From: Amos Jeffries Date: Thu, 14 Apr 2011 02:40:59 +0000 (-0600) Subject: SourceLayout: namesapce for Auth::User children X-Git-Tag: take06~27^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aa11061659296cfc4e5b431ba5581b39798e657e;p=thirdparty%2Fsquid.git SourceLayout: namesapce for Auth::User children Also, shuffle the resulting classes into their own compilation units. No Logic changes. Have omitted shuffling or altering two Auth::Basic::User methods handling the validation short-circuit since these shodul not be part of that class. Followup patch will move them appropriately. --- diff --git a/src/auth/basic/Makefile.am b/src/auth/basic/Makefile.am index 40b811fb5b..a1a0bc1afd 100644 --- a/src/auth/basic/Makefile.am +++ b/src/auth/basic/Makefile.am @@ -8,5 +8,7 @@ libbasic_la_SOURCES = \ Scheme.h \ auth_basic.cc \ auth_basic.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff --git a/src/auth/basic/User.cc b/src/auth/basic/User.cc new file mode 100644 index 0000000000..ee6173b6e5 --- /dev/null +++ b/src/auth/basic/User.cc @@ -0,0 +1,72 @@ +#include "config.h" +#include "auth/basic/auth_basic.h" +#include "auth/basic/User.h" +#include "Debug.h" +#include "SquidTime.h" + +Auth::Basic::User::User(Auth::Config *aConfig) : + Auth::User(aConfig), + passwd(NULL), + auth_queue(NULL), + currentRequest(NULL) +{} + +Auth::Basic::User::~User() +{ + safe_free(passwd); +} + +int32_t +Auth::Basic::User::ttl() const +{ + if (credentials() != Auth::Ok && credentials() != Auth::Pending) + return -1; // TTL is obsolete NOW. + + int32_t basic_ttl = expiretime - squid_curtime + static_cast(config)->credentialsTTL; + int32_t global_ttl = static_cast(expiretime - squid_curtime + ::Config.authenticateTTL); + + return min(basic_ttl, global_ttl); +} + +bool +Auth::Basic::User::authenticated() const +{ + if ((credentials() == Auth::Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime)) + return true; + + debugs(29, 4, "User not authenticated or credentials need rechecking."); + + return false; +} + +bool +Auth::Basic::User::valid() const +{ + if (username() == NULL) + return false; + if (passwd == NULL) + return false; + return true; +} + +void +Auth::Basic::User::updateCached(Auth::Basic::User *from) +{ + debugs(29, 9, HERE << "Found user '" << from->username() << "' already in the user cache as '" << this << "'"); + + assert(strcmp(from->username(), username()) == 0); + + if (strcmp(from->passwd, passwd)) { + debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked"); + credentials(Auth::Unchecked); + xfree(passwd); + passwd = from->passwd; + from->passwd = NULL; + } + + if (credentials() == Auth::Failed) { + debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked"); + credentials(Auth::Unchecked); + } +} + diff --git a/src/auth/basic/User.h b/src/auth/basic/User.h new file mode 100644 index 0000000000..82c6242724 --- /dev/null +++ b/src/auth/basic/User.h @@ -0,0 +1,48 @@ +#ifndef _SQUID_AUTH_BASIC_USER_H +#define _SQUID_AUTH_BASIC_USER_H + +#include "auth/User.h" +#include "auth/UserRequest.h" + +class BasicAuthQueueNode; + +namespace Auth +{ + +class Config; + +namespace Basic +{ + +/** User credentials for the Basic authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Basic::User); + + User(Auth::Config *); + ~User(); + bool authenticated() const; + void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); + void submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); + + bool valid() const; + + /** Update the cached password for a username. */ + void updateCached(User *from); + virtual int32_t ttl() const; + + char *passwd; + + BasicAuthQueueNode *auth_queue; + +private: + AuthUserRequest::Pointer currentRequest; +}; + +MEMPROXY_CLASS_INLINE(Auth::Basic::User); + +} // namespace Basic +} // namespace Auth + +#endif /* _SQUID_AUTH_BASIC_USER_H */ diff --git a/src/auth/basic/UserRequest.cc b/src/auth/basic/UserRequest.cc index 6ff9526564..dd784fe862 100644 --- a/src/auth/basic/UserRequest.cc +++ b/src/auth/basic/UserRequest.cc @@ -1,12 +1,13 @@ #include "config.h" #include "auth/basic/auth_basic.h" +#include "auth/basic/User.h" #include "auth/basic/UserRequest.h" #include "SquidTime.h" int AuthBasicUserRequest::authenticated() const { - BasicUser const *basic_auth = dynamic_cast(user().getRaw()); + Auth::Basic::User const *basic_auth = dynamic_cast(user().getRaw()); if (basic_auth && basic_auth->authenticated()) return 1; @@ -72,7 +73,7 @@ void AuthBasicUserRequest::module_start(RH * handler, void *data) { assert(user()->auth_type == Auth::AUTH_BASIC); - BasicUser *basic_auth = dynamic_cast(user().getRaw()); + Auth::Basic::User *basic_auth = dynamic_cast(user().getRaw()); assert(basic_auth != NULL); debugs(29, 9, HERE << "'" << basic_auth->username() << ":" << basic_auth->passwd << "'"); diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc index be79e18821..8b765cb79a 100644 --- a/src/auth/basic/auth_basic.cc +++ b/src/auth/basic/auth_basic.cc @@ -40,6 +40,7 @@ #include "squid.h" #include "auth/basic/auth_basic.h" #include "auth/basic/Scheme.h" +#include "auth/basic/User.h" #include "auth/basic/UserRequest.h" #include "auth/Gadgets.h" #include "auth/State.h" @@ -94,29 +95,6 @@ Auth::Basic::Config::type() const return Auth::Basic::Scheme::GetInstance()->type(); } -int32_t -BasicUser::ttl() const -{ - if (credentials() != Auth::Ok && credentials() != Auth::Pending) - return -1; // TTL is obsolete NOW. - - int32_t basic_ttl = expiretime - squid_curtime + static_cast(config)->credentialsTTL; - int32_t global_ttl = static_cast(expiretime - squid_curtime + Config.authenticateTTL); - - return min(basic_ttl, global_ttl); -} - -bool -BasicUser::authenticated() const -{ - if ((credentials() == Auth::Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime)) - return true; - - debugs(29, 4, "User not authenticated or credentials need rechecking."); - - return false; -} - void Auth::Basic::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { @@ -157,11 +135,6 @@ Auth::Basic::Config::done() safe_free(basicAuthRealm); } -BasicUser::~BasicUser() -{ - safe_free(passwd); -} - static void authenticateBasicHandleReply(void *data, char *reply) { @@ -182,9 +155,9 @@ authenticateBasicHandleReply(void *data, char *reply) assert(r->auth_user_request != NULL); assert(r->auth_user_request->user()->auth_type == Auth::AUTH_BASIC); - /* this is okay since we only play with the BasicUser child fields below + /* this is okay since we only play with the Auth::Basic::User child fields below * and dont pass the pointer itself anywhere */ - BasicUser *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); + Auth::Basic::User *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); assert(basic_auth != NULL); @@ -300,13 +273,6 @@ authBasicAuthUserFindUsername(const char *username) return NULL; } -BasicUser::BasicUser(Auth::Config *aConfig) : - Auth::User(aConfig), - passwd(NULL), - auth_queue(NULL), - currentRequest(NULL) -{} - char * Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) { @@ -342,37 +308,6 @@ Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) return cleartext; } -bool -BasicUser::valid() const -{ - if (username() == NULL) - return false; - if (passwd == NULL) - return false; - return true; -} - -void -BasicUser::updateCached(BasicUser *from) -{ - debugs(29, 9, HERE << "Found user '" << from->username() << "' already in the user cache as '" << this << "'"); - - assert(strcmp(from->username(), username()) == 0); - - if (strcmp(from->passwd, passwd)) { - debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked"); - credentials(Auth::Unchecked); - xfree(passwd); - passwd = from->passwd; - from->passwd = NULL; - } - - if (credentials() == Auth::Failed) { - debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked"); - credentials(Auth::Unchecked); - } -} - /** * Decode a Basic [Proxy-]Auth string, linking the passed * auth_user_request structure to any existing user structure or creating one @@ -395,11 +330,11 @@ Auth::Basic::Config::decode(char const *proxy_auth) Auth::User::Pointer lb; /* permitted because local_basic is purely local function scope. */ - BasicUser *local_basic = NULL; + Auth::Basic::User *local_basic = NULL; char *seperator = strchr(cleartext, ':'); - lb = local_basic = new BasicUser(this); + lb = local_basic = new Auth::Basic::User(this); if (seperator == NULL) { local_basic->username(cleartext); } else { @@ -452,7 +387,7 @@ Auth::Basic::Config::decode(char const *proxy_auth) assert(auth_user != NULL); } else { /* replace the current cached password with the new one */ - BasicUser *basic_auth = dynamic_cast(auth_user.getRaw()); + Auth::Basic::User *basic_auth = dynamic_cast(auth_user.getRaw()); assert(basic_auth); basic_auth->updateCached(local_basic); auth_user = basic_auth; @@ -494,8 +429,9 @@ Auth::Basic::Config::registerWithCacheManager(void) authenticateBasicStats, 0, 1); } +// XXX: this is a auth management function. Surely not in scope for the credentials storage object void -BasicUser::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) +Auth::Basic::User::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) { BasicAuthQueueNode *node; node = static_cast(xcalloc(1, sizeof(BasicAuthQueueNode))); @@ -508,8 +444,9 @@ BasicUser::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler node->data = cbdataReference(data); } +// XXX: this is a auth management function. Surely not in scope for the credentials storage object void -BasicUser::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) +Auth::Basic::User::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) { /* mark the user as having verification in progress */ credentials(Auth::Pending); diff --git a/src/auth/basic/auth_basic.h b/src/auth/basic/auth_basic.h index c710a938dc..01d9e4e467 100644 --- a/src/auth/basic/auth_basic.h +++ b/src/auth/basic/auth_basic.h @@ -7,7 +7,6 @@ #define __AUTH_BASIC_H__ #include "auth/Gadgets.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" #include "helper.h" @@ -25,34 +24,6 @@ public: void *data; }; -class BasicUser : public Auth::User -{ - -public: - MEMPROXY_CLASS(BasicUser); - - BasicUser(Auth::Config *); - ~BasicUser(); - bool authenticated() const; - void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); - void submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); - - bool valid() const; - - /** Update the cached password for a username. */ - void updateCached(BasicUser *from); - virtual int32_t ttl() const; - - char *passwd; - - BasicAuthQueueNode *auth_queue; - -private: - AuthUserRequest::Pointer currentRequest; -}; - -MEMPROXY_CLASS_INLINE(BasicUser); - namespace Auth { namespace Basic diff --git a/src/auth/digest/Makefile.am b/src/auth/digest/Makefile.am index 7a946dea08..5ab0bcab9a 100644 --- a/src/auth/digest/Makefile.am +++ b/src/auth/digest/Makefile.am @@ -8,5 +8,7 @@ libdigest_la_SOURCES = \ Scheme.h \ auth_digest.cc \ auth_digest.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff --git a/src/auth/digest/User.cc b/src/auth/digest/User.cc new file mode 100644 index 0000000000..abd5c10376 --- /dev/null +++ b/src/auth/digest/User.cc @@ -0,0 +1,49 @@ +#include "config.h" +#include "auth/digest/auth_digest.h" +#include "auth/digest/User.h" +#include "Debug.h" +#include "dlink.h" +#include "SquidTime.h" + +Auth::Digest::User::User(Auth::Config *aConfig) : + Auth::User(aConfig), + HA1created(0) +{} + +Auth::Digest::User::~User() +{ + dlink_node *link, *tmplink; + link = nonces.head; + + while (link) { + tmplink = link; + link = link->next; + dlinkDelete(tmplink, &nonces); + authDigestNoncePurge(static_cast < digest_nonce_h * >(tmplink->data)); + authDigestNonceUnlink(static_cast < digest_nonce_h * >(tmplink->data)); + dlinkNodeDelete(tmplink); + } +} + +int32_t +Auth::Digest::User::ttl() const +{ + int32_t global_ttl = static_cast(expiretime - squid_curtime + ::Config.authenticateTTL); + + /* find the longest lasting nonce. */ + int32_t latest_nonce = -1; + dlink_node *link = nonces.head; + while (link) { + digest_nonce_h *nonce = static_cast(link->data); + if (nonce->flags.valid && nonce->noncedata.creationtime > latest_nonce) + latest_nonce = nonce->noncedata.creationtime; + + link = link->next; + } + if (latest_nonce == -1) + return min(-1, global_ttl); + + int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast(Auth::Config::Find("digest"))->noncemaxduration; + + return min(nonce_ttl, global_ttl); +} diff --git a/src/auth/digest/User.h b/src/auth/digest/User.h new file mode 100644 index 0000000000..c7cc916606 --- /dev/null +++ b/src/auth/digest/User.h @@ -0,0 +1,35 @@ +#ifndef _SQUID_AUTH_DIGEST_USER_H +#define _SQUID_AUTH_DIGEST_USER_H + +#include "auth/User.h" + +namespace Auth +{ +namespace Digest +{ + +/** User credentials for the Digest authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Digest::User); + + User(Auth::Config *); + ~User(); + int authenticated() const; + + virtual int32_t ttl() const; + + HASH HA1; + int HA1created; + + /* what nonces have been allocated to this user */ + dlink_list nonces; +}; + +MEMPROXY_CLASS_INLINE(Auth::Digest::User); + +} // namespace Digest +} // namespace Auth + +#endif /* _SQUID_AUTH_DIGEST_USER_H */ diff --git a/src/auth/digest/UserRequest.cc b/src/auth/digest/UserRequest.cc index 0e54cdae10..efca45c567 100644 --- a/src/auth/digest/UserRequest.cc +++ b/src/auth/digest/UserRequest.cc @@ -1,5 +1,6 @@ #include "config.h" #include "auth/digest/auth_digest.h" +#include "auth/digest/User.h" #include "auth/digest/UserRequest.h" #include "auth/State.h" #include "charset.h" @@ -67,7 +68,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, Auth::User::Pointer auth_user = user(); - DigestUser *digest_user = dynamic_cast(auth_user.getRaw()); + Auth::Digest::User *digest_user = dynamic_cast(auth_user.getRaw()); assert(digest_user != NULL); AuthDigestUserRequest *digest_request = this; @@ -306,7 +307,7 @@ AuthDigestUserRequest::HandleReply(void *data, char *reply) digest_request->setDenyMessage(t); } else if (reply) { /* allow this because the digest_request pointer is purely local */ - DigestUser *digest_user = dynamic_cast(auth_user_request->user().getRaw()); + Auth::Digest::User *digest_user = dynamic_cast(auth_user_request->user().getRaw()); assert(digest_user != NULL); CvtBin(reply, digest_user->HA1); diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index 411b0de609..ed8bafd4b1 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -41,8 +41,10 @@ #include "rfc2617.h" #include "auth/digest/auth_digest.h" #include "auth/digest/Scheme.h" +#include "auth/digest/User.h" #include "auth/digest/UserRequest.h" #include "auth/Gadgets.h" +#include "auth/State.h" #include "base64.h" #include "event.h" #include "mgr/Registration.h" @@ -110,7 +112,6 @@ static void authDigestNonceLink(digest_nonce_h * nonce); static int authDigestNonceLinks(digest_nonce_h * nonce); #endif static void authDigestNonceUserUnlink(digest_nonce_h * nonce); -static void authDigestNoncePurge(digest_nonce_h * nonce); static void authDigestNonceEncode(digest_nonce_h * nonce) @@ -456,7 +457,7 @@ authDigestNonceLastRequest(digest_nonce_h * nonce) return 0; } -static void +void authDigestNoncePurge(digest_nonce_h * nonce) { if (!nonce) @@ -569,44 +570,6 @@ Auth::Digest::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, Http httpHeaderPutStrf(&rep->header, hdrType, "Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s", digestAuthRealm, authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false"); } -DigestUser::~DigestUser() -{ - dlink_node *link, *tmplink; - link = nonces.head; - - while (link) { - tmplink = link; - link = link->next; - dlinkDelete(tmplink, &nonces); - authDigestNoncePurge(static_cast < digest_nonce_h * >(tmplink->data)); - authDigestNonceUnlink(static_cast < digest_nonce_h * >(tmplink->data)); - dlinkNodeDelete(tmplink); - } -} - -int32_t -DigestUser::ttl() const -{ - int32_t global_ttl = static_cast(expiretime - squid_curtime + Config.authenticateTTL); - - /* find the longest lasting nonce. */ - int32_t latest_nonce = -1; - dlink_node *link = nonces.head; - while (link) { - digest_nonce_h *nonce = static_cast(link->data); - if (nonce->flags.valid && nonce->noncedata.creationtime > latest_nonce) - latest_nonce = nonce->noncedata.creationtime; - - link = link->next; - } - if (latest_nonce == -1) - return min(-1, global_ttl); - - int32_t nonce_ttl = latest_nonce - current_time.tv_sec + static_cast(Auth::Config::Find("digest"))->noncemaxduration; - - return min(nonce_ttl, global_ttl); -} - /* Initialize helpers and the like for this auth scheme. Called AFTER parsing the * config file */ void @@ -732,7 +695,7 @@ authenticateDigestStats(StoreEntry * sentry) static void authDigestNonceUserUnlink(digest_nonce_h * nonce) { - DigestUser *digest_user; + Auth::Digest::User *digest_user; dlink_node *link, *tmplink; if (!nonce) @@ -767,17 +730,15 @@ authDigestNonceUserUnlink(digest_nonce_h * nonce) } /* authDigestUserLinkNonce: add a nonce to a given user's struct */ - static void -authDigestUserLinkNonce(DigestUser * user, digest_nonce_h * nonce) +authDigestUserLinkNonce(Auth::Digest::User * user, digest_nonce_h * nonce) { dlink_node *node; - DigestUser *digest_user; if (!user || !nonce) return; - digest_user = user; + Auth::Digest::User *digest_user = user; node = digest_user->nonces.head; @@ -810,7 +771,7 @@ authDigestLogUsername(char *username, AuthUserRequest::Pointer auth_user_request /* log the username */ debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'"); - Auth::User::Pointer digest_user = new DigestUser(static_cast(Auth::Config::Find("digest"))); + Auth::User::Pointer digest_user = new Auth::Digest::User(static_cast(Auth::Config::Find("digest"))); /* save the credentials */ digest_user->username(username); /* set the auth_user type */ @@ -1064,14 +1025,14 @@ Auth::Digest::Config::decode(char const *proxy_auth) /* we don't send or parse opaques. Ok so we're flexable ... */ /* find the user */ - DigestUser *digest_user; + Auth::Digest::User *digest_user; Auth::User::Pointer auth_user; if ((auth_user = authDigestUserFindUsername(username)) == NULL) { /* the user doesn't exist in the username cache yet */ debugs(29, 9, "authDigestDecodeAuth: Creating new digest user '" << username << "'"); - digest_user = new DigestUser(this); + digest_user = new Auth::Digest::User(this); /* auth_user is a parent */ auth_user = digest_user; /* save the username */ @@ -1091,7 +1052,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) authDigestUserLinkNonce(digest_user, nonce); } else { debugs(29, 9, "authDigestDecodeAuth: Found user '" << username << "' in the user cache as '" << auth_user << "'"); - digest_user = static_cast(auth_user.getRaw()); + digest_user = static_cast(auth_user.getRaw()); xfree(username); } @@ -1109,6 +1070,3 @@ Auth::Digest::Config::decode(char const *proxy_auth) return digest_request; } - -DigestUser::DigestUser(Auth::Config *aConfig) : Auth::User(aConfig), HA1created (0) -{} diff --git a/src/auth/digest/auth_digest.h b/src/auth/digest/auth_digest.h index a38ef25123..bdef8124b4 100644 --- a/src/auth/digest/auth_digest.h +++ b/src/auth/digest/auth_digest.h @@ -8,43 +8,23 @@ #include "auth/Config.h" #include "auth/Gadgets.h" -#include "auth/State.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "helper.h" #include "rfc2617.h" -/* Generic */ +namespace Auth +{ +namespace Digest +{ +class User; +} +} +/* Generic */ typedef struct _digest_nonce_data digest_nonce_data; - typedef struct _digest_nonce_h digest_nonce_h; -class DigestUser : public Auth::User -{ - -public: - MEMPROXY_CLASS(DigestUser); - - DigestUser(Auth::Config *); - ~DigestUser(); - int authenticated() const; - - virtual int32_t ttl() const; - - HASH HA1; - int HA1created; - - /* what nonces have been allocated to this user */ - dlink_list nonces; - -}; - -MEMPROXY_CLASS_INLINE(DigestUser); - - /* data to be encoded into the nonce's b64 representation */ - struct _digest_nonce_data { time_t creationtime; /* in memory address of the nonce struct (similar purpose to an ETag) */ @@ -61,7 +41,7 @@ struct _digest_nonce_h : public hash_link { /* reference count */ short references; /* the auth_user this nonce has been tied to */ - DigestUser *user; + Auth::Digest::User *user; /* has this nonce been invalidated ? */ struct { @@ -75,6 +55,7 @@ extern int authDigestNonceIsValid(digest_nonce_h * nonce, char nc[9]); extern const char *authenticateDigestNonceNonceb64(const digest_nonce_h * nonce); extern int authDigestNonceLastRequest(digest_nonce_h * nonce); extern void authenticateDigestNonceShutdown(void); +extern void authDigestNoncePurge(digest_nonce_h * nonce); namespace Auth { diff --git a/src/auth/negotiate/Makefile.am b/src/auth/negotiate/Makefile.am index f1b8aaceef..0062a77a57 100644 --- a/src/auth/negotiate/Makefile.am +++ b/src/auth/negotiate/Makefile.am @@ -8,5 +8,7 @@ libnegotiate_la_SOURCES = \ Scheme.h \ auth_negotiate.cc \ auth_negotiate.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff --git a/src/auth/negotiate/User.cc b/src/auth/negotiate/User.cc new file mode 100644 index 0000000000..729fa645c5 --- /dev/null +++ b/src/auth/negotiate/User.cc @@ -0,0 +1,21 @@ +#include "config.h" +#include "auth/Config.h" +#include "auth/negotiate/User.h" +#include "Debug.h" + +Auth::Negotiate::User::User(Auth::Config *aConfig) : + Auth::User(aConfig) +{ + proxy_auth_list.head = proxy_auth_list.tail = NULL; +} + +Auth::Negotiate::User::~User() +{ + debugs(29, 5, HERE << "doing nothing to clear Negotiate scheme data for '" << this << "'"); +} + +int32_t +Auth::Negotiate::User::ttl() const +{ + return -1; // Negotiate cannot be cached. +} diff --git a/src/auth/negotiate/User.h b/src/auth/negotiate/User.h new file mode 100644 index 0000000000..b6e84588f8 --- /dev/null +++ b/src/auth/negotiate/User.h @@ -0,0 +1,31 @@ +#ifndef _SQUID_AUTH_NEGOTIATE_USER_H +#define _SQUID_AUTH_NEGOTIATE_USER_H + +#include "auth/User.h" + +namespace Auth +{ + +class Config; + +namespace Negotiate +{ + +/** User credentials for the Negotiate authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Negotiate::User); + User(Auth::Config *); + ~User(); + virtual int32_t ttl() const; + + dlink_list proxy_auth_list; +}; + +MEMPROXY_CLASS_INLINE(Auth::Negotiate::User); + +} // namespace Negotiate +} // namespace Auth + +#endif /* _SQUID_AUTH_NEGOTIATE_USER_H */ diff --git a/src/auth/negotiate/UserRequest.cc b/src/auth/negotiate/UserRequest.cc index eecf9e73e1..88c06716b4 100644 --- a/src/auth/negotiate/UserRequest.cc +++ b/src/auth/negotiate/UserRequest.cc @@ -1,6 +1,7 @@ #include "config.h" #include "auth/negotiate/auth_negotiate.h" #include "auth/negotiate/UserRequest.h" +#include "auth/State.h" #include "auth/User.h" #include "helper.h" #include "HttpReply.h" diff --git a/src/auth/negotiate/auth_negotiate.cc b/src/auth/negotiate/auth_negotiate.cc index 48a895220e..edab8a328c 100644 --- a/src/auth/negotiate/auth_negotiate.cc +++ b/src/auth/negotiate/auth_negotiate.cc @@ -48,6 +48,7 @@ #include "HttpRequest.h" #include "SquidTime.h" #include "auth/negotiate/Scheme.h" +#include "auth/negotiate/User.h" #include "auth/negotiate/UserRequest.h" #include "wordlist.h" @@ -283,17 +284,6 @@ Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, H } } -NegotiateUser::~NegotiateUser() -{ - debugs(29, 5, HERE << "doing nothing to clearNegotiate scheme data for '" << this << "'"); -} - -int32_t -NegotiateUser::ttl() const -{ - return -1; // Negotiate cannot be cached. -} - static void authenticateNegotiateStats(StoreEntry * sentry) { @@ -307,7 +297,7 @@ authenticateNegotiateStats(StoreEntry * sentry) AuthUserRequest::Pointer Auth::Negotiate::Config::decode(char const *proxy_auth) { - NegotiateUser *newUser = new NegotiateUser(&negotiateConfig); + Auth::Negotiate::User *newUser = new Auth::Negotiate::User(&negotiateConfig); AuthUserRequest *auth_user_request = new AuthNegotiateUserRequest(); assert(auth_user_request->user() == NULL); @@ -318,8 +308,3 @@ Auth::Negotiate::Config::decode(char const *proxy_auth) debugs(29, 9, HERE << "decode Negotiate authentication"); return auth_user_request; } - -NegotiateUser::NegotiateUser(Auth::Config *aConfig) : Auth::User(aConfig) -{ - proxy_auth_list.head = proxy_auth_list.tail = NULL; -} diff --git a/src/auth/negotiate/auth_negotiate.h b/src/auth/negotiate/auth_negotiate.h index f4191adfc9..f9a38824be 100644 --- a/src/auth/negotiate/auth_negotiate.h +++ b/src/auth/negotiate/auth_negotiate.h @@ -8,8 +8,6 @@ #include "auth/Config.h" #include "auth/Gadgets.h" -#include "auth/State.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "helper.h" @@ -21,23 +19,6 @@ /// \ingroup AuthNegotiateAPI #define DefaultAuthenticateChildrenMax 32 /* 32 processes */ -/// \ingroup AuthNegotiateAPI -class NegotiateUser : public Auth::User -{ - -public: - MEMPROXY_CLASS(NegotiateUser); - NegotiateUser(Auth::Config *); - ~NegotiateUser(); - virtual int32_t ttl() const; - - dlink_list proxy_auth_list; -}; - -MEMPROXY_CLASS_INLINE(NegotiateUser); - -extern statefulhelper *negotiateauthenticators; - namespace Auth { namespace Negotiate @@ -67,4 +48,6 @@ public: } // namespace Negotiate } // namespace Auth +extern statefulhelper *negotiateauthenticators; + #endif diff --git a/src/auth/ntlm/Makefile.am b/src/auth/ntlm/Makefile.am index 7596816994..939ad07201 100644 --- a/src/auth/ntlm/Makefile.am +++ b/src/auth/ntlm/Makefile.am @@ -8,5 +8,7 @@ libntlm_la_SOURCES = \ Scheme.h \ auth_ntlm.cc \ auth_ntlm.h \ + User.cc \ + User.h \ UserRequest.cc \ UserRequest.h diff --git a/src/auth/ntlm/User.cc b/src/auth/ntlm/User.cc new file mode 100644 index 0000000000..ebc7eff675 --- /dev/null +++ b/src/auth/ntlm/User.cc @@ -0,0 +1,21 @@ +#include "config.h" +#include "auth/Config.h" +#include "auth/ntlm/User.h" +#include "Debug.h" + +Auth::Ntlm::User::User(Auth::Config *aConfig) : + Auth::User(aConfig) +{ + proxy_auth_list.head = proxy_auth_list.tail = NULL; +} + +Auth::Ntlm::User::~User() +{ + debugs(29, 5, HERE << "doing nothing to clear NTLM scheme data for '" << this << "'"); +} + +int32_t +Auth::Ntlm::User::ttl() const +{ + return -1; // NTLM credentials cannot be cached. +} diff --git a/src/auth/ntlm/User.h b/src/auth/ntlm/User.h new file mode 100644 index 0000000000..efdee13f41 --- /dev/null +++ b/src/auth/ntlm/User.h @@ -0,0 +1,32 @@ +#ifndef _SQUID_AUTH_NTLM_USER_H +#define _SQUID_AUTH_NTLM_USER_H + +#include "auth/User.h" + +namespace Auth +{ + +class Config; + +namespace Ntlm +{ + +/** User credentials for the NTLM authentication protocol */ +class User : public Auth::User +{ +public: + MEMPROXY_CLASS(Auth::Ntlm::User); + User(Auth::Config *); + ~User(); + + virtual int32_t ttl() const; + + dlink_list proxy_auth_list; +}; + +MEMPROXY_CLASS_INLINE(Auth::Ntlm::User); + +} // namespace Ntlm +} // namespace Auth + +#endif /* _SQUID_AUTH_NTLM_USER_H */ diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc index 17a9f0c154..27bccd14c3 100644 --- a/src/auth/ntlm/auth_ntlm.cc +++ b/src/auth/ntlm/auth_ntlm.cc @@ -41,6 +41,7 @@ #include "auth/Gadgets.h" #include "auth/ntlm/auth_ntlm.h" #include "auth/ntlm/Scheme.h" +#include "auth/ntlm/User.h" #include "auth/ntlm/UserRequest.h" #include "auth/State.h" #include "mgr/Registration.h" @@ -258,17 +259,6 @@ Auth::Ntlm::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpRe } } -NTLMUser::~NTLMUser() -{ - debugs(29, 5, "NTLMUser::~NTLMUser: doing nothing to clearNTLM scheme data for '" << this << "'"); -} - -int32_t -NTLMUser::ttl() const -{ - return -1; // NTLM credentials cannot be cached. -} - static void authenticateNTLMStats(StoreEntry * sentry) { @@ -282,7 +272,7 @@ authenticateNTLMStats(StoreEntry * sentry) AuthUserRequest::Pointer Auth::Ntlm::Config::decode(char const *proxy_auth) { - NTLMUser *newUser = new NTLMUser(Auth::Config::Find("ntlm")); + Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm")); AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest(); assert(auth_user_request->user() == NULL); @@ -293,8 +283,3 @@ Auth::Ntlm::Config::decode(char const *proxy_auth) debugs(29, 9, HERE << "decode: NTLM authentication"); return auth_user_request; } - -NTLMUser::NTLMUser(Auth::Config *aConfig) : Auth::User(aConfig) -{ - proxy_auth_list.head = proxy_auth_list.tail = NULL; -} diff --git a/src/auth/ntlm/auth_ntlm.h b/src/auth/ntlm/auth_ntlm.h index 4873c99ae6..075d67b280 100644 --- a/src/auth/ntlm/auth_ntlm.h +++ b/src/auth/ntlm/auth_ntlm.h @@ -6,29 +6,14 @@ #ifndef __AUTH_NTLM_H__ #define __AUTH_NTLM_H__ #include "auth/Gadgets.h" -#include "auth/User.h" #include "auth/UserRequest.h" #include "auth/Config.h" #include "helper.h" #define DefaultAuthenticateChildrenMax 32 /* 32 processes */ -class NTLMUser : public Auth::User -{ - -public: - MEMPROXY_CLASS(NTLMUser); - NTLMUser(Auth::Config *); - ~NTLMUser(); - - virtual int32_t ttl() const; - - dlink_list proxy_auth_list; -}; - -MEMPROXY_CLASS_INLINE(NTLMUser); - -typedef class NTLMUser ntlm_user_t; +class HttpRequest; +class StoreEntry; namespace Auth { diff --git a/src/tests/testAuth.cc b/src/tests/testAuth.cc index ae67d8d16e..091d56d96c 100644 --- a/src/tests/testAuth.cc +++ b/src/tests/testAuth.cc @@ -186,8 +186,8 @@ testAuthUserRequest::scheme() } #if HAVE_AUTH_MODULE_BASIC +#include "auth/basic/User.h" #include "auth/basic/UserRequest.h" -#include "auth/basic/auth_basic.h" /* AuthBasicUserRequest::AuthBasicUserRequest works */ void @@ -202,7 +202,7 @@ void testAuthBasicUserRequest::username() { AuthUserRequest::Pointer temp = new AuthBasicUserRequest(); - BasicUser *basic_auth=new BasicUser(Auth::Config::Find("basic")); + Auth::Basic::User *basic_auth=new Auth::Basic::User(Auth::Config::Find("basic")); basic_auth->username("John"); temp->user(basic_auth); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username())); @@ -210,7 +210,8 @@ testAuthBasicUserRequest::username() #endif /* HAVE_AUTH_MODULE_BASIC */ #if HAVE_AUTH_MODULE_DIGEST -#include "auth/digest/auth_digest.h" +#include "auth/digest/User.h" +#include "auth/digest/UserRequest.h" /* AuthDigestUserRequest::AuthDigestUserRequest works */ void @@ -225,7 +226,7 @@ void testAuthDigestUserRequest::username() { AuthUserRequest::Pointer temp = new AuthDigestUserRequest(); - DigestUser *duser=new DigestUser(Auth::Config::Find("digest")); + Auth::Digest::User *duser=new Auth::Digest::User(Auth::Config::Find("digest")); duser->username("John"); temp->user(duser); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username())); @@ -233,7 +234,8 @@ testAuthDigestUserRequest::username() #endif /* HAVE_AUTH_MODULE_DIGEST */ #if HAVE_AUTH_MODULE_NTLM -#include "auth/ntlm/auth_ntlm.h" +#include "auth/ntlm/User.h" +#include "auth/ntlm/UserRequest.h" /* AuthNTLMUserRequest::AuthNTLMUserRequest works */ void @@ -248,7 +250,7 @@ void testAuthNTLMUserRequest::username() { AuthUserRequest::Pointer temp = new AuthNTLMUserRequest(); - NTLMUser *nuser=new NTLMUser(Auth::Config::Find("ntlm")); + Auth::Ntlm::User *nuser=new Auth::Ntlm::User(Auth::Config::Find("ntlm")); nuser->username("John"); temp->user(nuser); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username())); @@ -256,7 +258,8 @@ testAuthNTLMUserRequest::username() #endif /* HAVE_AUTH_MODULE_NTLM */ #if HAVE_AUTH_MODULE_NEGOTIATE -#include "auth/negotiate/auth_negotiate.h" +#include "auth/negotiate/User.h" +#include "auth/negotiate/UserRequest.h" /* AuthNegotiateUserRequest::AuthNegotiateUserRequest works */ void @@ -271,7 +274,7 @@ void testAuthNegotiateUserRequest::username() { AuthUserRequest::Pointer temp = new AuthNegotiateUserRequest(); - NegotiateUser *nuser=new NegotiateUser(Auth::Config::Find("negotiate")); + Auth::Negotiate::User *nuser=new Auth::Negotiate::User(Auth::Config::Find("negotiate")); nuser->username("John"); temp->user(nuser); CPPUNIT_ASSERT_EQUAL(0, strcmp("John", temp->username()));