No logic changes.
::operator delete(address);
}
-DelayUserBucket::DelayUserBucket(AuthUser::Pointer aUser) : authUser(aUser)
+DelayUserBucket::DelayUserBucket(Auth::User::Pointer aUser) : authUser(aUser)
{
debugs(77, 3, "DelayUserBucket::DelayUserBucket");
}
theBucket.stats(entry);
}
-DelayUser::Id::Id(DelayUser::Pointer aDelayUser, AuthUser::Pointer aUser) : theUser(aDelayUser)
+DelayUser::Id::Id(DelayUser::Pointer aDelayUser, Auth::User::Pointer aUser) : theUser(aDelayUser)
{
theBucket = new DelayUserBucket(aUser);
DelayUserBucket::Pointer const *existing = theUser->buckets.find(theBucket, DelayUserCmp);
void operator delete (void *);
void stats(StoreEntry *)const;
- DelayUserBucket(AuthUser::Pointer);
+ DelayUserBucket(Auth::User::Pointer);
~DelayUserBucket();
DelayBucket theBucket;
- AuthUser::Pointer authUser;
+ Auth::User::Pointer authUser;
};
/// \ingroup DelayPoolsAPI
public:
void *operator new(size_t);
void operator delete (void *);
- Id(RefCount<DelayUser>, AuthUser::Pointer);
+ Id(RefCount<DelayUser>, Auth::User::Pointer);
~Id();
virtual int bytesWanted (int min, int max) const;
virtual void bytesIn(int qty);
{
/* Do this first to clear memory and remove dead state on a reconfigure */
if (proxy_auth_username_cache)
- AuthUser::CachedACLsReset();
+ Auth::User::CachedACLsReset();
/* If we do not have any auth config state to create stop now. */
if (!config)
}
if (!proxy_auth_username_cache)
- AuthUser::cacheInit();
+ Auth::User::cacheInit();
authenticateRegisterWithCacheManager(config);
}
Auth::TheConfig.clean();
}
-AuthUserHashPointer::AuthUserHashPointer(AuthUser::Pointer anAuth_user):
+AuthUserHashPointer::AuthUserHashPointer(Auth::User::Pointer anAuth_user):
auth_user(anAuth_user)
{
key = (void *)anAuth_user->username();
hash_join(proxy_auth_username_cache, (hash_link *) this);
}
-AuthUser::Pointer
+Auth::User::Pointer
AuthUserHashPointer::user() const
{
return auth_user;
#include "auth/Config.h"
#include "auth/User.h"
-class AuthUser;
-
/**
\ingroup AuthAPI
*
public:
MEMPROXY_CLASS(AuthUserHashPointer);
- AuthUserHashPointer(AuthUser::Pointer);
+ AuthUserHashPointer(Auth::User::Pointer);
~AuthUserHashPointer() { auth_user = NULL; };
- AuthUser::Pointer user() const;
+ Auth::User::Pointer user() const;
private:
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
};
MEMPROXY_CLASS_INLINE(AuthUserHashPointer);
Type.cc \
Config.cc \
Config.h \
+ CredentialState.cc \
+ CredentialState.h \
Gadgets.cc \
Gadgets.h \
Scheme.cc \
AclProxyAuth.h \
AuthAclState.h
+CredentialState.cc: CredentialState.h $(top_srcdir)/src/mk-string-arrays.awk
+ $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/CredentialState.h > $@ || (rm -f $@ ; exit 1)
+
Type.cc: Type.h $(top_srcdir)/src/mk-string-arrays.awk
$(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/Type.h > $@ || (rm -f $@ ; exit 1)
-CLEANFILES += Type.cc
+CLEANFILES += CredentialState.cc Type.cc
// This should be converted into a pooled type. Does not need to be cbdata
CBDATA_TYPE(AuthUserIP);
-time_t AuthUser::last_discard = 0;
+time_t Auth::User::last_discard = 0;
-const char *CredentialsState_str[] = { "Unchecked", "Ok", "Pending", "Handshake", "Failed" };
-
-
-AuthUser::AuthUser(Auth::Config *aConfig) :
+Auth::User::User(Auth::Config *aConfig) :
auth_type(Auth::AUTH_UNKNOWN),
config(aConfig),
ipcount(0),
expiretime(0),
- credentials_state(Unchecked),
+ credentials_state(Auth::Unchecked),
username_(NULL)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
proxy_match_cache.head = proxy_match_cache.tail = NULL;
ip_list.head = ip_list.tail = NULL;
- debugs(29, 5, "AuthUser::AuthUser: Initialised auth_user '" << this << "'.");
+ debugs(29, 5, HERE << "Initialised auth_user '" << this << "'.");
}
-AuthUser::CredentialsState
-AuthUser::credentials() const
+Auth::CredentialState
+Auth::User::credentials() const
{
return credentials_state;
}
void
-AuthUser::credentials(CredentialsState newCreds)
+Auth::User::credentials(CredentialState newCreds)
{
credentials_state = newCreds;
}
* related scheme data itself.
*/
void
-AuthUser::absorb(AuthUser::Pointer from)
+Auth::User::absorb(Auth::User::Pointer from)
{
- /* RefCount children CANNOT be merged like this. The external AuthUser::Pointer's cannot be changed. */
+ /* RefCount children CANNOT be merged like this. The external Auth::User::Pointer's cannot be changed. */
/* check that we only have the two references:
* 1) our function scope
* dlink_list proxy_match_cache;
*/
- debugs(29, 5, "authenticateAuthUserMerge auth_user '" << from << "' into auth_user '" << this << "'.");
+ debugs(29, 5, HERE << "auth_user '" << from << "' into auth_user '" << this << "'.");
/* absorb the list of IP address sources (for max_user_ip controls) */
AuthUserIP *new_ipdata;
new_ipdata = static_cast<AuthUserIP *>(from->ip_list.head->data);
/* If this IP has expired - ignore the expensive merge actions. */
- if (new_ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
+ if (new_ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) {
/* This IP has expired - remove from the source list */
dlinkDelete(&new_ipdata->node, &(from->ip_list));
cbdataFree(new_ipdata);
/* update IP ttl and stop searching. */
ipdata->ip_expiretime = max(ipdata->ip_expiretime, new_ipdata->ip_expiretime);
break;
- } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
+ } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) {
/* This IP has expired - cleanup the destination list */
dlinkDelete(&ipdata->node, &ip_list);
cbdataFree(ipdata);
}
}
-AuthUser::~AuthUser()
+Auth::User::~User()
{
- debugs(29, 5, "AuthUser::~AuthUser: Freeing auth_user '" << this << "'.");
+ debugs(29, 5, HERE << "Freeing auth_user '" << this << "'.");
assert(RefCountCount() == 0);
/* free cached acl results */
}
void
-AuthUser::cacheInit(void)
+Auth::User::cacheInit(void)
{
if (!proxy_auth_username_cache) {
/* First time around, 7921 should be big enough */
proxy_auth_username_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
assert(proxy_auth_username_cache);
- eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1);
+ eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1);
last_discard = squid_curtime;
}
}
void
-AuthUser::CachedACLsReset()
+Auth::User::CachedACLsReset()
{
/*
* This must complete all at once, because we are ensuring correctness.
*/
AuthUserHashPointer *usernamehash;
- AuthUser::Pointer auth_user;
- debugs(29, 3, "AuthUser::CachedACLsReset: Flushing the ACL caches for all users.");
+ Auth::User::Pointer auth_user;
+ debugs(29, 3, HERE << "Flushing the ACL caches for all users.");
hash_first(proxy_auth_username_cache);
while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
aclCacheMatchFlush(&auth_user->proxy_match_cache);
}
- debugs(29, 3, "AuthUser::CachedACLsReset: Finished.");
+ debugs(29, 3, HERE << "Finished.");
}
void
-AuthUser::cacheCleanup(void *datanotused)
+Auth::User::cacheCleanup(void *datanotused)
{
/*
* We walk the hash by username as that is the unique key we use.
* entries at a time. Lets see how it flys first.
*/
AuthUserHashPointer *usernamehash;
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
char const *username = NULL;
- debugs(29, 3, "AuthUser::cacheCleanup: Cleaning the user cache now");
- debugs(29, 3, "AuthUser::cacheCleanup: Current time: " << current_time.tv_sec);
+ debugs(29, 3, HERE << "Cleaning the user cache now");
+ debugs(29, 3, HERE << "Current time: " << current_time.tv_sec);
hash_first(proxy_auth_username_cache);
while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
/* if we need to have indedendent expiry clauses, insert a module call
* here */
- debugs(29, 4, "AuthUser::cacheCleanup: Cache entry:\n\tType: " <<
+ debugs(29, 4, HERE << "Cache entry:\n\tType: " <<
auth_user->auth_type << "\n\tUsername: " << username <<
"\n\texpires: " <<
- (long int) (auth_user->expiretime + Config.authenticateTTL) <<
+ (long int) (auth_user->expiretime + ::Config.authenticateTTL) <<
"\n\treferences: " << (long int) auth_user->RefCountCount());
- if (auth_user->expiretime + Config.authenticateTTL <= current_time.tv_sec) {
- debugs(29, 5, "AuthUser::cacheCleanup: Removing user " << username << " from cache due to timeout.");
+ if (auth_user->expiretime + ::Config.authenticateTTL <= current_time.tv_sec) {
+ debugs(29, 5, HERE << "Removing user " << username << " from cache due to timeout.");
/* Old credentials are always removed. Existing users must hold their own
- * AuthUser::Pointer to the credentials. Cache exists only for finding
+ * Auth::User::Pointer to the credentials. Cache exists only for finding
* and re-using current valid credentials.
*/
hash_remove_link(proxy_auth_username_cache, usernamehash);
}
}
- debugs(29, 3, "AuthUser::cacheCleanup: Finished cleaning the user cache.");
- eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1);
+ debugs(29, 3, HERE << "Finished cleaning the user cache.");
+ eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1);
last_discard = squid_curtime;
}
void
-AuthUser::clearIp()
+Auth::User::clearIp()
{
AuthUserIP *ipdata, *tempnode;
}
void
-AuthUser::removeIp(Ip::Address ipaddr)
+Auth::User::removeIp(Ip::Address ipaddr)
{
AuthUserIP *ipdata = (AuthUserIP *) ip_list.head;
}
void
-AuthUser::addIp(Ip::Address ipaddr)
+Auth::User::addIp(Ip::Address ipaddr)
{
AuthUserIP *ipdata = (AuthUserIP *) ip_list.head;
int found = 0;
found = 1;
/* update IP ttl */
ipdata->ip_expiretime = squid_curtime;
- } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
+ } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) {
/* This IP has expired - remove from the seen list */
dlinkDelete(&ipdata->node, &ip_list);
cbdataFree(ipdata);
ipcount++;
- debugs(29, 2, "authenticateAuthUserAddIp: user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")");
+ debugs(29, 2, HERE << "user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")");
}
/**
- * Add the AuthUser structure to the username cache.
+ * Add the Auth::User structure to the username cache.
*/
void
-AuthUser::addToNameCache()
+Auth::User::addToNameCache()
{
/* AuthUserHashPointer will self-register with the username cache */
new AuthUserHashPointer(this);
* Dump the username cache statictics for viewing...
*/
void
-AuthUser::UsernameCacheStats(StoreEntry *output)
+Auth::User::UsernameCacheStats(StoreEntry *output)
{
AuthUserHashPointer *usernamehash;
/* overview of username cache */
storeAppendPrintf(output, "Cached Usernames: %d of %d\n", proxy_auth_username_cache->count, proxy_auth_username_cache->size);
- storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n", static_cast<int32_t>(last_discard + Config.authenticateGCInterval - squid_curtime));
+ storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n",
+ static_cast<int32_t>(last_discard + ::Config.authenticateGCInterval - squid_curtime));
/* cache dump column titles */
storeAppendPrintf(output, "\n%-15s %-9s %-9s %-9s %s\n",
hash_first(proxy_auth_username_cache);
while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) {
- AuthUser::Pointer auth_user = usernamehash->user();
+ Auth::User::Pointer auth_user = usernamehash->user();
storeAppendPrintf(output, "%-15s %-9s %-9d %-9d %s\n",
Auth::Type_str[auth_user->auth_type],
- CredentialsState_str[auth_user->credentials()],
+ CredentialState_str[auth_user->credentials()],
auth_user->ttl(),
- static_cast<int32_t>(auth_user->expiretime - squid_curtime + Config.authenticateTTL),
+ static_cast<int32_t>(auth_user->expiretime - squid_curtime + ::Config.authenticateTTL),
auth_user->username()
);
}
*/
char const *
-AuthUser::username () const
+Auth::User::username () const
{
return username_;
}
void
-AuthUser::username(char const *aString)
+Auth::User::username(char const *aString)
{
if (aString) {
assert(!username_);
* Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
*/
-#ifndef SQUID_AUTHUSER_H
-#define SQUID_AUTHUSER_H
+#ifndef SQUID_AUTH_USER_H
+#define SQUID_AUTH_USER_H
#if USE_AUTH
+#include "auth/CredentialState.h"
#include "auth/Type.h"
#include "dlink.h"
#include "ip/Address.h"
namespace Auth
{
+
class Config;
-}
/**
* \ingroup AuthAPI
* structure is the cached ACL match results. This structure, is private to
* the authentication framework.
*/
-class AuthUser : public RefCountable
+class User : public RefCountable
{
public:
- typedef RefCount<AuthUser> Pointer;
+ typedef RefCount<User> Pointer;
/* extra fields for proxy_auth */
/* auth_type and auth_module are deprecated. Do Not add new users of these fields.
size_t ipcount;
long expiretime;
+public:
static void cacheInit();
static void CachedACLsReset();
- void absorb(AuthUser::Pointer from);
- virtual ~AuthUser();
+ void absorb(Auth::User::Pointer from);
+ virtual ~User();
_SQUID_INLINE_ char const *username() const;
_SQUID_INLINE_ void username(char const *);
void addToNameCache();
static void UsernameCacheStats(StoreEntry * output);
- enum CredentialsState { Unchecked, Ok, Pending, Handshake, Failed };
- CredentialsState credentials() const;
- void credentials(CredentialsState);
+ CredentialState credentials() const;
+ void credentials(CredentialState);
private:
/**
* Handshake happening in stateful auth.
* Failed auth
*/
- CredentialsState credentials_state;
+ CredentialState credentials_state;
protected:
- AuthUser(Auth::Config *);
+ User(Auth::Config *);
private:
/**
dlink_list ip_list;
};
-extern const char *CredentialsState_str[];
+} // namespace Auth
#if _USE_INLINE_
#include "auth/User.cci"
#endif
#endif /* USE_AUTH */
-#endif /* SQUID_AUTHUSER_H */
+#endif /* SQUID_AUTH_USER_H */
debugs(29, 9, HERE << "Validating AuthUserRequest '" << this << "'.");
if (user() == NULL) {
- debugs(29, 4, HERE << "No associated AuthUser data");
+ debugs(29, 4, HERE << "No associated Auth::User data");
return false;
}
if (user()->auth_type == Auth::AUTH_UNKNOWN) {
- debugs(29, 4, HERE << "AuthUser '" << user() << "' uses unknown scheme.");
+ debugs(29, 4, HERE << "Auth::User '" << user() << "' uses unknown scheme.");
return false;
}
if (user()->auth_type == Auth::AUTH_BROKEN) {
- debugs(29, 4, HERE << "AuthUser '" << user() << "' is broken for it's scheme.");
+ debugs(29, 4, HERE << "Auth::User '" << user() << "' is broken for it's scheme.");
return false;
}
static void
authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip::Address &ipaddr)
{
- AuthUser::Pointer auth_user = auth_user_request->user();
+ Auth::User::Pointer auth_user = auth_user_request->user();
if (!auth_user)
return;
void
authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer auth_user_request, Ip::Address const &ipaddr)
{
- AuthUser::Pointer auth_user = auth_user_request->user();
+ Auth::User::Pointer auth_user = auth_user_request->user();
if (!auth_user)
return;
* it has request specific data, and links to user specific data
* the user
*/
- AuthUser::Pointer _auth_user;
+ Auth::User::Pointer _auth_user;
/**
* Used by squid to determine what the next step in performing authentication for a given scheme is.
*/
virtual void module_start(RH *handler, void *data) = 0;
- virtual AuthUser::Pointer user() {return _auth_user;}
+ virtual Auth::User::Pointer user() {return _auth_user;}
- virtual const AuthUser::Pointer user() const {return _auth_user;}
+ virtual const Auth::User::Pointer user() const {return _auth_user;}
- virtual void user(AuthUser::Pointer aUser) {_auth_user=aUser;}
+ virtual void user(Auth::User::Pointer aUser) {_auth_user=aUser;}
static AuthAclState tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &);
static void addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal);
assert(user() != NULL);
/* if the password is not ok, do an identity */
- if (!user() || user()->credentials() != AuthUser::Ok)
+ if (!user() || user()->credentials() != Auth::Ok)
return;
/* are we about to recheck the credentials externally? */
switch (user()->credentials()) {
- case AuthUser::Unchecked:
- case AuthUser::Pending:
+ case Auth::Unchecked:
+ case Auth::Pending:
return -1;
- case AuthUser::Ok:
+ case Auth::Ok:
if (user()->expiretime + static_cast<Auth::Basic::Config*>(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime)
return -1;
return 0;
- case AuthUser::Failed:
+ case Auth::Failed:
return 0;
default:
}
/* check to see if the auth_user already has a request outstanding */
- if (user()->credentials() == AuthUser::Pending) {
+ if (user()->credentials() == Auth::Pending) {
/* there is a request with the same credentials already being verified */
basic_auth->queueRequest(this, handler, data);
return;
int32_t
BasicUser::ttl() const
{
- if (credentials() != Ok && credentials() != Pending)
+ if (credentials() != Auth::Ok && credentials() != Auth::Pending)
return -1; // TTL is obsolete NOW.
int32_t basic_ttl = expiretime - squid_curtime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL;
bool
BasicUser::authenticated() const
{
- if ((credentials() == Ok) && (expiretime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL > squid_curtime))
+ if ((credentials() ==
Auth::Ok) && (expiretime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL > squid_curtime))
return true;
debugs(29, 4, "User not authenticated or credentials need rechecking.");
assert(basic_auth != NULL);
if (reply && (strncasecmp(reply, "OK", 2) == 0))
- basic_auth->credentials(AuthUser::Ok);
+ basic_auth->credentials(Auth::Ok);
else {
- basic_auth->credentials(AuthUser::Failed);
+ basic_auth->credentials(Auth::Failed);
if (t && *t)
r->auth_user_request->setDenyMessage(t);
helperStats(sentry, basicauthenticators, "Basic Authenticator Statistics");
}
-static AuthUser::Pointer
+static Auth::User::Pointer
authBasicAuthUserFindUsername(const char *username)
{
AuthUserHashPointer *usernamehash;
}
BasicUser::BasicUser(Auth::Config *aConfig) :
- AuthUser(aConfig),
+ Auth::User(aConfig),
passwd(NULL),
auth_queue(NULL),
currentRequest(NULL)
if (strcmp(from->passwd, passwd)) {
debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked");
- credentials(Unchecked);
+ credentials(Auth::Unchecked);
xfree(passwd);
passwd = from->passwd;
from->passwd = NULL;
}
- if (credentials() == Failed) {
+ if (credentials() == Auth::Failed) {
debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked");
- credentials(Unchecked);
+ credentials(Auth::Unchecked);
}
}
if (!cleartext)
return auth_user_request;
- AuthUser::Pointer lb;
+ Auth::User::Pointer lb;
/* permitted because local_basic is purely local function scope. */
BasicUser *local_basic = NULL;
}
/* now lookup and see if we have a matching auth_user structure in memory. */
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
if ((auth_user = authBasicAuthUserFindUsername(lb->username())) == NULL) {
/* the user doesn't exist in the username cache yet */
BasicUser::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data)
{
/* mark the user as having verification in progress */
- credentials(Pending);
+ credentials(Auth::Pending);
authenticateStateData *r = NULL;
char buf[8192];
char user[1024], pass[1024];
void *data;
};
-class BasicUser : public AuthUser
+class BasicUser : public Auth::User
{
public:
hash_first(proxy_auth_username_cache);
while ((usernamehash = static_cast<AuthUserHashPointer *>(hash_next(proxy_auth_username_cache)) )) {
- AuthUser::Pointer auth_user = usernamehash->user();
+ Auth::User::Pointer auth_user = usernamehash->user();
if (strcmp(auth_user->config->type(), "digest") == 0) {
hash_remove_link(proxy_auth_username_cache, static_cast<hash_link*>(usernamehash));
int
AuthDigestUserRequest::authenticated() const
{
- if (user() != NULL && user()->credentials() == AuthUser::Ok)
+ if (user() != NULL && user()->credentials() == Auth::Ok)
return 1;
return 0;
HASHHEX Response;
/* if the check has corrupted the user, just return */
- if (user() == NULL || user()->credentials() == AuthUser::Failed) {
+ if (user() == NULL || user()->credentials() == Auth::Failed) {
return;
}
- AuthUser::Pointer auth_user = user();
+ Auth::User::Pointer auth_user = user();
DigestUser *digest_user = dynamic_cast<DigestUser*>(auth_user.getRaw());
assert(digest_user != NULL);
/* do we have the HA1 */
if (!digest_user->HA1created) {
- auth_user->credentials(AuthUser::Pending);
+ auth_user->credentials(Auth::Pending);
return;
}
if (digest_request->nonce == NULL) {
/* this isn't a nonce we issued */
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
return;
}
if (!digest_request->flags.helper_queried) {
/* Query the helper in case the password has changed */
digest_request->flags.helper_queried = 1;
- auth_user->credentials(AuthUser::Pending);
+ auth_user->credentials(Auth::Pending);
return;
}
RequestMethodStr(METHOD_GET), digest_request->uri, HA2, Response);
if (strcasecmp(digest_request->response, Response)) {
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
digest_request->flags.invalid_password = 1;
digest_request->setDenyMessage("Incorrect password");
return;
}
}
} else {
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
digest_request->flags.invalid_password = 1;
digest_request->setDenyMessage("Incorrect password");
return;
/* check for stale nonce */
if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale");
- auth_user->credentials(AuthUser::Failed);
+ auth_user->credentials(Auth::Failed);
digest_request->setDenyMessage("Stale nonce");
return;
}
}
- auth_user->credentials(AuthUser::Ok);
+ auth_user->credentials(Auth::Ok);
/* password was checked and did match */
debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK");
switch (user()->credentials()) {
- case AuthUser::Ok:
+ case Auth::Ok:
return 0;
- case AuthUser::Failed:
+ case Auth::Failed:
/* send new challenge */
return 1;
- case AuthUser::Unchecked:
- case AuthUser::Pending:
+ case Auth::Unchecked:
+ case Auth::Pending:
return -1;
default:
AuthDigestUserRequest *digest_request = dynamic_cast<AuthDigestUserRequest *>(auth_user_request.getRaw());
assert(digest_request);
- digest_request->user()->credentials(AuthUser::Failed);
+ digest_request->user()->credentials(Auth::Failed);
digest_request->flags.invalid_password = 1;
if (t && *t)
}
/* USER related functions */
-static AuthUser::Pointer
+static Auth::User::Pointer
authDigestUserFindUsername(const char *username)
{
AuthUserHashPointer *usernamehash;
/* log the username */
debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'");
- AuthUser::Pointer digest_user = new DigestUser(static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest")));
+ Auth
::User::Pointer digest_user = new DigestUser(static_cast<Auth::Digest::Config*>(Auth::Config::Find("digest")));
/* save the credentials */
digest_user->username(username);
/* set the auth_user type */
/* we couldn't find a matching nonce! */
debugs(29, 2, "authenticateDigestDecode: Unexpected or invalid nonce received");
if (digest_request->user() != NULL)
- digest_request->user()->credentials(AuthUser::Failed);
+ digest_request->user()->credentials(Auth::Failed);
return authDigestLogUsername(username, digest_request);
}
/* find the user */
DigestUser *digest_user;
- AuthUser::Pointer auth_user;
+ Auth::User::Pointer auth_user;
if ((auth_user = authDigestUserFindUsername(username)) == NULL) {
/* the user doesn't exist in the username cache yet */
return digest_request;
}
-DigestUser::DigestUser(Auth::Config *aConfig) : AuthUser(aConfig), HA1created (0)
+DigestUser::DigestUser(Auth::Config *aConfig) : Auth::User(aConfig), HA1created (0)
{}
typedef struct _digest_nonce_h digest_nonce_h;
-class DigestUser : public AuthUser
+class DigestUser : public Auth::User
{
public:
int
AuthNegotiateUserRequest::authenticated() const
{
- if (user() != NULL && user()->credentials() == AuthUser::Ok) {
+ if (user() != NULL && user()->credentials() == Auth::Ok) {
debugs(29, 9, HERE << "user authenticated.");
return 1;
}
switch (user()->credentials()) {
- case AuthUser::Handshake:
+ case Auth::Handshake:
assert(server_blob);
return 1; /* send to client */
- case AuthUser::Ok:
+ case Auth::Ok:
return 0; /* do nothing */
- case AuthUser::Failed:
+ case Auth::Failed:
return -2;
default:
r->data = cbdataReference(data);
r->auth_user_request = this;
- if (user()->credentials() == AuthUser::Pending) {
+ if (user()->credentials() == Auth::Pending) {
snprintf(buf, MAX_AUTHTOKEN_LEN, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
} else {
snprintf(buf, MAX_AUTHTOKEN_LEN, "KK %s\n", client_blob);
/** Check that we are in the client side, where we can generate auth challenges */
if (conn == NULL) {
- user()->credentials(AuthUser::Failed);
+ user()->credentials(Auth::Failed);
debugs(29, DBG_IMPORTANT, "WARNING: Negotiate Authentication attempt to perform authentication without a connection!");
return;
}
switch (user()->credentials()) {
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* we've received a negotiate request. pass to a helper */
debugs(29, 9, HERE << "auth state negotiate none. Received blob: '" << proxy_auth << "'");
- user()->credentials(AuthUser::Pending);
+ user()->credentials(Auth::Pending);
safe_free(client_blob);
client_blob=xstrdup(blob);
assert(conn->auth_user_request == NULL);
HTTPMSGLOCK(request);
break;
- case AuthUser::Pending:
+ case Auth::Pending:
debugs(29, 1, HERE << "need to ask helper");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we should have received a blob from the client. Hand it off to
* some helper */
safe_free(client_blob);
HTTPMSGLOCK(request);
break;
- case AuthUser::Ok:
+ case Auth::Ok:
fatal("AuthNegotiateUserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n");
break;
- case AuthUser::Failed:
+ case Auth::Failed:
/* we've failed somewhere in authentication */
debugs(29, 9, HERE << "auth state negotiate failed. " << proxy_auth);
break;
negotiate_request->request->flags.must_keepalive = 1;
if (negotiate_request->request->flags.proxy_keepalive) {
negotiate_request->server_blob = xstrdup(blob);
- auth_user_request->user()->credentials(AuthUser::Handshake);
+ auth_user_request->user()->credentials(Auth::Handshake);
auth_user_request->denyMessage("Authentication in progress");
debugs(29, 4, HERE << "Need to challenge the client with a server blob '" << blob << "'");
} else {
- auth_user_request->user()->credentials(AuthUser::Failed);
+ auth_user_request->user()->credentials(Auth::Failed);
auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
}
} else if (strncasecmp(reply, "AF ", 3) == 0 && arg != NULL) {
safe_free(negotiate_request->server_blob);
negotiate_request->server_blob = xstrdup(blob);
negotiate_request->releaseAuthServer();
- auth_user_request->user()->credentials(AuthUser::Ok);
+ auth_user_request->user()->credentials(Auth::Ok);
debugs(29, 4, HERE << "Successfully validated user via Negotiate. Username '" << blob << "'");
/* connection is authenticated */
/* see if this is an existing user with a different proxy_auth
* string */
AuthUserHashPointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username()));
- AuthUser::Pointer local_auth_user = negotiate_request->user();
+ Auth::User::Pointer local_auth_user = negotiate_request->user();
while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NEGOTIATE ||
strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0))
usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
* existing user or a new user */
local_auth_user->expiretime = current_time.tv_sec;
negotiate_request->releaseAuthServer();
- negotiate_request->user()->credentials(AuthUser::Ok);
+ negotiate_request->user()->credentials(Auth::Ok);
} else if (strncasecmp(reply, "NA ", 3) == 0 && arg != NULL) {
/* authentication failure (wrong password, etc.) */
*arg++ = '\0';
auth_user_request->denyMessage(arg);
- negotiate_request->user()->credentials(AuthUser::Failed);
+ negotiate_request->user()->credentials(Auth::Failed);
safe_free(negotiate_request->server_blob);
negotiate_request->server_blob = xstrdup(blob);
negotiate_request->releaseAuthServer();
* If after a KK deny the user's request w/ 407 and mark the helper as
* Needing YR. */
auth_user_request->denyMessage(blob);
- auth_user_request->user()->credentials(AuthUser::Failed);
+ auth_user_request->user()->credentials(Auth::Failed);
safe_free(negotiate_request->server_blob);
negotiate_request->releaseAuthServer();
debugs(29, DBG_IMPORTANT, "ERROR: Negotiate Authentication validating user. Error returned '" << reply << "'");
switch (negotiate_request->user()->credentials()) {
- case AuthUser::Failed:
+ case Auth::Failed:
/* here it makes sense to drop the connection, as auth is
* tied to it, even if MAYBE the client could handle it - Kinkie */
rep->header.delByName("keep-alive");
request->flags.proxy_keepalive = 0;
/* fall through */
- case AuthUser::Ok:
+ case Auth::Ok:
/* Special case: authentication finished OK but disallowed by ACL.
* Need to start over to give the client another chance.
*/
}
break;
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* semantic change: do not drop the connection.
* 2.5 implementation used to keep it open - Kinkie */
debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we're waiting for a response from the client. Pass it the blob */
debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob);
return auth_user_request;
}
-NegotiateUser::NegotiateUser(Auth::Config *aConfig) : AuthUser(aConfig)
+NegotiateUser::NegotiateUser(Auth::Config *aConfig) : Auth::User(aConfig)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
#define DefaultAuthenticateChildrenMax 32 /* 32 processes */
/// \ingroup AuthNegotiateAPI
-class NegotiateUser : public AuthUser
+class NegotiateUser : public Auth::User
{
public:
switch (user()->credentials()) {
- case AuthUser::Handshake:
+ case Auth::Handshake:
assert(server_blob);
return 1; /* send to client */
- case AuthUser::Ok:
+ case Auth::Ok:
return 0; /* do nothing */
- case AuthUser::Failed:
+ case Auth::Failed:
return -2;
default:
r->data = cbdataReference(data);
r->auth_user_request = this;
- if (user()->credentials() == AuthUser::Pending) {
+ if (user()->credentials() == Auth::Pending) {
snprintf(buf, 8192, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here?
} else {
snprintf(buf, 8192, "KK %s\n", client_blob);
int
AuthNTLMUserRequest::authenticated() const
{
- if (user()->credentials() == AuthUser::Ok) {
+ if (user()->credentials() == Auth::Ok) {
debugs(29, 9, "AuthNTLMUserRequest::authenticated: user authenticated.");
return 1;
}
* auth challenges */
if (conn == NULL || !cbdataReferenceValid(conn)) {
- user()->credentials(AuthUser::Failed);
+ user()->credentials(Auth::Failed);
debugs(29, 1, "AuthNTLMUserRequest::authenticate: attempt to perform authentication without a connection!");
return;
}
switch (user()->credentials()) {
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* we've received a ntlm request. pass to a helper */
debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm none. Received blob: '" << proxy_auth << "'");
- user()->credentials(AuthUser::Pending);
+ user()->credentials(Auth::Pending);
safe_free(client_blob);
client_blob=xstrdup(blob);
assert(conn->auth_user_request == NULL);
HTTPMSGLOCK(request);
break;
- case AuthUser::Pending:
+ case Auth::Pending:
debugs(29, 1, "AuthNTLMUserRequest::authenticate: need to ask helper");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we should have received a blob from the client. Hand it off to
* some helper */
safe_free(client_blob);
HTTPMSGLOCK(request);
break;
- case AuthUser::Ok:
+ case Auth::Ok:
fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n");
break;
- case AuthUser::Failed:
+ case Auth::Failed:
/* we've failed somewhere in authentication */
debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm failed. " << proxy_auth);
break;
ntlm_request->request->flags.must_keepalive = 1;
if (ntlm_request->request->flags.proxy_keepalive) {
ntlm_request->server_blob = xstrdup(blob);
- ntlm_request->user()->credentials(AuthUser::Handshake);
+ ntlm_request->user()->credentials(Auth::Handshake);
auth_user_request->denyMessage("Authentication in progress");
debugs(29, 4, "authenticateNTLMHandleReply: Need to challenge the client with a server blob '" << blob << "'");
} else {
- ntlm_request->user()->credentials(AuthUser::Failed);
+ ntlm_request->user()->credentials(Auth::Failed);
auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
}
} else if (strncasecmp(reply, "AF ", 3) == 0) {
/* see if this is an existing user with a different proxy_auth
* string */
auth_user_hash_pointer *usernamehash = static_cast<AuthUserHashPointer *>(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username()));
- AuthUser::Pointer local_auth_user = ntlm_request->user();
+ Auth::User::Pointer local_auth_user = ntlm_request->user();
while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NTLM ||
strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0))
usernamehash = static_cast<AuthUserHashPointer *>(usernamehash->next);
* existing user or a new user */
local_auth_user->expiretime = current_time.tv_sec;
ntlm_request->releaseAuthServer();
- local_auth_user->credentials(AuthUser::Ok);
+ local_auth_user->credentials(Auth::Ok);
} else if (strncasecmp(reply, "NA ", 3) == 0) {
/* authentication failure (wrong password, etc.) */
auth_user_request->denyMessage(blob);
- ntlm_request->user()->credentials(AuthUser::Failed);
+ ntlm_request->user()->credentials(Auth::Failed);
safe_free(ntlm_request->server_blob);
ntlm_request->releaseAuthServer();
debugs(29, 4, "authenticateNTLMHandleReply: Failed validating user via NTLM. Error returned '" << blob << "'");
* If after a KK deny the user's request w/ 407 and mark the helper as
* Needing YR. */
auth_user_request->denyMessage(blob);
- auth_user_request->user()->credentials(AuthUser::Failed);
+ auth_user_request->user()->credentials(Auth::Failed);
safe_free(ntlm_request->server_blob);
ntlm_request->releaseAuthServer();
debugs(29, 1, "authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '" << reply << "'");
switch (ntlm_request->user()->credentials()) {
- case AuthUser::Failed:
+ case Auth::Failed:
/* here it makes sense to drop the connection, as auth is
* tied to it, even if MAYBE the client could handle it - Kinkie */
request->flags.proxy_keepalive = 0;
/* fall through */
- case AuthUser::Ok:
+ case Auth::Ok:
/* Special case: authentication finished OK but disallowed by ACL.
* Need to start over to give the client another chance.
*/
/* fall through */
- case AuthUser::Unchecked:
+ case Auth::Unchecked:
/* semantic change: do not drop the connection.
* 2.5 implementation used to keep it open - Kinkie */
debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM");
break;
- case AuthUser::Handshake:
+ case Auth::Handshake:
/* we're waiting for a response from the client. Pass it the blob */
debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'");
httpHeaderPutStrf(&rep->header, hdrType, "NTLM %s", ntlm_request->server_blob);
return auth_user_request;
}
-NTLMUser::NTLMUser(Auth::Config *aConfig) : AuthUser(aConfig)
+NTLMUser::NTLMUser(Auth::Config *aConfig) : Auth::User(aConfig)
{
proxy_auth_list.head = proxy_auth_list.tail = NULL;
}
#define DefaultAuthenticateChildrenMax 32 /* 32 processes */
-class NTLMUser : public AuthUser
+class NTLMUser : public Auth::User
{
public:
#if USE_AUTH
Mgr::RegisterAction("username_cache",
"Active Cached Usernames",
- AuthUser::UsernameCacheStats, 0, 1);
+ Auth::User::UsernameCacheStats, 0, 1);
#endif
#if DEBUG_OPENFD
Mgr::RegisterAction("openfd_objects", "Objects with Swapout files open",
projects / thirdparty / squid.git / commitdiff
