From c7baff405558ef38ca6f0b2e5568621ad120004a Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Thu, 29 Dec 2011 18:24:57 -0700 Subject: [PATCH] SourceLayout: shuffel UserRequest into Auth:: namespace No logic changes, symbols and debug only. * shuffle AuthUserRequest to Auth::UserRequest * shuffle AuthBasicUserRequest to Auth::Basic::UserRequest * shuffle AuthDigestUserRequest to Auth::Digest::UserRequest * shuffle AuthNegotiateUserRequest to Auth::Negotiate::UserRequest * shuffle AuthNTLMUserRequest to Auth::NTLM::UserRequest * polish and add documentation for several parts of the hierarchy * replace obsolete debugs() location texts --- src/CompositePoolNode.h | 2 +- src/HttpRequest.h | 2 +- src/acl/FilledChecklist.cc | 2 + src/acl/FilledChecklist.h | 2 +- src/auth/Acl.cc | 2 +- src/auth/AclMaxUserIp.cc | 2 +- src/auth/AclMaxUserIp.h | 2 +- src/auth/Config.cc | 2 +- src/auth/Config.h | 8 +- src/auth/State.h | 4 +- src/auth/UserRequest.cc | 107 +++++++++++++-------------- src/auth/UserRequest.h | 78 +++++++++++-------- src/auth/basic/User.h | 2 +- src/auth/basic/UserRequest.cc | 14 ++-- src/auth/basic/UserRequest.h | 22 ++++-- src/auth/basic/auth_basic.cc | 6 +- src/auth/basic/auth_basic.h | 8 +- src/auth/digest/UserRequest.cc | 38 +++++----- src/auth/digest/UserRequest.h | 22 ++++-- src/auth/digest/auth_digest.cc | 73 +++++++++--------- src/auth/digest/auth_digest.h | 4 +- src/auth/negotiate/UserRequest.cc | 36 ++++----- src/auth/negotiate/UserRequest.h | 20 +++-- src/auth/negotiate/auth_negotiate.cc | 10 +-- src/auth/negotiate/auth_negotiate.h | 4 +- src/auth/ntlm/UserRequest.cc | 34 ++++----- src/auth/ntlm/UserRequest.h | 21 ++++-- src/auth/ntlm/auth_ntlm.cc | 8 +- src/auth/ntlm/auth_ntlm.h | 4 +- src/client_side.h | 2 +- src/client_side_reply.cc | 2 +- src/client_side_reply.h | 2 +- src/errorpage.h | 2 +- 33 files changed, 296 insertions(+), 251 deletions(-) diff --git a/src/CompositePoolNode.h b/src/CompositePoolNode.h index 821e2b715e..d515603a64 100644 --- a/src/CompositePoolNode.h +++ b/src/CompositePoolNode.h @@ -74,7 +74,7 @@ public: Ip::Address src_addr; #if USE_AUTH - AuthUserRequest::Pointer user; + Auth::UserRequest::Pointer user; #endif String tag; }; diff --git a/src/HttpRequest.h b/src/HttpRequest.h index b9bea3e8c6..dc44fea712 100644 --- a/src/HttpRequest.h +++ b/src/HttpRequest.h @@ -146,7 +146,7 @@ private: public: Ip::Address host_addr; #if USE_AUTH - AuthUserRequest::Pointer auth_user_request; + Auth::UserRequest::Pointer auth_user_request; #endif unsigned short port; diff --git a/src/acl/FilledChecklist.cc b/src/acl/FilledChecklist.cc index 4c0fdb5379..186cb8ab69 100644 --- a/src/acl/FilledChecklist.cc +++ b/src/acl/FilledChecklist.cc @@ -26,6 +26,8 @@ ACLFilledChecklist::checkCallback(allow_t answer) auth_user_request = NULL; // It might have been connection based // In the case of sslBump we need to preserve authentication info + // XXX: need to re-evaluate this. ACL tests should not be playing with + // XXX: wider scoped TCP connection state, even if the helper lookup is stuck. if (conn() && !conn()->switchedToHttps()) { conn()->auth_user_request = NULL; } diff --git a/src/acl/FilledChecklist.h b/src/acl/FilledChecklist.h index 9ffccbcb61..cf49352e32 100644 --- a/src/acl/FilledChecklist.h +++ b/src/acl/FilledChecklist.h @@ -56,7 +56,7 @@ public: char rfc931[USER_IDENT_SZ]; #if USE_AUTH - AuthUserRequest::Pointer auth_user_request; + Auth::UserRequest::Pointer auth_user_request; #endif #if SQUID_SNMP char *snmp_community; diff --git a/src/auth/Acl.cc b/src/auth/Acl.cc index 75da665aa8..3ff0cf9ff3 100644 --- a/src/auth/Acl.cc +++ b/src/auth/Acl.cc @@ -43,7 +43,7 @@ AuthenticateAcl(ACLChecklist *ch) /* get authed here */ /* Note: this fills in auth_user_request when applicable */ - const AuthAclState result = AuthUserRequest::tryToAuthenticateAndSetAuthUser( + const AuthAclState result = Auth::UserRequest::tryToAuthenticateAndSetAuthUser( &checklist->auth_user_request, headertype, request, checklist->conn(), checklist->src_addr); switch (result) { diff --git a/src/auth/AclMaxUserIp.cc b/src/auth/AclMaxUserIp.cc index 108c250e13..d59a454da7 100644 --- a/src/auth/AclMaxUserIp.cc +++ b/src/auth/AclMaxUserIp.cc @@ -112,7 +112,7 @@ ACLMaxUserIP::parse() * 1 : Match */ int -ACLMaxUserIP::match(AuthUserRequest::Pointer auth_user_request, Ip::Address const &src_addr) +ACLMaxUserIP::match(Auth::UserRequest::Pointer auth_user_request, Ip::Address const &src_addr) { /* * the logic for flush the ip list when the limit is hit vs keep diff --git a/src/auth/AclMaxUserIp.h b/src/auth/AclMaxUserIp.h index 9bac843a8a..fda6df65bc 100644 --- a/src/auth/AclMaxUserIp.h +++ b/src/auth/AclMaxUserIp.h @@ -70,7 +70,7 @@ private: static Prototype RegistryProtoype; static ACLMaxUserIP RegistryEntry_; - int match(AuthUserRequest::Pointer, Ip::Address const &); + int match(Auth::UserRequest::Pointer, Ip::Address const &); char const *class_; int maximum; diff --git a/src/auth/Config.cc b/src/auth/Config.cc index c34ee0ed7d..bf6fec998c 100644 --- a/src/auth/Config.cc +++ b/src/auth/Config.cc @@ -45,7 +45,7 @@ Auth::ConfigVector Auth::TheConfig; * It may be a cached AuthUser or a new Unauthenticated object. * It may also be NULL reflecting that no user could be created. */ -AuthUserRequest::Pointer +Auth::UserRequest::Pointer Auth::Config::CreateAuthUser(const char *proxy_auth) { assert(proxy_auth != NULL); diff --git a/src/auth/Config.h b/src/auth/Config.h index 100aed2a74..9922718b47 100644 --- a/src/auth/Config.h +++ b/src/auth/Config.h @@ -63,7 +63,7 @@ class Config { public: - static AuthUserRequest::Pointer CreateAuthUser(const char *proxy_auth); + static UserRequest::Pointer CreateAuthUser(const char *proxy_auth); static Config *Find(const char *proxy_auth); Config() : authenticateChildren(20), authenticateProgram(NULL) {} @@ -83,12 +83,12 @@ public: \par * Responsible for decoding the passed authentication header, creating or * linking to a AuthUser object and for storing any needed details to complete - * authentication in AuthUserRequest::authenticate(). + * authentication in Auth::UserRequest::authenticate(). * \param proxy_auth Login Pattern to parse. \retval * Details needed to authenticate. */ - virtual AuthUserRequest::Pointer decode(char const *proxy_auth) = 0; + virtual UserRequest::Pointer decode(char const *proxy_auth) = 0; /** * squid is finished with this config, release any unneeded resources. @@ -122,7 +122,7 @@ public: virtual void dump(StoreEntry *, const char *, Config *) = 0; /** add headers as needed when challenging for auth */ - virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0; + virtual void fixHeader(UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0; /** prepare to handle requests */ virtual void init(Config *) = 0; diff --git a/src/auth/State.h b/src/auth/State.h index 15f456b394..c3c215841f 100644 --- a/src/auth/State.h +++ b/src/auth/State.h @@ -15,7 +15,7 @@ namespace Auth class StateData { public: - StateData(const AuthUserRequest::Pointer &r, RH *h, void *d) : + StateData(const UserRequest::Pointer &r, RH *h, void *d) : data(cbdataReference(d)), auth_user_request(r), handler(h) {} @@ -26,7 +26,7 @@ public: } void *data; - AuthUserRequest::Pointer auth_user_request; + UserRequest::Pointer auth_user_request; RH *handler; private: diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc index 4744e5d0f4..f6f44f4e9b 100644 --- a/src/auth/UserRequest.cc +++ b/src/auth/UserRequest.cc @@ -40,14 +40,10 @@ * See acl.c for access control and client_side.c for auditing */ #include "squid.h" -#include "auth/UserRequest.h" -#include "auth/User.h" -/*#include "auth/Gadgets.h" -#include "acl/Acl.h" -#include "client_side.h" -*/ #include "auth/Config.h" #include "auth/Scheme.h" +#include "auth/UserRequest.h" +#include "auth/User.h" #include "comm/Connection.h" #include "HttpReply.h" #include "HttpRequest.h" @@ -55,7 +51,7 @@ /* Generic Functions */ char const * -AuthUserRequest::username() const +Auth::UserRequest::username() const { if (user() != NULL) return user()->username(); @@ -67,18 +63,18 @@ AuthUserRequest::username() const /* send the initial data to an authenticator module */ void -AuthUserRequest::start(RH * handler, void *data) +Auth::UserRequest::start(RH * handler, void *data) { assert(handler); assert(data); - debugs(29, 9, "authenticateStart: auth_user_request '" << this << "'"); + debugs(29, 9, HERE << "auth_user_request '" << this << "'"); module_start(handler, data); } bool -AuthUserRequest::valid() const +Auth::UserRequest::valid() const { - debugs(29, 9, HERE << "Validating AuthUserRequest '" << this << "'."); + debugs(29, 9, HERE << "Validating Auth::UserRequest '" << this << "'."); if (user() == NULL) { debugs(29, 4, HERE << "No associated Auth::User data"); @@ -98,35 +94,35 @@ AuthUserRequest::valid() const /* any other sanity checks that we need in the future */ /* finally return ok */ - debugs(29, 5, HERE << "Validated. AuthUserRequest '" << this << "'."); + debugs(29, 5, HERE << "Validated. Auth::UserRequest '" << this << "'."); return true; } void * -AuthUserRequest::operator new (size_t byteCount) +Auth::UserRequest::operator new (size_t byteCount) { - fatal ("AuthUserRequest not directly allocatable\n"); + fatal("Auth::UserRequest not directly allocatable\n"); return (void *)1; } void -AuthUserRequest::operator delete (void *address) +Auth::UserRequest::operator delete (void *address) { - fatal ("AuthUserRequest child failed to override operator delete\n"); + fatal("Auth::UserRequest child failed to override operator delete\n"); } -AuthUserRequest::AuthUserRequest(): +Auth::UserRequest::UserRequest(): _auth_user(NULL), message(NULL), lastReply(AUTH_ACL_CANNOT_AUTHENTICATE) { - debugs(29, 5, "AuthUserRequest::AuthUserRequest: initialised request " << this); + debugs(29, 5, HERE << "initialised request " << this); } -AuthUserRequest::~AuthUserRequest() +Auth::UserRequest::~UserRequest() { assert(RefCountCount()==0); - debugs(29, 5, "AuthUserRequest::~AuthUserRequest: freeing request " << this); + debugs(29, 5, HERE << "freeing request " << this); if (user() != NULL) { /* release our references to the user credentials */ @@ -137,20 +133,20 @@ AuthUserRequest::~AuthUserRequest() } void -AuthUserRequest::setDenyMessage(char const *aString) +Auth::UserRequest::setDenyMessage(char const *aString) { safe_free(message); message = xstrdup(aString); } char const * -AuthUserRequest::getDenyMessage() +Auth::UserRequest::getDenyMessage() { return message; } char const * -AuthUserRequest::denyMessage(char const * const default_message) +Auth::UserRequest::denyMessage(char const * const default_message) { if (this == NULL || getDenyMessage() == NULL) { return default_message; @@ -160,7 +156,7 @@ AuthUserRequest::denyMessage(char const * const default_message) } static void -authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip::Address &ipaddr) +authenticateAuthUserRequestSetIp(Auth::UserRequest::Pointer auth_user_request, Ip::Address &ipaddr) { Auth::User::Pointer auth_user = auth_user_request->user(); @@ -171,7 +167,7 @@ authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip: } void -authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer auth_user_request, Ip::Address const &ipaddr) +authenticateAuthUserRequestRemoveIp(Auth::UserRequest::Pointer auth_user_request, Ip::Address const &ipaddr) { Auth::User::Pointer auth_user = auth_user_request->user(); @@ -182,14 +178,14 @@ authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer auth_user_request, } void -authenticateAuthUserRequestClearIp(AuthUserRequest::Pointer auth_user_request) +authenticateAuthUserRequestClearIp(Auth::UserRequest::Pointer auth_user_request) { if (auth_user_request != NULL) auth_user_request->user()->clearIp(); } int -authenticateAuthUserRequestIPCount(AuthUserRequest::Pointer auth_user_request) +authenticateAuthUserRequestIPCount(Auth::UserRequest::Pointer auth_user_request) { assert(auth_user_request != NULL); assert(auth_user_request->user() != NULL); @@ -201,7 +197,7 @@ authenticateAuthUserRequestIPCount(AuthUserRequest::Pointer auth_user_request) * authenticateUserAuthenticated: is this auth_user structure logged in ? */ int -authenticateUserAuthenticated(AuthUserRequest::Pointer auth_user_request) +authenticateUserAuthenticated(Auth::UserRequest::Pointer auth_user_request) { if (auth_user_request == NULL || !auth_user_request->valid()) return 0; @@ -210,7 +206,7 @@ authenticateUserAuthenticated(AuthUserRequest::Pointer auth_user_request) } Auth::Direction -AuthUserRequest::direction() +Auth::UserRequest::direction() { if (user() == NULL) return Auth::CRED_ERROR; // No credentials. Should this be a CHALLENGE instead? @@ -222,21 +218,21 @@ AuthUserRequest::direction() } void -AuthUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accelerated) +Auth::UserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accelerated) {} void -AuthUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accelerated) +Auth::UserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accelerated) {} void -AuthUserRequest::onConnectionClose(ConnStateData *) +Auth::UserRequest::onConnectionClose(ConnStateData *) {} const char * -AuthUserRequest::connLastHeader() +Auth::UserRequest::connLastHeader() { - fatal("AuthUserRequest::connLastHeader should always be overridden by conn based auth schemes"); + fatal("Auth::UserRequest::connLastHeader should always be overridden by conn based auth schemes"); return NULL; } @@ -247,15 +243,15 @@ AuthUserRequest::connLastHeader() * This is basically a handle approach. */ static void -authenticateAuthenticateUser(AuthUserRequest::Pointer auth_user_request, HttpRequest * request, ConnStateData * conn, http_hdr_type type) +authenticateAuthenticateUser(Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, ConnStateData * conn, http_hdr_type type) { assert(auth_user_request.getRaw() != NULL); auth_user_request->authenticate(request, conn, type); } -static AuthUserRequest::Pointer -authTryGetUser(AuthUserRequest::Pointer auth_user_request, ConnStateData * conn, HttpRequest * request) +static Auth::UserRequest::Pointer +authTryGetUser(Auth::UserRequest::Pointer auth_user_request, ConnStateData * conn, HttpRequest * request) { if (auth_user_request != NULL) return auth_user_request; @@ -289,7 +285,7 @@ authTryGetUser(AuthUserRequest::Pointer auth_user_request, ConnStateData * conn, * Caller is responsible for locking and unlocking their *auth_user_request! */ AuthAclState -AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr) +Auth::UserRequest::authenticate(Auth::UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr) { const char *proxy_auth; assert(headertype != 0); @@ -355,7 +351,7 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http Auth::Config * scheme = Auth::Config::Find(proxy_auth); if (conn->auth_user_request->user() == NULL || conn->auth_user_request->user()->config != scheme) { - debugs(29, 1, "WARNING: Unexpected change of authentication scheme from '" << + debugs(29, DBG_IMPORTANT, "WARNING: Unexpected change of authentication scheme from '" << conn->auth_user_request->user()->config->type() << "' to '" << proxy_auth << "' (client " << src_addr << ")"); @@ -455,14 +451,14 @@ AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http } AuthAclState -AuthUserRequest::tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr) +Auth::UserRequest::tryToAuthenticateAndSetAuthUser(Auth::UserRequest::Pointer * aUR, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr) { - /* If we have already been called, return the cached value */ - AuthUserRequest::Pointer t = authTryGetUser(*auth_user_request, conn, request); + // If we have already been called, return the cached value + Auth::UserRequest::Pointer t = authTryGetUser(*aUR, conn, request); if (t != NULL && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE && t->lastReply != AUTH_ACL_HELPER) { - if (*auth_user_request == NULL) - *auth_user_request = t; + if (*aUR == NULL) + *aUR = t; if (request->auth_user_request == NULL && t->lastReply == AUTH_AUTHENTICATED) { request->auth_user_request = t; @@ -470,10 +466,11 @@ AuthUserRequest::tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer * auth return t->lastReply; } - /* ok, call the actual authenticator routine. */ - AuthAclState result = authenticate(auth_user_request, headertype, request, conn, src_addr); + // ok, call the actual authenticator routine. + AuthAclState result = authenticate(aUR, headertype, request, conn, src_addr); - t = authTryGetUser(*auth_user_request, conn, request); + // auth process may have changed the UserRequest we are dealing with + t = authTryGetUser(*aUR, conn, request); if (t != NULL && result != AUTH_ACL_CANNOT_AUTHENTICATE && result != AUTH_ACL_HELPER) t->lastReply = result; @@ -482,7 +479,7 @@ AuthUserRequest::tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer * auth } void -AuthUserRequest::addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal) +Auth::UserRequest::addReplyAuthHeader(HttpReply * rep, Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal) /* send the auth types we are configured to support (and have compiled in!) */ { http_hdr_type type; @@ -506,7 +503,7 @@ AuthUserRequest::addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer au break; } - debugs(29, 9, "authenticateFixHeader: headertype:" << type << " authuser:" << auth_user_request); + debugs(29, 9, HERE << "headertype:" << type << " authuser:" << auth_user_request); if (((rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED) || (rep->sline.status == HTTP_UNAUTHORIZED)) && internal) @@ -525,7 +522,7 @@ AuthUserRequest::addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer au if (scheme->active()) scheme->fixHeader(NULL, rep, type, request); else - debugs(29, 4, "authenticateFixHeader: Configured scheme " << scheme->type() << " not Active"); + debugs(29, 4, HERE << "Configured scheme " << scheme->type() << " not Active"); } } @@ -542,22 +539,24 @@ AuthUserRequest::addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer au } } +// TODO remove wrapper. void -authenticateFixHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal) +authenticateFixHeader(HttpReply * rep, Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal) { - AuthUserRequest::addReplyAuthHeader(rep, auth_user_request, request, accelerated, internal); + Auth::UserRequest::addReplyAuthHeader(rep, auth_user_request, request, accelerated, internal); } /* call the active auth module and allow it to add a trailer to the request */ +// TODO remove wrapper void -authenticateAddTrailer(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated) +authenticateAddTrailer(HttpReply * rep, Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated) { if (auth_user_request != NULL) auth_user_request->addAuthenticationInfoTrailer(rep, accelerated); } Auth::Scheme::Pointer -AuthUserRequest::scheme() const +Auth::UserRequest::scheme() const { return Auth::Scheme::Find(user()->config->type()); } diff --git a/src/auth/UserRequest.h b/src/auth/UserRequest.h index c81185c9e6..b420cbaffd 100644 --- a/src/auth/UserRequest.h +++ b/src/auth/UserRequest.h @@ -32,8 +32,8 @@ * */ -#ifndef SQUID_AUTHUSERREQUEST_H -#define SQUID_AUTHUSERREQUEST_H +#ifndef SQUID_AUTH_USERREQUEST_H +#define SQUID_AUTH_USERREQUEST_H #if USE_AUTH @@ -77,19 +77,22 @@ enum Direction { CRED_LOOKUP = -1, ///< Credentials need to be validated with the backend helper CRED_ERROR = -2 ///< ERROR in the auth module. Cannot determine the state of this request. }; -} // namespace Auth /** - \ingroup AuthAPI * This is a short lived structure is the visible aspect of the authentication framework. * * It and its children hold the state data while processing authentication for a client request. * The AuthenticationStateData object is merely a CBDATA wrapper for one of these. */ -class AuthUserRequest : public RefCountable +class UserRequest : public RefCountable { public: - typedef RefCount Pointer; + typedef RefCount Pointer; + + UserRequest(); + virtual ~UserRequest(); + void *operator new(size_t byteCount); + void operator delete(void *address); public: /** @@ -97,7 +100,7 @@ public: * it has request specific data, and links to user specific data * the user */ - Auth::User::Pointer _auth_user; + User::Pointer _auth_user; /** * Used by squid to determine what the next step in performing authentication for a given scheme is. @@ -111,7 +114,7 @@ public: * Squid will return the appropriate status code (401 or 407) and call the registered * FixError function to allow the auth module to insert it's challenge. */ - Auth::Direction direction(); + Direction direction(); /** * Used by squid to determine whether the auth scheme has successfully authenticated the user request. @@ -136,7 +139,7 @@ public: virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) = 0; /* template method - what needs to be done next? advertise schemes, challenge, handle error, nothing? */ - virtual Auth::Direction module_direction() = 0; + virtual Direction module_direction() = 0; /* add the [Proxy-]Authentication-Info header */ virtual void addAuthenticationInfoHeader(HttpReply * rep, int accel); @@ -155,20 +158,33 @@ public: */ virtual void module_start(RH *handler, void *data) = 0; - virtual Auth::User::Pointer user() {return _auth_user;} + // User credentials object this UserRequest is managing + virtual User::Pointer user() {return _auth_user;} + virtual const User::Pointer user() const {return _auth_user;} + virtual void user(User::Pointer aUser) {_auth_user=aUser;} - virtual const Auth::User::Pointer user() const {return _auth_user;} - - virtual void user(Auth::User::Pointer aUser) {_auth_user=aUser;} - - static AuthAclState tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &); - static void addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal); - - AuthUserRequest(); + /** + * Locate user credentials in one of several locations. Begin authentication if needed. + * + * Credentials may be found in one of the following locations (listed by order of preference): + * - the source passed as parameter aUR + * - cached in the HttpRequest parameter from a previous authentication of this request + * - cached in the ConnStateData paremeter from a previous authentication of this connection + * (only applies to some situations. ie NTLM, Negotiate, Kerberos auth schemes, + * or decrypted SSL requests from inside an authenticated CONNECT tunnel) + * - cached in the user credentials cache from a previous authentication of the same credentials + * (only applies to cacheable authentication methods, ie Basic auth) + * - new credentials created from HTTP headers in this request + * + * The found credentials are returned in aUR and if successfully authenticated + * may now be cached in one or more of the above locations. + * + * \return Some AUTH_ACL_* state + */ + static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &); - virtual ~AuthUserRequest(); - void *operator new(size_t byteCount); - void operator delete(void *address); + /// Add the appropriate [Proxy-]Authenticate header to the given reply + static void addReplyAuthHeader(HttpReply * rep, UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal); void start( RH * handler, void *data); char const * denyMessage(char const * const default_message = NULL); @@ -189,13 +205,13 @@ public: */ char const *username() const; - Auth::Scheme::Pointer scheme() const; + Scheme::Pointer scheme() const; virtual const char * connLastHeader(); private: - static AuthAclState authenticate(AuthUserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr); + static AuthAclState authenticate(UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr); /** return a message on the 407 error pages */ char *message; @@ -208,23 +224,25 @@ private: AuthAclState lastReply; }; +} // namespace Auth + /* AuthUserRequest */ /// \ingroup AuthAPI -extern void authenticateFixHeader(HttpReply *, AuthUserRequest::Pointer, HttpRequest *, int, int); +extern void authenticateFixHeader(HttpReply *, Auth::UserRequest::Pointer, HttpRequest *, int, int); /// \ingroup AuthAPI -extern void authenticateAddTrailer(HttpReply *, AuthUserRequest::Pointer, HttpRequest *, int); +extern void authenticateAddTrailer(HttpReply *, Auth::UserRequest::Pointer, HttpRequest *, int); /// \ingroup AuthAPI -extern void authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer, Ip::Address const &); +extern void authenticateAuthUserRequestRemoveIp(Auth::UserRequest::Pointer, Ip::Address const &); /// \ingroup AuthAPI -extern void authenticateAuthUserRequestClearIp(AuthUserRequest::Pointer); +extern void authenticateAuthUserRequestClearIp(Auth::UserRequest::Pointer); /// \ingroup AuthAPI -extern int authenticateAuthUserRequestIPCount(AuthUserRequest::Pointer); +extern int authenticateAuthUserRequestIPCount(Auth::UserRequest::Pointer); /// \ingroup AuthAPI -/// See AuthUserRequest::authenticated() -extern int authenticateUserAuthenticated(AuthUserRequest::Pointer); +/// See Auth::UserRequest::authenticated() +extern int authenticateUserAuthenticated(Auth::UserRequest::Pointer); #endif /* USE_AUTH */ #endif /* SQUID_AUTHUSERREQUEST_H */ diff --git a/src/auth/basic/User.h b/src/auth/basic/User.h index a2528bf168..c5d5fd2f36 100644 --- a/src/auth/basic/User.h +++ b/src/auth/basic/User.h @@ -34,7 +34,7 @@ public: BasicAuthQueueNode *auth_queue; private: - AuthUserRequest::Pointer currentRequest; + Auth::UserRequest::Pointer currentRequest; }; MEMPROXY_CLASS_INLINE(Auth::Basic::User); diff --git a/src/auth/basic/UserRequest.cc b/src/auth/basic/UserRequest.cc index bdad042093..99a65caa80 100644 --- a/src/auth/basic/UserRequest.cc +++ b/src/auth/basic/UserRequest.cc @@ -12,7 +12,7 @@ #endif int -AuthBasicUserRequest::authenticated() const +Auth::Basic::UserRequest::authenticated() const { Auth::Basic::User const *basic_auth = dynamic_cast(user().getRaw()); @@ -25,7 +25,7 @@ AuthBasicUserRequest::authenticated() const /* log a basic user in */ void -AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) +Auth::Basic::UserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) { assert(user() != NULL); @@ -50,9 +50,9 @@ AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, } Auth::Direction -AuthBasicUserRequest::module_direction() +Auth::Basic::UserRequest::module_direction() { - /* null auth_user is checked for by AuthUserRequest::direction() */ + /* null auth_user is checked for by Auth::UserRequest::direction() */ if (user()->auth_type != Auth::AUTH_BASIC) return Auth::CRED_ERROR; @@ -77,7 +77,7 @@ AuthBasicUserRequest::module_direction() /* send the initial data to a basic authenticator module */ void -AuthBasicUserRequest::module_start(RH * handler, void *data) +Auth::Basic::UserRequest::module_start(RH * handler, void *data) { assert(user()->auth_type == Auth::AUTH_BASIC); Auth::Basic::User *basic_auth = dynamic_cast(user().getRaw()); @@ -129,12 +129,12 @@ AuthBasicUserRequest::module_start(RH * handler, void *data) debugs(9, DBG_CRITICAL, "ERROR: Basic Authentication Failure. user:password exceeds " << sizeof(buf) << " bytes."); handler(data, NULL); } else - helperSubmit(basicauthenticators, buf, AuthBasicUserRequest::HandleReply, + helperSubmit(basicauthenticators, buf, Auth::Basic::UserRequest::HandleReply, new Auth::StateData(this, handler, data)); } void -AuthBasicUserRequest::HandleReply(void *data, char *reply) +Auth::Basic::UserRequest::HandleReply(void *data, char *reply) { Auth::StateData *r = static_cast(data); BasicAuthQueueNode *tmpnode; diff --git a/src/auth/basic/UserRequest.h b/src/auth/basic/UserRequest.h index a24cd8ae74..febe4453ad 100644 --- a/src/auth/basic/UserRequest.h +++ b/src/auth/basic/UserRequest.h @@ -1,22 +1,27 @@ #ifndef _SQUID_SRC_AUTH_BASIC_USERREQUEST_H #define _SQUID_SRC_AUTH_BASIC_USERREQUEST_H -#include "MemPool.h" #include "auth/UserRequest.h" +#include "MemPool.h" class ConnStateData; class HttpRequest; -/* follows the http request around */ +namespace Auth +{ -class AuthBasicUserRequest : public AuthUserRequest +namespace Basic { +/* follows the http request around */ + +class UserRequest : public Auth::UserRequest +{ public: - MEMPROXY_CLASS(AuthBasicUserRequest); + MEMPROXY_CLASS(Auth::Basic::UserRequest); - AuthBasicUserRequest() {}; - virtual ~AuthBasicUserRequest() { assert(RefCountCount()==0); }; + UserRequest() {} + virtual ~UserRequest() { assert(RefCountCount()==0); } virtual int authenticated() const; virtual void authenticate(HttpRequest * request, ConnStateData *conn, http_hdr_type type); @@ -27,6 +32,9 @@ private: static HLPCB HandleReply; }; -MEMPROXY_CLASS_INLINE(AuthBasicUserRequest); +} // namespace Basic +} // namespace Auth + +MEMPROXY_CLASS_INLINE(Auth::Basic::UserRequest); #endif /* _SQUID_SRC_AUTH_BASIC_USERREQUEST_H */ diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc index ff150c3e35..e6dc3e0740 100644 --- a/src/auth/basic/auth_basic.cc +++ b/src/auth/basic/auth_basic.cc @@ -95,7 +95,7 @@ Auth::Basic::Config::type() const } void -Auth::Basic::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) +Auth::Basic::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (authenticateProgram) { debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Basic realm=\"" << basicAuthRealm << "\"'"); @@ -258,10 +258,10 @@ Auth::Basic::Config::decodeCleartext(const char *httpAuthHeader) * "cannot decode credentials". Use the message field to return a * descriptive message to the user. */ -AuthUserRequest::Pointer +Auth::UserRequest::Pointer Auth::Basic::Config::decode(char const *proxy_auth) { - AuthUserRequest::Pointer auth_user_request = dynamic_cast(new AuthBasicUserRequest); + Auth::UserRequest::Pointer auth_user_request = dynamic_cast(new Auth::Basic::UserRequest); /* decode the username */ // retrieve the cleartext (in a dynamically allocated char*) diff --git a/src/auth/basic/auth_basic.h b/src/auth/basic/auth_basic.h index 475b547fc8..405002a0b7 100644 --- a/src/auth/basic/auth_basic.h +++ b/src/auth/basic/auth_basic.h @@ -19,7 +19,7 @@ class BasicAuthQueueNode public: BasicAuthQueueNode *next; - AuthUserRequest::Pointer auth_user_request; + Auth::UserRequest::Pointer auth_user_request; RH *handler; void *data; }; @@ -37,14 +37,14 @@ public: ~Config(); virtual bool active() const; virtual bool configured() const; - virtual AuthUserRequest::Pointer decode(char const *proxy_auth); + virtual Auth::UserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); virtual void dump(StoreEntry *, const char *, Auth::Config *); - virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); + virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); virtual void init(Auth::Config *); virtual void parse(Auth::Config *, int, char *); - void decode(char const *httpAuthHeader, AuthUserRequest::Pointer); + void decode(char const *httpAuthHeader, Auth::UserRequest::Pointer); virtual void registerWithCacheManager(void); virtual const char * type() const; diff --git a/src/auth/digest/UserRequest.cc b/src/auth/digest/UserRequest.cc index a203437d4e..ed842d5f19 100644 --- a/src/auth/digest/UserRequest.cc +++ b/src/auth/digest/UserRequest.cc @@ -8,7 +8,7 @@ #include "HttpRequest.h" #include "SquidTime.h" -AuthDigestUserRequest::AuthDigestUserRequest() : +Auth::Digest::UserRequest::UserRequest() : nonceb64(NULL), cnonce(NULL), realm(NULL), @@ -25,7 +25,7 @@ AuthDigestUserRequest::AuthDigestUserRequest() : * Delete the digest request structure. * Does NOT delete related AuthUser structures */ -AuthDigestUserRequest::~AuthDigestUserRequest() +Auth::Digest::UserRequest::~UserRequest() { assert(RefCountCount()==0); @@ -44,7 +44,7 @@ AuthDigestUserRequest::~AuthDigestUserRequest() } int -AuthDigestUserRequest::authenticated() const +Auth::Digest::UserRequest::authenticated() const { if (user() != NULL && user()->credentials() == Auth::Ok) return 1; @@ -55,7 +55,7 @@ AuthDigestUserRequest::authenticated() const /** log a digest user in */ void -AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) +Auth::Digest::UserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) { HASHHEX SESSIONKEY; HASHHEX HA2 = ""; @@ -71,7 +71,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, Auth::Digest::User *digest_user = dynamic_cast(auth_user.getRaw()); assert(digest_user != NULL); - AuthDigestUserRequest *digest_request = this; + Auth::Digest::UserRequest *digest_request = this; /* do we have the HA1 */ if (!digest_user->HA1created) { @@ -131,7 +131,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, } if (last_broken_addr != request->client_addr) { - debugs(29, 1, "\nDigest POST bug detected from " << + debugs(29, DBG_IMPORTANT, "Digest POST bug detected from " << request->client_addr << " using '" << (useragent ? useragent : "-") << "'. Please upgrade browser. See Bug #630 for details."); @@ -148,7 +148,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, /* check for stale nonce */ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { - debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale"); + debugs(29, 3, HERE << "user '" << auth_user->username() << "' validated OK but nonce stale"); auth_user->credentials(Auth::Failed); digest_request->setDenyMessage("Stale nonce"); return; @@ -158,7 +158,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, auth_user->credentials(Auth::Ok); /* password was checked and did match */ - debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK"); + debugs(29, 4, HERE << "user '" << auth_user->username() << "' validated OK"); /* auth_user is now linked, we reset these values * after external auth occurs anyway */ @@ -167,7 +167,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, } Auth::Direction -AuthDigestUserRequest::module_direction() +Auth::Digest::UserRequest::module_direction() { if (user()->auth_type != Auth::AUTH_DIGEST) return Auth::CRED_ERROR; @@ -191,7 +191,7 @@ AuthDigestUserRequest::module_direction() } void -AuthDigestUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel) +Auth::Digest::UserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel) { http_hdr_type type; @@ -211,14 +211,14 @@ AuthDigestUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel) if ((static_cast(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) { flags.authinfo_sent = 1; - debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); + debugs(29, 9, HERE << "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); } } #if WAITING_FOR_TE void -AuthDigestUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel) +Auth::Digest::UserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel) { int type; @@ -237,7 +237,7 @@ AuthDigestUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel) type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO; if ((static_cast(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) { - debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); + debugs(29, 9, HERE << "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\""); httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce)); } } @@ -245,12 +245,12 @@ AuthDigestUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel) /* send the initial data to a digest authenticator module */ void -AuthDigestUserRequest::module_start(RH * handler, void *data) +Auth::Digest::UserRequest::module_start(RH * handler, void *data) { char buf[8192]; assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST); - debugs(29, 9, "authenticateStart: '\"" << user()->username() << "\":\"" << realm << "\"'"); + debugs(29, 9, HERE << "'\"" << user()->username() << "\":\"" << realm << "\"'"); if (static_cast(Auth::Config::Find("digest"))->authenticateProgram == NULL) { debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured."); @@ -266,12 +266,12 @@ AuthDigestUserRequest::module_start(RH * handler, void *data) snprintf(buf, 8192, "\"%s\":\"%s\"\n", user()->username(), realm); } - helperSubmit(digestauthenticators, buf, AuthDigestUserRequest::HandleReply, + helperSubmit(digestauthenticators, buf, Auth::Digest::UserRequest::HandleReply, new Auth::StateData(this, handler, data)); } void -AuthDigestUserRequest::HandleReply(void *data, char *reply) +Auth::Digest::UserRequest::HandleReply(void *data, char *reply) { Auth::StateData *replyData = static_cast(data); char *t = NULL; @@ -287,11 +287,11 @@ AuthDigestUserRequest::HandleReply(void *data, char *reply) } assert(replyData->auth_user_request != NULL); - AuthUserRequest::Pointer auth_user_request = replyData->auth_user_request; + Auth::UserRequest::Pointer auth_user_request = replyData->auth_user_request; if (reply && (strncasecmp(reply, "ERR", 3) == 0)) { /* allow this because the digest_request pointer is purely local */ - AuthDigestUserRequest *digest_request = dynamic_cast(auth_user_request.getRaw()); + Auth::Digest::UserRequest *digest_request = dynamic_cast(auth_user_request.getRaw()); assert(digest_request); digest_request->user()->credentials(Auth::Failed); diff --git a/src/auth/digest/UserRequest.h b/src/auth/digest/UserRequest.h index 88bf96a3cc..af2d7fc8d4 100644 --- a/src/auth/digest/UserRequest.h +++ b/src/auth/digest/UserRequest.h @@ -9,21 +9,26 @@ class ConnStateData; class HttpReply; class HttpRequest; +namespace Auth +{ +namespace Digest +{ + /** - * The AuthDigestUserRequest structure is what follows the http_request around + * The UserRequest structure is what follows the http_request around */ -class AuthDigestUserRequest : public AuthUserRequest +class UserRequest : public Auth::UserRequest { public: - MEMPROXY_CLASS(AuthDigestUserRequest); + MEMPROXY_CLASS(Auth::Digest::UserRequest); - AuthDigestUserRequest(); - virtual ~AuthDigestUserRequest(); + UserRequest(); + virtual ~UserRequest(); virtual int authenticated() const; virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type); - virtual Auth::Direction module_direction(); + virtual Direction module_direction(); virtual void addAuthenticationInfoHeader(HttpReply * rep, int accel); #if WAITING_FOR_TE virtual void addAuthenticationInfoTrailer(HttpReply * rep, int accel); @@ -53,6 +58,9 @@ private: static HLPCB HandleReply; }; -MEMPROXY_CLASS_INLINE(AuthDigestUserRequest); +} // namespace Digest +} // namespace Auth + +MEMPROXY_CLASS_INLINE(Auth::Digest::UserRequest); #endif /* _SQUID_SRC_AUTH_DIGEST_USERREQUEST_H */ diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index ac05b3fe65..442a116b0f 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -542,7 +542,7 @@ Auth::Digest::Config::configured() const /* add the [www-|Proxy-]authenticate header on a 407 or 401 reply */ void -Auth::Digest::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) +Auth::Digest::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (!authenticateProgram) return; @@ -550,8 +550,7 @@ Auth::Digest::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, Http int stale = 0; if (auth_user_request != NULL) { - AuthDigestUserRequest *digest_request; - digest_request = dynamic_cast(auth_user_request.getRaw()); + Auth::Digest::UserRequest *digest_request = dynamic_cast(auth_user_request.getRaw()); assert (digest_request != NULL); stale = !digest_request->flags.invalid_password; @@ -560,7 +559,7 @@ Auth::Digest::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, Http /* on a 407 or 401 we always use a new nonce */ digest_nonce_h *nonce = authenticateDigestNonceNew(); - debugs(29, 9, "authenticateFixHeader: Sending type:" << hdrType << + debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Digest realm=\"" << digestAuthRealm << "\", nonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\", qop=\"" << QOP_AUTH << "\", stale=" << (stale ? "true" : "false")); @@ -757,8 +756,8 @@ authDigestUserLinkNonce(Auth::Digest::User * user, digest_nonce_h * nonce) } /* setup the necessary info to log the username */ -static AuthUserRequest::Pointer -authDigestLogUsername(char *username, AuthUserRequest::Pointer auth_user_request) +static Auth::UserRequest::Pointer +authDigestLogUsername(char *username, Auth::UserRequest::Pointer auth_user_request) { assert(auth_user_request != NULL); @@ -778,7 +777,7 @@ authDigestLogUsername(char *username, AuthUserRequest::Pointer auth_user_request * Decode a Digest [Proxy-]Auth string, placing the results in the passed * Auth_user structure. */ -AuthUserRequest::Pointer +Auth::UserRequest::Pointer Auth::Digest::Config::decode(char const *proxy_auth) { const char *item; @@ -790,7 +789,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) debugs(29, 9, "authenticateDigestDecodeAuth: beginning"); - AuthDigestUserRequest *digest_request = new AuthDigestUserRequest(); + Auth::Digest::UserRequest *digest_request = new Auth::Digest::UserRequest(); /* trim DIGEST from string */ @@ -838,14 +837,14 @@ Auth::Digest::Config::decode(char const *proxy_auth) } } else if (*p == '"') { if (!httpHeaderParseQuotedString(p, vlen, &value)) { - debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'"); + debugs(29, 9, HERE << "Failed to parse attribute '" << item << "' in '" << temp << "'"); continue; } } else { value.limitInit(p, vlen); } } else { - debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'"); + debugs(29, 9, HERE << "Failed to parse attribute '" << item << "' in '" << temp << "'"); continue; } @@ -856,61 +855,61 @@ Auth::Digest::Config::decode(char const *proxy_auth) case DIGEST_USERNAME: safe_free(username); username = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found Username '" << username << "'"); + debugs(29, 9, HERE << "Found Username '" << username << "'"); break; case DIGEST_REALM: safe_free(digest_request->realm); digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found realm '" << digest_request->realm << "'"); + debugs(29, 9, HERE << "Found realm '" << digest_request->realm << "'"); break; case DIGEST_QOP: safe_free(digest_request->qop); digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found qop '" << digest_request->qop << "'"); + debugs(29, 9, HERE << "Found qop '" << digest_request->qop << "'"); break; case DIGEST_ALGORITHM: safe_free(digest_request->algorithm); digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found algorithm '" << digest_request->algorithm << "'"); + debugs(29, 9, HERE << "Found algorithm '" << digest_request->algorithm << "'"); break; case DIGEST_URI: safe_free(digest_request->uri); digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found uri '" << digest_request->uri << "'"); + debugs(29, 9, HERE << "Found uri '" << digest_request->uri << "'"); break; case DIGEST_NONCE: safe_free(digest_request->nonceb64); digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found nonce '" << digest_request->nonceb64 << "'"); + debugs(29, 9, HERE << "Found nonce '" << digest_request->nonceb64 << "'"); break; case DIGEST_NC: if (value.size() != 8) { - debugs(29, 9, "authDigestDecodeAuth: Invalid nc '" << value << "' in '" << temp << "'"); + debugs(29, 9, HERE << "Invalid nc '" << value << "' in '" << temp << "'"); } xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found noncecount '" << digest_request->nc << "'"); + debugs(29, 9, HERE << "Found noncecount '" << digest_request->nc << "'"); break; case DIGEST_CNONCE: safe_free(digest_request->cnonce); digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found cnonce '" << digest_request->cnonce << "'"); + debugs(29, 9, HERE << "Found cnonce '" << digest_request->cnonce << "'"); break; case DIGEST_RESPONSE: safe_free(digest_request->response); digest_request->response = xstrndup(value.rawBuf(), value.size() + 1); - debugs(29, 9, "authDigestDecodeAuth: Found response '" << digest_request->response << "'"); + debugs(29, 9, HERE << "Found response '" << digest_request->response << "'"); break; default: - debugs(29, 3, "authDigestDecodeAuth: Unknown attribute '" << item << "' in '" << temp << "'"); + debugs(29, 3, HERE << "Unknown attribute '" << item << "' in '" << temp << "'"); break; } } @@ -933,7 +932,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) /* do we have a username ? */ if (!username || username[0] == '\0') { - debugs(29, 2, "authenticateDigestDecode: Empty or not present username"); + debugs(29, 2, HERE << "Empty or not present username"); return authDigestLogUsername(username, digest_request); } @@ -942,32 +941,32 @@ Auth::Digest::Config::decode(char const *proxy_auth) * have been redone */ if (strchr(username, '"')) { - debugs(29, 2, "authenticateDigestDecode: Unacceptable username '" << username << "'"); + debugs(29, 2, HERE << "Unacceptable username '" << username << "'"); return authDigestLogUsername(username, digest_request); } /* do we have a realm ? */ if (!digest_request->realm || digest_request->realm[0] == '\0') { - debugs(29, 2, "authenticateDigestDecode: Empty or not present realm"); + debugs(29, 2, HERE << "Empty or not present realm"); return authDigestLogUsername(username, digest_request); } /* and a nonce? */ if (!digest_request->nonceb64 || digest_request->nonceb64[0] == '\0') { - debugs(29, 2, "authenticateDigestDecode: Empty or not present nonce"); + debugs(29, 2, HERE << "Empty or not present nonce"); return authDigestLogUsername(username, digest_request); } /* we can't check the URI just yet. We'll check it in the * authenticate phase, but needs to be given */ if (!digest_request->uri || digest_request->uri[0] == '\0') { - debugs(29, 2, "authenticateDigestDecode: Missing URI field"); + debugs(29, 2, HERE << "Missing URI field"); return authDigestLogUsername(username, digest_request); } /* is the response the correct length? */ if (!digest_request->response || strlen(digest_request->response) != 32) { - debugs(29, 2, "authenticateDigestDecode: Response length invalid"); + debugs(29, 2, HERE << "Response length invalid"); return authDigestLogUsername(username, digest_request); } @@ -976,7 +975,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) digest_request->algorithm = xstrndup("MD5", 4); else if (strcmp(digest_request->algorithm, "MD5") && strcmp(digest_request->algorithm, "MD5-sess")) { - debugs(29, 2, "authenticateDigestDecode: invalid algorithm specified!"); + debugs(29, 2, HERE << "invalid algorithm specified!"); return authDigestLogUsername(username, digest_request); } @@ -986,25 +985,25 @@ Auth::Digest::Config::decode(char const *proxy_auth) /* check the qop is what we expected. */ if (strcmp(digest_request->qop, QOP_AUTH) != 0) { /* we received a qop option we didn't send */ - debugs(29, 2, "authenticateDigestDecode: Invalid qop option received"); + debugs(29, 2, HERE << "Invalid qop option received"); return authDigestLogUsername(username, digest_request); } /* check cnonce */ if (!digest_request->cnonce || digest_request->cnonce[0] == '\0') { - debugs(29, 2, "authenticateDigestDecode: Missing cnonce field"); + debugs(29, 2, HERE << "Missing cnonce field"); return authDigestLogUsername(username, digest_request); } /* check nc */ if (strlen(digest_request->nc) != 8 || strspn(digest_request->nc, "0123456789abcdefABCDEF") != 8) { - debugs(29, 2, "authenticateDigestDecode: invalid nonce count"); + debugs(29, 2, HERE << "invalid nonce count"); return authDigestLogUsername(username, digest_request); } } else { /* cnonce and nc both require qop */ if (digest_request->cnonce || digest_request->nc) { - debugs(29, 2, "authenticateDigestDecode: missing qop!"); + debugs(29, 2, HERE << "missing qop!"); return authDigestLogUsername(username, digest_request); } } @@ -1015,7 +1014,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64); if (!nonce) { /* we couldn't find a matching nonce! */ - debugs(29, 2, "authenticateDigestDecode: Unexpected or invalid nonce received"); + debugs(29, 2, HERE << "Unexpected or invalid nonce received"); if (digest_request->user() != NULL) digest_request->user()->credentials(Auth::Failed); return authDigestLogUsername(username, digest_request); @@ -1026,7 +1025,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) /* check that we're not being hacked / the username hasn't changed */ if (nonce->user && strcmp(username, nonce->user->username())) { - debugs(29, 2, "authenticateDigestDecode: Username for the nonce does not equal the username for the request"); + debugs(29, 2, HERE << "Username for the nonce does not equal the username for the request"); return authDigestLogUsername(username, digest_request); } @@ -1042,7 +1041,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) if ((auth_user = authDigestUserFindUsername(username)) == NULL) { /* the user doesn't exist in the username cache yet */ - debugs(29, 9, "authDigestDecodeAuth: Creating new digest user '" << username << "'"); + debugs(29, 9, HERE << "Creating new digest user '" << username << "'"); digest_user = new Auth::Digest::User(this); /* auth_user is a parent */ auth_user = digest_user; @@ -1062,7 +1061,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) */ authDigestUserLinkNonce(digest_user, nonce); } else { - debugs(29, 9, "authDigestDecodeAuth: Found user '" << username << "' in the user cache as '" << auth_user << "'"); + debugs(29, 9, HERE << "Found user '" << username << "' in the user cache as '" << auth_user << "'"); digest_user = static_cast(auth_user.getRaw()); xfree(username); } @@ -1071,7 +1070,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) assert(digest_request != NULL); digest_request->user(digest_user); - debugs(29, 9, "username = '" << digest_user->username() << "'\nrealm = '" << + debugs(29, 9, HERE << "username = '" << digest_user->username() << "'\nrealm = '" << digest_request->realm << "'\nqop = '" << digest_request->qop << "'\nalgorithm = '" << digest_request->algorithm << "'\nuri = '" << digest_request->uri << "'\nnonce = '" << digest_request->nonceb64 << diff --git a/src/auth/digest/auth_digest.h b/src/auth/digest/auth_digest.h index bdef8124b4..0b9c2054aa 100644 --- a/src/auth/digest/auth_digest.h +++ b/src/auth/digest/auth_digest.h @@ -69,11 +69,11 @@ public: Config(); virtual bool active() const; virtual bool configured() const; - virtual AuthUserRequest::Pointer decode(char const *proxy_auth); + virtual Auth::UserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); virtual void dump(StoreEntry *, const char *, Auth::Config *); - virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); + virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); virtual void init(Auth::Config *); virtual void parse(Auth::Config *, int, char *); virtual void registerWithCacheManager(void); diff --git a/src/auth/negotiate/UserRequest.cc b/src/auth/negotiate/UserRequest.cc index 205dffe38c..ed9815b9c0 100644 --- a/src/auth/negotiate/UserRequest.cc +++ b/src/auth/negotiate/UserRequest.cc @@ -8,7 +8,7 @@ #include "HttpRequest.h" #include "SquidTime.h" -AuthNegotiateUserRequest::AuthNegotiateUserRequest() +Auth::Negotiate::UserRequest::UserRequest() { waiting=0; client_blob=0; @@ -17,7 +17,7 @@ AuthNegotiateUserRequest::AuthNegotiateUserRequest() request=NULL; } -AuthNegotiateUserRequest::~AuthNegotiateUserRequest() +Auth::Negotiate::UserRequest::~UserRequest() { assert(RefCountCount()==0); safe_free(server_blob); @@ -32,13 +32,13 @@ AuthNegotiateUserRequest::~AuthNegotiateUserRequest() } const char * -AuthNegotiateUserRequest::connLastHeader() +Auth::Negotiate::UserRequest::connLastHeader() { return NULL; } int -AuthNegotiateUserRequest::authenticated() const +Auth::Negotiate::UserRequest::authenticated() const { if (user() != NULL && user()->credentials() == Auth::Ok) { debugs(29, 9, HERE << "user authenticated."); @@ -50,9 +50,9 @@ AuthNegotiateUserRequest::authenticated() const } Auth::Direction -AuthNegotiateUserRequest::module_direction() +Auth::Negotiate::UserRequest::module_direction() { - /* null auth_user is checked for by AuthUserRequest::direction() */ + /* null auth_user is checked for by Auth::UserRequest::direction() */ if (waiting || client_blob) return Auth::CRED_LOOKUP; /* need helper response to continue */ @@ -79,7 +79,7 @@ AuthNegotiateUserRequest::module_direction() } void -AuthNegotiateUserRequest::module_start(RH * handler, void *data) +Auth::Negotiate::UserRequest::module_start(RH * handler, void *data) { static char buf[MAX_AUTHTOKEN_LEN]; @@ -107,7 +107,7 @@ AuthNegotiateUserRequest::module_start(RH * handler, void *data) safe_free(client_blob); - helperStatefulSubmit(negotiateauthenticators, buf, AuthNegotiateUserRequest::HandleReply, + helperStatefulSubmit(negotiateauthenticators, buf, Auth::Negotiate::UserRequest::HandleReply, new Auth::StateData(this, handler, data), authserver); } @@ -116,7 +116,7 @@ AuthNegotiateUserRequest::module_start(RH * handler, void *data) * for this request connections use. */ void -AuthNegotiateUserRequest::releaseAuthServer() +Auth::Negotiate::UserRequest::releaseAuthServer() { if (authserver) { debugs(29, 6, HERE << "releasing Negotiate auth server '" << authserver << "'"); @@ -128,14 +128,14 @@ AuthNegotiateUserRequest::releaseAuthServer() /* clear any connection related authentication details */ void -AuthNegotiateUserRequest::onConnectionClose(ConnStateData *conn) +Auth::Negotiate::UserRequest::onConnectionClose(ConnStateData *conn) { assert(conn != NULL); - debugs(29, 8, "AuthNegotiateUserRequest::onConnectionClose: closing connection '" << conn << "' (this is '" << this << "')"); + debugs(29, 8, HERE << "closing connection '" << conn << "' (this is '" << this << "')"); if (conn->auth_user_request == NULL) { - debugs(29, 8, "AuthNegotiateUserRequest::onConnectionClose: no auth_user_request"); + debugs(29, 8, HERE << "no auth_user_request"); return; } @@ -148,7 +148,7 @@ AuthNegotiateUserRequest::onConnectionClose(ConnStateData *conn) } void -AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type) +Auth::Negotiate::UserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type) { assert(this); @@ -218,7 +218,7 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c break; case Auth::Ok: - fatal("AuthNegotiateUserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n"); + fatal("Auth::Negotiate::UserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n"); break; case Auth::Failed: @@ -229,7 +229,7 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c } void -AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) +Auth::Negotiate::UserRequest::HandleReply(void *data, void *lastserver, char *reply) { Auth::StateData *r = static_cast(data); @@ -248,10 +248,10 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) reply = (char *)"BH Internal error"; } - AuthUserRequest::Pointer auth_user_request = r->auth_user_request; + Auth::UserRequest::Pointer auth_user_request = r->auth_user_request; assert(auth_user_request != NULL); - AuthNegotiateUserRequest *lm_request = dynamic_cast(auth_user_request.getRaw()); + Auth::Negotiate::UserRequest *lm_request = dynamic_cast(auth_user_request.getRaw()); assert(lm_request != NULL); assert(lm_request->waiting); @@ -365,7 +365,7 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) } void -AuthNegotiateUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel) +Auth::Negotiate::UserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel) { http_hdr_type type; diff --git a/src/auth/negotiate/UserRequest.h b/src/auth/negotiate/UserRequest.h index 1e4e168ef9..888cdf93ff 100644 --- a/src/auth/negotiate/UserRequest.h +++ b/src/auth/negotiate/UserRequest.h @@ -9,18 +9,23 @@ class HttpReply; class HttpRequest; class helper_stateful_server; +namespace Auth +{ +namespace Negotiate +{ + /// \ingroup AuthNegotiateAPI -class AuthNegotiateUserRequest : public AuthUserRequest +class UserRequest : public Auth::UserRequest { public: - MEMPROXY_CLASS(AuthNegotiateUserRequest); + MEMPROXY_CLASS(Auth::Negotiate::UserRequest); - AuthNegotiateUserRequest(); - virtual ~AuthNegotiateUserRequest(); + UserRequest(); + virtual ~UserRequest(); virtual int authenticated() const; virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type); - virtual Auth::Direction module_direction(); + virtual Direction module_direction(); virtual void onConnectionClose(ConnStateData *); virtual void module_start(RH *, void *); @@ -50,6 +55,9 @@ private: static HLPSCB HandleReply; }; -MEMPROXY_CLASS_INLINE(AuthNegotiateUserRequest); +} // namespace Negotiate +} // namespace Auth + +MEMPROXY_CLASS_INLINE(Auth::Negotiate::UserRequest); #endif /* _SQUID_SRC_AUTH_NEGOTIATE_USERREQUEST_H */ diff --git a/src/auth/negotiate/auth_negotiate.cc b/src/auth/negotiate/auth_negotiate.cc index b1ad1cba7a..b14df085fb 100644 --- a/src/auth/negotiate/auth_negotiate.cc +++ b/src/auth/negotiate/auth_negotiate.cc @@ -213,10 +213,8 @@ Auth::Negotiate::Config::configured() const /* Negotiate Scheme */ void -Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request) +Auth::Negotiate::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request) { - AuthNegotiateUserRequest *negotiate_request; - if (!authenticateProgram) return; @@ -235,7 +233,7 @@ Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, H request->flags.proxy_keepalive = 0; } } else { - negotiate_request = dynamic_cast(auth_user_request.getRaw()); + Auth::Negotiate::UserRequest *negotiate_request = dynamic_cast(auth_user_request.getRaw()); assert(negotiate_request != NULL); switch (negotiate_request->user()->credentials()) { @@ -292,11 +290,11 @@ authenticateNegotiateStats(StoreEntry * sentry) * Decode a Negotiate [Proxy-]Auth string, placing the results in the passed * Auth_user structure. */ -AuthUserRequest::Pointer +Auth::UserRequest::Pointer Auth::Negotiate::Config::decode(char const *proxy_auth) { Auth::Negotiate::User *newUser = new Auth::Negotiate::User(&negotiateConfig); - AuthUserRequest *auth_user_request = new AuthNegotiateUserRequest(); + Auth::UserRequest *auth_user_request = new Auth::Negotiate::UserRequest(); assert(auth_user_request->user() == NULL); auth_user_request->user(newUser); diff --git a/src/auth/negotiate/auth_negotiate.h b/src/auth/negotiate/auth_negotiate.h index f9a38824be..b5414f5bf7 100644 --- a/src/auth/negotiate/auth_negotiate.h +++ b/src/auth/negotiate/auth_negotiate.h @@ -31,11 +31,11 @@ public: Config(); virtual bool active() const; virtual bool configured() const; - virtual AuthUserRequest::Pointer decode(char const *proxy_auth); + virtual Auth::UserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); virtual void dump(StoreEntry *, const char *, Auth::Config *); - virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); + virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); virtual void init(Auth::Config *); virtual void parse(Auth::Config *, int, char *); virtual void registerWithCacheManager(void); diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc index 8e234d1590..21494aa30b 100644 --- a/src/auth/ntlm/UserRequest.cc +++ b/src/auth/ntlm/UserRequest.cc @@ -6,7 +6,7 @@ #include "HttpRequest.h" #include "SquidTime.h" -AuthNTLMUserRequest::AuthNTLMUserRequest() +Auth::Ntlm::UserRequest::UserRequest() { waiting=0; client_blob=0; @@ -15,7 +15,7 @@ AuthNTLMUserRequest::AuthNTLMUserRequest() request=NULL; } -AuthNTLMUserRequest::~AuthNTLMUserRequest() +Auth::Ntlm::UserRequest::~UserRequest() { assert(RefCountCount()==0); safe_free(server_blob); @@ -30,13 +30,13 @@ AuthNTLMUserRequest::~AuthNTLMUserRequest() } const char * -AuthNTLMUserRequest::connLastHeader() +Auth::Ntlm::UserRequest::connLastHeader() { return NULL; } int -AuthNTLMUserRequest::authenticated() const +Auth::Ntlm::UserRequest::authenticated() const { if (user() != NULL && user()->credentials() == Auth::Ok) { debugs(29, 9, HERE << "user authenticated."); @@ -48,9 +48,9 @@ AuthNTLMUserRequest::authenticated() const } Auth::Direction -AuthNTLMUserRequest::module_direction() +Auth::Ntlm::UserRequest::module_direction() { - /* null auth_user is checked for by AuthUserRequest::direction() */ + /* null auth_user is checked for by Auth::UserRequest::direction() */ if (waiting || client_blob) return Auth::CRED_LOOKUP; /* need helper response to continue */ @@ -77,7 +77,7 @@ AuthNTLMUserRequest::module_direction() } void -AuthNTLMUserRequest::module_start(RH * handler, void *data) +Auth::Ntlm::UserRequest::module_start(RH * handler, void *data) { static char buf[MAX_AUTHTOKEN_LEN]; @@ -101,7 +101,7 @@ AuthNTLMUserRequest::module_start(RH * handler, void *data) waiting = 1; safe_free(client_blob); - helperStatefulSubmit(ntlmauthenticators, buf, AuthNTLMUserRequest::HandleReply, + helperStatefulSubmit(ntlmauthenticators, buf, Auth::Ntlm::UserRequest::HandleReply, new Auth::StateData(this, handler, data), authserver); } @@ -110,7 +110,7 @@ AuthNTLMUserRequest::module_start(RH * handler, void *data) * for this request connections use. */ void -AuthNTLMUserRequest::releaseAuthServer() +Auth::Ntlm::UserRequest::releaseAuthServer() { if (authserver) { debugs(29, 6, HERE << "releasing NTLM auth server '" << authserver << "'"); @@ -121,14 +121,14 @@ AuthNTLMUserRequest::releaseAuthServer() } void -AuthNTLMUserRequest::onConnectionClose(ConnStateData *conn) +Auth::Ntlm::UserRequest::onConnectionClose(ConnStateData *conn) { assert(conn != NULL); - debugs(29, 8, "AuthNTLMUserRequest::onConnectionClose: closing connection '" << conn << "' (this is '" << this << "')"); + debugs(29, 8, HERE << "closing connection '" << conn << "' (this is '" << this << "')"); if (conn->auth_user_request == NULL) { - debugs(29, 8, "AuthNTLMUserRequest::onConnectionClose: no auth_user_request"); + debugs(29, 8, HERE << "no auth_user_request"); return; } @@ -141,7 +141,7 @@ AuthNTLMUserRequest::onConnectionClose(ConnStateData *conn) } void -AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type) +Auth::Ntlm::UserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type) { assert(this); @@ -212,7 +212,7 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, break; case Auth::Ok: - fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n"); + fatal("Auth::Ntlm::UserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n"); break; case Auth::Failed: @@ -223,7 +223,7 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, } void -AuthNTLMUserRequest::HandleReply(void *data, void *lastserver, char *reply) +Auth::Ntlm::UserRequest::HandleReply(void *data, void *lastserver, char *reply) { Auth::StateData *r = static_cast(data); char *blob; @@ -241,10 +241,10 @@ AuthNTLMUserRequest::HandleReply(void *data, void *lastserver, char *reply) reply = (char *)"BH Internal error"; } - AuthUserRequest::Pointer auth_user_request = r->auth_user_request; + Auth::UserRequest::Pointer auth_user_request = r->auth_user_request; assert(auth_user_request != NULL); - AuthNTLMUserRequest *lm_request = dynamic_cast(auth_user_request.getRaw()); + Auth::Ntlm::UserRequest *lm_request = dynamic_cast(auth_user_request.getRaw()); assert(lm_request != NULL); assert(lm_request->waiting); diff --git a/src/auth/ntlm/UserRequest.h b/src/auth/ntlm/UserRequest.h index eab0047bfe..e999b670c0 100644 --- a/src/auth/ntlm/UserRequest.h +++ b/src/auth/ntlm/UserRequest.h @@ -10,14 +10,19 @@ class HttpReply; class HttpRequest; class helper_stateful_server; -class AuthNTLMUserRequest : public AuthUserRequest +namespace Auth +{ +namespace Ntlm +{ + +class UserRequest : public Auth::UserRequest { public: - MEMPROXY_CLASS(AuthNTLMUserRequest); + MEMPROXY_CLASS(Auth::Ntlm::UserRequest); - AuthNTLMUserRequest(); - virtual ~AuthNTLMUserRequest(); + UserRequest(); + virtual ~UserRequest(); virtual int authenticated() const; virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type); virtual Auth::Direction module_direction(); @@ -30,9 +35,6 @@ public: helper_stateful_server *authserver; void releaseAuthServer(void); ///< Release authserver NTLM helpers properly when finished or abandoning. - /* what connection is this associated with */ -// ConnStateData * conn; - /* our current blob to pass to the client */ char *server_blob; @@ -49,6 +51,9 @@ private: static HLPSCB HandleReply; }; -MEMPROXY_CLASS_INLINE(AuthNTLMUserRequest); +} // namespace Ntlm +} // namespace Auth + +MEMPROXY_CLASS_INLINE(Auth::Ntlm::UserRequest); #endif /* _SQUID_SRC_AUTH_NTLM_USERREQUEST_H */ diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc index 60541d451b..656fa8cacd 100644 --- a/src/auth/ntlm/auth_ntlm.cc +++ b/src/auth/ntlm/auth_ntlm.cc @@ -200,7 +200,7 @@ Auth::Ntlm::Config::configured() const /* NTLM Scheme */ void -Auth::Ntlm::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) +Auth::Ntlm::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request) { if (!authenticateProgram) return; @@ -219,7 +219,7 @@ Auth::Ntlm::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpRe request->flags.proxy_keepalive = 0; } } else { - AuthNTLMUserRequest *ntlm_request = dynamic_cast(auth_user_request.getRaw()); + Auth::Ntlm::UserRequest *ntlm_request = dynamic_cast(auth_user_request.getRaw()); assert(ntlm_request != NULL); switch (ntlm_request->user()->credentials()) { @@ -267,11 +267,11 @@ authenticateNTLMStats(StoreEntry * sentry) * Decode a NTLM [Proxy-]Auth string, placing the results in the passed * Auth_user structure. */ -AuthUserRequest::Pointer +Auth::UserRequest::Pointer Auth::Ntlm::Config::decode(char const *proxy_auth) { Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm")); - AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest(); + Auth::UserRequest::Pointer auth_user_request = new Auth::Ntlm::UserRequest(); assert(auth_user_request->user() == NULL); auth_user_request->user(newUser); diff --git a/src/auth/ntlm/auth_ntlm.h b/src/auth/ntlm/auth_ntlm.h index 075d67b280..b19e1c8569 100644 --- a/src/auth/ntlm/auth_ntlm.h +++ b/src/auth/ntlm/auth_ntlm.h @@ -27,11 +27,11 @@ public: Config(); virtual bool active() const; virtual bool configured() const; - virtual AuthUserRequest::Pointer decode(char const *proxy_auth); + virtual Auth::UserRequest::Pointer decode(char const *proxy_auth); virtual void done(); virtual void rotateHelpers(); virtual void dump(StoreEntry *, const char *, Auth::Config *); - virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); + virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *); virtual void init(Auth::Config *); virtual void parse(Auth::Config *, int, char *); virtual void registerWithCacheManager(void); diff --git a/src/client_side.h b/src/client_side.h index c3be97d05d..78cac6bd12 100644 --- a/src/client_side.h +++ b/src/client_side.h @@ -228,7 +228,7 @@ public: * note this is ONLY connection based because NTLM and Negotiate is against HTTP spec. * the user details for connection based authentication */ - AuthUserRequest::Pointer auth_user_request; + Auth::UserRequest::Pointer auth_user_request; #endif /** diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index 6577c8755d..6daba7540f 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -102,7 +102,7 @@ clientReplyContext::setReplyToError( err_type err, http_status status, const HttpRequestMethod& method, char const *uri, Ip::Address &addr, HttpRequest * failedrequest, const char *unparsedrequest, #if USE_AUTH - AuthUserRequest::Pointer auth_user_request + Auth::UserRequest::Pointer auth_user_request #else void* #endif diff --git a/src/client_side_reply.h b/src/client_side_reply.h index c7e2b34be2..4f79f46851 100644 --- a/src/client_side_reply.h +++ b/src/client_side_reply.h @@ -73,7 +73,7 @@ public: int storeNotOKTransferDone() const; void setReplyToError(err_type, http_status, const HttpRequestMethod&, char const *, Ip::Address &, HttpRequest *, const char *, #if USE_AUTH - AuthUserRequest::Pointer); + Auth::UserRequest::Pointer); #else void * unused); #endif diff --git a/src/errorpage.h b/src/errorpage.h index 9c9102adb5..494eff8e21 100644 --- a/src/errorpage.h +++ b/src/errorpage.h @@ -150,7 +150,7 @@ public: char *err_language; http_status httpStatus; #if USE_AUTH - AuthUserRequest::Pointer auth_user_request; + Auth::UserRequest::Pointer auth_user_request; #endif HttpRequest *request; char *url; -- 2.47.2