No logic changes, symbols and debug only.
* shuffle AuthUserRequest to Auth::UserRequest
* shuffle AuthBasicUserRequest to Auth::Basic::UserRequest
* shuffle AuthDigestUserRequest to Auth::Digest::UserRequest
* shuffle AuthNegotiateUserRequest to Auth::Negotiate::UserRequest
* shuffle AuthNTLMUserRequest to Auth::NTLM::UserRequest
* polish and add documentation for several parts of the hierarchy
* replace obsolete debugs() location texts
Ip::Address src_addr;
#if USE_AUTH
- AuthUserRequest::Pointer user;
+ Auth::UserRequest::Pointer user;
#endif
String tag;
};
public:
Ip::Address host_addr;
#if USE_AUTH
- AuthUserRequest::Pointer auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request;
#endif
unsigned short port;
auth_user_request = NULL;
// It might have been connection based
// In the case of sslBump we need to preserve authentication info
+ // XXX: need to re-evaluate this. ACL tests should not be playing with
+ // XXX: wider scoped TCP connection state, even if the helper lookup is stuck.
if (conn() && !conn()->switchedToHttps()) {
conn()->auth_user_request = NULL;
}
char rfc931[USER_IDENT_SZ];
#if USE_AUTH
- AuthUserRequest::Pointer auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request;
#endif
#if SQUID_SNMP
char *snmp_community;
/* get authed here */
/* Note: this fills in auth_user_request when applicable */
- const AuthAclState result = AuthUserRequest::tryToAuthenticateAndSetAuthUser(
+ const AuthAclState result = Auth::UserRequest::tryToAuthenticateAndSetAuthUser(
&checklist->auth_user_request, headertype, request,
checklist->conn(), checklist->src_addr);
switch (result) {
* 1 : Match
*/
int
-ACLMaxUserIP::match(AuthUserRequest::Pointer auth_user_request, Ip::Address const &src_addr)
+ACLMaxUserIP::match(Auth::UserRequest::Pointer auth_user_request, Ip::Address const &src_addr)
{
/*
* the logic for flush the ip list when the limit is hit vs keep
static Prototype RegistryProtoype;
static ACLMaxUserIP RegistryEntry_;
- int match(AuthUserRequest::Pointer, Ip::Address const &);
+ int match(Auth::UserRequest::Pointer, Ip::Address const &);
char const *class_;
int maximum;
* It may be a cached AuthUser or a new Unauthenticated object.
* It may also be NULL reflecting that no user could be created.
*/
-AuthUserRequest::Pointer
+Auth::UserRequest::Pointer
Auth::Config::CreateAuthUser(const char *proxy_auth)
{
assert(proxy_auth != NULL);
{
public:
- static AuthUserRequest::Pointer CreateAuthUser(const char *proxy_auth);
+ static UserRequest::Pointer CreateAuthUser(const char *proxy_auth);
static Config *Find(const char *proxy_auth);
Config() : authenticateChildren(20), authenticateProgram(NULL) {}
\par
* Responsible for decoding the passed authentication header, creating or
* linking to a AuthUser object and for storing any needed details to complete
- * authentication in AuthUserRequest::authenticate().
+ * authentication in Auth::UserRequest::authenticate().
*
\param proxy_auth Login Pattern to parse.
\retval * Details needed to authenticate.
*/
- virtual AuthUserRequest::Pointer decode(char const *proxy_auth) = 0;
+ virtual UserRequest::Pointer decode(char const *proxy_auth) = 0;
/**
* squid is finished with this config, release any unneeded resources.
virtual void dump(StoreEntry *, const char *, Config *) = 0;
/** add headers as needed when challenging for auth */
- virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0;
+ virtual void fixHeader(UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *) = 0;
/** prepare to handle requests */
virtual void init(Config *) = 0;
class StateData
{
public:
- StateData(const AuthUserRequest::Pointer &r, RH *h, void *d) :
+ StateData(const UserRequest::Pointer &r, RH *h, void *d) :
data(cbdataReference(d)),
auth_user_request(r),
handler(h) {}
}
void *data;
- AuthUserRequest::Pointer auth_user_request;
+ UserRequest::Pointer auth_user_request;
RH *handler;
private:
* See acl.c for access control and client_side.c for auditing */
#include "squid.h"
-#include "auth/UserRequest.h"
-#include "auth/User.h"
-/*#include "auth/Gadgets.h"
-#include "acl/Acl.h"
-#include "client_side.h"
-*/
#include "auth/Config.h"
#include "auth/Scheme.h"
+#include "auth/UserRequest.h"
+#include "auth/User.h"
#include "comm/Connection.h"
#include "HttpReply.h"
#include "HttpRequest.h"
/* Generic Functions */
char const *
-AuthUserRequest::username() const
+Auth::UserRequest::username() const
{
if (user() != NULL)
return user()->username();
/* send the initial data to an authenticator module */
void
-AuthUserRequest::start(RH * handler, void *data)
+Auth::UserRequest::start(RH * handler, void *data)
{
assert(handler);
assert(data);
- debugs(29, 9, "authenticateStart: auth_user_request '" << this << "'");
+ debugs(29, 9, HERE << "auth_user_request '" << this << "'");
module_start(handler, data);
}
bool
-AuthUserRequest::valid() const
+Auth::UserRequest::valid() const
{
- debugs(29, 9, HERE << "Validating AuthUserRequest '" << this << "'.");
+ debugs(29, 9, HERE << "Validating Auth::UserRequest '" << this << "'.");
if (user() == NULL) {
debugs(29, 4, HERE << "No associated Auth::User data");
/* any other sanity checks that we need in the future */
/* finally return ok */
- debugs(29, 5, HERE << "Validated. AuthUserRequest '" << this << "'.");
+ debugs(29, 5, HERE << "Validated. Auth::UserRequest '" << this << "'.");
return true;
}
void *
-AuthUserRequest::operator new (size_t byteCount)
+Auth::UserRequest::operator new (size_t byteCount)
{
- fatal ("AuthUserRequest not directly allocatable\n");
+ fatal("Auth::UserRequest not directly allocatable\n");
return (void *)1;
}
void
-AuthUserRequest::operator delete (void *address)
+Auth::UserRequest::operator delete (void *address)
{
- fatal ("AuthUserRequest child failed to override operator delete\n");
+ fatal("Auth::UserRequest child failed to override operator delete\n");
}
-AuthUserRequest::AuthUserRequest():
+Auth::UserRequest::UserRequest():
_auth_user(NULL),
message(NULL),
lastReply(AUTH_ACL_CANNOT_AUTHENTICATE)
{
- debugs(29, 5, "AuthUserRequest::AuthUserRequest: initialised request " << this);
+ debugs(29, 5, HERE << "initialised request " << this);
}
-AuthUserRequest::~AuthUserRequest()
+Auth::UserRequest::~UserRequest()
{
assert(RefCountCount()==0);
- debugs(29, 5, "AuthUserRequest::~AuthUserRequest: freeing request " << this);
+ debugs(29, 5, HERE << "freeing request " << this);
if (user() != NULL) {
/* release our references to the user credentials */
}
void
-AuthUserRequest::setDenyMessage(char const *aString)
+Auth::UserRequest::setDenyMessage(char const *aString)
{
safe_free(message);
message = xstrdup(aString);
}
char const *
-AuthUserRequest::getDenyMessage()
+Auth::UserRequest::getDenyMessage()
{
return message;
}
char const *
-AuthUserRequest::denyMessage(char const * const default_message)
+Auth::UserRequest::denyMessage(char const * const default_message)
{
if (this == NULL || getDenyMessage() == NULL) {
return default_message;
}
static void
-authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip::Address &ipaddr)
+authenticateAuthUserRequestSetIp(Auth::UserRequest::Pointer auth_user_request, Ip::Address &ipaddr)
{
Auth::User::Pointer auth_user = auth_user_request->user();
}
void
-authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer auth_user_request, Ip::Address const &ipaddr)
+authenticateAuthUserRequestRemoveIp(Auth::UserRequest::Pointer auth_user_request, Ip::Address const &ipaddr)
{
Auth::User::Pointer auth_user = auth_user_request->user();
}
void
-authenticateAuthUserRequestClearIp(AuthUserRequest::Pointer auth_user_request)
+authenticateAuthUserRequestClearIp(Auth::UserRequest::Pointer auth_user_request)
{
if (auth_user_request != NULL)
auth_user_request->user()->clearIp();
}
int
-authenticateAuthUserRequestIPCount(AuthUserRequest::Pointer auth_user_request)
+authenticateAuthUserRequestIPCount(Auth::UserRequest::Pointer auth_user_request)
{
assert(auth_user_request != NULL);
assert(auth_user_request->user() != NULL);
* authenticateUserAuthenticated: is this auth_user structure logged in ?
*/
int
-authenticateUserAuthenticated(AuthUserRequest::Pointer auth_user_request)
+authenticateUserAuthenticated(Auth::UserRequest::Pointer auth_user_request)
{
if (auth_user_request == NULL || !auth_user_request->valid())
return 0;
}
Auth::Direction
-AuthUserRequest::direction()
+Auth::UserRequest::direction()
{
if (user() == NULL)
return Auth::CRED_ERROR; // No credentials. Should this be a CHALLENGE instead?
}
void
-AuthUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accelerated)
+Auth::UserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accelerated)
{}
void
-AuthUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accelerated)
+Auth::UserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accelerated)
{}
void
-AuthUserRequest::onConnectionClose(ConnStateData *)
+Auth::UserRequest::onConnectionClose(ConnStateData *)
{}
const char *
-AuthUserRequest::connLastHeader()
+Auth::UserRequest::connLastHeader()
{
- fatal("AuthUserRequest::connLastHeader should always be overridden by conn based auth schemes");
+ fatal("Auth::UserRequest::connLastHeader should always be overridden by conn based auth schemes");
return NULL;
}
* This is basically a handle approach.
*/
static void
-authenticateAuthenticateUser(AuthUserRequest::Pointer auth_user_request, HttpRequest * request, ConnStateData * conn, http_hdr_type type)
+authenticateAuthenticateUser(Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, ConnStateData * conn, http_hdr_type type)
{
assert(auth_user_request.getRaw() != NULL);
auth_user_request->authenticate(request, conn, type);
}
-static AuthUserRequest::Pointer
-authTryGetUser(AuthUserRequest::Pointer auth_user_request, ConnStateData * conn, HttpRequest * request)
+static Auth::UserRequest::Pointer
+authTryGetUser(Auth::UserRequest::Pointer auth_user_request, ConnStateData * conn, HttpRequest * request)
{
if (auth_user_request != NULL)
return auth_user_request;
* Caller is responsible for locking and unlocking their *auth_user_request!
*/
AuthAclState
-AuthUserRequest::authenticate(AuthUserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr)
+Auth::UserRequest::authenticate(Auth::UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr)
{
const char *proxy_auth;
assert(headertype != 0);
Auth::Config * scheme = Auth::Config::Find(proxy_auth);
if (conn->auth_user_request->user() == NULL || conn->auth_user_request->user()->config != scheme) {
- debugs(29, 1, "WARNING: Unexpected change of authentication scheme from '" <<
+ debugs(29, DBG_IMPORTANT, "WARNING: Unexpected change of authentication scheme from '" <<
conn->auth_user_request->user()->config->type() <<
"' to '" << proxy_auth << "' (client " <<
src_addr << ")");
}
AuthAclState
-AuthUserRequest::tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr)
+Auth::UserRequest::tryToAuthenticateAndSetAuthUser(Auth::UserRequest::Pointer * aUR, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr)
{
- /* If we have already been called, return the cached value */
- AuthUserRequest::Pointer t = authTryGetUser(*auth_user_request, conn, request);
+ // If we have already been called, return the cached value
+ Auth::UserRequest::Pointer t = authTryGetUser(*aUR, conn, request);
if (t != NULL && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE && t->lastReply != AUTH_ACL_HELPER) {
- if (*auth_user_request == NULL)
- *auth_user_request = t;
+ if (*aUR == NULL)
+ *aUR = t;
if (request->auth_user_request == NULL && t->lastReply == AUTH_AUTHENTICATED) {
request->auth_user_request = t;
return t->lastReply;
}
- /* ok, call the actual authenticator routine. */
- AuthAclState result = authenticate(auth_user_request, headertype, request, conn, src_addr);
+ // ok, call the actual authenticator routine.
+ AuthAclState result = authenticate(aUR, headertype, request, conn, src_addr);
- t = authTryGetUser(*auth_user_request, conn, request);
+ // auth process may have changed the UserRequest we are dealing with
+ t = authTryGetUser(*aUR, conn, request);
if (t != NULL && result != AUTH_ACL_CANNOT_AUTHENTICATE && result != AUTH_ACL_HELPER)
t->lastReply = result;
}
void
-AuthUserRequest::addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal)
+Auth::UserRequest::addReplyAuthHeader(HttpReply * rep, Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal)
/* send the auth types we are configured to support (and have compiled in!) */
{
http_hdr_type type;
break;
}
- debugs(29, 9, "authenticateFixHeader: headertype:" << type << " authuser:" << auth_user_request);
+ debugs(29, 9, HERE << "headertype:" << type << " authuser:" << auth_user_request);
if (((rep->sline.status == HTTP_PROXY_AUTHENTICATION_REQUIRED)
|| (rep->sline.status == HTTP_UNAUTHORIZED)) && internal)
if (scheme->active())
scheme->fixHeader(NULL, rep, type, request);
else
- debugs(29, 4, "authenticateFixHeader: Configured scheme " << scheme->type() << " not Active");
+ debugs(29, 4, HERE << "Configured scheme " << scheme->type() << " not Active");
}
}
}
}
+// TODO remove wrapper.
void
-authenticateFixHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal)
+authenticateFixHeader(HttpReply * rep, Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal)
{
- AuthUserRequest::addReplyAuthHeader(rep, auth_user_request, request, accelerated, internal);
+ Auth::UserRequest::addReplyAuthHeader(rep, auth_user_request, request, accelerated, internal);
}
/* call the active auth module and allow it to add a trailer to the request */
+// TODO remove wrapper
void
-authenticateAddTrailer(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated)
+authenticateAddTrailer(HttpReply * rep, Auth::UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated)
{
if (auth_user_request != NULL)
auth_user_request->addAuthenticationInfoTrailer(rep, accelerated);
}
Auth::Scheme::Pointer
-AuthUserRequest::scheme() const
+Auth::UserRequest::scheme() const
{
return Auth::Scheme::Find(user()->config->type());
}
*
*/
-#ifndef SQUID_AUTHUSERREQUEST_H
-#define SQUID_AUTHUSERREQUEST_H
+#ifndef SQUID_AUTH_USERREQUEST_H
+#define SQUID_AUTH_USERREQUEST_H
#if USE_AUTH
CRED_LOOKUP = -1, ///< Credentials need to be validated with the backend helper
CRED_ERROR = -2 ///< ERROR in the auth module. Cannot determine the state of this request.
};
-} // namespace Auth
/**
- \ingroup AuthAPI
* This is a short lived structure is the visible aspect of the authentication framework.
*
* It and its children hold the state data while processing authentication for a client request.
* The AuthenticationStateData object is merely a CBDATA wrapper for one of these.
*/
-class AuthUserRequest : public RefCountable
+class UserRequest : public RefCountable
{
public:
- typedef RefCount<AuthUserRequest> Pointer;
+ typedef RefCount<Auth::UserRequest> Pointer;
+
+ UserRequest();
+ virtual ~UserRequest();
+ void *operator new(size_t byteCount);
+ void operator delete(void *address);
public:
/**
* it has request specific data, and links to user specific data
* the user
*/
- Auth::User::Pointer _auth_user;
+ User::Pointer _auth_user;
/**
* Used by squid to determine what the next step in performing authentication for a given scheme is.
* Squid will return the appropriate status code (401 or 407) and call the registered
* FixError function to allow the auth module to insert it's challenge.
*/
- Auth::Direction direction();
+ Direction direction();
/**
* Used by squid to determine whether the auth scheme has successfully authenticated the user request.
virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type) = 0;
/* template method - what needs to be done next? advertise schemes, challenge, handle error, nothing? */
- virtual Auth::Direction module_direction() = 0;
+ virtual Direction module_direction() = 0;
/* add the [Proxy-]Authentication-Info header */
virtual void addAuthenticationInfoHeader(HttpReply * rep, int accel);
*/
virtual void module_start(RH *handler, void *data) = 0;
- virtual Auth::User::Pointer user() {return _auth_user;}
+ // User credentials object this UserRequest is managing
+ virtual User::Pointer user() {return _auth_user;}
+ virtual const User::Pointer user() const {return _auth_user;}
+ virtual void user(User::Pointer aUser) {_auth_user=aUser;}
- virtual const Auth::User::Pointer user() const {return _auth_user;}
-
- virtual void user(Auth::User::Pointer aUser) {_auth_user=aUser;}
-
- static AuthAclState tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &);
- static void addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal);
-
- AuthUserRequest();
+ /**
+ * Locate user credentials in one of several locations. Begin authentication if needed.
+ *
+ * Credentials may be found in one of the following locations (listed by order of preference):
+ * - the source passed as parameter aUR
+ * - cached in the HttpRequest parameter from a previous authentication of this request
+ * - cached in the ConnStateData paremeter from a previous authentication of this connection
+ * (only applies to some situations. ie NTLM, Negotiate, Kerberos auth schemes,
+ * or decrypted SSL requests from inside an authenticated CONNECT tunnel)
+ * - cached in the user credentials cache from a previous authentication of the same credentials
+ * (only applies to cacheable authentication methods, ie Basic auth)
+ * - new credentials created from HTTP headers in this request
+ *
+ * The found credentials are returned in aUR and if successfully authenticated
+ * may now be cached in one or more of the above locations.
+ *
+ * \return Some AUTH_ACL_* state
+ */
+ static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &);
- virtual ~AuthUserRequest();
- void *operator new(size_t byteCount);
- void operator delete(void *address);
+ /// Add the appropriate [Proxy-]Authenticate header to the given reply
+ static void addReplyAuthHeader(HttpReply * rep, UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal);
void start( RH * handler, void *data);
char const * denyMessage(char const * const default_message = NULL);
*/
char const *username() const;
- Auth::Scheme::Pointer scheme() const;
+ Scheme::Pointer scheme() const;
virtual const char * connLastHeader();
private:
- static AuthAclState authenticate(AuthUserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr);
+ static AuthAclState authenticate(UserRequest::Pointer * auth_user_request, http_hdr_type headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr);
/** return a message on the 407 error pages */
char *message;
AuthAclState lastReply;
};
+} // namespace Auth
+
/* AuthUserRequest */
/// \ingroup AuthAPI
-extern void authenticateFixHeader(HttpReply *, AuthUserRequest::Pointer, HttpRequest *, int, int);
+extern void authenticateFixHeader(HttpReply *, Auth::UserRequest::Pointer, HttpRequest *, int, int);
/// \ingroup AuthAPI
-extern void authenticateAddTrailer(HttpReply *, AuthUserRequest::Pointer, HttpRequest *, int);
+extern void authenticateAddTrailer(HttpReply *, Auth::UserRequest::Pointer, HttpRequest *, int);
/// \ingroup AuthAPI
-extern void authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer, Ip::Address const &);
+extern void authenticateAuthUserRequestRemoveIp(Auth::UserRequest::Pointer, Ip::Address const &);
/// \ingroup AuthAPI
-extern void authenticateAuthUserRequestClearIp(AuthUserRequest::Pointer);
+extern void authenticateAuthUserRequestClearIp(Auth::UserRequest::Pointer);
/// \ingroup AuthAPI
-extern int authenticateAuthUserRequestIPCount(AuthUserRequest::Pointer);
+extern int authenticateAuthUserRequestIPCount(Auth::UserRequest::Pointer);
/// \ingroup AuthAPI
-/// See AuthUserRequest::authenticated()
-extern int authenticateUserAuthenticated(AuthUserRequest::Pointer);
+/// See Auth::UserRequest::authenticated()
+extern int authenticateUserAuthenticated(Auth::UserRequest::Pointer);
#endif /* USE_AUTH */
#endif /* SQUID_AUTHUSERREQUEST_H */
BasicAuthQueueNode *auth_queue;
private:
- AuthUserRequest::Pointer currentRequest;
+ Auth::UserRequest::Pointer currentRequest;
};
MEMPROXY_CLASS_INLINE(Auth::Basic::User);
#endif
int
-AuthBasicUserRequest::authenticated() const
+Auth::Basic::UserRequest::authenticated() const
{
Auth::Basic::User const *basic_auth = dynamic_cast<Auth::Basic::User const *>(user().getRaw());
/* log a basic user in
*/
void
-AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type)
+Auth::Basic::UserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type)
{
assert(user() != NULL);
}
Auth::Direction
-AuthBasicUserRequest::module_direction()
+Auth::Basic::UserRequest::module_direction()
{
- /* null auth_user is checked for by AuthUserRequest::direction() */
+ /* null auth_user is checked for by Auth::UserRequest::direction() */
if (user()->auth_type != Auth::AUTH_BASIC)
return Auth::CRED_ERROR;
/* send the initial data to a basic authenticator module */
void
-AuthBasicUserRequest::module_start(RH * handler, void *data)
+Auth::Basic::UserRequest::module_start(RH * handler, void *data)
{
assert(user()->auth_type == Auth::AUTH_BASIC);
Auth::Basic::User *basic_auth = dynamic_cast<Auth::Basic::User *>(user().getRaw());
debugs(9, DBG_CRITICAL, "ERROR: Basic Authentication Failure. user:password exceeds " << sizeof(buf) << " bytes.");
handler(data, NULL);
} else
- helperSubmit(basicauthenticators, buf, AuthBasicUserRequest::HandleReply,
+ helperSubmit(basicauthenticators, buf, Auth::Basic::UserRequest::HandleReply,
new Auth::StateData(this, handler, data));
}
void
-AuthBasicUserRequest::HandleReply(void *data, char *reply)
+Auth::Basic::UserRequest::HandleReply(void *data, char *reply)
{
Auth::StateData *r = static_cast<Auth::StateData *>(data);
BasicAuthQueueNode *tmpnode;
#ifndef _SQUID_SRC_AUTH_BASIC_USERREQUEST_H
#define _SQUID_SRC_AUTH_BASIC_USERREQUEST_H
-#include "MemPool.h"
#include "auth/UserRequest.h"
+#include "MemPool.h"
class ConnStateData;
class HttpRequest;
-/* follows the http request around */
+namespace Auth
+{
-class AuthBasicUserRequest : public AuthUserRequest
+namespace Basic
{
+/* follows the http request around */
+
+class UserRequest : public Auth::UserRequest
+{
public:
- MEMPROXY_CLASS(AuthBasicUserRequest);
+ MEMPROXY_CLASS(Auth::Basic::UserRequest);
- AuthBasicUserRequest() {};
- virtual ~AuthBasicUserRequest() { assert(RefCountCount()==0); };
+ UserRequest() {}
+ virtual ~UserRequest() { assert(RefCountCount()==0); }
virtual int authenticated() const;
virtual void authenticate(HttpRequest * request, ConnStateData *conn, http_hdr_type type);
static HLPCB HandleReply;
};
-MEMPROXY_CLASS_INLINE(AuthBasicUserRequest);
+} // namespace Basic
+} // namespace Auth
+
+MEMPROXY_CLASS_INLINE(Auth::Basic::UserRequest);
#endif /* _SQUID_SRC_AUTH_BASIC_USERREQUEST_H */
}
void
-Auth::Basic::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
+Auth::Basic::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
{
if (authenticateProgram) {
debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'Basic realm=\"" << basicAuthRealm << "\"'");
* "cannot decode credentials". Use the message field to return a
* descriptive message to the user.
*/
-AuthUserRequest::Pointer
+Auth::UserRequest::Pointer
Auth::Basic::Config::decode(char const *proxy_auth)
{
- AuthUserRequest::Pointer auth_user_request = dynamic_cast<AuthUserRequest*>(new AuthBasicUserRequest);
+ Auth::UserRequest::Pointer auth_user_request = dynamic_cast<Auth::UserRequest*>(new Auth::Basic::UserRequest);
/* decode the username */
// retrieve the cleartext (in a dynamically allocated char*)
public:
BasicAuthQueueNode *next;
- AuthUserRequest::Pointer auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request;
RH *handler;
void *data;
};
~Config();
virtual bool active() const;
virtual bool configured() const;
- virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
- virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
+ virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
virtual void init(Auth::Config *);
virtual void parse(Auth::Config *, int, char *);
- void decode(char const *httpAuthHeader, AuthUserRequest::Pointer);
+ void decode(char const *httpAuthHeader, Auth::UserRequest::Pointer);
virtual void registerWithCacheManager(void);
virtual const char * type() const;
#include "HttpRequest.h"
#include "SquidTime.h"
-AuthDigestUserRequest::AuthDigestUserRequest() :
+Auth::Digest::UserRequest::UserRequest() :
nonceb64(NULL),
cnonce(NULL),
realm(NULL),
* Delete the digest request structure.
* Does NOT delete related AuthUser structures
*/
-AuthDigestUserRequest::~AuthDigestUserRequest()
+Auth::Digest::UserRequest::~UserRequest()
{
assert(RefCountCount()==0);
}
int
-AuthDigestUserRequest::authenticated() const
+Auth::Digest::UserRequest::authenticated() const
{
if (user() != NULL && user()->credentials() == Auth::Ok)
return 1;
/** log a digest user in
*/
void
-AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type)
+Auth::Digest::UserRequest::authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type)
{
HASHHEX SESSIONKEY;
HASHHEX HA2 = "";
Auth::Digest::User *digest_user = dynamic_cast<Auth::Digest::User*>(auth_user.getRaw());
assert(digest_user != NULL);
- AuthDigestUserRequest *digest_request = this;
+ Auth::Digest::UserRequest *digest_request = this;
/* do we have the HA1 */
if (!digest_user->HA1created) {
}
if (last_broken_addr != request->client_addr) {
- debugs(29, 1, "\nDigest POST bug detected from " <<
+ debugs(29, DBG_IMPORTANT, "Digest POST bug detected from " <<
request->client_addr << " using '" <<
(useragent ? useragent : "-") <<
"'. Please upgrade browser. See Bug #630 for details.");
/* check for stale nonce */
if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
- debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale");
+ debugs(29, 3, HERE << "user '" << auth_user->username() << "' validated OK but nonce stale");
auth_user->credentials(Auth::Failed);
digest_request->setDenyMessage("Stale nonce");
return;
auth_user->credentials(Auth::Ok);
/* password was checked and did match */
- debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK");
+ debugs(29, 4, HERE << "user '" << auth_user->username() << "' validated OK");
/* auth_user is now linked, we reset these values
* after external auth occurs anyway */
}
Auth::Direction
-AuthDigestUserRequest::module_direction()
+Auth::Digest::UserRequest::module_direction()
{
if (user()->auth_type != Auth::AUTH_DIGEST)
return Auth::CRED_ERROR;
}
void
-AuthDigestUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel)
+Auth::Digest::UserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel)
{
http_hdr_type type;
if ((static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram) && authDigestNonceLastRequest(nonce)) {
flags.authinfo_sent = 1;
- debugs(29, 9, "authDigestAddHead: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
+ debugs(29, 9, HERE << "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
httpHeaderPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
}
}
#if WAITING_FOR_TE
void
-AuthDigestUserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel)
+Auth::Digest::UserRequest::addAuthenticationInfoTrailer(HttpReply * rep, int accel)
{
int type;
type = accel ? HDR_AUTHENTICATION_INFO : HDR_PROXY_AUTHENTICATION_INFO;
if ((static_cast<Auth::Digest::Config*>(digestScheme::GetInstance()->getConfig())->authenticate) && authDigestNonceLastRequest(nonce)) {
- debugs(29, 9, "authDigestAddTrailer: Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
+ debugs(29, 9, HERE << "Sending type:" << type << " header: 'nextnonce=\"" << authenticateDigestNonceNonceb64(nonce) << "\"");
httpTrailerPutStrf(&rep->header, type, "nextnonce=\"%s\"", authenticateDigestNonceNonceb64(nonce));
}
}
/* send the initial data to a digest authenticator module */
void
-AuthDigestUserRequest::module_start(RH * handler, void *data)
+Auth::Digest::UserRequest::module_start(RH * handler, void *data)
{
char buf[8192];
assert(user() != NULL && user()->auth_type == Auth::AUTH_DIGEST);
- debugs(29, 9, "authenticateStart: '\"" << user()->username() << "\":\"" << realm << "\"'");
+ debugs(29, 9, HERE << "'\"" << user()->username() << "\":\"" << realm << "\"'");
if (static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest"))->authenticateProgram == NULL) {
debugs(29, DBG_CRITICAL, "ERROR: No Digest authentication program configured.");
snprintf(buf, 8192, "\"%s\":\"%s\"\n", user()->username(), realm);
}
- helperSubmit(digestauthenticators, buf, AuthDigestUserRequest::HandleReply,
+ helperSubmit(digestauthenticators, buf, Auth::Digest::UserRequest::HandleReply,
new Auth::StateData(this, handler, data));
}
void
-AuthDigestUserRequest::HandleReply(void *data, char *reply)
+Auth::Digest::UserRequest::HandleReply(void *data, char *reply)
{
Auth::StateData *replyData = static_cast<Auth::StateData *>(data);
char *t = NULL;
}
assert(replyData->auth_user_request != NULL);
- AuthUserRequest::Pointer auth_user_request = replyData->auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request = replyData->auth_user_request;
if (reply && (strncasecmp(reply, "ERR", 3) == 0)) {
/* allow this because the digest_request pointer is purely local */
- AuthDigestUserRequest *digest_request = dynamic_cast<AuthDigestUserRequest *>(auth_user_request.getRaw());
+ Auth::Digest::UserRequest *digest_request = dynamic_cast<Auth::Digest::UserRequest *>(auth_user_request.getRaw());
assert(digest_request);
digest_request->user()->credentials(Auth::Failed);
class HttpReply;
class HttpRequest;
+namespace Auth
+{
+namespace Digest
+{
+
/**
- * The AuthDigestUserRequest structure is what follows the http_request around
+ * The UserRequest structure is what follows the http_request around
*/
-class AuthDigestUserRequest : public AuthUserRequest
+class UserRequest : public Auth::UserRequest
{
public:
- MEMPROXY_CLASS(AuthDigestUserRequest);
+ MEMPROXY_CLASS(Auth::Digest::UserRequest);
- AuthDigestUserRequest();
- virtual ~AuthDigestUserRequest();
+ UserRequest();
+ virtual ~UserRequest();
virtual int authenticated() const;
virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type);
- virtual Auth::Direction module_direction();
+ virtual Direction module_direction();
virtual void addAuthenticationInfoHeader(HttpReply * rep, int accel);
#if WAITING_FOR_TE
virtual void addAuthenticationInfoTrailer(HttpReply * rep, int accel);
static HLPCB HandleReply;
};
-MEMPROXY_CLASS_INLINE(AuthDigestUserRequest);
+} // namespace Digest
+} // namespace Auth
+
+MEMPROXY_CLASS_INLINE(Auth::Digest::UserRequest);
#endif /* _SQUID_SRC_AUTH_DIGEST_USERREQUEST_H */
/* add the [www-|Proxy-]authenticate header on a 407 or 401 reply */
void
-Auth::Digest::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
+Auth::Digest::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
{
if (!authenticateProgram)
return;
int stale = 0;
if (auth_user_request != NULL) {
- AuthDigestUserRequest *digest_request;
- digest_request = dynamic_cast<AuthDigestUserRequest*>(auth_user_request.getRaw());
+ Auth::Digest::UserRequest *digest_request = dynamic_cast<Auth::Digest::UserRequest*>(auth_user_request.getRaw());
assert (digest_request != NULL);
stale = !digest_request->flags.invalid_password;
/* on a 407 or 401 we always use a new nonce */
digest_nonce_h *nonce = authenticateDigestNonceNew();
- debugs(29, 9, "authenticateFixHeader: Sending type:" << hdrType <<
+ debugs(29, 9, HERE << "Sending type:" << hdrType <<
" header: 'Digest realm=\"" << digestAuthRealm << "\", nonce=\"" <<
authenticateDigestNonceNonceb64(nonce) << "\", qop=\"" << QOP_AUTH <<
"\", stale=" << (stale ? "true" : "false"));
}
/* setup the necessary info to log the username */
-static AuthUserRequest::Pointer
-authDigestLogUsername(char *username, AuthUserRequest::Pointer auth_user_request)
+static Auth::UserRequest::Pointer
+authDigestLogUsername(char *username, Auth::UserRequest::Pointer auth_user_request)
{
assert(auth_user_request != NULL);
* Decode a Digest [Proxy-]Auth string, placing the results in the passed
* Auth_user structure.
*/
-AuthUserRequest::Pointer
+Auth::UserRequest::Pointer
Auth::Digest::Config::decode(char const *proxy_auth)
{
const char *item;
debugs(29, 9, "authenticateDigestDecodeAuth: beginning");
- AuthDigestUserRequest *digest_request = new AuthDigestUserRequest();
+ Auth::Digest::UserRequest *digest_request = new Auth::Digest::UserRequest();
/* trim DIGEST from string */
}
} else if (*p == '"') {
if (!httpHeaderParseQuotedString(p, vlen, &value)) {
- debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'");
+ debugs(29, 9, HERE << "Failed to parse attribute '" << item << "' in '" << temp << "'");
continue;
}
} else {
value.limitInit(p, vlen);
}
} else {
- debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'");
+ debugs(29, 9, HERE << "Failed to parse attribute '" << item << "' in '" << temp << "'");
continue;
}
case DIGEST_USERNAME:
safe_free(username);
username = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found Username '" << username << "'");
+ debugs(29, 9, HERE << "Found Username '" << username << "'");
break;
case DIGEST_REALM:
safe_free(digest_request->realm);
digest_request->realm = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found realm '" << digest_request->realm << "'");
+ debugs(29, 9, HERE << "Found realm '" << digest_request->realm << "'");
break;
case DIGEST_QOP:
safe_free(digest_request->qop);
digest_request->qop = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found qop '" << digest_request->qop << "'");
+ debugs(29, 9, HERE << "Found qop '" << digest_request->qop << "'");
break;
case DIGEST_ALGORITHM:
safe_free(digest_request->algorithm);
digest_request->algorithm = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found algorithm '" << digest_request->algorithm << "'");
+ debugs(29, 9, HERE << "Found algorithm '" << digest_request->algorithm << "'");
break;
case DIGEST_URI:
safe_free(digest_request->uri);
digest_request->uri = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found uri '" << digest_request->uri << "'");
+ debugs(29, 9, HERE << "Found uri '" << digest_request->uri << "'");
break;
case DIGEST_NONCE:
safe_free(digest_request->nonceb64);
digest_request->nonceb64 = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found nonce '" << digest_request->nonceb64 << "'");
+ debugs(29, 9, HERE << "Found nonce '" << digest_request->nonceb64 << "'");
break;
case DIGEST_NC:
if (value.size() != 8) {
- debugs(29, 9, "authDigestDecodeAuth: Invalid nc '" << value << "' in '" << temp << "'");
+ debugs(29, 9, HERE << "Invalid nc '" << value << "' in '" << temp << "'");
}
xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found noncecount '" << digest_request->nc << "'");
+ debugs(29, 9, HERE << "Found noncecount '" << digest_request->nc << "'");
break;
case DIGEST_CNONCE:
safe_free(digest_request->cnonce);
digest_request->cnonce = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found cnonce '" << digest_request->cnonce << "'");
+ debugs(29, 9, HERE << "Found cnonce '" << digest_request->cnonce << "'");
break;
case DIGEST_RESPONSE:
safe_free(digest_request->response);
digest_request->response = xstrndup(value.rawBuf(), value.size() + 1);
- debugs(29, 9, "authDigestDecodeAuth: Found response '" << digest_request->response << "'");
+ debugs(29, 9, HERE << "Found response '" << digest_request->response << "'");
break;
default:
- debugs(29, 3, "authDigestDecodeAuth: Unknown attribute '" << item << "' in '" << temp << "'");
+ debugs(29, 3, HERE << "Unknown attribute '" << item << "' in '" << temp << "'");
break;
}
}
/* do we have a username ? */
if (!username || username[0] == '\0') {
- debugs(29, 2, "authenticateDigestDecode: Empty or not present username");
+ debugs(29, 2, HERE << "Empty or not present username");
return authDigestLogUsername(username, digest_request);
}
* have been redone
*/
if (strchr(username, '"')) {
- debugs(29, 2, "authenticateDigestDecode: Unacceptable username '" << username << "'");
+ debugs(29, 2, HERE << "Unacceptable username '" << username << "'");
return authDigestLogUsername(username, digest_request);
}
/* do we have a realm ? */
if (!digest_request->realm || digest_request->realm[0] == '\0') {
- debugs(29, 2, "authenticateDigestDecode: Empty or not present realm");
+ debugs(29, 2, HERE << "Empty or not present realm");
return authDigestLogUsername(username, digest_request);
}
/* and a nonce? */
if (!digest_request->nonceb64 || digest_request->nonceb64[0] == '\0') {
- debugs(29, 2, "authenticateDigestDecode: Empty or not present nonce");
+ debugs(29, 2, HERE << "Empty or not present nonce");
return authDigestLogUsername(username, digest_request);
}
/* we can't check the URI just yet. We'll check it in the
* authenticate phase, but needs to be given */
if (!digest_request->uri || digest_request->uri[0] == '\0') {
- debugs(29, 2, "authenticateDigestDecode: Missing URI field");
+ debugs(29, 2, HERE << "Missing URI field");
return authDigestLogUsername(username, digest_request);
}
/* is the response the correct length? */
if (!digest_request->response || strlen(digest_request->response) != 32) {
- debugs(29, 2, "authenticateDigestDecode: Response length invalid");
+ debugs(29, 2, HERE << "Response length invalid");
return authDigestLogUsername(username, digest_request);
}
digest_request->algorithm = xstrndup("MD5", 4);
else if (strcmp(digest_request->algorithm, "MD5")
&& strcmp(digest_request->algorithm, "MD5-sess")) {
- debugs(29, 2, "authenticateDigestDecode: invalid algorithm specified!");
+ debugs(29, 2, HERE << "invalid algorithm specified!");
return authDigestLogUsername(username, digest_request);
}
/* check the qop is what we expected. */
if (strcmp(digest_request->qop, QOP_AUTH) != 0) {
/* we received a qop option we didn't send */
- debugs(29, 2, "authenticateDigestDecode: Invalid qop option received");
+ debugs(29, 2, HERE << "Invalid qop option received");
return authDigestLogUsername(username, digest_request);
}
/* check cnonce */
if (!digest_request->cnonce || digest_request->cnonce[0] == '\0') {
- debugs(29, 2, "authenticateDigestDecode: Missing cnonce field");
+ debugs(29, 2, HERE << "Missing cnonce field");
return authDigestLogUsername(username, digest_request);
}
/* check nc */
if (strlen(digest_request->nc) != 8 || strspn(digest_request->nc, "0123456789abcdefABCDEF") != 8) {
- debugs(29, 2, "authenticateDigestDecode: invalid nonce count");
+ debugs(29, 2, HERE << "invalid nonce count");
return authDigestLogUsername(username, digest_request);
}
} else {
/* cnonce and nc both require qop */
if (digest_request->cnonce || digest_request->nc) {
- debugs(29, 2, "authenticateDigestDecode: missing qop!");
+ debugs(29, 2, HERE << "missing qop!");
return authDigestLogUsername(username, digest_request);
}
}
nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64);
if (!nonce) {
/* we couldn't find a matching nonce! */
- debugs(29, 2, "authenticateDigestDecode: Unexpected or invalid nonce received");
+ debugs(29, 2, HERE << "Unexpected or invalid nonce received");
if (digest_request->user() != NULL)
digest_request->user()->credentials(Auth::Failed);
return authDigestLogUsername(username, digest_request);
/* check that we're not being hacked / the username hasn't changed */
if (nonce->user && strcmp(username, nonce->user->username())) {
- debugs(29, 2, "authenticateDigestDecode: Username for the nonce does not equal the username for the request");
+ debugs(29, 2, HERE << "Username for the nonce does not equal the username for the request");
return authDigestLogUsername(username, digest_request);
}
if ((auth_user = authDigestUserFindUsername(username)) == NULL) {
/* the user doesn't exist in the username cache yet */
- debugs(29, 9, "authDigestDecodeAuth: Creating new digest user '" << username << "'");
+ debugs(29, 9, HERE << "Creating new digest user '" << username << "'");
digest_user = new Auth::Digest::User(this);
/* auth_user is a parent */
auth_user = digest_user;
*/
authDigestUserLinkNonce(digest_user, nonce);
} else {
- debugs(29, 9, "authDigestDecodeAuth: Found user '" << username << "' in the user cache as '" << auth_user << "'");
+ debugs(29, 9, HERE << "Found user '" << username << "' in the user cache as '" << auth_user << "'");
digest_user = static_cast<Auth::Digest::User *>(auth_user.getRaw());
xfree(username);
}
assert(digest_request != NULL);
digest_request->user(digest_user);
- debugs(29, 9, "username = '" << digest_user->username() << "'\nrealm = '" <<
+ debugs(29, 9, HERE << "username = '" << digest_user->username() << "'\nrealm = '" <<
digest_request->realm << "'\nqop = '" << digest_request->qop <<
"'\nalgorithm = '" << digest_request->algorithm << "'\nuri = '" <<
digest_request->uri << "'\nnonce = '" << digest_request->nonceb64 <<
Config();
virtual bool active() const;
virtual bool configured() const;
- virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
- virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
+ virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
virtual void init(Auth::Config *);
virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
#include "HttpRequest.h"
#include "SquidTime.h"
-AuthNegotiateUserRequest::AuthNegotiateUserRequest()
+Auth::Negotiate::UserRequest::UserRequest()
{
waiting=0;
client_blob=0;
request=NULL;
}
-AuthNegotiateUserRequest::~AuthNegotiateUserRequest()
+Auth::Negotiate::UserRequest::~UserRequest()
{
assert(RefCountCount()==0);
safe_free(server_blob);
}
const char *
-AuthNegotiateUserRequest::connLastHeader()
+Auth::Negotiate::UserRequest::connLastHeader()
{
return NULL;
}
int
-AuthNegotiateUserRequest::authenticated() const
+Auth::Negotiate::UserRequest::authenticated() const
{
if (user() != NULL && user()->credentials() == Auth::Ok) {
debugs(29, 9, HERE << "user authenticated.");
}
Auth::Direction
-AuthNegotiateUserRequest::module_direction()
+Auth::Negotiate::UserRequest::module_direction()
{
- /* null auth_user is checked for by AuthUserRequest::direction() */
+ /* null auth_user is checked for by Auth::UserRequest::direction() */
if (waiting || client_blob)
return Auth::CRED_LOOKUP; /* need helper response to continue */
}
void
-AuthNegotiateUserRequest::module_start(RH * handler, void *data)
+Auth::Negotiate::UserRequest::module_start(RH * handler, void *data)
{
static char buf[MAX_AUTHTOKEN_LEN];
safe_free(client_blob);
- helperStatefulSubmit(negotiateauthenticators, buf, AuthNegotiateUserRequest::HandleReply,
+ helperStatefulSubmit(negotiateauthenticators, buf, Auth::Negotiate::UserRequest::HandleReply,
new Auth::StateData(this, handler, data), authserver);
}
* for this request connections use.
*/
void
-AuthNegotiateUserRequest::releaseAuthServer()
+Auth::Negotiate::UserRequest::releaseAuthServer()
{
if (authserver) {
debugs(29, 6, HERE << "releasing Negotiate auth server '" << authserver << "'");
/* clear any connection related authentication details */
void
-AuthNegotiateUserRequest::onConnectionClose(ConnStateData *conn)
+Auth::Negotiate::UserRequest::onConnectionClose(ConnStateData *conn)
{
assert(conn != NULL);
- debugs(29, 8, "AuthNegotiateUserRequest::onConnectionClose: closing connection '" << conn << "' (this is '" << this << "')");
+ debugs(29, 8, HERE << "closing connection '" << conn << "' (this is '" << this << "')");
if (conn->auth_user_request == NULL) {
- debugs(29, 8, "AuthNegotiateUserRequest::onConnectionClose: no auth_user_request");
+ debugs(29, 8, HERE << "no auth_user_request");
return;
}
}
void
-AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type)
+Auth::Negotiate::UserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type)
{
assert(this);
break;
case Auth::Ok:
- fatal("AuthNegotiateUserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n");
+ fatal("Auth::Negotiate::UserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n");
break;
case Auth::Failed:
}
void
-AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply)
+Auth::Negotiate::UserRequest::HandleReply(void *data, void *lastserver, char *reply)
{
Auth::StateData *r = static_cast<Auth::StateData *>(data);
reply = (char *)"BH Internal error";
}
- AuthUserRequest::Pointer auth_user_request = r->auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request = r->auth_user_request;
assert(auth_user_request != NULL);
- AuthNegotiateUserRequest *lm_request = dynamic_cast<AuthNegotiateUserRequest *>(auth_user_request.getRaw());
+ Auth::Negotiate::UserRequest *lm_request = dynamic_cast<Auth::Negotiate::UserRequest *>(auth_user_request.getRaw());
assert(lm_request != NULL);
assert(lm_request->waiting);
}
void
-AuthNegotiateUserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel)
+Auth::Negotiate::UserRequest::addAuthenticationInfoHeader(HttpReply * rep, int accel)
{
http_hdr_type type;
class HttpRequest;
class helper_stateful_server;
+namespace Auth
+{
+namespace Negotiate
+{
+
/// \ingroup AuthNegotiateAPI
-class AuthNegotiateUserRequest : public AuthUserRequest
+class UserRequest : public Auth::UserRequest
{
public:
- MEMPROXY_CLASS(AuthNegotiateUserRequest);
+ MEMPROXY_CLASS(Auth::Negotiate::UserRequest);
- AuthNegotiateUserRequest();
- virtual ~AuthNegotiateUserRequest();
+ UserRequest();
+ virtual ~UserRequest();
virtual int authenticated() const;
virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type);
- virtual Auth::Direction module_direction();
+ virtual Direction module_direction();
virtual void onConnectionClose(ConnStateData *);
virtual void module_start(RH *, void *);
static HLPSCB HandleReply;
};
-MEMPROXY_CLASS_INLINE(AuthNegotiateUserRequest);
+} // namespace Negotiate
+} // namespace Auth
+
+MEMPROXY_CLASS_INLINE(Auth::Negotiate::UserRequest);
#endif /* _SQUID_SRC_AUTH_NEGOTIATE_USERREQUEST_H */
/* Negotiate Scheme */
void
-Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request)
+Auth::Negotiate::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type reqType, HttpRequest * request)
{
- AuthNegotiateUserRequest *negotiate_request;
-
if (!authenticateProgram)
return;
request->flags.proxy_keepalive = 0;
}
} else {
- negotiate_request = dynamic_cast<AuthNegotiateUserRequest *>(auth_user_request.getRaw());
+ Auth::Negotiate::UserRequest *negotiate_request = dynamic_cast<Auth::Negotiate::UserRequest *>(auth_user_request.getRaw());
assert(negotiate_request != NULL);
switch (negotiate_request->user()->credentials()) {
* Decode a Negotiate [Proxy-]Auth string, placing the results in the passed
* Auth_user structure.
*/
-AuthUserRequest::Pointer
+Auth::UserRequest::Pointer
Auth::Negotiate::Config::decode(char const *proxy_auth)
{
Auth::Negotiate::User *newUser = new Auth::Negotiate::User(&negotiateConfig);
- AuthUserRequest *auth_user_request = new AuthNegotiateUserRequest();
+ Auth::UserRequest *auth_user_request = new Auth::Negotiate::UserRequest();
assert(auth_user_request->user() == NULL);
auth_user_request->user(newUser);
Config();
virtual bool active() const;
virtual bool configured() const;
- virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
- virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
+ virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
virtual void init(Auth::Config *);
virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
#include "HttpRequest.h"
#include "SquidTime.h"
-AuthNTLMUserRequest::AuthNTLMUserRequest()
+Auth::Ntlm::UserRequest::UserRequest()
{
waiting=0;
client_blob=0;
request=NULL;
}
-AuthNTLMUserRequest::~AuthNTLMUserRequest()
+Auth::Ntlm::UserRequest::~UserRequest()
{
assert(RefCountCount()==0);
safe_free(server_blob);
}
const char *
-AuthNTLMUserRequest::connLastHeader()
+Auth::Ntlm::UserRequest::connLastHeader()
{
return NULL;
}
int
-AuthNTLMUserRequest::authenticated() const
+Auth::Ntlm::UserRequest::authenticated() const
{
if (user() != NULL && user()->credentials() == Auth::Ok) {
debugs(29, 9, HERE << "user authenticated.");
}
Auth::Direction
-AuthNTLMUserRequest::module_direction()
+Auth::Ntlm::UserRequest::module_direction()
{
- /* null auth_user is checked for by AuthUserRequest::direction() */
+ /* null auth_user is checked for by Auth::UserRequest::direction() */
if (waiting || client_blob)
return Auth::CRED_LOOKUP; /* need helper response to continue */
}
void
-AuthNTLMUserRequest::module_start(RH * handler, void *data)
+Auth::Ntlm::UserRequest::module_start(RH * handler, void *data)
{
static char buf[MAX_AUTHTOKEN_LEN];
waiting = 1;
safe_free(client_blob);
- helperStatefulSubmit(ntlmauthenticators, buf, AuthNTLMUserRequest::HandleReply,
+ helperStatefulSubmit(ntlmauthenticators, buf, Auth::Ntlm::UserRequest::HandleReply,
new Auth::StateData(this, handler, data), authserver);
}
* for this request connections use.
*/
void
-AuthNTLMUserRequest::releaseAuthServer()
+Auth::Ntlm::UserRequest::releaseAuthServer()
{
if (authserver) {
debugs(29, 6, HERE << "releasing NTLM auth server '" << authserver << "'");
}
void
-AuthNTLMUserRequest::onConnectionClose(ConnStateData *conn)
+Auth::Ntlm::UserRequest::onConnectionClose(ConnStateData *conn)
{
assert(conn != NULL);
- debugs(29, 8, "AuthNTLMUserRequest::onConnectionClose: closing connection '" << conn << "' (this is '" << this << "')");
+ debugs(29, 8, HERE << "closing connection '" << conn << "' (this is '" << this << "')");
if (conn->auth_user_request == NULL) {
- debugs(29, 8, "AuthNTLMUserRequest::onConnectionClose: no auth_user_request");
+ debugs(29, 8, HERE << "no auth_user_request");
return;
}
}
void
-AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type)
+Auth::Ntlm::UserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, http_hdr_type type)
{
assert(this);
break;
case Auth::Ok:
- fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
+ fatal("Auth::Ntlm::UserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
break;
case Auth::Failed:
}
void
-AuthNTLMUserRequest::HandleReply(void *data, void *lastserver, char *reply)
+Auth::Ntlm::UserRequest::HandleReply(void *data, void *lastserver, char *reply)
{
Auth::StateData *r = static_cast<Auth::StateData *>(data);
char *blob;
reply = (char *)"BH Internal error";
}
- AuthUserRequest::Pointer auth_user_request = r->auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request = r->auth_user_request;
assert(auth_user_request != NULL);
- AuthNTLMUserRequest *lm_request = dynamic_cast<AuthNTLMUserRequest *>(auth_user_request.getRaw());
+ Auth::Ntlm::UserRequest *lm_request = dynamic_cast<Auth::Ntlm::UserRequest *>(auth_user_request.getRaw());
assert(lm_request != NULL);
assert(lm_request->waiting);
class HttpRequest;
class helper_stateful_server;
-class AuthNTLMUserRequest : public AuthUserRequest
+namespace Auth
+{
+namespace Ntlm
+{
+
+class UserRequest : public Auth::UserRequest
{
public:
- MEMPROXY_CLASS(AuthNTLMUserRequest);
+ MEMPROXY_CLASS(Auth::Ntlm::UserRequest);
- AuthNTLMUserRequest();
- virtual ~AuthNTLMUserRequest();
+ UserRequest();
+ virtual ~UserRequest();
virtual int authenticated() const;
virtual void authenticate(HttpRequest * request, ConnStateData * conn, http_hdr_type type);
virtual Auth::Direction module_direction();
helper_stateful_server *authserver;
void releaseAuthServer(void); ///< Release authserver NTLM helpers properly when finished or abandoning.
- /* what connection is this associated with */
-// ConnStateData * conn;
-
/* our current blob to pass to the client */
char *server_blob;
static HLPSCB HandleReply;
};
-MEMPROXY_CLASS_INLINE(AuthNTLMUserRequest);
+} // namespace Ntlm
+} // namespace Auth
+
+MEMPROXY_CLASS_INLINE(Auth::Ntlm::UserRequest);
#endif /* _SQUID_SRC_AUTH_NTLM_USERREQUEST_H */
/* NTLM Scheme */
void
-Auth::Ntlm::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
+Auth::Ntlm::Config::fixHeader(Auth::UserRequest::Pointer auth_user_request, HttpReply *rep, http_hdr_type hdrType, HttpRequest * request)
{
if (!authenticateProgram)
return;
request->flags.proxy_keepalive = 0;
}
} else {
- AuthNTLMUserRequest *ntlm_request = dynamic_cast<AuthNTLMUserRequest *>(auth_user_request.getRaw());
+ Auth::Ntlm::UserRequest *ntlm_request = dynamic_cast<Auth::Ntlm::UserRequest *>(auth_user_request.getRaw());
assert(ntlm_request != NULL);
switch (ntlm_request->user()->credentials()) {
* Decode a NTLM [Proxy-]Auth string, placing the results in the passed
* Auth_user structure.
*/
-AuthUserRequest::Pointer
+Auth::UserRequest::Pointer
Auth::Ntlm::Config::decode(char const *proxy_auth)
{
Auth::Ntlm::User *newUser = new Auth::Ntlm::User(Auth::Config::Find("ntlm"));
- AuthUserRequest::Pointer auth_user_request = new AuthNTLMUserRequest();
+ Auth::UserRequest::Pointer auth_user_request = new Auth::Ntlm::UserRequest();
assert(auth_user_request->user() == NULL);
auth_user_request->user(newUser);
Config();
virtual bool active() const;
virtual bool configured() const;
- virtual AuthUserRequest::Pointer decode(char const *proxy_auth);
+ virtual Auth::UserRequest::Pointer decode(char const *proxy_auth);
virtual void done();
virtual void rotateHelpers();
virtual void dump(StoreEntry *, const char *, Auth::Config *);
- virtual void fixHeader(AuthUserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
+ virtual void fixHeader(Auth::UserRequest::Pointer, HttpReply *, http_hdr_type, HttpRequest *);
virtual void init(Auth::Config *);
virtual void parse(Auth::Config *, int, char *);
virtual void registerWithCacheManager(void);
* note this is ONLY connection based because NTLM and Negotiate is against HTTP spec.
* the user details for connection based authentication
*/
- AuthUserRequest::Pointer auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request;
#endif
/**
err_type err, http_status status, const HttpRequestMethod& method, char const *uri,
Ip::Address &addr, HttpRequest * failedrequest, const char *unparsedrequest,
#if USE_AUTH
- AuthUserRequest::Pointer auth_user_request
+ Auth::UserRequest::Pointer auth_user_request
#else
void*
#endif
int storeNotOKTransferDone() const;
void setReplyToError(err_type, http_status, const HttpRequestMethod&, char const *, Ip::Address &, HttpRequest *, const char *,
#if USE_AUTH
- AuthUserRequest::Pointer);
+ Auth::UserRequest::Pointer);
#else
void * unused);
#endif
char *err_language;
http_status httpStatus;
#if USE_AUTH
- AuthUserRequest::Pointer auth_user_request;
+ Auth::UserRequest::Pointer auth_user_request;
#endif
HttpRequest *request;
char *url;
projects / thirdparty / squid.git / commitdiff
