<AuthScheme::Pointer>::const_iterator const_iterator;
/* per scheme methods */
virtual char const *type () const = 0;
virtual void done() = 0;
virtual AuthConfig *createConfig() = 0;
+
// Not implemented
AuthScheme(AuthScheme const &);
AuthScheme &operator=(AuthScheme const&);
+ static Vector<AuthScheme::Pointer> &GetSchemes();
+
protected:
bool initialised;
private:
- static Vector<AuthScheme*> &GetSchemes();
- static Vector<AuthScheme*> *_Schemes;
+ static Vector<AuthScheme::Pointer> *_Schemes;
};
#endif /* SQUID_AUTHSCHEME_H */
dlink_list ip_list;
};
-#ifdef _USE_INLINE_
+#if _USE_INLINE_
#include "auth/User.cci"
#endif
else {
/* call each configured & running authscheme */
- for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i) {
+ for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) {
AuthConfig *scheme = *i;
if (scheme->active())
auth_user_request->addTrailer(rep, accelerated);
}
-AuthScheme *
+AuthScheme::Pointer
AuthUserRequest::scheme() const
{
/* TODO: this should be overriden by the child and be essentially a no-op */
#define SQUID_AUTHUSERREQUEST_H
#include "auth/enums.h"
+#include "auth/Scheme.h"
#include "dlink.h"
#include "ip/IpAddress.h"
-#include "RefCount.h"
#include "typedefs.h"
#include "HttpHeader.h"
-class AuthScheme;
class AuthUser;
class ConnStateData;
class HttpReply;
*/
char const *username() const;
- AuthScheme *scheme() const;
+ AuthScheme::Pointer scheme() const;
virtual const char * connLastHeader();
#include "squid.h"
-#include "auth_basic.h"
+#include "auth/basic/auth_basic.h"
#include "auth/Gadgets.h"
#include "CacheManager.h"
#include "Store.h"
#include "HttpReply.h"
-#include "basicScheme.h"
+#include "auth/basic/basicScheme.h"
#include "rfc1738.h"
#include "wordlist.h"
#include "SquidTime.h"
static helper *basicauthenticators = NULL;
-static AuthBasicConfig basicConfig;
-
static int authbasic_initialised = 0;
/* internal functions */
-/* TODO: move to basicScheme.cc - after all per request and user functions are moved out */
-void
-basicScheme::done()
-{
- /* TODO: this should be a Config call. */
-
- if (basicauthenticators)
- helperShutdown(basicauthenticators);
-
- authbasic_initialised = 0;
-
- if (!shutting_down)
- return;
-
- if (basicauthenticators)
- helperFree(basicauthenticators);
-
- basicauthenticators = NULL;
-
- /* XXX Reinstate auth shutdown for dynamic schemes? */
- debugs(29, DBG_CRITICAL, HERE << "Basic authentication Shutdown.");
-}
-
bool
AuthBasicConfig::active() const
{
const char *
AuthBasicConfig::type() const
{
- return basicScheme::GetInstance().type();
+ return basicScheme::GetInstance()->type();
}
AuthBasicUserRequest::AuthBasicUserRequest()
bool
BasicUser::authenticated() const
{
- if ((flags.credentials_ok == 1) && (credentials_checkedtime + basicConfig.credentialsTTL > squid_curtime))
+ if ((flags.credentials_ok == 1) && (credentials_checkedtime + static_cast<AuthBasicConfig*>(config)->credentialsTTL > squid_curtime))
return true;
debugs(29, 4, "User not authenticated or credentials need rechecking.");
return;
/* are we about to recheck the credentials externally? */
- if ((basic_auth->credentials_checkedtime + basicConfig.credentialsTTL) <= squid_curtime) {
+ if ((basic_auth->credentials_checkedtime + static_cast<AuthBasicConfig*>(AuthConfig::Find("basic"))->credentialsTTL) <= squid_curtime) {
debugs(29, 4, "authBasicAuthenticate: credentials expired - rechecking");
return;
}
case 1: /* checked & ok */
- if (basic_auth->credentials_checkedtime + basicConfig.credentialsTTL <= squid_curtime)
+ if (basic_auth->credentials_checkedtime + static_cast<AuthBasicConfig*>(AuthConfig::Find("basic"))->credentialsTTL <= squid_curtime)
return -1;
return 0;
}
}
-/* free any allocated configuration details */
+/** shutdown the auth helpers and free any allocated configuration details */
void
AuthBasicConfig::done()
{
+ authbasic_initialised = 0;
+
+ if (basicauthenticators) {
+ helperShutdown(basicauthenticators);
+ helperFree(basicauthenticators);
+ basicauthenticators = NULL;
+ }
+
if (authenticate)
wordlistDestroy(&authenticate);
storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off");
}
-AuthBasicConfig::AuthBasicConfig()
+AuthBasicConfig::AuthBasicConfig() :
+ authenticateChildren(5),
+ authenticateConcurrency(1),
+ authenticate(NULL),
+ credentialsTTL( 2*60*60 ),
+ casesensitive(0),
+ utf8(0)
{
- /* TODO: move into initialisation list */
- authenticateChildren = 5;
- credentialsTTL = 2 * 60 * 60; /* two hours */
basicAuthRealm = xstrdup("Squid proxy-caching web server");
}
*seperator = ':';
}
- if (!basicConfig.casesensitive)
+ if (!static_cast<AuthBasicConfig*>(config)->casesensitive)
Tolower((char *)username());
}
/* log the username */
debugs(29, 9, HERE << "Creating new user for logging '" << username() << "'");
/* new scheme data */
- BasicUser *basic_auth = new BasicUser(& basicConfig);
+ BasicUser *basic_auth = new BasicUser(config);
auth_user_request->user(basic_auth);
/* save the credentials */
basic_auth->username(username());
{
/* the user doesn't exist in the username cache yet */
debugs(29, 9, HERE << "Creating new user '" << username() << "'");
- BasicUser *basic_user = new BasicUser(&basicConfig);
+ BasicUser *basic_user = new BasicUser(config);
/* save the credentials */
basic_user->username(username());
username(NULL);
while (xisgraph(*proxy_auth))
proxy_auth++;
- BasicUser *basic_auth, local_basic(&basicConfig);
+ BasicUser *basic_auth, local_basic(this);
/* Trim leading whitespace before decoding */
while (xisspace(*proxy_auth))
/** Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-AuthBasicConfig::init(AuthConfig * scheme)
+AuthBasicConfig::init(AuthConfig * schemeCfg)
{
if (authenticate) {
authbasic_initialised = 1;
assert(basic_auth != NULL);
debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'");
- if (basicConfig.authenticate == NULL) {
+ if (static_cast<AuthBasicConfig*>(AuthConfig::Find("basic"))->authenticate == NULL) {
handler(data, NULL);
return;
}
r->handler = handler;
r->data = cbdataReference(data);
r->auth_user_request = auth_user_request;
- if (basicConfig.utf8) {
+ if (static_cast<AuthBasicConfig*>(config)->utf8) {
latin1_to_utf8(user, sizeof(user), username());
latin1_to_utf8(pass, sizeof(pass), passwd);
xstrncpy(user, rfc1738_escape(user), sizeof(user));
snprintf(buf, sizeof(buf), "%s %s\n", user, pass);
helperSubmit(basicauthenticators, buf, authenticateBasicHandleReply, r);
}
-
-AuthConfig *
-basicScheme::createConfig()
-{
- return &basicConfig;
-}
#ifndef __AUTH_BASIC_H__
#define __AUTH_BASIC_H__
+
#include "auth/Gadgets.h"
#include "auth/User.h"
#include "auth/UserRequest.h"
-
/*
* $Id$
*
*
*/
-#include "basicScheme.h"
+#include "config.h"
+#include "auth/basic/basicScheme.h"
+#include "helper.h"
+
+/* for AuthConfig */
+#include "auth/basic/auth_basic.h"
+
+AuthScheme::Pointer basicScheme::_instance = NULL;
-AuthScheme &
+AuthScheme::Pointer
basicScheme::GetInstance()
{
- if (_instance == NULL)
+ if (_instance == NULL) {
_instance = new basicScheme();
- return *_instance;
-}
-
-basicScheme::basicScheme()
-{
- AddScheme(*this);
+ AddScheme(_instance);
+ }
+ return _instance;
}
char const *
return "basic";
}
-basicScheme *basicScheme::_instance = NULL;
+void
+basicScheme::done()
+{
+ /* clear the global handle to this scheme. */
+ _instance = NULL;
+
+ debugs(29, DBG_CRITICAL, HERE << "Basic authentication Schema Detached.");
+}
+
+AuthConfig *
+basicScheme::createConfig()
+{
+ AuthBasicConfig *newCfg = new AuthBasicConfig;
+ return dynamic_cast<AuthConfig*>(newCfg);
+}
-
/*
* $Id$
*
#define SQUID_BASICSCHEME_H
#include "auth/Scheme.h"
+#include "auth/basic/auth_basic.h"
/// \ingroup AuthAPI
/// \ingroup AuthSchemeAPI
{
public:
- static AuthScheme &GetInstance();
- basicScheme();
+ static AuthScheme::Pointer GetInstance();
+ basicScheme() {};
virtual ~basicScheme() {}
/* per scheme */
basicScheme &operator=(basicScheme const &);
private:
- static basicScheme *_instance;
+ static AuthScheme::Pointer _instance;
+// AuthBasicConfig basicConfig;
};
#endif /* SQUID_BASICSCHEME_H */
#include "squid.h"
#include "rfc2617.h"
-#include "auth_digest.h"
+#include "auth/digest/auth_digest.h"
#include "auth/Gadgets.h"
#include "event.h"
#include "CacheManager.h"
#include "wordlist.h"
#include "SquidTime.h"
/* TODO don't include this */
-#include "digestScheme.h"
+#include "auth/digest/digestScheme.h"
/* Digest Scheme */
static hash_table *digest_nonce_cache;
-static AuthDigestConfig digestConfig;
-
static int authdigest_initialised = 0;
static MemAllocator *digest_nonce_pool = NULL;
if (!digest_nonce_cache) {
digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(digest_nonce_cache);
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, digestConfig.nonceGCInterval, 1);
+ eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->nonceGCInterval, 1);
}
}
debugs(29, 3, "authenticateDigestNonceCacheCleanup: Finished cleaning the nonce cache.");
- if (digestConfig.active())
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, digestConfig.nonceGCInterval, 1);
+ if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->active())
+ eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->nonceGCInterval, 1);
}
static void
}
/* is the nonce-count ok ? */
- if (!digestConfig.CheckNonceCount) {
+ if (!static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->CheckNonceCount) {
nonce->nc++;
return -1; /* forced OK by configuration */
}
- if ((digestConfig.NonceStrictness && intnc != nonce->nc + 1) ||
+ if ((static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) ||
intnc < nonce->nc + 1) {
debugs(29, 4, "authDigestNonceIsValid: Nonce count doesn't match");
nonce->flags.valid = 0;
return -1;
/* has it's max duration expired? */
- if (nonce->noncedata.creationtime + digestConfig.noncemaxduration < current_time.tv_sec) {
+ if (nonce->noncedata.creationtime + static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxduration < current_time.tv_sec) {
debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " <<
nonce->noncedata.creationtime << " " <<
- digestConfig.noncemaxduration << " " <<
+ static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxduration << " " <<
current_time.tv_sec);
nonce->flags.valid = 0;
return -1;
}
- if (nonce->nc > digestConfig.noncemaxuses) {
+ if (nonce->nc > static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxuses) {
debugs(29, 4, "authDigestNoncelastRequest: Nonce count over user limit");
nonce->flags.valid = 0;
return -1;
return -1;
}
- if (nonce->nc >= digestConfig.noncemaxuses - 1) {
+ if (nonce->nc >= static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxuses - 1) {
debugs(29, 4, "authDigestNoncelastRequest: Nonce count about to hit user limit");
return -1;
}
authDigestUserShutdown();
authenticateDigestNonceShutdown();
debugs(29, 2, "authenticateDigestDone: Digest authentication shut down.");
+
+ /* clear the global handle to this scheme. */
+ _instance = NULL;
}
void
return;
}
- if (digestConfig.PostWorkaround && request->method != METHOD_GET) {
+ if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->PostWorkaround && request->method != METHOD_GET) {
/* Ugly workaround for certain very broken browsers using the
* wrong method to calculate the request-digest on POST request.
* This should be deleted once Digest authentication becomes more
#endif
- if ((digestConfig.authenticate) && authDigestNonceLastRequest(nonce)) {
+ if ((static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->authenticate) && authDigestNonceLastRequest(nonce)) {
flags.authinfo_sent = 1;
debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO;
- if ((digestConfig.authenticate) && authDigestNonceLastRequest(nonce)) {
+ if ((static_cast<AuthDigestConfig*>(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) {
debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
}
AuthDigestConfig::AuthDigestConfig()
{
/* TODO: move into initialisation list */
+ authenticate = NULL;
authenticateChildren = 5;
/* 5 minutes */
nonceGCInterval = 5 * 60;
const char *
AuthDigestConfig::type() const
{
- return digestScheme::GetInstance().type();
+ return digestScheme::GetInstance()->type();
}
/* log the username */
debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'");
- digest_user_h *digest_user = new DigestUser(&digestConfig);
+ digest_user_h *digest_user = new DigestUser(static_cast<AuthDigestConfig*>(AuthConfig::Find("digest")));
/* save the credentials */
digest_user->username(username);
/* set the auth_user type */
if ((auth_user = authDigestUserFindUsername(username)) == NULL) {
/* the user doesn't exist in the username cache yet */
debugs(29, 9, "authDigestDecodeAuth: Creating new digest user '" << username << "'");
- digest_user = new DigestUser (&digestConfig);
+ digest_user = new DigestUser(this);
/* auth_user is a parent */
auth_user = digest_user;
/* save the username */
assert(digest_user != NULL);
debugs(29, 9, "authenticateStart: '\"" << digest_user->username() << "\":\"" << realm << "\"'");
- if (digestConfig.authenticate == NULL) {
+ if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->authenticate == NULL) {
handler(data, NULL);
return;
}
r->handler = handler;
r->data = cbdataReference(data);
r->auth_user_request = static_cast<AuthUserRequest*>(this);
- if (digestConfig.utf8) {
+ if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->utf8) {
char userstr[1024];
latin1_to_utf8(userstr, sizeof(userstr), digest_user->username());
snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm);
if (nonce)
authDigestNonceUnlink(nonce);
}
-
-AuthConfig *
-digestScheme::createConfig()
-{
- return &digestConfig;
-}
-
-
/*
* $Id$
*
*
*/
-#include "digestScheme.h"
+#include "config.h"
+#include "auth/digest/digestScheme.h"
+#include "helper.h"
-AuthScheme &
+AuthScheme::Pointer
digestScheme::GetInstance()
{
- if (_instance == NULL)
+ if (_instance == NULL) {
_instance = new digestScheme();
- return *_instance;
-}
-
-digestScheme::digestScheme()
-{
- AddScheme(*this);
+ AddScheme(_instance);
+ }
+ return _instance;
}
char const *
return "digest";
}
-digestScheme *digestScheme::_instance = NULL;
+AuthScheme::Pointer digestScheme::_instance = NULL;
+
+AuthConfig *
+digestScheme::createConfig()
+{
+ AuthDigestConfig *digestCfg = new AuthDigestConfig;
+ return dynamic_cast<AuthConfig*>(digestCfg);
+}
-
/*
* $Id$
*
#define SQUID_DIGESTSCHEME_H
#include "auth/Scheme.h"
+#include "auth/digest/auth_digest.h"
/// \ingroup AuthSchemeAPI
/// \ingroup AuthAPI
{
public:
- static AuthScheme &GetInstance();
- digestScheme();
+ static AuthScheme::Pointer GetInstance();
+ digestScheme() {};
virtual ~digestScheme() {}
/* per scheme */
virtual char const *type () const;
virtual void done();
virtual AuthConfig *createConfig();
+
/* Not implemented */
digestScheme (digestScheme const &);
digestScheme &operator=(digestScheme const &);
private:
- static digestScheme *_instance;
+ static AuthScheme::Pointer _instance;
};
#endif /* SQUID_DIGESTSCHEME_H */
#include "squid.h"
-#include "auth_negotiate.h"
+#include "auth/negotiate/auth_negotiate.h"
#include "auth/Gadgets.h"
#include "CacheManager.h"
#include "Store.h"
#include "HttpRequest.h"
#include "SquidTime.h"
/** \todo remove this include */
-#include "negotiateScheme.h"
+#include "auth/negotiate/negotiateScheme.h"
#include "wordlist.h"
/**
*
*/
-/**
- \ingroup AuthNegotiateInternal
- \todo move to negotiateScheme.cc
- */
void
-negotiateScheme::done()
+AuthNegotiateConfig::done()
{
- /* TODO: this should be a Config call. */
- debugs(29, 2, "negotiateScheme::done: shutting down Negotiate authentication.");
-
- if (negotiateauthenticators)
- helperStatefulShutdown(negotiateauthenticators);
-
authnegotiate_initialised = 0;
- if (!shutting_down)
- return;
-
- if (negotiateauthenticators)
+ if (negotiateauthenticators) {
+ helperStatefulShutdown(negotiateauthenticators);
helperStatefulFree(negotiateauthenticators);
+ negotiateauthenticators = NULL;
+ }
- negotiateauthenticators = NULL;
-
- debugs(29, 2, "negotiateScheme::done: Negotiate authentication Shutdown.");
-}
-
-void
-AuthNegotiateConfig::done()
-{
if (authenticate)
wordlistDestroy(&authenticate);
}
}
-AuthNegotiateConfig::AuthNegotiateConfig() : authenticateChildren(5), keep_alive(1)
+AuthNegotiateConfig::AuthNegotiateConfig() : authenticateChildren(5), keep_alive(1), authenticate(NULL)
{ }
void
const char *
AuthNegotiateConfig::type() const
{
- return negotiateScheme::GetInstance().type();
+ return negotiateScheme::GetInstance()->type();
}
/**
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
-AuthConfig *
-negotiateScheme::createConfig()
-{
- return &negotiateConfig;
-}
-
const char *
AuthNegotiateUserRequest::connLastHeader()
{
-
/*
* $Id$
*
*
*/
-#include "negotiateScheme.h"
+#include "config.h"
+#include "auth/negotiate/negotiateScheme.h"
+#include "helper.h"
-AuthScheme &
+AuthScheme::Pointer
negotiateScheme::GetInstance()
{
- if (_instance == NULL)
+ if (_instance == NULL) {
_instance = new negotiateScheme();
- return *_instance;
-}
-
-negotiateScheme::negotiateScheme()
-{
- AddScheme(*this);
+ AddScheme(_instance);
+ }
+ return _instance;
}
char const *
return "negotiate";
}
-negotiateScheme *negotiateScheme::_instance = NULL;
+AuthScheme::Pointer negotiateScheme::_instance = NULL;
+
+/**
+ \ingroup AuthNegotiateInternal
+ \todo move to negotiateScheme.cc
+ */
+void
+negotiateScheme::done()
+{
+ /* clear the global handle to this scheme. */
+ _instance = NULL;
+
+ debugs(29, 2, "negotiateScheme::done: Negotiate authentication Shutdown.");
+}
+
+AuthConfig *
+negotiateScheme::createConfig()
+{
+ AuthNegotiateConfig *negotiateCfg = new AuthNegotiateConfig;
+ return dynamic_cast<AuthConfig*>(negotiateCfg);
+}
-
/*
* $Id$
*
#define SQUID_NEGOTIATESCHEME_H
#include "auth/Scheme.h"
+#include "auth/negotiate/auth_negotiate.h"
/// \ingroup AuthSchemeAPI
/// \ingroup AuthAPI
{
public:
- static AuthScheme &GetInstance();
- negotiateScheme();
+ static AuthScheme::Pointer GetInstance();
+ negotiateScheme() {};
virtual ~negotiateScheme() {};
/* per scheme */
virtual char const *type () const;
virtual void done();
virtual AuthConfig *createConfig();
+
/* Not implemented */
negotiateScheme (negotiateScheme const &);
negotiateScheme &operator=(negotiateScheme const &);
private:
- static negotiateScheme *_instance;
+ static AuthScheme::Pointer _instance;
};
#endif /* SQUID_negotiateSCHEME_H */
#include "squid.h"
-#include "auth_ntlm.h"
#include "auth/Gadgets.h"
+#include "auth/ntlm/auth_ntlm.h"
+#include "auth/ntlm/ntlmScheme.h"
#include "CacheManager.h"
#include "Store.h"
#include "client_side.h"
#include "HttpReply.h"
#include "HttpRequest.h"
-/* TODO remove this include */
-#include "ntlmScheme.h"
#include "wordlist.h"
#include "SquidTime.h"
static AUTHSSTATS authenticateNTLMStats;
static statefulhelper *ntlmauthenticators = NULL;
-
-CBDATA_TYPE(authenticateStateData);
-
static int authntlm_initialised = 0;
-static auth_ntlm_config ntlmConfig;
+CBDATA_TYPE(authenticateStateData);
static hash_table *proxy_auth_cache = NULL;
*
*/
-/* move to ntlmScheme.cc */
+/* free any allocated configuration details */
void
-ntlmScheme::done()
+AuthNTLMConfig::done()
{
- /* TODO: this should be a Config call. */
- debugs(29, 2, "ntlmScheme::done: shutting down NTLM authentication.");
-
- if (ntlmauthenticators)
- helperStatefulShutdown(ntlmauthenticators);
-
authntlm_initialised = 0;
- if (!shutting_down)
- return;
-
- if (ntlmauthenticators)
+ if (ntlmauthenticators) {
+ helperStatefulShutdown(ntlmauthenticators);
helperStatefulFree(ntlmauthenticators);
+ ntlmauthenticators = NULL;
+ }
- ntlmauthenticators = NULL;
-
- debugs(29, 2, "ntlmScheme::done: NTLM authentication Shutdown.");
-}
-
-/* free any allocated configuration details */
-void
-AuthNTLMConfig::done()
-{
if (authenticate)
wordlistDestroy(&authenticate);
}
}
-AuthNTLMConfig::AuthNTLMConfig() : authenticateChildren(5), keep_alive(1)
+AuthNTLMConfig::AuthNTLMConfig() : authenticateChildren(5), keep_alive(1), authenticate(NULL)
{ }
void
const char *
AuthNTLMConfig::type() const
{
- return ntlmScheme::GetInstance().type();
+ return ntlmScheme::GetInstance()->type();
}
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
debugs(29, 8, "AuthNTLMUserRequest::module_start: auth state is '" << auth_state << "'");
- if (ntlmConfig.authenticate == NULL) {
+ if (static_cast<AuthNTLMConfig*>(AuthConfig::Find("ntlm"))->authenticate == NULL) {
debugs(29, 0, "AuthNTLMUserRequest::module_start: no NTLM program specified.");
handler(data, NULL);
return;
AuthUserRequest::Pointer
AuthNTLMConfig::decode(char const *proxy_auth)
{
- NTLMUser *newUser = new NTLMUser(&ntlmConfig);
+ NTLMUser *newUser = new NTLMUser(AuthConfig::Find("ntlm"));
AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest();
assert(auth_user_request->user() == NULL);
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
-AuthConfig *
-ntlmScheme::createConfig()
-{
- return &ntlmConfig;
-}
-
const char *
AuthNTLMUserRequest::connLastHeader()
{
-
/*
* $Id$
*
*
*/
-#include "ntlmScheme.h"
+#include "config.h"
+#include "auth/ntlm/auth_ntlm.h"
+#include "auth/ntlm/ntlmScheme.h"
+#include "helper.h"
-AuthScheme &
+AuthScheme::Pointer
ntlmScheme::GetInstance()
{
- if (_instance == NULL)
+ if (_instance == NULL) {
_instance = new ntlmScheme();
- return *_instance;
-}
-
-ntlmScheme::ntlmScheme()
-{
- AddScheme(*this);
+ AddScheme(_instance);
+ }
+ return _instance;
}
char const *
return "ntlm";
}
-ntlmScheme *ntlmScheme::_instance = NULL;
+AuthScheme::Pointer ntlmScheme::_instance = NULL;
+
+void
+ntlmScheme::done()
+{
+ /* clear the global handle to this scheme. */
+ _instance = NULL;
+
+ debugs(29, 2, "ntlmScheme::done: NTLM authentication Shutdown.");
+}
+
+AuthConfig *
+ntlmScheme::createConfig()
+{
+ auth_ntlm_config *ntlmCfg = new auth_ntlm_config;
+ return dynamic_cast<AuthConfig*>(ntlmCfg);
+}
#define SQUID_NTLMSCHEME_H
#include "auth/Scheme.h"
+#include "auth/ntlm/auth_ntlm.h"
/// \ingroup AuthSchemeAPI
/// \ingroup AuthAPI
{
public:
- static AuthScheme &GetInstance();
- ntlmScheme();
+ static AuthScheme::Pointer GetInstance();
+ ntlmScheme() {};
virtual ~ntlmScheme() {};
/* per scheme */
virtual char const *type () const;
virtual void done();
virtual AuthConfig *createConfig();
+
/* Not implemented */
ntlmScheme (ntlmScheme const &);
ntlmScheme &operator=(ntlmScheme const &);
private:
- static ntlmScheme *_instance;
+ /**
+ * Main instance of this authentication Scheme.
+ * NULL when the scheme is not being used.
+ */
+ static AuthScheme::Pointer _instance;
};
#endif /* SQUID_ntlmSCHEME_H */
int err_count = 0;
CacheManager *manager=CacheManager::GetInstance();
+ debugs(5, 4, HERE);
+
configFreeMemory();
ACLMethodData::ThePurgeCount = 0;
}
static void
-parse_authparam(authConfig * config)
+parse_authparam(Auth::authConfig * config)
{
char *type_str;
char *param_str;
if ((param_str = strtok(NULL, w_space)) == NULL)
self_destruct();
- /* find a configuration for the scheme */
- AuthConfig *scheme = AuthConfig::Find (type_str);
+ /* find a configuration for the scheme in the currently parsed configs... */
+ AuthConfig *schemeCfg = AuthConfig::Find(type_str);
- if (scheme == NULL) {
- /* Create a configuration */
- AuthScheme *theScheme;
+ if (schemeCfg == NULL) {
+ /* Create a configuration based on the scheme info */
+ AuthScheme::Pointer theScheme = AuthScheme::Find(type_str);
- if ((theScheme = AuthScheme::Find(type_str)) == NULL) {
- debugs(3, 0, "Parsing Config File: Unknown authentication scheme '" << type_str << "'.");
- return;
+ if (theScheme == NULL) {
+ debugs(3, DBG_CRITICAL, "Parsing Config File: Unknown authentication scheme '" << type_str << "'.");
+ self_destruct();
}
config->push_back(theScheme->createConfig());
- scheme = config->back();
- assert (scheme);
+ schemeCfg = AuthConfig::Find(type_str);
+ if (schemeCfg == NULL) {
+ debugs(3, DBG_CRITICAL, "Parsing Config File: Corruption configuring authentication scheme '" << type_str << "'.");
+ self_destruct();
+ }
}
- scheme->parse(scheme, config->size(), param_str);
+ schemeCfg->parse(schemeCfg, config->size(), param_str);
}
static void
-free_authparam(authConfig * cfg)
+free_authparam(Auth::authConfig * cfg)
{
- AuthConfig *scheme;
- /* DON'T FREE THESE FOR RECONFIGURE */
-
- if (reconfiguring)
- return;
+ /* Wipe the Auth globals and Detach/Destruct component config + state. */
+ cfg->clean();
+ /* remove our pointers to the probably-dead sub-configs */
while (cfg->size()) {
- scheme = cfg->pop_back();
- scheme->done();
+ cfg->pop_back();
+ }
+
+ /* on reconfigure initialize new auth schemes for the new config. */
+ if(reconfiguring) {
+ InitAuthSchemes();
}
}
NAME: auth_param
TYPE: authparam
-LOC: Config.authConfiguration
+LOC: Auth::TheConfig
DEFAULT: none
DOC_START
This is used to define parameters for the various authentication
"static void\n"
"dump_config(StoreEntry *entry)\n"
"{\n"
+ " debugs(5, 4, HERE);\n"
);
for (entry = head; entry != NULL; entry = entry->next) {
"static void\n"
"free_all(void)\n"
"{\n"
+ " debugs(5, 4, HERE);\n"
);
for (entry = head; entry != NULL; entry = entry->next) {
#endif
redirectShutdown();
- authenticateShutdown();
+ authenticateShutdown(); /* destroys any unused auth schemas */
+ InitAuthSchemes(); /* create new ones required for config parsing */
+
externalAclShutdown();
storeDirCloseSwapLogs();
storeLogClose();
#endif
redirectInit();
- authenticateInit(&Config.authConfiguration);
+ authenticateInit(&Auth::TheConfig);
externalAclInit();
#if USE_WCCP
dnsShutdown();
#endif
redirectShutdown();
- authenticateShutdown();
+
+ /* TODO: should only terminate the helpers they are using. nothing else. */
+ authenticateShutdown(); /* destroys any unused auth schemas */
+ InitAuthSchemes(); /* create new ones required for config parsing */
+
externalAclShutdown();
_db_rotate_log(); /* cache.log */
dnsInit();
#endif
redirectInit();
- authenticateInit(&Config.authConfiguration);
+ authenticateInit(&Auth::TheConfig);
externalAclInit();
}
redirectInit();
- authenticateInit(&Config.authConfiguration);
+ authenticateInit(&Auth::TheConfig);
externalAclInit();
/* we may want the parsing process to set this up in the future */
Store::Root(new StoreController);
+ InitAuthSchemes(); /* required for config parsing */
+
parse_err = parseConfigFile(ConfigFile);
Mem::Report();
/* upstream proxy authentication */
SQUIDCEXTERN char *peer_proxy_negotiate_auth(char *principal_name, char *proxy);
#endif
+
+/* call to ensure the auth component schemes exist. */
+SQUIDCEXTERN void InitAuthSchemes(void);
+
#endif /* SQUID_PROTOS_H */
#endif
} accessList;
acl_deny_info_list *denyInfoList;
- authConfig authConfiguration;
struct {
size_t list_width;
AuthConfig *
getConfig(char const *type_str)
{
- Vector<AuthConfig *> &config = Config.authConfiguration;
+ Auth::authConfig &config = Auth::TheConfig;
/* find a configuration for the scheme */
- AuthConfig *scheme = AuthConfig::Find (type_str);
+ AuthConfig *scheme = AuthConfig::Find(type_str);
if (scheme == NULL) {
/* Create a configuration */
- AuthScheme *theScheme;
+ AuthScheme::Pointer theScheme = AuthScheme::Find(type_str);
- if ((theScheme = AuthScheme::Find(type_str)) == NULL) {
+ if (theScheme == NULL) {
return NULL;
//fatalf("Unknown authentication scheme '%s'.\n", type_str);
}
void
setup_scheme(AuthConfig *scheme, char const **params, unsigned param_count)
{
- Vector<AuthConfig *> &config = Config.authConfiguration;
+ Auth::authConfig &config = Auth::TheConfig;
for (unsigned position=0; position < param_count; position++) {
char *param_str=xstrdup(params[position]);
Mem::Init();
- Vector<AuthConfig *> &config = Config.authConfiguration;
+ Auth::authConfig &config = Auth::TheConfig;
char const *digest_parms[]= {"program /home/robertc/install/squid/libexec/digest_pw_auth /home/robertc/install/squid/etc/digest.pwd",
"realm foo"
Debug::Levels[29]=9;
fake_auth_setup();
- for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i) {
+ for (AuthScheme::iterator i = AuthScheme::GetSchemes().begin(); i != AuthScheme::GetSchemes().end(); ++i) {
AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type()));
CPPUNIT_ASSERT(authRequest != NULL);
}
Debug::Levels[29]=9;
fake_auth_setup();
- for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i) {
+ for (AuthScheme::iterator i = AuthScheme::GetSchemes().begin(); i != AuthScheme::GetSchemes().end(); ++i) {
// create a user request
// check its scheme matches *i
AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type()));
mem_hdr_test_LDADD = $(top_builddir)/src/stmem.o \
$(top_builddir)/src/mem_node.o $(LDADD)
MemPoolTest_SOURCES = MemPoolTest.cc
-refcount_SOURCES = refcount.cc
+refcount_SOURCES = refcount.cc $(DEBUG_SOURCE)
splay_SOURCES = splay.cc
projects / thirdparty / squid.git / commitdiff
