#include "auth/Config.h"
#include "auth/UserRequest.h"
-Auth::authConfig Auth::TheConfig;
+Auth::ConfigVector Auth::TheConfig;
/**
- * Get Auth User: Return a filled out auth_user structure for the given
- * Proxy Auth (or Auth) header. It may be a cached Auth User or a new
- * Unauthenticated structure. The structure is given an initial lock here.
+ * Get an User credentials object filled out for the given Proxy- or WWW-Authenticate header.
+ * Any decoding which needs to be done will be done.
+ *
+ * It may be a cached AuthUser or a new Unauthenticated object.
* It may also be NULL reflecting that no user could be created.
*/
AuthUserRequest::Pointer
-AuthConfig::CreateAuthUser(const char *proxy_auth)
+Auth::Config::CreateAuthUser(const char *proxy_auth)
{
assert(proxy_auth != NULL);
- debugs(29, 9, "AuthConfig::CreateAuthUser: header = '" << proxy_auth << "'");
+ debugs(29, 9, HERE << "header = '" << proxy_auth << "'");
- AuthConfig *config = Find(proxy_auth);
+ Auth::Config *config = Find(proxy_auth);
if (config == NULL || !config->active()) {
debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") <<
return config->decode(proxy_auth);
}
-AuthConfig *
-AuthConfig::Find(const char *proxy_auth)
+Auth::Config *
+Auth::Config::Find(const char *proxy_auth)
{
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0)
return *i;
return NULL;
}
-/* Default behaviour is to expose nothing */
+/** Default behaviour is to expose nothing */
void
-AuthConfig::registerWithCacheManager(void)
+Auth::Config::registerWithCacheManager(void)
{}
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
*
*/
-#ifndef SQUID_AUTHCONFIG_H
-#define SQUID_AUTHCONFIG_H
+#ifndef SQUID_AUTH_CONFIG_H
+#define SQUID_AUTH_CONFIG_H
#if USE_AUTH
/* for http_hdr_type parameters-by-value */
#include "HttpHeader.h"
+namespace Auth
+{
/**
- \ingroup AuthAPI
- \par
+ * \ingroup AuthAPI
+ * \par
* I am the configuration for an auth scheme.
* Currently each scheme has only one instance of me,
* but this may change.
- \par
+ * \par
* This class is treated like a ref counted class.
* If the children ever stop being singletons, implement the
* ref counting...
*/
-class AuthConfig
+class Config
{
public:
static AuthUserRequest::Pointer CreateAuthUser(const char *proxy_auth);
- static AuthConfig *Find(const char *proxy_auth);
- AuthConfig() : authenticateChildren(20), authenticateProgram(NULL) {}
+ static Config *Find(const char *proxy_auth);
+ Config() : authenticateChildren(20), authenticateProgram(NULL) {}
- virtual ~AuthConfig() {}
+ virtual ~Config() {}
/**
* Used by squid to determine whether the auth module has successfully initialised itself with the current configuration.
* Responsible for writing to the StoreEntry the configuration parameters that a user
* would put in a config file to recreate the running configuration.
*/
- virtual void dump(StoreEntry *, const char *, AuthConfig *) = 0;
+ virtual void dump(StoreEntry *, const char *, Config *) = 0;
/** add headers as needed when challenging for auth */
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0;
+
/** prepare to handle requests */
- virtual void init(AuthConfig *) = 0;
+ virtual void init(Config *) = 0;
+
/** expose any/all statistics to a CacheManager */
virtual void registerWithCacheManager(void);
+
/** parse config options */
- virtual void parse(AuthConfig *, int, char *) = 0;
+ virtual void parse(Config *, int, char *) = 0;
+
/** the http string id */
virtual const char * type() const = 0;
wordlist *authenticateProgram; ///< Helper program to run, includes all parameters
};
-namespace Auth
-{
-
-typedef Vector<AuthConfig *> authConfig;
+typedef Vector<Config *> ConfigVector;
-extern authConfig TheConfig;
+extern ConfigVector TheConfig;
} // namespace Auth
{
int rv = 0;
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if ((*i)->configured())
++rv;
}
static void
-authenticateRegisterWithCacheManager(Auth::authConfig * config)
+authenticateRegisterWithCacheManager(Auth::ConfigVector * config)
{
- for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) {
- AuthConfig *scheme = *i;
+ for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) {
+ Auth::Config *scheme = *i;
scheme->registerWithCacheManager();
}
}
void
-authenticateInit(Auth::authConfig * config)
+authenticateInit(Auth::ConfigVector * config)
{
/* Do this first to clear memory and remove dead state on a reconfigure */
if (proxy_auth_username_cache)
if (!config)
return;
- for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) {
- AuthConfig *schemeCfg = *i;
+ for (Auth::ConfigVector::iterator i = config->begin(); i != config->end(); ++i) {
+ Auth::Config *schemeCfg = *i;
if (schemeCfg->configured())
schemeCfg->init(schemeCfg);
void
authenticateRotate(void)
{
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i)
if ((*i)->configured())
(*i)->rotateHelpers();
}
typedef void AUTHSSTATS(StoreEntry *);
/// \ingroup AuthAPI
-extern void authenticateInit(Auth::authConfig *);
+extern void authenticateInit(Auth::ConfigVector *);
/** \ingroup AuthAPI
* Remove all idle authentication state. Intended for use by reconfigure.
#include "Array.h"
#include "RefCount.h"
-class AuthConfig;
-
/**
\defgroup AuthSchemeAPI Authentication Scheme API
\ingroup AuthAPI
namespace Auth
{
+class Config;
+
/**
* \ingroup AuthAPI
* \ingroup AuthSchemeAPI
* store the scheme metadata.
* \par
* Should we need multiple configs of a single scheme,
- * a new class AuthConfiguration should be made, and the
- * config specific calls on Auth::Scheme moved to it.
+ * a new class should be made, and the config specific calls on Auth::Scheme moved to it.
*/
class Scheme : public RefCountable
{
/* per scheme methods */
virtual char const *type() const = 0;
virtual void shutdownCleanup() = 0;
- virtual AuthConfig *createConfig() = 0;
+ virtual Auth::Config *createConfig() = 0;
// Not implemented
Scheme(Scheme const &);
const char *CredentialsState_str[] = { "Unchecked", "Ok", "Pending", "Handshake", "Failed" };
-AuthUser::AuthUser(AuthConfig *aConfig) :
+AuthUser::AuthUser(Auth::Config *aConfig) :
auth_type(Auth::AUTH_UNKNOWN),
config(aConfig),
ipcount(0),
#include "ip/Address.h"
#include "RefCount.h"
-class AuthConfig;
class AuthUserHashPointer;
class StoreEntry;
+namespace Auth
+{
+class Config;
+}
+
/**
* \ingroup AuthAPI
* This is the main user related structure. It stores user-related data,
/** \deprecated this determines what scheme owns the user data. */
Auth::Type auth_type;
/** the config for this user */
- AuthConfig *config;
+ Auth::Config *config;
/** we may have many proxy-authenticate strings that decode to the same user */
dlink_list proxy_auth_list;
dlink_list proxy_match_cache;
CredentialsState credentials_state;
protected:
- AuthUser(AuthConfig *);
+ AuthUser(Auth::Config *);
private:
/**
debugs(29, 9, HERE << "This is a new checklist test on FD:" << (conn != NULL ? conn->fd : -1) );
if (proxy_auth && request->auth_user_request == NULL && conn != NULL && conn->auth_user_request != NULL) {
- AuthConfig * scheme = AuthConfig::Find(proxy_auth);
+ Auth::Config * scheme = Auth::Config::Find(proxy_auth);
if (conn->auth_user_request->user() == NULL || conn->auth_user_request->user()->config != scheme) {
debugs(29, 1, "WARNING: Unexpected change of authentication scheme from '" <<
/* beginning of a new request check */
debugs(29, 4, HERE << "No connection authentication type");
- *auth_user_request = AuthConfig::CreateAuthUser(proxy_auth);
+ *auth_user_request = Auth::Config::CreateAuthUser(proxy_auth);
if (*auth_user_request == NULL)
return AUTH_ACL_CHALLENGE;
else if (!(*auth_user_request)->valid()) {
else {
/* call each configured & running authscheme */
- for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) {
- AuthConfig *scheme = *i;
+ for (Auth::ConfigVector::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) {
+ Auth::Config *scheme = *i;
if (scheme->active())
scheme->fixHeader(NULL, rep, type, request);
#include "auth/basic/Scheme.h"
#include "helper.h"
-/* for AuthConfig */
+/* for Auth::Config */
#include "auth/basic/auth_basic.h"
Auth::Scheme::Pointer Auth::Basic::Scheme::_instance = NULL;
debugs(29, DBG_CRITICAL, "Shutdown: Basic authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Basic::Scheme::createConfig()
{
AuthBasicConfig *newCfg = new AuthBasicConfig;
- return dynamic_cast<AuthConfig*>(newCfg);
+ return dynamic_cast<Auth::Config*>(newCfg);
}
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme(Scheme const &);
Scheme &operator=(Scheme const &);
return;
/* are we about to recheck the credentials externally? */
- if ((user()->expiretime + static_cast<AuthBasicConfig*>(AuthConfig::Find("basic"))->credentialsTTL) <= squid_curtime) {
+ if ((user()->expiretime + static_cast<AuthBasicConfig*>(Auth::Config::Find("basic"))->credentialsTTL) <= squid_curtime) {
debugs(29, 4, HERE << "credentials expired - rechecking");
return;
}
return -1;
case AuthUser::Ok:
- if (user()->expiretime + static_cast<AuthBasicConfig*>(AuthConfig::Find("basic"))->credentialsTTL <= squid_curtime)
+ if (user()->expiretime + static_cast<AuthBasicConfig*>(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime)
return -1;
return 0;
assert(basic_auth != NULL);
debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'");
- if (static_cast<AuthBasicConfig*>(AuthConfig::Find("basic"))->authenticateProgram == NULL) {
+ if (static_cast<AuthBasicConfig*>(Auth::Config::Find("basic"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Basic authentication program configured.");
handler(data, NULL);
return;
}
void
-AuthBasicConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+AuthBasicConfig::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
storeAppendPrintf(entry, "%s %s", name, "basic");
}
void
-AuthBasicConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+AuthBasicConfig::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
return NULL;
}
-BasicUser::BasicUser(AuthConfig *aConfig) :
+BasicUser::BasicUser(Auth::Config *aConfig) :
AuthUser(aConfig),
passwd(NULL),
auth_queue(NULL),
/** Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-AuthBasicConfig::init(AuthConfig * schemeCfg)
+AuthBasicConfig::init(Auth::Config * schemeCfg)
{
if (authenticateProgram) {
authbasic_initialised = 1;
public:
MEMPROXY_CLASS(BasicUser);
- BasicUser(AuthConfig *);
+ BasicUser(Auth::Config *);
~BasicUser();
bool authenticated() const;
void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data);
/* configuration runtime data */
-class AuthBasicConfig : public AuthConfig
+class AuthBasicConfig : public Auth::Config
{
public:
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
void decode(char const *httpAuthHeader, AuthUserRequest::Pointer);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
debugs(29, DBG_CRITICAL, "Shutdown: Digest authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Digest::Scheme::createConfig()
{
AuthDigestConfig *digestCfg = new AuthDigestConfig;
- return dynamic_cast<AuthConfig*>(digestCfg);
+ return dynamic_cast<Auth::Config*>(digestCfg);
}
void
/* per scheme */
virtual char const *type () const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme(Scheme const &);
return;
}
- if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->PostWorkaround && request->method != METHOD_GET) {
+ if (static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->PostWorkaround && request->method != METHOD_GET) {
/* Ugly workaround for certain very broken browsers using the
* wrong method to calculate the request-digest on POST request.
* This should be deleted once Digest authentication becomes more
return;
#endif
- if ((static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
+ if ((static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
flags.authinfo_sent = 1;
debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST);
debugs(29, 9, "authenticateStart: '\"" << user()->username() << "\":\"" << realm << "\"'");
- if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->authenticateProgram == NULL) {
+ if (static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured.");
handler(data, NULL);
return;
r->handler = handler;
r->data = cbdataReference(data);
r->auth_user_request = static_cast<AuthUserRequest*>(this);
- if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->utf8) {
+ if (static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->utf8) {
char userstr[1024];
latin1_to_utf8(userstr, sizeof(userstr), user()->username());
snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm);
if (!digest_nonce_cache) {
digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(digest_nonce_cache);
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->nonceGCInterval, 1);
+ eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
}
}
debugs(29, 3, "authenticateDigestNonceCacheCleanup: Finished cleaning the nonce cache.");
- if (static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->active())
- eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->nonceGCInterval, 1);
+ if (static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->active())
+ eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->nonceGCInterval, 1);
}
static void
}
/* is the nonce-count ok ? */
- if (!static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->CheckNonceCount) {
+ if (!static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->CheckNonceCount) {
nonce->nc++;
return -1; /* forced OK by configuration */
}
- if ((static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) ||
+ if ((static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) ||
intnc < nonce->nc + 1) {
debugs(29, 4, "authDigestNonceIsValid: Nonce count doesn't match");
nonce->flags.valid = 0;
return -1;
/* has it's max duration expired? */
- if (nonce->noncedata.creationtime + static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxduration < current_time.tv_sec) {
+ if (nonce->noncedata.creationtime + static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->noncemaxduration < current_time.tv_sec) {
debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " <<
nonce->noncedata.creationtime << " " <<
- static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxduration << " " <<
+ static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->noncemaxduration << " " <<
current_time.tv_sec);
nonce->flags.valid = 0;
return -1;
}
- if (nonce->nc > static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxuses) {
+ if (nonce->nc > static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->noncemaxuses) {
debugs(29, 4, "authDigestNoncelastRequest: Nonce count over user limit");
nonce->flags.valid = 0;
return -1;
return -1;
}
- if (nonce->nc >= static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxuses - 1) {
+ if (nonce->nc >= static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->noncemaxuses - 1) {
debugs(29, 4, "authDigestNoncelastRequest: Nonce count about to hit user limit");
return -1;
}
}
void
-AuthDigestConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+AuthDigestConfig::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
debugs(29, 9, "authDigestCfgDump: Dumping configuration");
if (latest_nonce == -1)
return min(-1, global_ttl);
- int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast<AuthDigestConfig*>(AuthConfig::Find("digest"))->noncemaxduration;
+ int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast<AuthDigestConfig*>(Auth::Config::Find("digest"))->noncemaxduration;
return min(nonce_ttl, global_ttl);
}
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-AuthDigestConfig::init(AuthConfig * scheme)
+AuthDigestConfig::init(Auth::Config * scheme)
{
if (authenticateProgram) {
DigestFieldsInfo = httpHeaderBuildFieldsInfo(DigestAttrs, DIGEST_ENUM_END);
}
void
-AuthDigestConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+AuthDigestConfig::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
/* log the username */
debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'");
- AuthUser::Pointer digest_user = new DigestUser(static_cast<AuthDigestConfig*>(AuthConfig::Find("digest")));
+ AuthUser::Pointer digest_user = new DigestUser(static_cast<AuthDigestConfig*>(Auth::Config::Find("digest")));
/* save the credentials */
digest_user->username(username);
/* set the auth_user type */
return digest_request;
}
-DigestUser::DigestUser(AuthConfig *aConfig) : AuthUser(aConfig), HA1created (0)
+DigestUser::DigestUser(Auth::Config *aConfig) : AuthUser(aConfig), HA1created (0)
{}
public:
MEMPROXY_CLASS(DigestUser);
- DigestUser(AuthConfig *);
+ DigestUser(Auth::Config *);
~DigestUser();
int authenticated() const;
/* configuration runtime data */
-class AuthDigestConfig : public AuthConfig
+class AuthDigestConfig : public Auth::Config
{
public:
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
+
+public:
char *digestAuthRealm;
time_t nonceGCInterval;
time_t noncemaxduration;
debugs(29, DBG_CRITICAL, "Shutdown: Negotiate authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Negotiate::Scheme::createConfig()
{
AuthNegotiateConfig *negotiateCfg = new AuthNegotiateConfig;
- return dynamic_cast<AuthConfig*>(negotiateCfg);
+ return dynamic_cast<Auth::Config*>(negotiateCfg);
}
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme (Scheme const &);
debugs(29, 8, HERE << "auth state is '" << user()->credentials() << "'");
- if (static_cast<AuthNegotiateConfig*>(AuthConfig::Find("negotiate"))->authenticateProgram == NULL) {
+ if (static_cast<AuthNegotiateConfig*>(Auth::Config::Find("negotiate"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Negotiate authentication program configured.");
handler(data, NULL);
return;
}
void
-AuthNegotiateConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+AuthNegotiateConfig::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
storeAppendPrintf(entry, "%s %s", name, "negotiate");
{ }
void
-AuthNegotiateConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+AuthNegotiateConfig::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
* Called AFTER parsing the config file
*/
void
-AuthNegotiateConfig::init(AuthConfig * scheme)
+AuthNegotiateConfig::init(Auth::Config * scheme)
{
if (authenticateProgram) {
return auth_user_request;
}
-NegotiateUser::NegotiateUser(AuthConfig *aConfig) : AuthUser (aConfig)
+NegotiateUser::NegotiateUser(Auth::Config *aConfig) : AuthUser(aConfig)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
public:
MEMPROXY_CLASS(NegotiateUser);
- NegotiateUser(AuthConfig *);
+ NegotiateUser(Auth::Config *);
~NegotiateUser();
virtual int32_t ttl() const;
/* configuration runtime data */
/// \ingroup AuthNegotiateAPI
-class AuthNegotiateConfig : public AuthConfig
+class AuthNegotiateConfig : public Auth::Config
{
public:
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
int keep_alive;
debugs(29, DBG_CRITICAL, "Shutdown: NTLM authentication.");
}
-AuthConfig *
+Auth::Config *
Auth::Ntlm::Scheme::createConfig()
{
auth_ntlm_config *ntlmCfg = new auth_ntlm_config;
- return dynamic_cast<AuthConfig*>(ntlmCfg);
+ return dynamic_cast<Auth::Config*>(ntlmCfg);
}
/* per scheme */
virtual char const *type() const;
virtual void shutdownCleanup();
- virtual AuthConfig *createConfig();
+ virtual Auth::Config *createConfig();
/* Not implemented */
Scheme (Scheme const &);
debugs(29, 8, HERE << "credentials state is '" << user()->credentials() << "'");
- if (static_cast<AuthNTLMConfig*>(AuthConfig::Find("ntlm"))->authenticateProgram == NULL) {
+ if (static_cast<AuthNTLMConfig*>(Auth::Config::Find("ntlm"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: NTLM Start: no NTLM program configured.");
handler(data, NULL);
return;
}
void
-AuthNTLMConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme)
+AuthNTLMConfig::dump(StoreEntry * entry, const char *name, Auth::Config * scheme)
{
wordlist *list = authenticateProgram;
storeAppendPrintf(entry, "%s %s", name, "ntlm");
{ }
void
-AuthNTLMConfig::parse(AuthConfig * scheme, int n_configured, char *param_str)
+AuthNTLMConfig::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
if (strcasecmp(param_str, "program") == 0) {
if (authenticateProgram)
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
* config file */
void
-AuthNTLMConfig::init(AuthConfig * scheme)
+AuthNTLMConfig::init(Auth::Config * scheme)
{
if (authenticateProgram) {
AuthUserRequest::Pointer
AuthNTLMConfig::decode(char const *proxy_auth)
{
- NTLMUser *newUser = new NTLMUser(AuthConfig::Find("ntlm"));
+ NTLMUser *newUser = new NTLMUser(Auth::Config::Find("ntlm"));
AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest();
assert(auth_user_request->user() == NULL);
return auth_user_request;
}
-NTLMUser::NTLMUser (AuthConfig *aConfig) : AuthUser (aConfig)
+NTLMUser::NTLMUser(Auth::Config *aConfig) : AuthUser(aConfig)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
public:
MEMPROXY_CLASS(NTLMUser);
- NTLMUser(AuthConfig *);
+ NTLMUser(Auth::Config *);
~NTLMUser();
virtual int32_t ttl() const;
/* configuration runtime data */
-class AuthNTLMConfig : public AuthConfig
+class AuthNTLMConfig : public Auth::Config
{
public:
virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
- virtual void dump(StoreEntry *, const char *, AuthConfig *);
+ virtual void dump(StoreEntry *, const char *, Auth::Config *);
virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
- virtual void init(AuthConfig *);
- virtual void parse(AuthConfig *, int, char *);
+ virtual void init(Auth::Config *);
+ virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
int keep_alive;
* state will be preserved.
*/
if (Config.onoff.pipeline_prefetch) {
- AuthConfig *nego = AuthConfig::Find("Negotiate");
- AuthConfig *ntlm = AuthConfig::Find("NTLM");
+ Auth::Config *nego = Auth::Config::Find("Negotiate");
+ Auth::Config *ntlm = Auth::Config::Find("NTLM");
if ((nego && nego->active()) || (ntlm && ntlm->active())) {
debugs(3, DBG_IMPORTANT, "WARNING: pipeline_prefetch breaks NTLM and Negotiate authentication. Forced OFF.");
Config.onoff.pipeline_prefetch = 0;
#if USE_AUTH
static void
-parse_authparam(Auth::authConfig * config)
+parse_authparam(Auth::ConfigVector * config)
{
char *type_str;
char *param_str;
self_destruct();
/* find a configuration for the scheme in the currently parsed configs... */
- AuthConfig *schemeCfg = AuthConfig::Find(type_str);
+ Auth::Config *schemeCfg = Auth::Config::Find(type_str);
if (schemeCfg == NULL) {
/* Create a configuration based on the scheme info */
}
config->push_back(theScheme->createConfig());
- schemeCfg = AuthConfig::Find(type_str);
+ schemeCfg = Auth::Config::Find(type_str);
if (schemeCfg == NULL) {
debugs(3, DBG_CRITICAL, "Parsing Config File: Corruption configuring authentication scheme '" << type_str << "'.");
self_destruct();
}
static void
-free_authparam(Auth::authConfig * cfg)
+free_authparam(Auth::ConfigVector * cfg)
{
/* Wipe the Auth globals and Detach/Destruct component config + state. */
cfg->clean();
}
static void
-dump_authparam(StoreEntry * entry, const char *name, authConfig cfg)
+dump_authparam(StoreEntry * entry, const char *name, Auth::ConfigVector cfg)
{
- for (authConfig::iterator i = cfg.begin(); i != cfg.end(); ++i)
+ for (Auth::ConfigVector::iterator i = cfg.begin(); i != cfg.end(); ++i)
(*i)->dump(entry, name, (*i));
}
#endif /* USE_AUTH */
}
static
-AuthConfig *
+Auth::Config *
getConfig(char const *type_str)
{
- Auth::authConfig &config = Auth::TheConfig;
+ Auth::ConfigVector &config = Auth::TheConfig;
/* find a configuration for the scheme */
- AuthConfig *scheme = AuthConfig::Find(type_str);
+ Auth::Config *scheme = Auth::Config::Find(type_str);
if (scheme == NULL) {
/* Create a configuration */
static
void
-setup_scheme(AuthConfig *scheme, char const **params, unsigned param_count)
+setup_scheme(Auth::Config *scheme, char const **params, unsigned param_count)
{
- Auth::authConfig &config = Auth::TheConfig;
+ Auth::ConfigVector &config = Auth::TheConfig;
for (unsigned position=0; position < param_count; position++) {
char *param_str=xstrdup(params[position]);
Mem::Init();
- Auth::authConfig &config = Auth::TheConfig;
+ Auth::ConfigVector &config = Auth::TheConfig;
char const *digest_parms[]= {"program /home/robertc/install/squid/libexec/digest_pw_auth /home/robertc/install/squid/etc/digest.pwd",
"realm foo"
};
for (unsigned scheme=0; scheme < 4; scheme++) {
- AuthConfig *schemeConfig;
+ Auth::Config *schemeConfig;
schemeConfig = getConfig(params[scheme].name);
if (schemeConfig != NULL)
setup_scheme(schemeConfig, params[scheme].params,
setup=true;
}
-/* AuthConfig::CreateAuthUser works for all
+/* Auth::Config::CreateAuthUser works for all
* authentication types
*/
void
fake_auth_setup();
for (Auth::Scheme::iterator i = Auth::Scheme::GetSchemes().begin(); i != Auth::Scheme::GetSchemes().end(); ++i) {
- AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type()));
+ AuthUserRequest::Pointer authRequest = Auth::Config::CreateAuthUser(find_proxy_auth((*i)->type()));
CPPUNIT_ASSERT(authRequest != NULL);
}
}
for (Auth::Scheme::iterator i = Auth::Scheme::GetSchemes().begin(); i != Auth::Scheme::GetSchemes().end(); ++i) {
// create a user request
// check its scheme matches *i
- AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type()));
+ AuthUserRequest::Pointer authRequest = Auth::Config::CreateAuthUser(find_proxy_auth((*i)->type()));
CPPUNIT_ASSERT_EQUAL(authRequest->scheme(), *i);
}
}
testAuthBasicUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthBasicUserRequest();
- BasicUser *basic_auth=new BasicUser(AuthConfig::Find("basic"));
+ BasicUser *basic_auth=new BasicUser(Auth::Config::Find("basic"));
basic_auth->username("John");
temp->user(basic_auth);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
testAuthDigestUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthDigestUserRequest();
- DigestUser *duser=new DigestUser(AuthConfig::Find("digest"));
+ DigestUser *duser=new DigestUser(Auth::Config::Find("digest"));
duser->username("John");
temp->user(duser);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
testAuthNTLMUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthNTLMUserRequest();
- NTLMUser *nuser=new NTLMUser(AuthConfig::Find("ntlm"));
+ NTLMUser *nuser=new NTLMUser(Auth::Config::Find("ntlm"));
nuser->username("John");
temp->user(nuser);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
testAuthNegotiateUserRequest::username()
{
AuthUserRequest::Pointer temp = new AuthNegotiateUserRequest();
- NegotiateUser *nuser=new NegotiateUser(AuthConfig::Find("negotiate"));
+ NegotiateUser *nuser=new NegotiateUser(Auth::Config::Find("negotiate"));
nuser->username("John");
temp->user(nuser);
CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));
/// \deprecated Use AuthUserHashPointer instead.
typedef struct AuthUserHashPointer auth_user_hash_pointer;
-/* temporary: once Config is fully hidden, this shouldn't be needed */
-#include "Array.h"
-
-class AuthConfig;
-typedef Vector<AuthConfig *> authConfig;
-
struct http_port_list;
struct https_port_list;
projects / thirdparty / squid.git / commitdiff
