From: Amos Jeffries Date: Sat, 30 Jul 2011 01:34:25 +0000 (-0600) Subject: SourceLayout: Basic auth: shuffle helper request functions X-Git-Tag: take08~55^2~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe0a0419ef9d7034005134abdcbec3fa567608be;p=thirdparty%2Fsquid.git SourceLayout: Basic auth: shuffle helper request functions helper lookup functions are AuthBasicUserRequest members. Should be in that classes .cc file. Also merge submit and queue functions. no need to be separate. --- diff --git a/src/auth/basic/User.h b/src/auth/basic/User.h index b2882e9376..a2528bf168 100644 --- a/src/auth/basic/User.h +++ b/src/auth/basic/User.h @@ -23,9 +23,6 @@ public: User(Auth::Config *); ~User(); bool authenticated() const; - void queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); - void submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data); - bool valid() const; /** Update the cached password for a username. */ diff --git a/src/auth/basic/UserRequest.cc b/src/auth/basic/UserRequest.cc index bb2d5bedf7..1d2ceee1ba 100644 --- a/src/auth/basic/UserRequest.cc +++ b/src/auth/basic/UserRequest.cc @@ -2,8 +2,15 @@ #include "auth/basic/auth_basic.h" #include "auth/basic/User.h" #include "auth/basic/UserRequest.h" +#include "auth/State.h" +#include "charset.h" +#include "rfc1738.h" #include "SquidTime.h" +#if !defined(HELPER_INPUT_BUFFER) +#define HELPER_INPUT_BUFFER 8192 +#endif + int AuthBasicUserRequest::authenticated() const { @@ -86,10 +93,98 @@ AuthBasicUserRequest::module_start(RH * handler, void *data) /* check to see if the auth_user already has a request outstanding */ if (user()->credentials() == Auth::Pending) { /* there is a request with the same credentials already being verified */ - basic_auth->queueRequest(this, handler, data); + + BasicAuthQueueNode *node = static_cast(xcalloc(1, sizeof(BasicAuthQueueNode))); + assert(node); + node->auth_user_request = this; + node->handler = handler; + node->data = cbdataReference(data); + + /* queue this validation request to be infored of the pending lookup results */ + node->next = basic_auth->auth_queue; + basic_auth->auth_queue = node; return; } - - basic_auth->submitRequest(this, handler, data); + // otherwise submit this request to the auth helper(s) for validation + + /* mark this user as having verification in progress */ + user()->credentials(Auth::Pending); + char buf[HELPER_INPUT_BUFFER]; + static char username[HELPER_INPUT_BUFFER]; + static char pass[HELPER_INPUT_BUFFER]; + if (static_cast(user()->config)->utf8) { + latin1_to_utf8(username, sizeof(username), user()->username()); + latin1_to_utf8(pass, sizeof(pass), basic_auth->passwd); + xstrncpy(username, rfc1738_escape(username), sizeof(username)); + xstrncpy(pass, rfc1738_escape(pass), sizeof(pass)); + } else { + xstrncpy(username, rfc1738_escape(user()->username()), sizeof(username)); + xstrncpy(pass, rfc1738_escape(basic_auth->passwd), sizeof(pass)); + } + int sz = snprintf(buf, sizeof(buf), "%s %s\n", username, pass); + if (sz<=0) { + debugs(9, DBG_CRITICAL, "ERROR: Basic Authentication Failure. Can not build helper validation request."); + handler(data, NULL); + } else if (sz>=sizeof(buf)) { + debugs(9, DBG_CRITICAL, "ERROR: Basic Authentication Failure. user:password exceeds " << sizeof(buf) << " bytes."); + handler(data, NULL); + } else + helperSubmit(basicauthenticators, buf, AuthBasicUserRequest::HandleReply, + new Auth::StateData(this, handler, data)); } +void +AuthBasicUserRequest::HandleReply(void *data, char *reply) +{ + Auth::StateData *r = static_cast(data); + BasicAuthQueueNode *tmpnode; + char *t = NULL; + void *cbdata; + debugs(29, 9, HERE << "{" << (reply ? reply : "") << "}"); + + if (reply) { + if ((t = strchr(reply, ' '))) + *t++ = '\0'; + + if (*reply == '\0') + reply = NULL; + } + + assert(r->auth_user_request != NULL); + assert(r->auth_user_request->user()->auth_type == Auth::AUTH_BASIC); + + /* this is okay since we only play with the Auth::Basic::User child fields below + * and dont pass the pointer itself anywhere */ + Auth::Basic::User *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); + + assert(basic_auth != NULL); + + if (reply && (strncasecmp(reply, "OK", 2) == 0)) + basic_auth->credentials(Auth::Ok); + else { + basic_auth->credentials(Auth::Failed); + + if (t && *t) + r->auth_user_request->setDenyMessage(t); + } + + basic_auth->expiretime = squid_curtime; + + if (cbdataReferenceValidDone(r->data, &cbdata)) + r->handler(cbdata, NULL); + + cbdataReferenceDone(r->data); + + while (basic_auth->auth_queue) { + tmpnode = basic_auth->auth_queue->next; + + if (cbdataReferenceValidDone(basic_auth->auth_queue->data, &cbdata)) + basic_auth->auth_queue->handler(cbdata, NULL); + + xfree(basic_auth->auth_queue); + + basic_auth->auth_queue = tmpnode; + } + + delete r; +} diff --git a/src/auth/basic/UserRequest.h b/src/auth/basic/UserRequest.h index ed9f797e0d..a24cd8ae74 100644 --- a/src/auth/basic/UserRequest.h +++ b/src/auth/basic/UserRequest.h @@ -22,6 +22,9 @@ public: virtual void authenticate(HttpRequest * request, ConnStateData *conn, http_hdr_type type); virtual Auth::Direction module_direction(); virtual void module_start(RH *, void *); + +private: + static HLPCB HandleReply; }; MEMPROXY_CLASS_INLINE(AuthBasicUserRequest); diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc index 946ed93ebe..85ae452b8e 100644 --- a/src/auth/basic/auth_basic.cc +++ b/src/auth/basic/auth_basic.cc @@ -54,10 +54,9 @@ #include "SquidTime.h" /* Basic Scheme */ -static HLPCB authenticateBasicHandleReply; static AUTHSSTATS authenticateBasicStats; -static helper *basicauthenticators = NULL; +helper *basicauthenticators = NULL; static int authbasic_initialised = 0; @@ -135,62 +134,6 @@ Auth::Basic::Config::done() safe_free(basicAuthRealm); } -static void -authenticateBasicHandleReply(void *data, char *reply) -{ - Auth::StateData *r = static_cast(data); - BasicAuthQueueNode *tmpnode; - char *t = NULL; - void *cbdata; - debugs(29, 9, HERE << "{" << (reply ? reply : "") << "}"); - - if (reply) { - if ((t = strchr(reply, ' '))) - *t++ = '\0'; - - if (*reply == '\0') - reply = NULL; - } - - assert(r->auth_user_request != NULL); - assert(r->auth_user_request->user()->auth_type == Auth::AUTH_BASIC); - - /* this is okay since we only play with the Auth::Basic::User child fields below - * and dont pass the pointer itself anywhere */ - Auth::Basic::User *basic_auth = dynamic_cast(r->auth_user_request->user().getRaw()); - - assert(basic_auth != NULL); - - if (reply && (strncasecmp(reply, "OK", 2) == 0)) - basic_auth->credentials(Auth::Ok); - else { - basic_auth->credentials(Auth::Failed); - - if (t && *t) - r->auth_user_request->setDenyMessage(t); - } - - basic_auth->expiretime = squid_curtime; - - if (cbdataReferenceValidDone(r->data, &cbdata)) - r->handler(cbdata, NULL); - - cbdataReferenceDone(r->data); - - while (basic_auth->auth_queue) { - tmpnode = basic_auth->auth_queue->next; - - if (cbdataReferenceValidDone(basic_auth->auth_queue->data, &cbdata)) - basic_auth->auth_queue->handler(cbdata, NULL); - - xfree(basic_auth->auth_queue); - - basic_auth->auth_queue = tmpnode; - } - - delete r; -} - void Auth::Basic::Config::dump(StoreEntry * entry, const char *name, Auth::Config * scheme) { @@ -426,40 +369,3 @@ Auth::Basic::Config::registerWithCacheManager(void) "Basic User Authenticator Stats", authenticateBasicStats, 0, 1); } - -// XXX: this is a auth management function. Surely not in scope for the credentials storage object -void -Auth::Basic::User::queueRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) -{ - BasicAuthQueueNode *node; - node = static_cast(xcalloc(1, sizeof(BasicAuthQueueNode))); - assert(node); - /* save the details */ - node->next = auth_queue; - auth_queue = node; - node->auth_user_request = auth_user_request; - node->handler = handler; - node->data = cbdataReference(data); -} - -// XXX: this is a auth management function. Surely not in scope for the credentials storage object -void -Auth::Basic::User::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) -{ - /* mark the user as having verification in progress */ - credentials(Auth::Pending); - char buf[8192]; - char user[1024], pass[1024]; - if (static_cast(config)->utf8) { - latin1_to_utf8(user, sizeof(user), username()); - latin1_to_utf8(pass, sizeof(pass), passwd); - xstrncpy(user, rfc1738_escape(user), sizeof(user)); - xstrncpy(pass, rfc1738_escape(pass), sizeof(pass)); - } else { - xstrncpy(user, rfc1738_escape(username()), sizeof(user)); - xstrncpy(pass, rfc1738_escape(passwd), sizeof(pass)); - } - snprintf(buf, sizeof(buf), "%s %s\n", user, pass); - helperSubmit(basicauthenticators, buf, authenticateBasicHandleReply, - new Auth::StateData(auth_user_request, handler, data)); -} diff --git a/src/auth/basic/auth_basic.h b/src/auth/basic/auth_basic.h index 01d9e4e467..475b547fc8 100644 --- a/src/auth/basic/auth_basic.h +++ b/src/auth/basic/auth_basic.h @@ -61,4 +61,6 @@ private: } // namespace Basic } // namespace Auth +extern helper *basicauthenticators; + #endif /* __AUTH_BASIC_H__ */