ssluser(NULL),
#endif
port(NULL) {
- ;
+ caddr.setNoAddr();
}
Ip::Address caddr;
#endif
// do full route options selection
- peerSelect(&serverDestinations, request, entry, fwdPeerSelectionCompleteWrapper, this);
+ peerSelect(&serverDestinations, request, al, entry, fwdPeerSelectionCompleteWrapper, this);
}
#if STRICT_ORIGINAL_DST
#ifndef SQUID_PEERSELECTSTATE_H
#define SQUID_PEERSELECTSTATE_H
+#include "AccessLogEntry.h"
#include "acl/Checklist.h"
#include "base/Vector.h"
#include "cbdata.h"
typedef void PSC(Comm::ConnectionList *, ErrorState *, void *);
-void peerSelect(Comm::ConnectionList *, HttpRequest *, StoreEntry *, PSC *, void *data);
+void peerSelect(Comm::ConnectionList *, HttpRequest *, AccessLogEntry::Pointer const&, StoreEntry *, PSC *, void *data);
void peerSelectInit(void);
/**
const char * url() const;
HttpRequest *request;
+ AccessLogEntry::Pointer al; ///< info for the future access.log entry
StoreEntry *entry;
allow_t always_direct;
allow_t never_direct;
#ifndef SQUID_ACLFILLED_CHECKLIST_H
#define SQUID_ACLFILLED_CHECKLIST_H
+#include "AccessLogEntry.h"
#include "acl/Checklist.h"
#include "acl/forward.h"
#include "ip/Address.h"
Ssl::X509_Pointer serverCert;
#endif
+ AccessLogEntry::Pointer al; ///< info for the future access.log entry
+
ExternalACLEntry *extacl_entry;
private:
acl_checklist = new ACLFilledChecklist(r->acl, filter.request, dash_str);
if ((acl_checklist->reply = filter.reply))
HTTPMSGLOCK(acl_checklist->reply);
+ acl_checklist->al = filter.al;
acl_checklist->nonBlockingCheck(AccessCheckCallbackWrapper, this);
return;
}
/* Note: this fills in auth_user_request when applicable */
const AuthAclState result = Auth::UserRequest::tryToAuthenticateAndSetAuthUser(
&checklist->auth_user_request, headertype, request,
- checklist->conn(), checklist->src_addr);
+ checklist->conn(), checklist->src_addr, checklist->al);
switch (result) {
case AUTH_ACL_CANNOT_AUTHENTICATE:
/* make sure someone created auth_user_request for us */
assert(checklist->auth_user_request != NULL);
assert(checklist->auth_user_request->valid());
- checklist->auth_user_request->start(LookupDone, checklist);
+ checklist->auth_user_request->start(checklist->request, checklist->al, LookupDone, checklist);
}
void
#include "squid.h"
#include "auth/Config.h"
#include "auth/UserRequest.h"
+#include "cache_cf.h"
+#include "ConfigParser.h"
#include "Debug.h"
+#include "format/Format.h"
#include "globals.h"
+#include "Store.h"
Auth::ConfigVector Auth::TheConfig;
* It may also be NULL reflecting that no user could be created.
*/
Auth::UserRequest::Pointer
-Auth::Config::CreateAuthUser(const char *proxy_auth)
+Auth::Config::CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al)
{
assert(proxy_auth != NULL);
debugs(29, 9, HERE << "header = '" << proxy_auth << "'");
"Unsupported or unconfigured/inactive proxy-auth scheme, '" << proxy_auth << "'");
return NULL;
}
+ static MemBuf rmb;
+ rmb.reset();
+ if (config->keyExtras) {
+ // %credentials and %username, which normally included in
+ // request_format, are - at this time, but that is OK
+ // because user name is added to key explicitly, and we do
+ // not want to store authenticated credentials at all.
+ config->keyExtras->assemble(rmb, al, 0);
+ }
- return config->decode(proxy_auth);
+ return config->decode(proxy_auth, rmb.hasContent() ? rmb.content() : NULL);
}
Auth::Config *
void
Auth::Config::registerWithCacheManager(void)
{}
+
+void
+Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
+{
+ if (strcmp(param_str, "key_extras") == 0) {
+ keyExtrasLine = ConfigParser::NextQuotedToken();
+ Format::Format *nlf = new ::Format::Format(scheme->type());
+ if (!nlf->parse(keyExtrasLine.termedBuf())) {
+ debugs(29, DBG_CRITICAL, "FATAL: Failed parsing key_extras formatting value");
+ self_destruct();
+ return;
+ }
+ if (keyExtras)
+ delete keyExtras;
+
+ keyExtras = nlf;
+
+ if (char *t = strtok(NULL, w_space)) {
+ debugs(29, DBG_CRITICAL, "FATAL: Unexpected argument '" << t << "' after request_format specification");
+ self_destruct();
+ }
+ } else {
+ debugs(29, DBG_CRITICAL, "Unrecognised " << scheme->type() << " auth scheme parameter '" << param_str << "'");
+ }
+}
+
+void
+Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme)
+{
+ if (keyExtrasLine.size() > 0)
+ storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, scheme->type(), keyExtrasLine.termedBuf());
+}
+
+void
+Auth::Config::done()
+{
+ delete keyExtras;
+ keyExtras = NULL;
+ keyExtrasLine.clean();
+}
#if USE_AUTH
+#include "AccessLogEntry.h"
#include "auth/UserRequest.h"
#include "HelperChildConfig.h"
/* for http_hdr_type parameters-by-value */
#include "HttpHeader.h"
+namespace Format
+{
+ class Format;
+}
+
namespace Auth
{
{
public:
- static UserRequest::Pointer CreateAuthUser(const char *proxy_auth);
+ static UserRequest::Pointer CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al);
static Config *Find(const char *proxy_auth);
- Config() : authenticateChildren(20), authenticateProgram(NULL) {}
+ Config() : authenticateChildren(20), authenticateProgram(NULL), keyExtras(NULL) {}
virtual ~Config() {}
\param proxy_auth Login Pattern to parse.
\retval * Details needed to authenticate.
*/
- virtual UserRequest::Pointer decode(char const *proxy_auth) = 0;
+ virtual UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm) = 0;
/**
* squid is finished with this config, release any unneeded resources.
*
\todo we need a 'done for reconfigure' and a 'done permanently' concept.
*/
- virtual void done() = 0;
+ virtual void done();
/**
* The configured function is used to see if the auth module has been given valid
* Responsible for writing to the StoreEntry the configuration parameters that a user
* would put in a config file to recreate the running configuration.
*/
- virtual void dump(StoreEntry *, const char *, Config *) = 0;
+ virtual void dump(StoreEntry *, const char *, Config *);
/** add headers as needed when challenging for auth */
virtual void fixHeader(UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0;
virtual void registerWithCacheManager(void);
/** parse config options */
- virtual void parse(Config *, int, char *) = 0;
+ virtual void parse(Config *, int, char *);
/** the http string id */
virtual const char * type() const = 0;
public:
HelperChildConfig authenticateChildren;
wordlist *authenticateProgram; ///< Helper program to run, includes all parameters
+ String keyExtrasLine; ///< The format of the request to the auth helper
+ Format::Format *keyExtras; ///< The compiled request format
};
typedef Vector<Config *> ConfigVector;
AuthUserHashPointer::AuthUserHashPointer(Auth::User::Pointer anAuth_user):
auth_user(anAuth_user)
{
- key = (void *)anAuth_user->username();
+ key = (void *)anAuth_user->userKey();
next = NULL;
hash_join(proxy_auth_username_cache, (hash_link *) this);
}
time_t Auth::User::last_discard = 0;
-Auth::User::User(Auth::Config *aConfig) :
+Auth::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
auth_type(Auth::AUTH_UNKNOWN),
config(aConfig),
ipcount(0),
expiretime(0),
notes(),
credentials_state(Auth::Unchecked),
- username_(NULL)
+ username_(NULL),
+ requestRealm_(aRequestRealm)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
proxy_match_cache.head = proxy_match_cache.tail = NULL;
debugs(29, 2, HERE << "user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")");
}
+SBuf
+Auth::User::BuildUserKey(const char *username, const char *realm)
+{
+ SBuf key;
+ key.Printf("%s:%s", username, realm);
+ return key;
+}
+
/**
* Add the Auth::User structure to the username cache.
*/
if (aString) {
assert(!username_);
username_ = xstrdup(aString);
+ if (!requestRealm_.isEmpty())
+ userKey_ = BuildUserKey(username_, requestRealm_.c_str());
} else {
safe_free(username_);
}
#include "dlink.h"
#include "ip/Address.h"
#include "Notes.h"
+#include "SBuf.h"
class AuthUserHashPointer;
class StoreEntry;
public:
static void cacheInit();
static void CachedACLsReset();
+ static SBuf BuildUserKey(const char *username, const char *realm);
void absorb(Auth::User::Pointer from);
virtual ~User();
char const *username() const { return username_; }
void username(char const *);
+ const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : username_;}
+
/**
* How long these credentials are still valid for.
* Negative numbers means already expired.
CredentialState credentials_state;
protected:
- User(Auth::Config *);
+ User(Auth::Config *, const char *requestRealm);
private:
/**
*/
const char *username_;
+ /**
+ * A realm for the user depending on request, designed to identify users,
+ * with the same username and different authentication domains.
+ */
+ SBuf requestRealm_;
+
+ /**
+ * A Unique key for the user, consist by username and requestRealm_
+ */
+ SBuf userKey_;
+
/** what ip addresses has this user been seen at?, plus a list length cache */
dlink_list ip_list;
};
#include "comm/Connection.h"
#include "HttpReply.h"
#include "HttpRequest.h"
+#include "format/Format.h"
+#include "MemBuf.h"
/* Generic Functions */
/* send the initial data to an authenticator module */
void
-Auth::UserRequest::start(AUTHCB * handler, void *data)
+Auth::UserRequest::start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB * handler, void *data)
{
assert(handler);
assert(data);
debugs(29, 9, HERE << "auth_user_request '" << this << "'");
- module_start(handler, data);
+ module_start(request, al, handler, data);
}
bool
* Caller is responsible for locking and unlocking their *auth_user_request!
*/
AuthAclState
-Auth::UserRequest::authenticate(Auth::UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr)
+Auth::UserRequest::authenticate(Auth::UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr, AccessLogEntry::Pointer &al)
{
const char *proxy_auth;
assert(headertype != 0);
/* beginning of a new request check */
debugs(29, 4, HERE << "No connection authentication type");
- *auth_user_request = Auth::Config::CreateAuthUser(proxy_auth);
+ *auth_user_request = Auth::Config::CreateAuthUser(proxy_auth, al);
if (*auth_user_request == NULL)
return AUTH_ACL_CHALLENGE;
else if (!(*auth_user_request)->valid()) {
}
AuthAclState
-Auth::UserRequest::tryToAuthenticateAndSetAuthUser(Auth::UserRequest::Pointer * aUR, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr)
+Auth::UserRequest::tryToAuthenticateAndSetAuthUser(Auth::UserRequest::Pointer * aUR, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr, AccessLogEntry::Pointer &al)
{
// If we have already been called, return the cached value
Auth::UserRequest::Pointer t = authTryGetUser(*aUR, conn, request);
}
// ok, call the actual authenticator routine.
- AuthAclState result = authenticate(aUR, headertype, request, conn, src_addr);
+ AuthAclState result = authenticate(aUR, headertype, request, conn, src_addr, al);
// auth process may have changed the UserRequest we are dealing with
t = authTryGetUser(*aUR, conn, request);
{
return Auth::Scheme::Find(user()->config->type());
}
+
+const char *
+Auth::UserRequest::helperRequestKeyExtras(HttpRequest *request, AccessLogEntry::Pointer &al)
+{
+ if (Format::Format *reqFmt = user()->config->keyExtras) {
+ static MemBuf mb;
+ mb.reset();
+ // We should pass AccessLogEntry as second argument ....
+ Auth::UserRequest::Pointer oldReq = request->auth_user_request;
+ request->auth_user_request = this;
+ reqFmt->assemble(mb, al, 0);
+ request->auth_user_request = oldReq;
+ debugs(29, 5, "Assembled line to send :" << mb.content());
+ return mb.content();
+ }
+ return NULL;
+}
#if USE_AUTH
+#include "AccessLogEntry.h"
#include "auth/AuthAclState.h"
#include "auth/Scheme.h"
#include "auth/User.h"
* \param handler Handler to process the callback when its run
* \param data CBDATA for handler
*/
- virtual void module_start(AUTHCB *handler, void *data) = 0;
+ virtual void module_start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data) = 0;
// User credentials object this UserRequest is managing
virtual User::Pointer user() {return _auth_user;}
*
* \return Some AUTH_ACL_* state
*/
- static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &);
+ static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &, AccessLogEntry::Pointer &);
/// Add the appropriate [Proxy-]Authenticate header to the given reply
static void addReplyAuthHeader(HttpReply * rep, UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal);
- void start(AUTHCB *handler, void *data);
+ void start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data);
char const * denyMessage(char const * const default_message = NULL);
/** Possibly overrideable in future */
virtual const char * connLastHeader();
+ /**
+ * The string representation of the credentials send by client
+ */
+ virtual const char *credentialsStr() = 0;
+
+ const char *helperRequestKeyExtras(HttpRequest *, AccessLogEntry::Pointer &al);
private:
- static AuthAclState authenticate(UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr);
+ static AuthAclState authenticate(UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr, AccessLogEntry::Pointer &al);
/** return a message on the 407 error pages */
char *message;
#include "SquidConfig.h"
#include "SquidTime.h"
-Auth::Basic::User::User(Auth::Config *aConfig) :
- Auth::User(aConfig),
+Auth::Basic::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+ Auth::User(aConfig, aRequestRealm),
passwd(NULL),
queue(NULL),
currentRequest(NULL)
public:
MEMPROXY_CLASS(Auth::Basic::User);
- User(Auth::Config *);
+ User(Auth::Config *, const char *requestRealm);
~User();
bool authenticated() const;
bool valid() const;
#include "charset.h"
#include "Debug.h"
#include "HelperReply.h"
+#include "HttpMsg.h"
+#include "HttpRequest.h"
+#include "format/Format.h"
+#include "MemBuf.h"
#include "rfc1738.h"
#include "SquidTime.h"
return 0;
}
+const char *
+Auth::Basic::UserRequest::credentialsStr()
+{
+ Auth::Basic::User const *basic_auth = dynamic_cast<Auth::Basic::User const *>(user().getRaw());
+ if (basic_auth)
+ return basic_auth->passwd;
+ return NULL;
+}
+
/* log a basic user in
*/
void
/* send the initial data to a basic authenticator module */
void
-Auth::Basic::UserRequest::module_start(AUTHCB * handler, void *data)
+Auth::Basic::UserRequest::module_start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB * handler, void *data)
{
assert(user()->auth_type == Auth::AUTH_BASIC);
Auth::Basic::User *basic_auth = dynamic_cast<Auth::Basic::User *>(user().getRaw());
xstrncpy(usern, rfc1738_escape(user()->username()), sizeof(usern));
xstrncpy(pass, rfc1738_escape(basic_auth->passwd), sizeof(pass));
}
- int sz = snprintf(buf, sizeof(buf), "%s %s\n", usern, pass);
+ int sz = 0;
+ if (const char *keyExtras = helperRequestKeyExtras(request, al))
+ sz = snprintf(buf, sizeof(buf), "%s %s %s\n", usern, pass, keyExtras);
+ else
+ sz = snprintf(buf, sizeof(buf), "%s %s\n", usern, pass);
+
if (sz<=0) {
debugs(9, DBG_CRITICAL, "ERROR: Basic Authentication Failure. Can not build helper validation request.");
handler(data);
virtual int authenticated() const;
virtual void authenticate(HttpRequest * request, ConnStateData *conn, http_hdr_type type);
virtual Auth::Direction module_direction();
- virtual void module_start(AUTHCB *, void *);
+ virtual void module_start(HttpRequest * request, AccessLogEntry::Pointer &al, AUTHCB *, void *);
+ virtual const char *credentialsStr();
private:
static HLPCB HandleReply;
void
Auth::Basic::Config::done()
{
+ Auth::Config::done();
+
authbasic_initialised = 0;
if (basicauthenticators) {
storeAppendPrintf(entry, "%s basic children %d startup=%d idle=%d concurrency=%d\n", name, authenticateChildren.n_max, authenticateChildren.n_startup, authenticateChildren.n_idle, authenticateChildren.concurrency);
storeAppendPrintf(entry, "%s basic credentialsttl %d seconds\n", name, (int) credentialsTTL);
storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off");
+ Auth::Config::dump(entry, name, scheme);
}
Auth::Basic::Config::Config() :
parse_onoff(&casesensitive);
} else if (strcmp(param_str, "utf8") == 0) {
parse_onoff(&utf8);
- } else {
- debugs(29, DBG_CRITICAL, HERE << "unrecognised basic auth scheme parameter '" << param_str << "'");
- }
+ } else
+ Auth::Config::parse(scheme, n_configured, param_str);
}
static void
}
static Auth::User::Pointer
-authBasicAuthUserFindUsername(const char *username)
+authBasicAuthUserFindUsername(const char *userkey)
{
AuthUserHashPointer *usernamehash;
- debugs(29, 9, HERE << "Looking for user '" << username << "'");
+ debugs(29, 9, "Looking for user '" << userkey << "'");
- if (username && (usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, username)))) {
+ if (userkey && (usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, userkey)))) {
while (usernamehash) {
if ((usernamehash->user()->auth_type == Auth::AUTH_BASIC) &&
- !strcmp(username, (char const *)usernamehash->key))
+ !strcmp(userkey, (char const *)usernamehash->key))
return usernamehash->user();
usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
* descriptive message to the user.
*/
Auth::UserRequest::Pointer
-Auth::Basic::Config::decode(char const *proxy_auth)
+Auth::Basic::Config::decode(char const *proxy_auth, const char *aRequestRealm)
{
Auth::UserRequest::Pointer auth_user_request = dynamic_cast<Auth::UserRequest*>(new Auth::Basic::UserRequest);
/* decode the username */
char *seperator = strchr(cleartext, ':');
- lb = local_basic = new Auth::Basic::User(this);
- if (seperator == NULL) {
- local_basic->username(cleartext);
- } else {
+ lb = local_basic = new Auth::Basic::User(this, aRequestRealm);
+
+ if (seperator) {
/* terminate the username */
*seperator = '\0';
- local_basic->username(cleartext);
local_basic->passwd = xstrdup(seperator+1);
}
if (!casesensitive)
- Tolower((char *)local_basic->username());
+ Tolower(cleartext);
+ local_basic->username(cleartext);
+
if (local_basic->passwd == NULL) {
debugs(29, 4, HERE << "no password in proxy authorization header '" << proxy_auth << "'");
/* now lookup and see if we have a matching auth_user structure in memory. */
Auth::User::Pointer auth_user;
- if ((auth_user = authBasicAuthUserFindUsername(lb->username())) == NULL) {
+ if ((auth_user = authBasicAuthUserFindUsername(lb->userKey())) == NULL) {
/* the user doesn't exist in the username cache yet */
/* save the credentials */
debugs(29, 9, HERE << "Creating new user '" << lb->username() << "'");
~Config();
virtual bool active() const;
virtual bool configured() const;
- virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
#include "SquidConfig.h"
#include "SquidTime.h"
-Auth::Digest::User::User(Auth::Config *aConfig) :
- Auth::User(aConfig),
+Auth::Digest::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+ Auth::User(aConfig, aRequestRealm),
HA1created(0)
{
memset(HA1, 0, sizeof(HA1));
public:
MEMPROXY_CLASS(Auth::Digest::User);
- User(Auth::Config *);
+ User(Auth::Config *, const char *requestRealm);
~User();
int authenticated() const;
#include "squid.h"
+#include "AccessLogEntry.h"
#include "auth/digest/auth_digest.h"
#include "auth/digest/User.h"
#include "auth/digest/UserRequest.h"
#include "HttpHeaderTools.h"
#include "HttpReply.h"
#include "HttpRequest.h"
+#include "format/Format.h"
+#include "MemBuf.h"
#include "SquidTime.h"
Auth::Digest::UserRequest::UserRequest() :
return 0;
}
+const char *
+Auth::Digest::UserRequest::credentialsStr()
+{
+ return realm;
+}
+
/** log a digest user in
*/
void
/* send the initial data to a digest authenticator module */
void
-Auth::Digest::UserRequest::module_start(AUTHCB * handler, void *data)
+Auth::Digest::UserRequest::module_start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB * handler, void *data)
{
char buf[8192];
return;
}
+ const char *keyExtras = helperRequestKeyExtras(request, al);
if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->utf8) {
char userstr[1024];
latin1_to_utf8(userstr, sizeof(userstr), user()->username());
- snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm);
+ if (keyExtras)
+ snprintf(buf, 8192, "\"%s\":\"%s\" %s\n", userstr, realm, keyExtras);
+ else
+ snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm);
} else {
- snprintf(buf, 8192, "\"%s\":\"%s\"\n", user()->username(), realm);
+ if (keyExtras)
+ snprintf(buf, 8192, "\"%s\":\"%s\" %s\n", user()->username(), realm, keyExtras);
+ else
+ snprintf(buf, 8192, "\"%s\":\"%s\"\n", user()->username(), realm);
}
helperSubmit(digestauthenticators, buf, Auth::Digest::UserRequest::HandleReply,
virtual void addAuthenticationInfoTrailer(HttpReply * rep, int accel);
#endif
- virtual void module_start(AUTHCB *, void *);
+ virtual void module_start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *, void *);
+ virtual const char *credentialsStr();
char *nonceb64; /* "dcd98b7102dd2f0e8b11d0f600bfb0c093" */
char *cnonce; /* "0a4f113b" */
/* USER related functions */
static Auth::User::Pointer
-authDigestUserFindUsername(const char *username)
+authDigestUserFindUsername(const char *userkey)
{
AuthUserHashPointer *usernamehash;
- debugs(29, 9, HERE << "Looking for user '" << username << "'");
+ debugs(29, 9, "Looking for user '" << userkey << "'");
- if (username && (usernamehash = static_cast < AuthUserHashPointer * >(hash_lookup(proxy_auth_username_cache, username)))) {
+ if ((usernamehash = static_cast < AuthUserHashPointer * >(hash_lookup(proxy_auth_username_cache, userkey)))) {
while ((usernamehash->user()->auth_type != Auth::AUTH_DIGEST) && (usernamehash->next))
usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
name, "digest", noncemaxuses,
name, "digest", (int) noncemaxduration,
name, "digest", (int) nonceGCInterval);
+ Auth::Config::dump(entry, name, scheme);
}
bool
void
Auth::Digest::Config::done()
{
+ Auth::Config::done();
+
authdigest_initialised = 0;
if (digestauthenticators)
parse_onoff(&PostWorkaround);
} else if (strcmp(param_str, "utf8") == 0) {
parse_onoff(&utf8);
- } else {
- debugs(29, DBG_CRITICAL, "unrecognised digest auth scheme parameter '" << param_str << "'");
- }
+ } else
+ Auth::Config::parse(scheme, n_configured, param_str);
}
const char *
/* setup the necessary info to log the username */
static Auth::UserRequest::Pointer
-authDigestLogUsername(char *username, Auth::UserRequest::Pointer auth_user_request)
+authDigestLogUsername(char *username, Auth::UserRequest::Pointer auth_user_request, const char *requestRealm)
{
assert(auth_user_request != NULL);
/* log the username */
debugs(29, 9, "Creating new user for logging '" << (username?username:"[no username]") << "'");
- Auth::User::Pointer digest_user = new Auth::Digest::User(static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest")));
+ Auth::User::Pointer digest_user = new Auth::Digest::User(static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest")), requestRealm);
/* save the credentials */
digest_user->username(username);
/* set the auth_user type */
* Auth_user structure.
*/
Auth::UserRequest::Pointer
-Auth::Digest::Config::decode(char const *proxy_auth)
+Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm)
{
const char *item;
const char *p;
/* do we have a username ? */
if (!username || username[0] == '\0') {
debugs(29, 2, "Empty or not present username");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
*/
if (strchr(username, '"')) {
debugs(29, 2, "Unacceptable username '" << username << "'");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
/* do we have a realm ? */
if (!digest_request->realm || digest_request->realm[0] == '\0') {
debugs(29, 2, "Empty or not present realm");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
/* and a nonce? */
if (!digest_request->nonceb64 || digest_request->nonceb64[0] == '\0') {
debugs(29, 2, "Empty or not present nonce");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
* authenticate phase, but needs to be given */
if (!digest_request->uri || digest_request->uri[0] == '\0') {
debugs(29, 2, "Missing URI field");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
/* is the response the correct length? */
if (!digest_request->response || strlen(digest_request->response) != 32) {
debugs(29, 2, "Response length invalid");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
else if (strcmp(digest_request->algorithm, "MD5")
&& strcmp(digest_request->algorithm, "MD5-sess")) {
debugs(29, 2, "invalid algorithm specified!");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
if (strcmp(digest_request->qop, QOP_AUTH) != 0) {
/* we received a qop option we didn't send */
debugs(29, 2, "Invalid qop option received");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
/* check cnonce */
if (!digest_request->cnonce || digest_request->cnonce[0] == '\0') {
debugs(29, 2, "Missing cnonce field");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
/* check nc */
if (strlen(digest_request->nc) != 8 || strspn(digest_request->nc, "0123456789abcdefABCDEF") != 8) {
debugs(29, 2, "invalid nonce count");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
/* cnonce and nc both require qop */
if (digest_request->cnonce || digest_request->nc[0] != '\0') {
debugs(29, 2, "missing qop!");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
debugs(29, 2, "Unexpected or invalid nonce received");
if (digest_request->user() != NULL)
digest_request->user()->credentials(Auth::Failed);
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
/* check that we're not being hacked / the username hasn't changed */
if (nonce->user && strcmp(username, nonce->user->username())) {
debugs(29, 2, "Username for the nonce does not equal the username for the request");
- rv = authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request, aRequestRealm);
safe_free(username);
return rv;
}
Auth::User::Pointer auth_user;
- if ((auth_user = authDigestUserFindUsername(username)) == NULL) {
+ SBuf key = Auth::User::BuildUserKey(username, aRequestRealm);
+ if (key.isEmpty() || (auth_user = authDigestUserFindUsername(key.c_str())) == NULL) {
/* the user doesn't exist in the username cache yet */
debugs(29, 9, HERE << "Creating new digest user '" << username << "'");
- digest_user = new Auth::Digest::User(this);
+ digest_user = new Auth::Digest::User(this, aRequestRealm);
/* auth_user is a parent */
auth_user = digest_user;
/* save the username */
Config();
virtual bool active() const;
virtual bool configured() const;
- virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
#include "auth/negotiate/User.h"
#include "Debug.h"
-Auth::Negotiate::User::User(Auth::Config *aConfig) :
- Auth::User(aConfig)
+Auth::Negotiate::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+ Auth::User(aConfig, aRequestRealm)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
{
public:
MEMPROXY_CLASS(Auth::Negotiate::User);
- User(Auth::Config *);
+ User(Auth::Config *, const char *requestRealm);
~User();
virtual int32_t ttl() const;
#include "squid.h"
+#include "AccessLogEntry.h"
#include "auth/negotiate/auth_negotiate.h"
#include "auth/negotiate/UserRequest.h"
#include "auth/State.h"
#include "HttpHeaderTools.h"
#include "HttpReply.h"
#include "HttpRequest.h"
+#include "format/Format.h"
+#include "MemBuf.h"
#include "SquidTime.h"
Auth::Negotiate::UserRequest::UserRequest()
return 0;
}
+const char *
+Auth::Negotiate::UserRequest::credentialsStr()
+{
+ static char buf[MAX_AUTHTOKEN_LEN];
+ if (user()->credentials() == Auth::Pending) {
+ snprintf(buf, sizeof(buf), "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
+ } else {
+ snprintf(buf, sizeof(buf), "KK %s\n", client_blob);
+ }
+ return buf;
+}
+
Auth::Direction
Auth::Negotiate::UserRequest::module_direction()
{
}
void
-Auth::Negotiate::UserRequest::module_start(AUTHCB * handler, void *data)
+Auth::Negotiate::UserRequest::module_start(HttpRequest *req, AccessLogEntry::Pointer &al, AUTHCB * handler, void *data)
{
static char buf[MAX_AUTHTOKEN_LEN];
debugs(29, 8, HERE << "credentials state is '" << user()->credentials() << "'");
+ const char *keyExtras = helperRequestKeyExtras(request, al);
if (user()->credentials() == Auth::Pending) {
- snprintf(buf, sizeof(buf), "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
+ if (keyExtras)
+ snprintf(buf, sizeof(buf), "YR %s %s\n", client_blob, keyExtras);
+ else
+ snprintf(buf, sizeof(buf), "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
} else {
- snprintf(buf, sizeof(buf), "KK %s\n", client_blob);
+ if (keyExtras)
+ snprintf(buf, sizeof(buf), "KK %s %s\n", client_blob, keyExtras);
+ else
+ snprintf(buf, sizeof(buf), "KK %s\n", client_blob);
}
waiting = 1;
debugs(29, 4, HERE << "authenticated user " << auth_user_request->user()->username());
/* see if this is an existing user with a different proxy_auth
* string */
- AuthUserHashPointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username()));
+ AuthUserHashPointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->userKey()));
Auth::User::Pointer local_auth_user = lm_request->user();
while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NEGOTIATE ||
- strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0))
+ strcmp(usernamehash->user()->userKey(), auth_user_request->user()->userKey()) != 0))
usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
if (usernamehash) {
/* we can't seamlessly recheck the username due to the
virtual int authenticated() const;
virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type);
virtual Direction module_direction();
- virtual void module_start(AUTHCB *, void *);
+ virtual void module_start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *, void *);
+ virtual const char *credentialsStr();
virtual void addAuthenticationInfoHeader(HttpReply * rep, int accel);
void
Auth::Negotiate::Config::done()
{
+ Auth::Config::done();
+
authnegotiate_initialised = 0;
if (negotiateauthenticators) {
storeAppendPrintf(entry, "\n%s negotiate children %d startup=%d idle=%d concurrency=%d\n",
name, authenticateChildren.n_max, authenticateChildren.n_startup, authenticateChildren.n_idle, authenticateChildren.concurrency);
storeAppendPrintf(entry, "%s %s keep_alive %s\n", name, "negotiate", keep_alive ? "on" : "off");
-
+ Auth::Config::dump(entry, name, scheme);
}
Auth::Negotiate::Config::Config() : keep_alive(1)
authenticateChildren.parseConfig();
} else if (strcmp(param_str, "keep_alive") == 0) {
parse_onoff(&keep_alive);
- } else {
- debugs(29, DBG_CRITICAL, "ERROR: unrecognised Negotiate auth scheme parameter '" << param_str << "'");
- }
+ } else
+ Auth::Config::parse(scheme, n_configured, param_str);
}
const char *
* Auth_user structure.
*/
Auth::UserRequest::Pointer
-Auth::Negotiate::Config::decode(char const *proxy_auth)
+Auth::Negotiate::Config::decode(char const *proxy_auth, const char *aRequestRealm)
{
- Auth::Negotiate::User *newUser = new Auth::Negotiate::User(Auth::Config::Find("negotiate"));
+ Auth::Negotiate::User *newUser = new Auth::Negotiate::User(Auth::Config::Find("negotiate"), aRequestRealm);
Auth::UserRequest *auth_user_request = new Auth::Negotiate::UserRequest();
assert(auth_user_request->user() == NULL);
Config();
virtual bool active() const;
virtual bool configured() const;
- virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
#include "auth/ntlm/User.h"
#include "Debug.h"
-Auth::Ntlm::User::User(Auth::Config *aConfig) :
- Auth::User(aConfig)
+Auth::Ntlm::User::User(Auth::Config *aConfig, const char *aRequestRealm) :
+ Auth::User(aConfig, aRequestRealm)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
{
public:
MEMPROXY_CLASS(Auth::Ntlm::User);
- User(Auth::Config *);
+ User(Auth::Config *, const char *requestRealm);
~User();
virtual int32_t ttl() const;
#include "squid.h"
+#include "AccessLogEntry.h"
#include "auth/ntlm/auth_ntlm.h"
#include "auth/ntlm/UserRequest.h"
#include "auth/State.h"
#include "cbdata.h"
#include "client_side.h"
#include "globals.h"
+#include "HttpMsg.h"
#include "HttpRequest.h"
+#include "format/Format.h"
+#include "MemBuf.h"
#include "SquidTime.h"
Auth::Ntlm::UserRequest::UserRequest()
return 0;
}
+const char *
+Auth::Ntlm::UserRequest::credentialsStr()
+{
+ static char buf[MAX_AUTHTOKEN_LEN];
+ if (user()->credentials() == Auth::Pending) {
+ snprintf(buf, sizeof(buf), "YR %s\n", client_blob);
+ } else {
+ snprintf(buf, sizeof(buf), "KK %s\n", client_blob);
+ }
+ return buf;
+}
+
Auth::Direction
Auth::Ntlm::UserRequest::module_direction()
{
}
void
-Auth::Ntlm::UserRequest::module_start(AUTHCB * handler, void *data)
+Auth::Ntlm::UserRequest::module_start(HttpRequest *req, AccessLogEntry::Pointer &al, AUTHCB * handler, void *data)
{
static char buf[MAX_AUTHTOKEN_LEN];
debugs(29, 8, HERE << "credentials state is '" << user()->credentials() << "'");
+ const char *keyExtras = helperRequestKeyExtras(request, al);
if (user()->credentials() == Auth::Pending) {
- snprintf(buf, sizeof(buf), "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
+ if (keyExtras)
+ snprintf(buf, sizeof(buf), "YR %s %s\n", client_blob, keyExtras);
+ else
+ snprintf(buf, sizeof(buf), "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
} else {
- snprintf(buf, sizeof(buf), "KK %s\n", client_blob);
+ if (keyExtras)
+ snprintf(buf, sizeof(buf), "KK %s %s\n", client_blob, keyExtras);
+ else
+ snprintf(buf, sizeof(buf), "KK %s\n", client_blob);
}
-
waiting = 1;
safe_free(client_blob);
debugs(29, 4, HERE << "authenticated user " << auth_user_request->user()->username());
/* see if this is an existing user with a different proxy_auth
* string */
- AuthUserHashPointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username()));
+ AuthUserHashPointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->userKey()));
Auth::User::Pointer local_auth_user = lm_request->user();
while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NTLM ||
- strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0))
+ strcmp(usernamehash->user()->userKey(), auth_user_request->user()->userKey()) != 0))
usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
if (usernamehash) {
/* we can't seamlessly recheck the username due to the
virtual int authenticated() const;
virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type);
virtual Auth::Direction module_direction();
- virtual void module_start(AUTHCB *, void *);
+ virtual void module_start(HttpRequest *req, AccessLogEntry::Pointer &al, AUTHCB *, void *);
+ virtual const char *credentialsStr();
virtual const char * connLastHeader();
void
Auth::Ntlm::Config::done()
{
+ Auth::Config::done();
+
authntlm_initialised = 0;
if (ntlmauthenticators) {
storeAppendPrintf(entry, "\n%s ntlm children %d startup=%d idle=%d concurrency=%d\n",
name, authenticateChildren.n_max, authenticateChildren.n_startup, authenticateChildren.n_idle, authenticateChildren.concurrency);
storeAppendPrintf(entry, "%s %s keep_alive %s\n", name, "ntlm", keep_alive ? "on" : "off");
-
+ Auth::Config::dump(entry, name, scheme);
}
Auth::Ntlm::Config::Config() : keep_alive(1)
authenticateChildren.parseConfig();
} else if (strcmp(param_str, "keep_alive") == 0) {
parse_onoff(&keep_alive);
- } else {
- debugs(29, DBG_CRITICAL, "ERROR unrecognised NTLM auth scheme parameter '" << param_str << "'");
- }
+ } else
+ Auth::Config::parse(scheme, n_configured, param_str);
}
const char *
* Auth_user structure.
*/
Auth::UserRequest::Pointer
-Auth::Ntlm::Config::decode(char const *proxy_auth)
+Auth::Ntlm::Config::decode(char const *proxy_auth, const char *aRequestRealm)
{
- Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm"));
+ Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm"), aRequestRealm);
Auth::UserRequest::Pointer auth_user_request = new Auth::Ntlm::UserRequest();
assert(auth_user_request->user() == NULL);
Config();
virtual bool active() const;
virtual bool configured() const;
- virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
Ports flagged 'transparent', 'intercept', or 'tproxy' have
authentication disabled.
+ === Parameters common to all schemes. ===
+
+ "program" cmdline
+ Specifies the command for the external authenticator. Such a program
+ runs a loop that, on every iteration, reads a request line from
+ the standard and responds with a scheme-specific answer. The loop
+ stops when all input is exchausted (EOF). See scheme-specific
+ "program" descriptions below for details.
+
+ "key_extras" format
+ Specifies a string to be append to request line format for the
+ authentication helper. "Quoted" format values may contain spaces and
+ logformat %macros. In theory, any logformat %macro can be used.
+ In practice, a %macro expands as a dash (-) if the helper request is
+ sent before the required macro information is available to Squid.
+ By default, Squid uses request formats provided in scheme-specific
+ examples below (search for %credentials).
+
=== Parameters for the basic scheme follow. ===
"program" cmdline
Specify the command for the external authenticator. Such a program
- reads a line containing "username password" and replies with one of
- three results:
+ reads a request_format line ("username password" by default) and
+ replies with one of three results:
OK
the user exists.
=== Parameters for the digest scheme follow ===
"program" cmdline
- Specify the command for the external authenticator. Such
- a program reads a line containing "username":"realm" and
+ Specify the command for the external authenticator. Such a program
+ reads a request_format line ("username":"realm" by default) and
replies with one of three results:
OK ha1="..."
supported by the proxy.
auth_param negotiate keep_alive on
-
Examples:
ue User name from external acl helper
ui User name from ident
us User name from SSL
+ credentials Client credentials. The exact meaning depends on
+ the authentication scheme: For Basic authentication,
+ it is the password; for Digest, the realm sent by the
+ client; for NTLM and Negotiate, the client challenge
+ or client credentials prefixed with "YR " or "KK ".
HTTP related format codes:
if (loggingEntry() && loggingEntry()->mem_obj)
al->cache.objectSize = loggingEntry()->contentLen(); // payload duplicate ?? with or without TE ?
- al->cache.caddr.setNoAddr();
-
- if (getConn() != NULL) {
- al->cache.caddr = getConn()->log_addr;
- al->cache.port = cbdataReference(getConn()->port);
- }
-
al->http.clientRequestSz.header = req_sz;
al->http.clientReplySz.header = out.headers_sz;
// XXX: calculate without payload encoding or headers !!
ConnStateData * conn = http->getConn();
ACLFilledChecklist *ch = new ACLFilledChecklist(acl, http->request,
cbdataReferenceValid(conn) && conn != NULL && conn->clientConnection != NULL ? conn->clientConnection->rfc931 : dash_str);
-
+ ch->al = http->al;
/*
* hack for ident ACL. It needs to get full addresses, and a place to store
* the ident result on persistent connections...
al = new AccessLogEntry;
al->cache.start_time = current_time;
al->tcpClient = clientConnection = aConn->clientConnection;
+ al->cache.port = cbdataReference(aConn->port);
+ al->cache.caddr = aConn->log_addr;
+
#if USE_SSL
if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
*/
ConnStateData *conn = http->getConn();
conn->log_addr = request->indirect_client_addr;
+ http->al->cache.caddr = conn->log_addr;
}
request->x_forwarded_for_iterator.clean();
request->flags.done_follow_x_forwarded_for = true;
LFT_ICAP_OUTCOME,
LFT_ICAP_STATUS_CODE,
#endif
+ LFT_CREDENTIALS,
#if USE_SSL
LFT_SSL_BUMP_MODE,
}
break;
+ case LFT_CREDENTIALS:
+#if USE_AUTH
+ if (al->request && al->request->auth_user_request != NULL)
+ out = strOrNull(al->request->auth_user_request->credentialsStr());
+#endif
+
+ break;
+
case LFT_PERCENT:
out = "%";
{"err_code", LFT_SQUID_ERROR },
{"err_detail", LFT_SQUID_ERROR_DETAIL },
{"note", LFT_NOTE },
+ {"credentials", LFT_CREDENTIALS},
{NULL, LFT_NONE} /* this must be last */
};
void
peerSelect(Comm::ConnectionList * paths,
HttpRequest * request,
+ AccessLogEntry::Pointer const &al,
StoreEntry * entry,
PSC * callback,
void *callback_data)
psstate->request = request;
HTTPMSGLOCK(psstate->request);
+ psstate->al = al;
psstate->entry = entry;
psstate->paths = paths;
if (ps->always_direct == ACCESS_DUNNO) {
debugs(44, 3, "peerSelectFoo: direct = " << DirectStr[ps->direct] << " (always_direct to be checked)");
/** check always_direct; */
- ps->acl_checklist = new ACLFilledChecklist(Config.accessList.AlwaysDirect, request, NULL);
+ ACLFilledChecklist *ch = new ACLFilledChecklist(Config.accessList.AlwaysDirect, request, NULL);
+ ch->al = ps->al;
+ ps->acl_checklist = ch;
ps->acl_checklist->nonBlockingCheck(peerCheckAlwaysDirectDone, ps);
return;
} else if (ps->never_direct == ACCESS_DUNNO) {
debugs(44, 3, "peerSelectFoo: direct = " << DirectStr[ps->direct] << " (never_direct to be checked)");
/** check never_direct; */
- ps->acl_checklist = new ACLFilledChecklist(Config.accessList.NeverDirect, request, NULL);
+ ACLFilledChecklist *ch = new ACLFilledChecklist(Config.accessList.NeverDirect, request, NULL);
+ ch->al = ps->al;
+ ps->acl_checklist = ch;
ps->acl_checklist->nonBlockingCheck(peerCheckNeverDirectDone, ps);
return;
} else if (request->flags.noDirect) {
#if USE_AUTH
#include "auth/Config.h"
-Auth::UserRequest::Pointer Auth::Config::CreateAuthUser(const char *) STUB_RETVAL(NULL)
+Auth::UserRequest::Pointer Auth::Config::CreateAuthUser(const char *, AccessLogEntry::Pointer &al) STUB_RETVAL(NULL)
Auth::Config * Auth::Config::Find(const char *) STUB_RETVAL(NULL)
void Auth::Config::registerWithCacheManager(void) STUB_NOP
Auth::ConfigVector Auth::TheConfig;
void Auth::Scheme::FreeAll() STUB
#include "auth/User.h"
-Auth::User::User(Auth::Config *) STUB
+Auth::User::User(Auth::Config *, const char *) STUB
Auth::CredentialState Auth::User::credentials() const STUB_RETVAL(credentials_state)
void Auth::User::credentials(CredentialState) STUB
void Auth::User::absorb(Auth::User::Pointer) STUB
#include "auth/UserRequest.h"
char const * Auth::UserRequest::username() const STUB_RETVAL("stub_username")
-void Auth::UserRequest::start(AUTHCB *, void *) STUB
+void Auth::UserRequest::start(HttpRequest *, AccessLogEntry::Pointer &, AUTHCB *, void *) STUB
bool Auth::UserRequest::valid() const STUB_RETVAL(false)
void * Auth::UserRequest::operator new (size_t) STUB_RETVAL((void *)1)
void Auth::UserRequest::operator delete (void *) STUB
void Auth::UserRequest::addAuthenticationInfoTrailer(HttpReply *, int) STUB
void Auth::UserRequest::releaseAuthServer() STUB
const char * Auth::UserRequest::connLastHeader() STUB_RETVAL("stub")
-AuthAclState Auth::UserRequest::authenticate(Auth::UserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &) STUB_RETVAL(AUTH_AUTHENTICATED)
-AuthAclState Auth::UserRequest::tryToAuthenticateAndSetAuthUser(Auth::UserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &) STUB_RETVAL(AUTH_AUTHENTICATED)
+AuthAclState Auth::UserRequest::authenticate(Auth::UserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &, AccessLogEntry::Pointer &) STUB_RETVAL(AUTH_AUTHENTICATED)
+AuthAclState Auth::UserRequest::tryToAuthenticateAndSetAuthUser(Auth::UserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &, AccessLogEntry::Pointer &) STUB_RETVAL(AUTH_AUTHENTICATED)
void Auth::UserRequest::addReplyAuthHeader(HttpReply *, Auth::UserRequest::Pointer, HttpRequest *, int, int) STUB
void authenticateFixHeader(HttpReply *, Auth::UserRequest::Pointer, HttpRequest *, int, int) STUB
void authenticateAddTrailer(HttpReply *, Auth::UserRequest::Pointer, HttpRequest *, int) STUB
CommTimeoutCbPtrFun(tunnelTimeout, tunnelState));
commSetConnTimeout(tunnelState->client.conn, Config.Timeout.lifetime, timeoutCall);
- peerSelect(&(tunnelState->serverDestinations), request,
+ peerSelect(&(tunnelState->serverDestinations), request, al,
NULL,
tunnelPeerSelectComplete,
tunnelState);
projects / thirdparty / squid.git / commitdiff
