Move realm parse and config dump logics to Auth::Config base object.
This de-duplicates Basic, Digest (and future schemes ie Bearer) config
processing code. Also makes realm available to NTLM and Negotiate
schemes, although at present it remains unused by those schemes.
Also, convert the realm parameter string to an SBuf. Removing the need
for some memory maintenance code.
void
Auth::Config::parse(Auth::Config * scheme, int n_configured, char *param_str)
{
- if (strcmp(param_str, "children") == 0) {
+ if (strcmp(param_str, "realm") == 0) {
+ realm.clear();
+
+ char *token = ConfigParser::NextQuotedOrToEol();
+
+ while (*token && xisspace(*token))
+ ++token;
+
+ if (!token || !*token) {
+ debugs(29, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: Missing auth_param " << scheme->type() << " realm");
+ self_destruct();
+ return;
+ }
+
+ realm = token;
+
+ } else if (strcmp(param_str, "children") == 0) {
authenticateChildren.parseConfig();
} else if (strcmp(param_str, "key_extras") == 0) {
void
Auth::Config::dump(StoreEntry *entry, const char *name, Auth::Config *scheme)
{
+ storeAppendPrintf(entry, "%s %s realm " SQUIDSBUFPH "\n", name, scheme->type(), SQUIDSBUFPRINT(realm));
+
storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n",
name, scheme->type(),
authenticateChildren.n_max, authenticateChildren.n_startup,
wordlist *authenticateProgram; ///< Helper program to run, includes all parameters
String keyExtrasLine; ///< The format of the request to the auth helper
Format::Format *keyExtras; ///< The compiled request format
+
+protected:
+ /// RFC 7235 section 2.2 - Protection Space (Realm)
+ SBuf realm;
};
typedef std::vector<Config *> ConfigVector;
bool
Auth::Basic::Config::configured() const
{
- if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) &&
- (basicAuthRealm != NULL)) {
+ if ((authenticateProgram != NULL) && (authenticateChildren.n_max != 0) && !realm.isEmpty()) {
debugs(29, 9, HERE << "returning configured");
return true;
}
Auth::Basic::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
{
if (authenticateProgram) {
- debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Basic realm=\"" << basicAuthRealm << "\"'");
- httpHeaderPutStrf(&rep->header, hdrType, "Basic realm=\"%s\"", basicAuthRealm);
+ debugs(29, 9, "Sending type:" << hdrType << " header: 'Basic realm=\"" << realm << "\"'");
+ httpHeaderPutStrf(&rep->header, hdrType, "Basic realm=\"" SQUIDSBUFPH "\"", SQUIDSBUFPRINT(realm));
}
}
if (authenticateProgram)
wordlistDestroy(&authenticateProgram);
-
- if (basicAuthRealm)
- safe_free(basicAuthRealm);
}
void
storeAppendPrintf(entry, "\n");
- storeAppendPrintf(entry, "%s basic realm %s\n", name, basicAuthRealm);
storeAppendPrintf(entry, "%s basic credentialsttl %d seconds\n", name, (int) credentialsTTL);
storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off");
Auth::Config::dump(entry, name, scheme);
casesensitive(0),
utf8(0)
{
- basicAuthRealm = xstrdup("Squid proxy-caching web server");
-}
-
-Auth::Basic::Config::~Config()
-{
- safe_free(basicAuthRealm);
+ static const SBuf defaultRealm("Squid proxy-caching web server");
+ realm = defaultRealm;
}
void
parse_wordlist(&authenticateProgram);
requirePathnameExists("auth_param basic program", authenticateProgram->key);
- } else if (strcmp(param_str, "realm") == 0) {
- parse_eol(&basicAuthRealm);
} else if (strcmp(param_str, "credentialsttl") == 0) {
parse_time_t(&credentialsTTL);
} else if (strcmp(param_str, "casesensitive") == 0) {
{
public:
Config();
- ~Config();
virtual bool active() const;
virtual bool configured() const;
virtual Auth::UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm);
virtual const char * type() const;
public:
- char *basicAuthRealm;
time_t credentialsTTL;
int casesensitive;
int utf8;
list = list->next;
}
- storeAppendPrintf(entry, "\n%s %s realm %s\n%s %s nonce_max_count %d\n%s %s nonce_max_duration %d seconds\n%s %s nonce_garbage_interval %d seconds\n",
- name, "digest", digestAuthRealm,
+ storeAppendPrintf(entry, "\n%s %s nonce_max_count %d\n%s %s nonce_max_duration %d seconds\n%s %s nonce_garbage_interval %d seconds\n",
name, "digest", noncemaxuses,
name, "digest", (int) noncemaxduration,
name, "digest", (int) nonceGCInterval);
{
if ((authenticateProgram != NULL) &&
(authenticateChildren.n_max != 0) &&
- (digestAuthRealm != NULL) && (noncemaxduration > -1))
+ !realm.isEmpty() && (noncemaxduration > -1))
return true;
return false;
}
debugs(29, 9, "Sending type:" << hdrType <<
- " header: 'Digest realm=\"" << digestAuthRealm << "\", nonce=\"" <<
+ " header: 'Digest realm=\"" << realm << "\", nonce=\"" <<
authenticateDigestNonceNonceb64(nonce) << "\", qop=\"" << QOP_AUTH <<
"\", stale=" << (stale ? "true" : "false"));
/* in the future, for WWW auth we may want to support the domain entry */
- httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s", digestAuthRealm, authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false");
+ httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"" SQUIDSBUFPH "\", nonce=\"%s\", qop=\"%s\", stale=%s",
+ SQUIDSBUFPRINT(realm), authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false");
}
/* Initialize helpers and the like for this auth scheme. Called AFTER parsing the
if (authenticateProgram)
wordlistDestroy(&authenticateProgram);
-
- safe_free(digestAuthRealm);
}
Auth::Digest::Config::Config() :
- digestAuthRealm(NULL),
nonceGCInterval(5*60),
noncemaxduration(30*60),
noncemaxuses(50),
parse_wordlist(&authenticateProgram);
requirePathnameExists("auth_param digest program", authenticateProgram->key);
- } else if (strcmp(param_str, "realm") == 0) {
- parse_eol(&digestAuthRealm);
} else if (strcmp(param_str, "nonce_garbage_interval") == 0) {
parse_time_t(&nonceGCInterval);
} else if (strcmp(param_str, "nonce_max_duration") == 0) {
virtual const char * type() const;
public:
- char *digestAuthRealm;
time_t nonceGCInterval;
time_t noncemaxduration;
unsigned int noncemaxuses;
projects / thirdparty / squid.git / commitdiff
