From: Amos Jeffries Date: Sun, 17 Jan 2010 11:58:04 +0000 (+1300) Subject: Ref-count AuthScheme objects. Restructure the scheme-config relationship. X-Git-Tag: SQUID_3_2_0_1~167^2~41 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5817ee138a8409b9a1029eac04853bb95236bb0d;p=thirdparty%2Fsquid.git Ref-count AuthScheme objects. Restructure the scheme-config relationship. * Schemes are now global permanent objects describing the components available. They hold the defaults for each auth mechanism (if any). * Config are now temporary objects created by schemes and held in Auth::TheConfig until no longer needed. They hold all current config data about and auth mechanism. TODO: ref-count the config items and clarify their relationship to requests, connections, and user details. --- diff --git a/configure.in b/configure.in index f43a1a7e20..49d59dad27 100644 --- a/configure.in +++ b/configure.in @@ -364,7 +364,7 @@ AC_ARG_ENABLE(inline, if test "$SquidInline" = "yes" ; then AC_DEFINE(_SQUID_INLINE_, inline, [Keyword used by squid for inlining methods]) - AC_DEFINE(_USE_INLINE_,, [Include inline methods into header file]) + AC_DEFINE(_USE_INLINE_,1, [Include inline methods into header file]) else AC_MSG_NOTICE([Inlining optimization disabled]) AC_DEFINE(_SQUID_INLINE_,, [Keyword used by squid for inlining methods]) diff --git a/include/RefCount.h b/include/RefCount.h index f648fe48cf..1f9abb9d1c 100644 --- a/include/RefCount.h +++ b/include/RefCount.h @@ -37,6 +37,10 @@ #include "config.h" +#if REFCOUNT_DEBUG +#include "Debug.h" +#endif + #if HAVE_IOSTREAM #include #endif diff --git a/src/AuthReg.cc b/src/AuthReg.cc index dce94ec32f..2825c949c8 100644 --- a/src/AuthReg.cc +++ b/src/AuthReg.cc @@ -1,35 +1,43 @@ -#include "squid.h" +#include "config.h" +#include "Debug.h" +#include "protos.h" - -#ifdef HAVE_AUTH_MODULE_BASIC +#if HAVE_AUTH_MODULE_BASIC #include "auth/basic/basicScheme.h" #endif - -#ifdef HAVE_AUTH_MODULE_NTLM -#include "auth/ntlm/ntlmScheme.h" -#endif - -#ifdef HAVE_AUTH_MODULE_DIGEST +#if HAVE_AUTH_MODULE_DIGEST #include "auth/digest/digestScheme.h" #endif - -#ifdef HAVE_AUTH_MODULE_NEGOTIATE +#if HAVE_AUTH_MODULE_NEGOTIATE #include "auth/negotiate/negotiateScheme.h" #endif - -#ifdef HAVE_AUTH_MODULE_BASIC -static const char *basic_type = basicScheme::GetInstance().type(); -#endif - -#ifdef HAVE_AUTH_MODULE_NTLM -static const char *ntlm_type = ntlmScheme::GetInstance().type(); -#endif - -#ifdef HAVE_AUTH_MODULE_DIGEST -static const char *digest_type = digestScheme::GetInstance().type(); -#endif - -#ifdef HAVE_AUTH_MODULE_NEGOTIATE -static const char *negotiate_type = negotiateScheme::GetInstance().type(); +#if HAVE_AUTH_MODULE_NTLM +#include "auth/ntlm/ntlmScheme.h" #endif +/** + * Initialize the authentication modules (if any) + * This is required once, before any configuration actions are taken. + */ +void +InitAuthSchemes() +{ + debugs(29,1,"Initializing Authentication Schemes ..."); +#if HAVE_AUTH_MODULE_BASIC + static const char *basic_type = basicScheme::GetInstance()->type(); + debugs(29,1,"Initialized Authentication Scheme '" << basic_type << "'"); +#endif +#if HAVE_AUTH_MODULE_DIGEST + static const char *digest_type = digestScheme::GetInstance()->type(); + debugs(29,1,"Initialized Authentication Scheme '" << digest_type << "'"); +#endif +#if HAVE_AUTH_MODULE_NEGOTIATE + static const char *negotiate_type = negotiateScheme::GetInstance()->type(); + debugs(29,1,"Initialized Authentication Scheme '" << negotiate_type << "'"); +#endif +#if HAVE_AUTH_MODULE_NTLM + static const char *ntlm_type = ntlmScheme::GetInstance()->type(); + debugs(29,1,"Initialized Authentication Scheme '" << ntlm_type << "'"); +#endif + debugs(29,1,"Initializing Authentication Schemes Complete."); +} diff --git a/src/Makefile.am b/src/Makefile.am index d8c057ac0c..bbecc1c2ba 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1083,6 +1083,7 @@ tests_testBoilerplate_DEPENDENCIES = \ ## Tests of the CacheManager module. tests_testCacheManager_SOURCES = \ + $(ACL_REGISTRATION_SOURCES) \ debug.cc \ HttpRequest.cc \ HttpRequestMethod.cc \ @@ -1256,6 +1257,7 @@ tests_testDiskIO_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \ ## Tests of the Even module. tests_testEvent_SOURCES = \ + $(ACL_REGISTRATION_SOURCES) \ debug.cc \ EventLoop.h \ EventLoop.cc \ @@ -1407,6 +1409,7 @@ tests_testEvent_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \ ## Tests of the EventLoop module. tests_testEventLoop_SOURCES = \ + $(ACL_REGISTRATION_SOURCES) \ debug.cc \ EventLoop.h \ EventLoop.cc \ @@ -1556,6 +1559,7 @@ tests_testEventLoop_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \ $(SQUID_CPPUNIT_LA) tests_test_http_range_SOURCES = \ + $(ACL_REGISTRATION_SOURCES) \ tests/test_http_range.cc \ BodyPipe.cc \ cache_cf.cc \ @@ -1702,6 +1706,7 @@ tests_test_http_range_DEPENDENCIES = \ ## Tests of the HttpRequest module. tests_testHttpRequest_SOURCES = \ + $(ACL_REGISTRATION_SOURCES) \ debug.cc \ HttpRequest.cc \ HttpRequestMethod.cc \ @@ -2063,6 +2068,7 @@ tests_testNull_DEPENDENCIES = \ ## Tests of the URL module. ## TODO: Trim this down once the insanity is over. tests_testURL_SOURCES = \ + $(ACL_REGISTRATION_SOURCES) \ debug.cc \ url.cc \ URLScheme.cc \ diff --git a/src/auth/Config.cc b/src/auth/Config.cc index c6557bba85..6f01462696 100644 --- a/src/auth/Config.cc +++ b/src/auth/Config.cc @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -37,7 +36,10 @@ #include "auth/Config.h" #include "auth/UserRequest.h" -/* Get Auth User: Return a filled out auth_user structure for the given +Auth::authConfig Auth::TheConfig; + +/** + * Get Auth User: Return a filled out auth_user structure for the given * Proxy Auth (or Auth) header. It may be a cached Auth User or a new * Unauthenticated structure. The structure is given an inital lock here. * It may also be NULL reflecting that no user could be created. @@ -61,7 +63,7 @@ AuthConfig::CreateAuthUser(const char *proxy_auth) AuthConfig * AuthConfig::Find(const char *proxy_auth) { - for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i) + for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) if (strncasecmp(proxy_auth, (*i)->type(), strlen((*i)->type())) == 0) return *i; diff --git a/src/auth/Config.h b/src/auth/Config.h index db83cfa8c1..8c4fd66669 100644 --- a/src/auth/Config.h +++ b/src/auth/Config.h @@ -121,4 +121,13 @@ public: virtual const char * type() const = 0; }; +namespace Auth +{ + +typedef Vector authConfig; + +extern authConfig TheConfig; + +}; // namespace Auth + #endif /* SQUID_AUTHCONFIG_H */ diff --git a/src/auth/Gadgets.cc b/src/auth/Gadgets.cc index 2bf51f6725..2748630ab3 100644 --- a/src/auth/Gadgets.cc +++ b/src/auth/Gadgets.cc @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -57,7 +56,7 @@ authenticateActiveSchemeCount(void) { int rv = 0; - for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i) + for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) if ((*i)->configured()) ++rv; @@ -69,7 +68,7 @@ authenticateActiveSchemeCount(void) int authenticateSchemeCount(void) { - int rv = AuthScheme::Schemes().size(); + int rv = AuthScheme::GetSchemes().size(); debugs(29, 9, "authenticateSchemeCount: " << rv << " active."); @@ -77,22 +76,25 @@ authenticateSchemeCount(void) } static void -authenticateRegisterWithCacheManager(authConfig * config) +authenticateRegisterWithCacheManager(Auth::authConfig * config) { - for (authConfig::iterator i = config->begin(); i != config->end(); ++i) { + for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) { AuthConfig *scheme = *i; scheme->registerWithCacheManager(); } } void -authenticateInit(authConfig * config) +authenticateInit(Auth::authConfig * config) { - for (authConfig::iterator i = config->begin(); i != config->end(); ++i) { - AuthConfig *scheme = *i; + if (!config) + return; + + for (Auth::authConfig::iterator i = config->begin(); i != config->end(); ++i) { + AuthConfig *schemeCfg = *i; - if (scheme->configured()) - scheme->init(scheme); + if (schemeCfg->configured()) + schemeCfg->init(schemeCfg); } if (!proxy_auth_username_cache) @@ -100,7 +102,7 @@ authenticateInit(authConfig * config) else AuthUser::CachedACLsReset(); - authenticateRegisterWithCacheManager(&Config.authConfiguration); + authenticateRegisterWithCacheManager(config); } void @@ -113,7 +115,7 @@ authenticateShutdown(void) hashFreeItems(proxy_auth_username_cache, AuthUserHashPointer::removeFromCache); AuthScheme::FreeAll(); } else { - for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i) + for (AuthScheme::iterator i = (AuthScheme::GetSchemes()).begin(); i != (AuthScheme::GetSchemes()).end(); ++i) (*i)->done(); } } diff --git a/src/auth/Gadgets.h b/src/auth/Gadgets.h index 77b08b5956..2e94fc2f0d 100644 --- a/src/auth/Gadgets.h +++ b/src/auth/Gadgets.h @@ -35,7 +35,7 @@ #include "hash.h" #include "MemPool.h" -#include "typedefs.h" /* for authConfig */ +#include "auth/Config.h" class AuthUser; @@ -83,7 +83,7 @@ typedef void AUTHSSTATS(StoreEntry *); extern void authenticateAuthUserMerge(AuthUser *, AuthUser *); /// \ingroup AuthAPI -extern void authenticateInit(authConfig *); +extern void authenticateInit(Auth::authConfig *); /// \ingroup AuthAPI extern void authenticateShutdown(void); /// \ingroup AuthAPI diff --git a/src/auth/Scheme.cc b/src/auth/Scheme.cc index 764a7c0619..5ccea370b9 100644 --- a/src/auth/Scheme.cc +++ b/src/auth/Scheme.cc @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -39,22 +38,22 @@ #include "auth/Gadgets.h" #include "auth/Config.h" -Vector *AuthScheme::_Schemes = NULL; +Vector *AuthScheme::_Schemes = NULL; void -AuthScheme::AddScheme(AuthScheme &instance) +AuthScheme::AddScheme(AuthScheme::Pointer instance) { iterator i = GetSchemes().begin(); while (i != GetSchemes().end()) { - assert(strcmp((*i)->type(), instance.type()) != 0); + assert(strcmp((*i)->type(), instance->type()) != 0); ++i; } - GetSchemes().push_back (&instance); + GetSchemes().push_back(instance); } -AuthScheme * +AuthScheme::Pointer AuthScheme::Find(const char *typestr) { for (iterator i = GetSchemes().begin(); i != GetSchemes().end(); ++i) { @@ -62,33 +61,40 @@ AuthScheme::Find(const char *typestr) return *i; } - return NULL; + return AuthScheme::Pointer(NULL); } -Vector const & +#if 0 // with ref-counting we never have a constant version of *::Pointer +Vector const & AuthScheme::Schemes() { return GetSchemes(); } +#endif -Vector & +Vector & AuthScheme::GetSchemes() { if (!_Schemes) - _Schemes = new Vector; + _Schemes = new Vector; return *_Schemes; } -/* - * called when a graceful shutdown is to occur - * of each scheme module. +/** + * Called when a graceful shutdown is to occur of each scheme module. + * On completion the auth components are to be considered deleted. + * None will be available globally. Some may remain around for their + * currently active connections to close, but only those active + * connections will retain pointers to them. */ void AuthScheme::FreeAll() { + assert(false); // NP: this should NOT happen during regular progarm execution... + while (GetSchemes().size()) { - AuthScheme *scheme = GetSchemes().back(); + AuthScheme::Pointer scheme = GetSchemes().back(); GetSchemes().pop_back(); scheme->done(); } diff --git a/src/auth/Scheme.h b/src/auth/Scheme.h index b7a277ffa3..c183f7703f 100644 --- a/src/auth/Scheme.h +++ b/src/auth/Scheme.h @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -36,6 +35,7 @@ #include "squid.h" #include "Array.h" +#include "RefCount.h" /** \defgroup AuthSchemeAPI Authentication Scheme API @@ -53,34 +53,38 @@ * a new class AuthConfiguration should be made, and the * config specific calls on AuthScheme moved to it. */ -class AuthScheme +class AuthScheme : public RefCountable { +public: + typedef RefCount Pointer; public: - static void AddScheme(AuthScheme &); - static void FreeAll(); - static Vector const &Schemes(); - static AuthScheme *Find(const char *); - typedef Vector::iterator iterator; - typedef Vector::const_iterator const_iterator; - AuthScheme() : initialised (false) {} + AuthScheme() : initialised (false) {}; + virtual ~AuthScheme() {}; - virtual ~AuthScheme() {} + static void AddScheme(AuthScheme::Pointer); + static void FreeAll(); +// static Vector const &Schemes(); + static AuthScheme::Pointer Find(const char *); + typedef Vector::iterator iterator; + typedef Vector::const_iterator const_iterator; /* per scheme methods */ virtual char const *type () const = 0; virtual void done() = 0; virtual AuthConfig *createConfig() = 0; + // Not implemented AuthScheme(AuthScheme const &); AuthScheme &operator=(AuthScheme const&); + static Vector &GetSchemes(); + protected: bool initialised; private: - static Vector &GetSchemes(); - static Vector *_Schemes; + static Vector *_Schemes; }; #endif /* SQUID_AUTHSCHEME_H */ diff --git a/src/auth/User.h b/src/auth/User.h index 3bccee2b60..af31988c16 100644 --- a/src/auth/User.h +++ b/src/auth/User.h @@ -112,7 +112,7 @@ private: dlink_list ip_list; }; -#ifdef _USE_INLINE_ +#if _USE_INLINE_ #include "auth/User.cci" #endif diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc index 4a6303f422..75a281202a 100644 --- a/src/auth/UserRequest.cc +++ b/src/auth/UserRequest.cc @@ -567,7 +567,7 @@ AuthUserRequest::addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer au else { /* call each configured & running authscheme */ - for (authConfig::iterator i = Config.authConfiguration.begin(); i != Config.authConfiguration.end(); ++i) { + for (Auth::authConfig::iterator i = Auth::TheConfig.begin(); i != Auth::TheConfig.end(); ++i) { AuthConfig *scheme = *i; if (scheme->active()) @@ -605,7 +605,7 @@ authenticateAddTrailer(HttpReply * rep, AuthUserRequest::Pointer auth_user_reque auth_user_request->addTrailer(rep, accelerated); } -AuthScheme * +AuthScheme::Pointer AuthUserRequest::scheme() const { /* TODO: this should be overriden by the child and be essentially a no-op */ diff --git a/src/auth/UserRequest.h b/src/auth/UserRequest.h index 75cd7bfa1a..e97d9048e1 100644 --- a/src/auth/UserRequest.h +++ b/src/auth/UserRequest.h @@ -36,13 +36,12 @@ #define SQUID_AUTHUSERREQUEST_H #include "auth/enums.h" +#include "auth/Scheme.h" #include "dlink.h" #include "ip/IpAddress.h" -#include "RefCount.h" #include "typedefs.h" #include "HttpHeader.h" -class AuthScheme; class AuthUser; class ConnStateData; class HttpReply; @@ -142,7 +141,7 @@ public: */ char const *username() const; - AuthScheme *scheme() const; + AuthScheme::Pointer scheme() const; virtual const char * connLastHeader(); diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc index b45aa5de27..9ff0a3eceb 100644 --- a/src/auth/basic/auth_basic.cc +++ b/src/auth/basic/auth_basic.cc @@ -38,12 +38,12 @@ #include "squid.h" -#include "auth_basic.h" +#include "auth/basic/auth_basic.h" #include "auth/Gadgets.h" #include "CacheManager.h" #include "Store.h" #include "HttpReply.h" -#include "basicScheme.h" +#include "auth/basic/basicScheme.h" #include "rfc1738.h" #include "wordlist.h" #include "SquidTime.h" @@ -61,8 +61,6 @@ static AUTHSSTATS authenticateBasicStats; static helper *basicauthenticators = NULL; -static AuthBasicConfig basicConfig; - static int authbasic_initialised = 0; @@ -74,29 +72,6 @@ static int authbasic_initialised = 0; /* internal functions */ -/* TODO: move to basicScheme.cc - after all per request and user functions are moved out */ -void -basicScheme::done() -{ - /* TODO: this should be a Config call. */ - - if (basicauthenticators) - helperShutdown(basicauthenticators); - - authbasic_initialised = 0; - - if (!shutting_down) - return; - - if (basicauthenticators) - helperFree(basicauthenticators); - - basicauthenticators = NULL; - - /* XXX Reinstate auth shutdown for dynamic schemes? */ - debugs(29, DBG_CRITICAL, HERE << "Basic authentication Shutdown."); -} - bool AuthBasicConfig::active() const { @@ -119,7 +94,7 @@ AuthBasicConfig::configured() const const char * AuthBasicConfig::type() const { - return basicScheme::GetInstance().type(); + return basicScheme::GetInstance()->type(); } AuthBasicUserRequest::AuthBasicUserRequest() @@ -132,7 +107,7 @@ AuthBasicUserRequest::~AuthBasicUserRequest() bool BasicUser::authenticated() const { - if ((flags.credentials_ok == 1) && (credentials_checkedtime + basicConfig.credentialsTTL > squid_curtime)) + if ((flags.credentials_ok == 1) && (credentials_checkedtime + static_cast(config)->credentialsTTL > squid_curtime)) return true; debugs(29, 4, "User not authenticated or credentials need rechecking."); @@ -166,7 +141,7 @@ AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, return; /* are we about to recheck the credentials externally? */ - if ((basic_auth->credentials_checkedtime + basicConfig.credentialsTTL) <= squid_curtime) { + if ((basic_auth->credentials_checkedtime + static_cast(AuthConfig::Find("basic"))->credentialsTTL) <= squid_curtime) { debugs(29, 4, "authBasicAuthenticate: credentials expired - rechecking"); return; } @@ -195,7 +170,7 @@ AuthBasicUserRequest::module_direction() case 1: /* checked & ok */ - if (basic_auth->credentials_checkedtime + basicConfig.credentialsTTL <= squid_curtime) + if (basic_auth->credentials_checkedtime + static_cast(AuthConfig::Find("basic"))->credentialsTTL <= squid_curtime) return -1; return 0; @@ -219,10 +194,18 @@ AuthBasicConfig::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply } } -/* free any allocated configuration details */ +/** shutdown the auth helpers and free any allocated configuration details */ void AuthBasicConfig::done() { + authbasic_initialised = 0; + + if (basicauthenticators) { + helperShutdown(basicauthenticators); + helperFree(basicauthenticators); + basicauthenticators = NULL; + } + if (authenticate) wordlistDestroy(&authenticate); @@ -309,11 +292,14 @@ AuthBasicConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme) storeAppendPrintf(entry, "%s basic casesensitive %s\n", name, casesensitive ? "on" : "off"); } -AuthBasicConfig::AuthBasicConfig() +AuthBasicConfig::AuthBasicConfig() : + authenticateChildren(5), + authenticateConcurrency(1), + authenticate(NULL), + credentialsTTL( 2*60*60 ), + casesensitive(0), + utf8(0) { - /* TODO: move into initialisation list */ - authenticateChildren = 5; - credentialsTTL = 2 * 60 * 60; /* two hours */ basicAuthRealm = xstrdup("Squid proxy-caching web server"); } @@ -436,7 +422,7 @@ BasicUser::extractUsername() *seperator = ':'; } - if (!basicConfig.casesensitive) + if (!static_cast(config)->casesensitive) Tolower((char *)username()); } @@ -491,7 +477,7 @@ BasicUser::makeLoggingInstance(AuthUserRequest::Pointer auth_user_request) /* log the username */ debugs(29, 9, HERE << "Creating new user for logging '" << username() << "'"); /* new scheme data */ - BasicUser *basic_auth = new BasicUser(& basicConfig); + BasicUser *basic_auth = new BasicUser(config); auth_user_request->user(basic_auth); /* save the credentials */ basic_auth->username(username()); @@ -508,7 +494,7 @@ BasicUser::makeCachedFrom() { /* the user doesn't exist in the username cache yet */ debugs(29, 9, HERE << "Creating new user '" << username() << "'"); - BasicUser *basic_user = new BasicUser(&basicConfig); + BasicUser *basic_user = new BasicUser(config); /* save the credentials */ basic_user->username(username()); username(NULL); @@ -562,7 +548,7 @@ AuthBasicConfig::decode(char const *proxy_auth) while (xisgraph(*proxy_auth)) proxy_auth++; - BasicUser *basic_auth, local_basic(&basicConfig); + BasicUser *basic_auth, local_basic(this); /* Trim leading whitespace before decoding */ while (xisspace(*proxy_auth)) @@ -601,7 +587,7 @@ AuthBasicConfig::decode(char const *proxy_auth) /** Initialize helpers and the like for this auth scheme. Called AFTER parsing the * config file */ void -AuthBasicConfig::init(AuthConfig * scheme) +AuthBasicConfig::init(AuthConfig * schemeCfg) { if (authenticate) { authbasic_initialised = 1; @@ -656,7 +642,7 @@ AuthBasicUserRequest::module_start(RH * handler, void *data) assert(basic_auth != NULL); debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'"); - if (basicConfig.authenticate == NULL) { + if (static_cast(AuthConfig::Find("basic"))->authenticate == NULL) { handler(data, NULL); return; } @@ -683,7 +669,7 @@ BasicUser::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handle r->handler = handler; r->data = cbdataReference(data); r->auth_user_request = auth_user_request; - if (basicConfig.utf8) { + if (static_cast(config)->utf8) { latin1_to_utf8(user, sizeof(user), username()); latin1_to_utf8(pass, sizeof(pass), passwd); xstrncpy(user, rfc1738_escape(user), sizeof(user)); @@ -695,9 +681,3 @@ BasicUser::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handle snprintf(buf, sizeof(buf), "%s %s\n", user, pass); helperSubmit(basicauthenticators, buf, authenticateBasicHandleReply, r); } - -AuthConfig * -basicScheme::createConfig() -{ - return &basicConfig; -} diff --git a/src/auth/basic/auth_basic.h b/src/auth/basic/auth_basic.h index 7884c3da64..12acadd48c 100644 --- a/src/auth/basic/auth_basic.h +++ b/src/auth/basic/auth_basic.h @@ -5,6 +5,7 @@ #ifndef __AUTH_BASIC_H__ #define __AUTH_BASIC_H__ + #include "auth/Gadgets.h" #include "auth/User.h" #include "auth/UserRequest.h" diff --git a/src/auth/basic/basicScheme.cc b/src/auth/basic/basicScheme.cc index 86a7911f8c..f818e65919 100644 --- a/src/auth/basic/basicScheme.cc +++ b/src/auth/basic/basicScheme.cc @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -31,19 +30,23 @@ * */ -#include "basicScheme.h" +#include "config.h" +#include "auth/basic/basicScheme.h" +#include "helper.h" + +/* for AuthConfig */ +#include "auth/basic/auth_basic.h" + +AuthScheme::Pointer basicScheme::_instance = NULL; -AuthScheme & +AuthScheme::Pointer basicScheme::GetInstance() { - if (_instance == NULL) + if (_instance == NULL) { _instance = new basicScheme(); - return *_instance; -} - -basicScheme::basicScheme() -{ - AddScheme(*this); + AddScheme(_instance); + } + return _instance; } char const * @@ -52,4 +55,18 @@ basicScheme::type () const return "basic"; } -basicScheme *basicScheme::_instance = NULL; +void +basicScheme::done() +{ + /* clear the global handle to this scheme. */ + _instance = NULL; + + debugs(29, DBG_CRITICAL, HERE << "Basic authentication Schema Detached."); +} + +AuthConfig * +basicScheme::createConfig() +{ + AuthBasicConfig *newCfg = new AuthBasicConfig; + return dynamic_cast(newCfg); +} diff --git a/src/auth/basic/basicScheme.h b/src/auth/basic/basicScheme.h index 98e2092460..4bb12e3d77 100644 --- a/src/auth/basic/basicScheme.h +++ b/src/auth/basic/basicScheme.h @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -35,6 +34,7 @@ #define SQUID_BASICSCHEME_H #include "auth/Scheme.h" +#include "auth/basic/auth_basic.h" /// \ingroup AuthAPI /// \ingroup AuthSchemeAPI @@ -42,8 +42,8 @@ class basicScheme : public AuthScheme { public: - static AuthScheme &GetInstance(); - basicScheme(); + static AuthScheme::Pointer GetInstance(); + basicScheme() {}; virtual ~basicScheme() {} /* per scheme */ @@ -55,7 +55,8 @@ public: basicScheme &operator=(basicScheme const &); private: - static basicScheme *_instance; + static AuthScheme::Pointer _instance; +// AuthBasicConfig basicConfig; }; #endif /* SQUID_BASICSCHEME_H */ diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index 4546641ebf..3d91cf22c5 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -39,7 +39,7 @@ #include "squid.h" #include "rfc2617.h" -#include "auth_digest.h" +#include "auth/digest/auth_digest.h" #include "auth/Gadgets.h" #include "event.h" #include "CacheManager.h" @@ -49,7 +49,7 @@ #include "wordlist.h" #include "SquidTime.h" /* TODO don't include this */ -#include "digestScheme.h" +#include "auth/digest/digestScheme.h" /* Digest Scheme */ @@ -60,8 +60,6 @@ static helper *digestauthenticators = NULL; static hash_table *digest_nonce_cache; -static AuthDigestConfig digestConfig; - static int authdigest_initialised = 0; static MemAllocator *digest_nonce_pool = NULL; @@ -206,7 +204,7 @@ authenticateDigestNonceSetup(void) if (!digest_nonce_cache) { digest_nonce_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); assert(digest_nonce_cache); - eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, digestConfig.nonceGCInterval, 1); + eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(AuthConfig::Find("digest"))->nonceGCInterval, 1); } } @@ -273,8 +271,8 @@ authenticateDigestNonceCacheCleanup(void *data) debugs(29, 3, "authenticateDigestNonceCacheCleanup: Finished cleaning the nonce cache."); - if (digestConfig.active()) - eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, digestConfig.nonceGCInterval, 1); + if (static_cast(AuthConfig::Find("digest"))->active()) + eventAdd("Digest none cache maintenance", authenticateDigestNonceCacheCleanup, NULL, static_cast(AuthConfig::Find("digest"))->nonceGCInterval, 1); } static void @@ -361,12 +359,12 @@ authDigestNonceIsValid(digest_nonce_h * nonce, char nc[9]) } /* is the nonce-count ok ? */ - if (!digestConfig.CheckNonceCount) { + if (!static_cast(AuthConfig::Find("digest"))->CheckNonceCount) { nonce->nc++; return -1; /* forced OK by configuration */ } - if ((digestConfig.NonceStrictness && intnc != nonce->nc + 1) || + if ((static_cast(AuthConfig::Find("digest"))->NonceStrictness && intnc != nonce->nc + 1) || intnc < nonce->nc + 1) { debugs(29, 4, "authDigestNonceIsValid: Nonce count doesn't match"); nonce->flags.valid = 0; @@ -391,10 +389,10 @@ authDigestNonceIsStale(digest_nonce_h * nonce) return -1; /* has it's max duration expired? */ - if (nonce->noncedata.creationtime + digestConfig.noncemaxduration < current_time.tv_sec) { + if (nonce->noncedata.creationtime + static_cast(AuthConfig::Find("digest"))->noncemaxduration < current_time.tv_sec) { debugs(29, 4, "authDigestNonceIsStale: Nonce is too old. " << nonce->noncedata.creationtime << " " << - digestConfig.noncemaxduration << " " << + static_cast(AuthConfig::Find("digest"))->noncemaxduration << " " << current_time.tv_sec); nonce->flags.valid = 0; @@ -407,7 +405,7 @@ authDigestNonceIsStale(digest_nonce_h * nonce) return -1; } - if (nonce->nc > digestConfig.noncemaxuses) { + if (nonce->nc > static_cast(AuthConfig::Find("digest"))->noncemaxuses) { debugs(29, 4, "authDigestNoncelastRequest: Nonce count over user limit"); nonce->flags.valid = 0; return -1; @@ -429,7 +427,7 @@ authDigestNonceLastRequest(digest_nonce_h * nonce) return -1; } - if (nonce->nc >= digestConfig.noncemaxuses - 1) { + if (nonce->nc >= static_cast(AuthConfig::Find("digest"))->noncemaxuses - 1) { debugs(29, 4, "authDigestNoncelastRequest: Nonce count about to hit user limit"); return -1; } @@ -520,6 +518,9 @@ digestScheme::done() authDigestUserShutdown(); authenticateDigestNonceShutdown(); debugs(29, 2, "authenticateDigestDone: Digest authentication shut down."); + + /* clear the global handle to this scheme. */ + _instance = NULL; } void @@ -625,7 +626,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, return; } - if (digestConfig.PostWorkaround && request->method != METHOD_GET) { + if (static_cast(AuthConfig::Find("digest"))->PostWorkaround && request->method != METHOD_GET) { /* Ugly workaround for certain very broken browsers using the * wrong method to calculate the request-digest on POST request. * This should be deleted once Digest authentication becomes more @@ -732,7 +733,7 @@ AuthDigestUserRequest::addHeader(HttpReply * rep, int accel) #endif - if ((digestConfig.authenticate) && authDigestNonceLastRequest(nonce)) { + if ((static_cast(AuthConfig::Find("digest"))->authenticate) && authDigestNonceLastRequest(nonce)) { flags.authinfo_sent = 1; debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); @@ -761,7 +762,7 @@ AuthDigestUserRequest::addTrailer(HttpReply * rep, int accel) type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO; - if ((digestConfig.authenticate) && authDigestNonceLastRequest(nonce)) { + if ((static_cast(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) { debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); } @@ -906,6 +907,7 @@ AuthDigestConfig::done() AuthDigestConfig::AuthDigestConfig() { /* TODO: move into initialisation list */ + authenticate = NULL; authenticateChildren = 5; /* 5 minutes */ nonceGCInterval = 5 * 60; @@ -955,7 +957,7 @@ AuthDigestConfig::parse(AuthConfig * scheme, int n_configured, char *param_str) const char * AuthDigestConfig::type() const { - return digestScheme::GetInstance().type(); + return digestScheme::GetInstance()->type(); } @@ -1048,7 +1050,7 @@ authDigestLogUsername(char *username, AuthUserRequest::Pointer auth_user_request /* log the username */ debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'"); - digest_user_h *digest_user = new DigestUser(&digestConfig); + digest_user_h *digest_user = new DigestUser(static_cast(AuthConfig::Find("digest"))); /* save the credentials */ digest_user->username(username); /* set the auth_user type */ @@ -1304,7 +1306,7 @@ AuthDigestConfig::decode(char const *proxy_auth) if ((auth_user = authDigestUserFindUsername(username)) == NULL) { /* the user doesn't exist in the username cache yet */ debugs(29, 9, "authDigestDecodeAuth: Creating new digest user '" << username << "'"); - digest_user = new DigestUser (&digestConfig); + digest_user = new DigestUser(this); /* auth_user is a parent */ auth_user = digest_user; /* save the username */ @@ -1359,7 +1361,7 @@ AuthDigestUserRequest::module_start(RH * handler, void *data) assert(digest_user != NULL); debugs(29, 9, "authenticateStart: '\"" << digest_user->username() << "\":\"" << realm << "\"'"); - if (digestConfig.authenticate == NULL) { + if (static_cast(AuthConfig::Find("digest"))->authenticate == NULL) { handler(data, NULL); return; } @@ -1368,7 +1370,7 @@ AuthDigestUserRequest::module_start(RH * handler, void *data) r->handler = handler; r->data = cbdataReference(data); r->auth_user_request = static_cast(this); - if (digestConfig.utf8) { + if (static_cast(AuthConfig::Find("digest"))->utf8) { char userstr[1024]; latin1_to_utf8(userstr, sizeof(userstr), digest_user->username()); snprintf(buf, 8192, "\"%s\":\"%s\"\n", userstr, realm); @@ -1417,10 +1419,3 @@ AuthDigestUserRequest::~AuthDigestUserRequest() if (nonce) authDigestNonceUnlink(nonce); } - -AuthConfig * -digestScheme::createConfig() -{ - return &digestConfig; -} - diff --git a/src/auth/digest/digestScheme.cc b/src/auth/digest/digestScheme.cc index 649cd6136a..2d4053cf19 100644 --- a/src/auth/digest/digestScheme.cc +++ b/src/auth/digest/digestScheme.cc @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -31,19 +30,18 @@ * */ -#include "digestScheme.h" +#include "config.h" +#include "auth/digest/digestScheme.h" +#include "helper.h" -AuthScheme & +AuthScheme::Pointer digestScheme::GetInstance() { - if (_instance == NULL) + if (_instance == NULL) { _instance = new digestScheme(); - return *_instance; -} - -digestScheme::digestScheme() -{ - AddScheme(*this); + AddScheme(_instance); + } + return _instance; } char const * @@ -52,4 +50,11 @@ digestScheme::type () const return "digest"; } -digestScheme *digestScheme::_instance = NULL; +AuthScheme::Pointer digestScheme::_instance = NULL; + +AuthConfig * +digestScheme::createConfig() +{ + AuthDigestConfig *digestCfg = new AuthDigestConfig; + return dynamic_cast(digestCfg); +} diff --git a/src/auth/digest/digestScheme.h b/src/auth/digest/digestScheme.h index 5d534eb6d5..2d12f547e0 100644 --- a/src/auth/digest/digestScheme.h +++ b/src/auth/digest/digestScheme.h @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -35,6 +34,7 @@ #define SQUID_DIGESTSCHEME_H #include "auth/Scheme.h" +#include "auth/digest/auth_digest.h" /// \ingroup AuthSchemeAPI /// \ingroup AuthAPI @@ -42,20 +42,21 @@ class digestScheme : public AuthScheme { public: - static AuthScheme &GetInstance(); - digestScheme(); + static AuthScheme::Pointer GetInstance(); + digestScheme() {}; virtual ~digestScheme() {} /* per scheme */ virtual char const *type () const; virtual void done(); virtual AuthConfig *createConfig(); + /* Not implemented */ digestScheme (digestScheme const &); digestScheme &operator=(digestScheme const &); private: - static digestScheme *_instance; + static AuthScheme::Pointer _instance; }; #endif /* SQUID_DIGESTSCHEME_H */ diff --git a/src/auth/negotiate/auth_negotiate.cc b/src/auth/negotiate/auth_negotiate.cc index 4e9c3ccf1e..014f87723e 100644 --- a/src/auth/negotiate/auth_negotiate.cc +++ b/src/auth/negotiate/auth_negotiate.cc @@ -38,7 +38,7 @@ #include "squid.h" -#include "auth_negotiate.h" +#include "auth/negotiate/auth_negotiate.h" #include "auth/Gadgets.h" #include "CacheManager.h" #include "Store.h" @@ -47,7 +47,7 @@ #include "HttpRequest.h" #include "SquidTime.h" /** \todo remove this include */ -#include "negotiateScheme.h" +#include "auth/negotiate/negotiateScheme.h" #include "wordlist.h" /** @@ -94,35 +94,17 @@ static hash_table *proxy_auth_cache = NULL; * */ -/** - \ingroup AuthNegotiateInternal - \todo move to negotiateScheme.cc - */ void -negotiateScheme::done() +AuthNegotiateConfig::done() { - /* TODO: this should be a Config call. */ - debugs(29, 2, "negotiateScheme::done: shutting down Negotiate authentication."); - - if (negotiateauthenticators) - helperStatefulShutdown(negotiateauthenticators); - authnegotiate_initialised = 0; - if (!shutting_down) - return; - - if (negotiateauthenticators) + if (negotiateauthenticators) { + helperStatefulShutdown(negotiateauthenticators); helperStatefulFree(negotiateauthenticators); + negotiateauthenticators = NULL; + } - negotiateauthenticators = NULL; - - debugs(29, 2, "negotiateScheme::done: Negotiate authentication Shutdown."); -} - -void -AuthNegotiateConfig::done() -{ if (authenticate) wordlistDestroy(&authenticate); } @@ -144,7 +126,7 @@ AuthNegotiateConfig::dump(StoreEntry * entry, const char *name, AuthConfig * sch } -AuthNegotiateConfig::AuthNegotiateConfig() : authenticateChildren(5), keep_alive(1) +AuthNegotiateConfig::AuthNegotiateConfig() : authenticateChildren(5), keep_alive(1), authenticate(NULL) { } void @@ -180,7 +162,7 @@ AuthNegotiateConfig::parse(AuthConfig * scheme, int n_configured, char *param_st const char * AuthNegotiateConfig::type() const { - return negotiateScheme::GetInstance().type(); + return negotiateScheme::GetInstance()->type(); } /** @@ -800,12 +782,6 @@ NegotiateUser::NegotiateUser (AuthConfig *aConfig) : AuthUser (aConfig) proxy_auth_list.head = proxy_auth_list.tail = NULL; } -AuthConfig * -negotiateScheme::createConfig() -{ - return &negotiateConfig; -} - const char * AuthNegotiateUserRequest::connLastHeader() { diff --git a/src/auth/negotiate/negotiateScheme.cc b/src/auth/negotiate/negotiateScheme.cc index 499375effa..411415a2fe 100644 --- a/src/auth/negotiate/negotiateScheme.cc +++ b/src/auth/negotiate/negotiateScheme.cc @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -31,19 +30,18 @@ * */ -#include "negotiateScheme.h" +#include "config.h" +#include "auth/negotiate/negotiateScheme.h" +#include "helper.h" -AuthScheme & +AuthScheme::Pointer negotiateScheme::GetInstance() { - if (_instance == NULL) + if (_instance == NULL) { _instance = new negotiateScheme(); - return *_instance; -} - -negotiateScheme::negotiateScheme() -{ - AddScheme(*this); + AddScheme(_instance); + } + return _instance; } char const * @@ -52,4 +50,24 @@ negotiateScheme::type () const return "negotiate"; } -negotiateScheme *negotiateScheme::_instance = NULL; +AuthScheme::Pointer negotiateScheme::_instance = NULL; + +/** + \ingroup AuthNegotiateInternal + \todo move to negotiateScheme.cc + */ +void +negotiateScheme::done() +{ + /* clear the global handle to this scheme. */ + _instance = NULL; + + debugs(29, 2, "negotiateScheme::done: Negotiate authentication Shutdown."); +} + +AuthConfig * +negotiateScheme::createConfig() +{ + AuthNegotiateConfig *negotiateCfg = new AuthNegotiateConfig; + return dynamic_cast(negotiateCfg); +} diff --git a/src/auth/negotiate/negotiateScheme.h b/src/auth/negotiate/negotiateScheme.h index bde9a59769..89ad24495b 100644 --- a/src/auth/negotiate/negotiateScheme.h +++ b/src/auth/negotiate/negotiateScheme.h @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -35,6 +34,7 @@ #define SQUID_NEGOTIATESCHEME_H #include "auth/Scheme.h" +#include "auth/negotiate/auth_negotiate.h" /// \ingroup AuthSchemeAPI /// \ingroup AuthAPI @@ -42,20 +42,21 @@ class negotiateScheme : public AuthScheme { public: - static AuthScheme &GetInstance(); - negotiateScheme(); + static AuthScheme::Pointer GetInstance(); + negotiateScheme() {}; virtual ~negotiateScheme() {}; /* per scheme */ virtual char const *type () const; virtual void done(); virtual AuthConfig *createConfig(); + /* Not implemented */ negotiateScheme (negotiateScheme const &); negotiateScheme &operator=(negotiateScheme const &); private: - static negotiateScheme *_instance; + static AuthScheme::Pointer _instance; }; #endif /* SQUID_negotiateSCHEME_H */ diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc index 766f4ea57a..d3255e6cd3 100644 --- a/src/auth/ntlm/auth_ntlm.cc +++ b/src/auth/ntlm/auth_ntlm.cc @@ -38,15 +38,14 @@ #include "squid.h" -#include "auth_ntlm.h" #include "auth/Gadgets.h" +#include "auth/ntlm/auth_ntlm.h" +#include "auth/ntlm/ntlmScheme.h" #include "CacheManager.h" #include "Store.h" #include "client_side.h" #include "HttpReply.h" #include "HttpRequest.h" -/* TODO remove this include */ -#include "ntlmScheme.h" #include "wordlist.h" #include "SquidTime.h" @@ -63,12 +62,9 @@ static HLPSCB authenticateNTLMHandleReply; static AUTHSSTATS authenticateNTLMStats; static statefulhelper *ntlmauthenticators = NULL; - -CBDATA_TYPE(authenticateStateData); - static int authntlm_initialised = 0; -static auth_ntlm_config ntlmConfig; +CBDATA_TYPE(authenticateStateData); static hash_table *proxy_auth_cache = NULL; @@ -78,33 +74,18 @@ static hash_table *proxy_auth_cache = NULL; * */ -/* move to ntlmScheme.cc */ +/* free any allocated configuration details */ void -ntlmScheme::done() +AuthNTLMConfig::done() { - /* TODO: this should be a Config call. */ - debugs(29, 2, "ntlmScheme::done: shutting down NTLM authentication."); - - if (ntlmauthenticators) - helperStatefulShutdown(ntlmauthenticators); - authntlm_initialised = 0; - if (!shutting_down) - return; - - if (ntlmauthenticators) + if (ntlmauthenticators) { + helperStatefulShutdown(ntlmauthenticators); helperStatefulFree(ntlmauthenticators); + ntlmauthenticators = NULL; + } - ntlmauthenticators = NULL; - - debugs(29, 2, "ntlmScheme::done: NTLM authentication Shutdown."); -} - -/* free any allocated configuration details */ -void -AuthNTLMConfig::done() -{ if (authenticate) wordlistDestroy(&authenticate); } @@ -126,7 +107,7 @@ AuthNTLMConfig::dump(StoreEntry * entry, const char *name, AuthConfig * scheme) } -AuthNTLMConfig::AuthNTLMConfig() : authenticateChildren(5), keep_alive(1) +AuthNTLMConfig::AuthNTLMConfig() : authenticateChildren(5), keep_alive(1), authenticate(NULL) { } void @@ -162,7 +143,7 @@ AuthNTLMConfig::parse(AuthConfig * scheme, int n_configured, char *param_str) const char * AuthNTLMConfig::type() const { - return ntlmScheme::GetInstance().type(); + return ntlmScheme::GetInstance()->type(); } /* Initialize helpers and the like for this auth scheme. Called AFTER parsing the @@ -479,7 +460,7 @@ AuthNTLMUserRequest::module_start(RH * handler, void *data) debugs(29, 8, "AuthNTLMUserRequest::module_start: auth state is '" << auth_state << "'"); - if (ntlmConfig.authenticate == NULL) { + if (static_cast(AuthConfig::Find("ntlm"))->authenticate == NULL) { debugs(29, 0, "AuthNTLMUserRequest::module_start: no NTLM program specified."); handler(data, NULL); return; @@ -546,7 +527,7 @@ AuthNTLMUserRequest::onConnectionClose(ConnStateData *conn) AuthUserRequest::Pointer AuthNTLMConfig::decode(char const *proxy_auth) { - NTLMUser *newUser = new NTLMUser(&ntlmConfig); + NTLMUser *newUser = new NTLMUser(AuthConfig::Find("ntlm")); AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest(); assert(auth_user_request->user() == NULL); @@ -715,12 +696,6 @@ NTLMUser::NTLMUser (AuthConfig *aConfig) : AuthUser (aConfig) proxy_auth_list.head = proxy_auth_list.tail = NULL; } -AuthConfig * -ntlmScheme::createConfig() -{ - return &ntlmConfig; -} - const char * AuthNTLMUserRequest::connLastHeader() { diff --git a/src/auth/ntlm/ntlmScheme.cc b/src/auth/ntlm/ntlmScheme.cc index 8f5f74c2a1..e6dee80e2c 100644 --- a/src/auth/ntlm/ntlmScheme.cc +++ b/src/auth/ntlm/ntlmScheme.cc @@ -1,4 +1,3 @@ - /* * $Id$ * @@ -31,19 +30,19 @@ * */ -#include "ntlmScheme.h" +#include "config.h" +#include "auth/ntlm/auth_ntlm.h" +#include "auth/ntlm/ntlmScheme.h" +#include "helper.h" -AuthScheme & +AuthScheme::Pointer ntlmScheme::GetInstance() { - if (_instance == NULL) + if (_instance == NULL) { _instance = new ntlmScheme(); - return *_instance; -} - -ntlmScheme::ntlmScheme() -{ - AddScheme(*this); + AddScheme(_instance); + } + return _instance; } char const * @@ -52,4 +51,20 @@ ntlmScheme::type () const return "ntlm"; } -ntlmScheme *ntlmScheme::_instance = NULL; +AuthScheme::Pointer ntlmScheme::_instance = NULL; + +void +ntlmScheme::done() +{ + /* clear the global handle to this scheme. */ + _instance = NULL; + + debugs(29, 2, "ntlmScheme::done: NTLM authentication Shutdown."); +} + +AuthConfig * +ntlmScheme::createConfig() +{ + auth_ntlm_config *ntlmCfg = new auth_ntlm_config; + return dynamic_cast(ntlmCfg); +} diff --git a/src/auth/ntlm/ntlmScheme.h b/src/auth/ntlm/ntlmScheme.h index f9b037c9a4..e48bf82d4c 100644 --- a/src/auth/ntlm/ntlmScheme.h +++ b/src/auth/ntlm/ntlmScheme.h @@ -35,6 +35,7 @@ #define SQUID_NTLMSCHEME_H #include "auth/Scheme.h" +#include "auth/ntlm/auth_ntlm.h" /// \ingroup AuthSchemeAPI /// \ingroup AuthAPI @@ -42,20 +43,25 @@ class ntlmScheme : public AuthScheme { public: - static AuthScheme &GetInstance(); - ntlmScheme(); + static AuthScheme::Pointer GetInstance(); + ntlmScheme() {}; virtual ~ntlmScheme() {}; /* per scheme */ virtual char const *type () const; virtual void done(); virtual AuthConfig *createConfig(); + /* Not implemented */ ntlmScheme (ntlmScheme const &); ntlmScheme &operator=(ntlmScheme const &); private: - static ntlmScheme *_instance; + /** + * Main instance of this authentication Scheme. + * NULL when the scheme is not being used. + */ + static AuthScheme::Pointer _instance; }; #endif /* SQUID_ntlmSCHEME_H */ diff --git a/src/cache_cf.cc b/src/cache_cf.cc index c3e56e08b3..4442be63d3 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -393,6 +393,8 @@ parseConfigFile(const char *file_name) int err_count = 0; CacheManager *manager=CacheManager::GetInstance(); + debugs(5, 4, HERE); + configFreeMemory(); ACLMethodData::ThePurgeCount = 0; @@ -1425,7 +1427,7 @@ check_null_string(char *s) } static void -parse_authparam(authConfig * config) +parse_authparam(Auth::authConfig * config) { char *type_str; char *param_str; @@ -1436,38 +1438,43 @@ parse_authparam(authConfig * config) if ((param_str = strtok(NULL, w_space)) == NULL) self_destruct(); - /* find a configuration for the scheme */ - AuthConfig *scheme = AuthConfig::Find (type_str); + /* find a configuration for the scheme in the currently parsed configs... */ + AuthConfig *schemeCfg = AuthConfig::Find(type_str); - if (scheme == NULL) { - /* Create a configuration */ - AuthScheme *theScheme; + if (schemeCfg == NULL) { + /* Create a configuration based on the scheme info */ + AuthScheme::Pointer theScheme = AuthScheme::Find(type_str); - if ((theScheme = AuthScheme::Find(type_str)) == NULL) { - debugs(3, 0, "Parsing Config File: Unknown authentication scheme '" << type_str << "'."); - return; + if (theScheme == NULL) { + debugs(3, DBG_CRITICAL, "Parsing Config File: Unknown authentication scheme '" << type_str << "'."); + self_destruct(); } config->push_back(theScheme->createConfig()); - scheme = config->back(); - assert (scheme); + schemeCfg = AuthConfig::Find(type_str); + if (schemeCfg == NULL) { + debugs(3, DBG_CRITICAL, "Parsing Config File: Corruption configuring authentication scheme '" << type_str << "'."); + self_destruct(); + } } - scheme->parse(scheme, config->size(), param_str); + schemeCfg->parse(schemeCfg, config->size(), param_str); } static void -free_authparam(authConfig * cfg) +free_authparam(Auth::authConfig * cfg) { - AuthConfig *scheme; - /* DON'T FREE THESE FOR RECONFIGURE */ - - if (reconfiguring) - return; + /* Wipe the Auth globals and Detach/Destruct component config + state. */ + cfg->clean(); + /* remove our pointers to the probably-dead sub-configs */ while (cfg->size()) { - scheme = cfg->pop_back(); - scheme->done(); + cfg->pop_back(); + } + + /* on reconfigure initialize new auth schemes for the new config. */ + if(reconfiguring) { + InitAuthSchemes(); } } diff --git a/src/cf.data.pre b/src/cf.data.pre index ef12b4582e..614a529463 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -66,7 +66,7 @@ COMMENT_END NAME: auth_param TYPE: authparam -LOC: Config.authConfiguration +LOC: Auth::TheConfig DEFAULT: none DOC_START This is used to define parameters for the various authentication diff --git a/src/cf_gen.cc b/src/cf_gen.cc index d32a3e203f..f14b83d1e0 100644 --- a/src/cf_gen.cc +++ b/src/cf_gen.cc @@ -710,6 +710,7 @@ gen_dump(Entry * head, FILE * fp) "static void\n" "dump_config(StoreEntry *entry)\n" "{\n" + " debugs(5, 4, HERE);\n" ); for (entry = head; entry != NULL; entry = entry->next) { @@ -744,6 +745,7 @@ gen_free(Entry * head, FILE * fp) "static void\n" "free_all(void)\n" "{\n" + " debugs(5, 4, HERE);\n" ); for (entry = head; entry != NULL; entry = entry->next) { diff --git a/src/main.cc b/src/main.cc index 5ef34a034c..3df970341a 100644 --- a/src/main.cc +++ b/src/main.cc @@ -693,7 +693,9 @@ mainReconfigureStart(void) #endif redirectShutdown(); - authenticateShutdown(); + authenticateShutdown(); /* destroys any unused auth schemas */ + InitAuthSchemes(); /* create new ones required for config parsing */ + externalAclShutdown(); storeDirCloseSwapLogs(); storeLogClose(); @@ -747,7 +749,7 @@ mainReconfigureFinish(void *) #endif redirectInit(); - authenticateInit(&Config.authConfiguration); + authenticateInit(&Auth::TheConfig); externalAclInit(); #if USE_WCCP @@ -789,7 +791,11 @@ mainRotate(void) dnsShutdown(); #endif redirectShutdown(); - authenticateShutdown(); + + /* TODO: should only terminate the helpers they are using. nothing else. */ + authenticateShutdown(); /* destroys any unused auth schemas */ + InitAuthSchemes(); /* create new ones required for config parsing */ + externalAclShutdown(); _db_rotate_log(); /* cache.log */ @@ -810,7 +816,7 @@ mainRotate(void) dnsInit(); #endif redirectInit(); - authenticateInit(&Config.authConfiguration); + authenticateInit(&Auth::TheConfig); externalAclInit(); } @@ -943,7 +949,7 @@ mainInitialize(void) redirectInit(); - authenticateInit(&Config.authConfiguration); + authenticateInit(&Auth::TheConfig); externalAclInit(); @@ -1256,6 +1262,8 @@ SquidMain(int argc, char **argv) /* we may want the parsing process to set this up in the future */ Store::Root(new StoreController); + InitAuthSchemes(); /* required for config parsing */ + parse_err = parseConfigFile(ConfigFile); Mem::Report(); diff --git a/src/protos.h b/src/protos.h index d7e7642e9c..94a43a937f 100644 --- a/src/protos.h +++ b/src/protos.h @@ -792,4 +792,8 @@ class external_acl; /* upstream proxy authentication */ SQUIDCEXTERN char *peer_proxy_negotiate_auth(char *principal_name, char *proxy); #endif + +/* call to ensure the auth component schemes exist. */ +SQUIDCEXTERN void InitAuthSchemes(void); + #endif /* SQUID_PROTOS_H */ diff --git a/src/structs.h b/src/structs.h index 02cf57ab4f..2662a93810 100644 --- a/src/structs.h +++ b/src/structs.h @@ -494,7 +494,6 @@ struct SquidConfig { #endif } accessList; acl_deny_info_list *denyInfoList; - authConfig authConfiguration; struct { size_t list_width; diff --git a/src/tests/testAuth.cc b/src/tests/testAuth.cc index 5eb4ce90f4..d54f613d44 100644 --- a/src/tests/testAuth.cc +++ b/src/tests/testAuth.cc @@ -59,15 +59,15 @@ static AuthConfig * getConfig(char const *type_str) { - Vector &config = Config.authConfiguration; + Auth::authConfig &config = Auth::TheConfig; /* find a configuration for the scheme */ - AuthConfig *scheme = AuthConfig::Find (type_str); + AuthConfig *scheme = AuthConfig::Find(type_str); if (scheme == NULL) { /* Create a configuration */ - AuthScheme *theScheme; + AuthScheme::Pointer theScheme = AuthScheme::Find(type_str); - if ((theScheme = AuthScheme::Find(type_str)) == NULL) { + if (theScheme == NULL) { return NULL; //fatalf("Unknown authentication scheme '%s'.\n", type_str); } @@ -84,7 +84,7 @@ static void setup_scheme(AuthConfig *scheme, char const **params, unsigned param_count) { - Vector &config = Config.authConfiguration; + Auth::authConfig &config = Auth::TheConfig; for (unsigned position=0; position < param_count; position++) { char *param_str=xstrdup(params[position]); @@ -104,7 +104,7 @@ fake_auth_setup() Mem::Init(); - Vector &config = Config.authConfiguration; + Auth::authConfig &config = Auth::TheConfig; char const *digest_parms[]= {"program /home/robertc/install/squid/libexec/digest_pw_auth /home/robertc/install/squid/etc/digest.pwd", "realm foo" @@ -155,7 +155,7 @@ testAuthConfig::create() Debug::Levels[29]=9; fake_auth_setup(); - for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i) { + for (AuthScheme::iterator i = AuthScheme::GetSchemes().begin(); i != AuthScheme::GetSchemes().end(); ++i) { AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type())); CPPUNIT_ASSERT(authRequest != NULL); } @@ -174,7 +174,7 @@ testAuthUserRequest::scheme() Debug::Levels[29]=9; fake_auth_setup(); - for (AuthScheme::const_iterator i = AuthScheme::Schemes().begin(); i != AuthScheme::Schemes().end(); ++i) { + for (AuthScheme::iterator i = AuthScheme::GetSchemes().begin(); i != AuthScheme::GetSchemes().end(); ++i) { // create a user request // check its scheme matches *i AuthUserRequest::Pointer authRequest = AuthConfig::CreateAuthUser(find_proxy_auth((*i)->type())); diff --git a/test-suite/Makefile.am b/test-suite/Makefile.am index 513aea4c4f..00f427974c 100644 --- a/test-suite/Makefile.am +++ b/test-suite/Makefile.am @@ -67,7 +67,7 @@ mem_hdr_test_SOURCES = mem_hdr_test.cc $(DEBUG_SOURCE) mem_hdr_test_LDADD = $(top_builddir)/src/stmem.o \ $(top_builddir)/src/mem_node.o $(LDADD) MemPoolTest_SOURCES = MemPoolTest.cc -refcount_SOURCES = refcount.cc +refcount_SOURCES = refcount.cc $(DEBUG_SOURCE) splay_SOURCES = splay.cc