From: Amos Jeffries Date: Mon, 11 Apr 2011 14:08:54 +0000 (-0600) Subject: SourceLayout: namespace for Auth::User X-Git-Tag: take06~27^2~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d87154ee577dd41876875ac8ec5273a2e3def960;p=thirdparty%2Fsquid.git SourceLayout: namespace for Auth::User No logic changes. --- diff --git a/src/DelayUser.cc b/src/DelayUser.cc index 24c20dc2d4..fbac8e5b3f 100644 --- a/src/DelayUser.cc +++ b/src/DelayUser.cc @@ -186,7 +186,7 @@ DelayUserBucket::operator delete(void *address) ::operator delete(address); } -DelayUserBucket::DelayUserBucket(AuthUser::Pointer aUser) : authUser(aUser) +DelayUserBucket::DelayUserBucket(Auth::User::Pointer aUser) : authUser(aUser) { debugs(77, 3, "DelayUserBucket::DelayUserBucket"); } @@ -204,7 +204,7 @@ DelayUserBucket::stats (StoreEntry *entry) const theBucket.stats(entry); } -DelayUser::Id::Id(DelayUser::Pointer aDelayUser, AuthUser::Pointer aUser) : theUser(aDelayUser) +DelayUser::Id::Id(DelayUser::Pointer aDelayUser, Auth::User::Pointer aUser) : theUser(aDelayUser) { theBucket = new DelayUserBucket(aUser); DelayUserBucket::Pointer const *existing = theUser->buckets.find(theBucket, DelayUserCmp); diff --git a/src/DelayUser.h b/src/DelayUser.h index 9fb36f34ea..a0816bdbfe 100644 --- a/src/DelayUser.h +++ b/src/DelayUser.h @@ -58,10 +58,10 @@ public: void operator delete (void *); void stats(StoreEntry *)const; - DelayUserBucket(AuthUser::Pointer); + DelayUserBucket(Auth::User::Pointer); ~DelayUserBucket(); DelayBucket theBucket; - AuthUser::Pointer authUser; + Auth::User::Pointer authUser; }; /// \ingroup DelayPoolsAPI @@ -90,7 +90,7 @@ private: public: void *operator new(size_t); void operator delete (void *); - Id(RefCount, AuthUser::Pointer); + Id(RefCount, Auth::User::Pointer); ~Id(); virtual int bytesWanted (int min, int max) const; virtual void bytesIn(int qty); diff --git a/src/auth/Gadgets.cc b/src/auth/Gadgets.cc index 01fc8446ec..1a310612e2 100644 --- a/src/auth/Gadgets.cc +++ b/src/auth/Gadgets.cc @@ -89,7 +89,7 @@ authenticateInit(Auth::ConfigVector * config) { /* Do this first to clear memory and remove dead state on a reconfigure */ if (proxy_auth_username_cache) - AuthUser::CachedACLsReset(); + Auth::User::CachedACLsReset(); /* If we do not have any auth config state to create stop now. */ if (!config) @@ -103,7 +103,7 @@ authenticateInit(Auth::ConfigVector * config) } if (!proxy_auth_username_cache) - AuthUser::cacheInit(); + Auth::User::cacheInit(); authenticateRegisterWithCacheManager(config); } @@ -137,7 +137,7 @@ authenticateReset(void) Auth::TheConfig.clean(); } -AuthUserHashPointer::AuthUserHashPointer(AuthUser::Pointer anAuth_user): +AuthUserHashPointer::AuthUserHashPointer(Auth::User::Pointer anAuth_user): auth_user(anAuth_user) { key = (void *)anAuth_user->username(); @@ -145,7 +145,7 @@ AuthUserHashPointer::AuthUserHashPointer(AuthUser::Pointer anAuth_user): hash_join(proxy_auth_username_cache, (hash_link *) this); } -AuthUser::Pointer +Auth::User::Pointer AuthUserHashPointer::user() const { return auth_user; diff --git a/src/auth/Gadgets.h b/src/auth/Gadgets.h index 1a053d10c2..6bbdb13d3e 100644 --- a/src/auth/Gadgets.h +++ b/src/auth/Gadgets.h @@ -40,8 +40,6 @@ #include "auth/Config.h" #include "auth/User.h" -class AuthUser; - /** \ingroup AuthAPI * @@ -61,13 +59,13 @@ class AuthUserHashPointer : public hash_link public: MEMPROXY_CLASS(AuthUserHashPointer); - AuthUserHashPointer(AuthUser::Pointer); + AuthUserHashPointer(Auth::User::Pointer); ~AuthUserHashPointer() { auth_user = NULL; }; - AuthUser::Pointer user() const; + Auth::User::Pointer user() const; private: - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; }; MEMPROXY_CLASS_INLINE(AuthUserHashPointer); diff --git a/src/auth/Makefile.am b/src/auth/Makefile.am index 69918ee16b..1abb966dfc 100644 --- a/src/auth/Makefile.am +++ b/src/auth/Makefile.am @@ -14,6 +14,8 @@ libauth_la_SOURCES = \ Type.cc \ Config.cc \ Config.h \ + CredentialState.cc \ + CredentialState.h \ Gadgets.cc \ Gadgets.h \ Scheme.cc \ @@ -40,7 +42,10 @@ libacls_la_SOURCES = \ AclProxyAuth.h \ AuthAclState.h +CredentialState.cc: CredentialState.h $(top_srcdir)/src/mk-string-arrays.awk + $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/CredentialState.h > $@ || (rm -f $@ ; exit 1) + Type.cc: Type.h $(top_srcdir)/src/mk-string-arrays.awk $(AWK) -f $(top_srcdir)/src/mk-string-arrays.awk < $(srcdir)/Type.h > $@ || (rm -f $@ ; exit 1) -CLEANFILES += Type.cc +CLEANFILES += CredentialState.cc Type.cc diff --git a/src/auth/User.cc b/src/auth/User.cc index 801f19adbd..3b5fe2dfdb 100644 --- a/src/auth/User.cc +++ b/src/auth/User.cc @@ -51,33 +51,30 @@ // This should be converted into a pooled type. Does not need to be cbdata CBDATA_TYPE(AuthUserIP); -time_t AuthUser::last_discard = 0; +time_t Auth::User::last_discard = 0; -const char *CredentialsState_str[] = { "Unchecked", "Ok", "Pending", "Handshake", "Failed" }; - - -AuthUser::AuthUser(Auth::Config *aConfig) : +Auth::User::User(Auth::Config *aConfig) : auth_type(Auth::AUTH_UNKNOWN), config(aConfig), ipcount(0), expiretime(0), - credentials_state(Unchecked), + credentials_state(Auth::Unchecked), username_(NULL) { proxy_auth_list.head = proxy_auth_list.tail = NULL; proxy_match_cache.head = proxy_match_cache.tail = NULL; ip_list.head = ip_list.tail = NULL; - debugs(29, 5, "AuthUser::AuthUser: Initialised auth_user '" << this << "'."); + debugs(29, 5, HERE << "Initialised auth_user '" << this << "'."); } -AuthUser::CredentialsState -AuthUser::credentials() const +Auth::CredentialState +Auth::User::credentials() const { return credentials_state; } void -AuthUser::credentials(CredentialsState newCreds) +Auth::User::credentials(CredentialState newCreds) { credentials_state = newCreds; } @@ -91,10 +88,10 @@ AuthUser::credentials(CredentialsState newCreds) * related scheme data itself. */ void -AuthUser::absorb(AuthUser::Pointer from) +Auth::User::absorb(Auth::User::Pointer from) { - /* RefCount children CANNOT be merged like this. The external AuthUser::Pointer's cannot be changed. */ + /* RefCount children CANNOT be merged like this. The external Auth::User::Pointer's cannot be changed. */ /* check that we only have the two references: * 1) our function scope @@ -108,7 +105,7 @@ AuthUser::absorb(AuthUser::Pointer from) * dlink_list proxy_match_cache; */ - debugs(29, 5, "authenticateAuthUserMerge auth_user '" << from << "' into auth_user '" << this << "'."); + debugs(29, 5, HERE << "auth_user '" << from << "' into auth_user '" << this << "'."); /* absorb the list of IP address sources (for max_user_ip controls) */ AuthUserIP *new_ipdata; @@ -116,7 +113,7 @@ AuthUser::absorb(AuthUser::Pointer from) new_ipdata = static_cast(from->ip_list.head->data); /* If this IP has expired - ignore the expensive merge actions. */ - if (new_ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + if (new_ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) { /* This IP has expired - remove from the source list */ dlinkDelete(&new_ipdata->node, &(from->ip_list)); cbdataFree(new_ipdata); @@ -135,7 +132,7 @@ AuthUser::absorb(AuthUser::Pointer from) /* update IP ttl and stop searching. */ ipdata->ip_expiretime = max(ipdata->ip_expiretime, new_ipdata->ip_expiretime); break; - } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) { /* This IP has expired - cleanup the destination list */ dlinkDelete(&ipdata->node, &ip_list); cbdataFree(ipdata); @@ -159,9 +156,9 @@ AuthUser::absorb(AuthUser::Pointer from) } } -AuthUser::~AuthUser() +Auth::User::~User() { - debugs(29, 5, "AuthUser::~AuthUser: Freeing auth_user '" << this << "'."); + debugs(29, 5, HERE << "Freeing auth_user '" << this << "'."); assert(RefCountCount() == 0); /* free cached acl results */ @@ -178,26 +175,26 @@ AuthUser::~AuthUser() } void -AuthUser::cacheInit(void) +Auth::User::cacheInit(void) { if (!proxy_auth_username_cache) { /* First time around, 7921 should be big enough */ proxy_auth_username_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string); assert(proxy_auth_username_cache); - eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1); + eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1); last_discard = squid_curtime; } } void -AuthUser::CachedACLsReset() +Auth::User::CachedACLsReset() { /* * This must complete all at once, because we are ensuring correctness. */ AuthUserHashPointer *usernamehash; - AuthUser::Pointer auth_user; - debugs(29, 3, "AuthUser::CachedACLsReset: Flushing the ACL caches for all users."); + Auth::User::Pointer auth_user; + debugs(29, 3, HERE << "Flushing the ACL caches for all users."); hash_first(proxy_auth_username_cache); while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) { @@ -206,11 +203,11 @@ AuthUser::CachedACLsReset() aclCacheMatchFlush(&auth_user->proxy_match_cache); } - debugs(29, 3, "AuthUser::CachedACLsReset: Finished."); + debugs(29, 3, HERE << "Finished."); } void -AuthUser::cacheCleanup(void *datanotused) +Auth::User::cacheCleanup(void *datanotused) { /* * We walk the hash by username as that is the unique key we use. @@ -218,10 +215,10 @@ AuthUser::cacheCleanup(void *datanotused) * entries at a time. Lets see how it flys first. */ AuthUserHashPointer *usernamehash; - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; char const *username = NULL; - debugs(29, 3, "AuthUser::cacheCleanup: Cleaning the user cache now"); - debugs(29, 3, "AuthUser::cacheCleanup: Current time: " << current_time.tv_sec); + debugs(29, 3, HERE << "Cleaning the user cache now"); + debugs(29, 3, HERE << "Current time: " << current_time.tv_sec); hash_first(proxy_auth_username_cache); while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) { @@ -230,17 +227,17 @@ AuthUser::cacheCleanup(void *datanotused) /* if we need to have indedendent expiry clauses, insert a module call * here */ - debugs(29, 4, "AuthUser::cacheCleanup: Cache entry:\n\tType: " << + debugs(29, 4, HERE << "Cache entry:\n\tType: " << auth_user->auth_type << "\n\tUsername: " << username << "\n\texpires: " << - (long int) (auth_user->expiretime + Config.authenticateTTL) << + (long int) (auth_user->expiretime + ::Config.authenticateTTL) << "\n\treferences: " << (long int) auth_user->RefCountCount()); - if (auth_user->expiretime + Config.authenticateTTL <= current_time.tv_sec) { - debugs(29, 5, "AuthUser::cacheCleanup: Removing user " << username << " from cache due to timeout."); + if (auth_user->expiretime + ::Config.authenticateTTL <= current_time.tv_sec) { + debugs(29, 5, HERE << "Removing user " << username << " from cache due to timeout."); /* Old credentials are always removed. Existing users must hold their own - * AuthUser::Pointer to the credentials. Cache exists only for finding + * Auth::User::Pointer to the credentials. Cache exists only for finding * and re-using current valid credentials. */ hash_remove_link(proxy_auth_username_cache, usernamehash); @@ -248,13 +245,13 @@ AuthUser::cacheCleanup(void *datanotused) } } - debugs(29, 3, "AuthUser::cacheCleanup: Finished cleaning the user cache."); - eventAdd("User Cache Maintenance", cacheCleanup, NULL, Config.authenticateGCInterval, 1); + debugs(29, 3, HERE << "Finished cleaning the user cache."); + eventAdd("User Cache Maintenance", cacheCleanup, NULL, ::Config.authenticateGCInterval, 1); last_discard = squid_curtime; } void -AuthUser::clearIp() +Auth::User::clearIp() { AuthUserIP *ipdata, *tempnode; @@ -276,7 +273,7 @@ AuthUser::clearIp() } void -AuthUser::removeIp(Ip::Address ipaddr) +Auth::User::removeIp(Ip::Address ipaddr) { AuthUserIP *ipdata = (AuthUserIP *) ip_list.head; @@ -299,7 +296,7 @@ AuthUser::removeIp(Ip::Address ipaddr) } void -AuthUser::addIp(Ip::Address ipaddr) +Auth::User::addIp(Ip::Address ipaddr) { AuthUserIP *ipdata = (AuthUserIP *) ip_list.head; int found = 0; @@ -320,7 +317,7 @@ AuthUser::addIp(Ip::Address ipaddr) found = 1; /* update IP ttl */ ipdata->ip_expiretime = squid_curtime; - } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + } else if (ipdata->ip_expiretime + ::Config.authenticateIpTTL < squid_curtime) { /* This IP has expired - remove from the seen list */ dlinkDelete(&ipdata->node, &ip_list); cbdataFree(ipdata); @@ -346,14 +343,14 @@ AuthUser::addIp(Ip::Address ipaddr) ipcount++; - debugs(29, 2, "authenticateAuthUserAddIp: user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")"); + debugs(29, 2, HERE << "user '" << username() << "' has been seen at a new IP address (" << ipaddr << ")"); } /** - * Add the AuthUser structure to the username cache. + * Add the Auth::User structure to the username cache. */ void -AuthUser::addToNameCache() +Auth::User::addToNameCache() { /* AuthUserHashPointer will self-register with the username cache */ new AuthUserHashPointer(this); @@ -363,13 +360,14 @@ AuthUser::addToNameCache() * Dump the username cache statictics for viewing... */ void -AuthUser::UsernameCacheStats(StoreEntry *output) +Auth::User::UsernameCacheStats(StoreEntry *output) { AuthUserHashPointer *usernamehash; /* overview of username cache */ storeAppendPrintf(output, "Cached Usernames: %d of %d\n", proxy_auth_username_cache->count, proxy_auth_username_cache->size); - storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n", static_cast(last_discard + Config.authenticateGCInterval - squid_curtime)); + storeAppendPrintf(output, "Next Garbage Collection in %d seconds.\n", + static_cast(last_discard + ::Config.authenticateGCInterval - squid_curtime)); /* cache dump column titles */ storeAppendPrintf(output, "\n%-15s %-9s %-9s %-9s %s\n", @@ -382,13 +380,13 @@ AuthUser::UsernameCacheStats(StoreEntry *output) hash_first(proxy_auth_username_cache); while ((usernamehash = ((AuthUserHashPointer *) hash_next(proxy_auth_username_cache)))) { - AuthUser::Pointer auth_user = usernamehash->user(); + Auth::User::Pointer auth_user = usernamehash->user(); storeAppendPrintf(output, "%-15s %-9s %-9d %-9d %s\n", Auth::Type_str[auth_user->auth_type], - CredentialsState_str[auth_user->credentials()], + CredentialState_str[auth_user->credentials()], auth_user->ttl(), - static_cast(auth_user->expiretime - squid_curtime + Config.authenticateTTL), + static_cast(auth_user->expiretime - squid_curtime + ::Config.authenticateTTL), auth_user->username() ); } diff --git a/src/auth/User.cci b/src/auth/User.cci index d8056bfafc..9e1cca6c6d 100644 --- a/src/auth/User.cci +++ b/src/auth/User.cci @@ -34,13 +34,13 @@ */ char const * -AuthUser::username () const +Auth::User::username () const { return username_; } void -AuthUser::username(char const *aString) +Auth::User::username(char const *aString) { if (aString) { assert(!username_); diff --git a/src/auth/User.h b/src/auth/User.h index 7dd0e45659..5fde78b359 100644 --- a/src/auth/User.h +++ b/src/auth/User.h @@ -31,11 +31,12 @@ * Copyright (c) 2003, Robert Collins */ -#ifndef SQUID_AUTHUSER_H -#define SQUID_AUTHUSER_H +#ifndef SQUID_AUTH_USER_H +#define SQUID_AUTH_USER_H #if USE_AUTH +#include "auth/CredentialState.h" #include "auth/Type.h" #include "dlink.h" #include "ip/Address.h" @@ -46,8 +47,8 @@ class StoreEntry; namespace Auth { + class Config; -} /** * \ingroup AuthAPI @@ -57,10 +58,10 @@ class Config; * structure is the cached ACL match results. This structure, is private to * the authentication framework. */ -class AuthUser : public RefCountable +class User : public RefCountable { public: - typedef RefCount Pointer; + typedef RefCount Pointer; /* extra fields for proxy_auth */ /* auth_type and auth_module are deprecated. Do Not add new users of these fields. @@ -76,11 +77,12 @@ public: size_t ipcount; long expiretime; +public: static void cacheInit(); static void CachedACLsReset(); - void absorb(AuthUser::Pointer from); - virtual ~AuthUser(); + void absorb(Auth::User::Pointer from); + virtual ~User(); _SQUID_INLINE_ char const *username() const; _SQUID_INLINE_ void username(char const *); @@ -98,9 +100,8 @@ public: void addToNameCache(); static void UsernameCacheStats(StoreEntry * output); - enum CredentialsState { Unchecked, Ok, Pending, Handshake, Failed }; - CredentialsState credentials() const; - void credentials(CredentialsState); + CredentialState credentials() const; + void credentials(CredentialState); private: /** @@ -111,10 +112,10 @@ private: * Handshake happening in stateful auth. * Failed auth */ - CredentialsState credentials_state; + CredentialState credentials_state; protected: - AuthUser(Auth::Config *); + User(Auth::Config *); private: /** @@ -134,11 +135,11 @@ private: dlink_list ip_list; }; -extern const char *CredentialsState_str[]; +} // namespace Auth #if _USE_INLINE_ #include "auth/User.cci" #endif #endif /* USE_AUTH */ -#endif /* SQUID_AUTHUSER_H */ +#endif /* SQUID_AUTH_USER_H */ diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc index 59a1fb6fd1..94b2fcaea7 100644 --- a/src/auth/UserRequest.cc +++ b/src/auth/UserRequest.cc @@ -80,17 +80,17 @@ AuthUserRequest::valid() const debugs(29, 9, HERE << "Validating AuthUserRequest '" << this << "'."); if (user() == NULL) { - debugs(29, 4, HERE << "No associated AuthUser data"); + debugs(29, 4, HERE << "No associated Auth::User data"); return false; } if (user()->auth_type == Auth::AUTH_UNKNOWN) { - debugs(29, 4, HERE << "AuthUser '" << user() << "' uses unknown scheme."); + debugs(29, 4, HERE << "Auth::User '" << user() << "' uses unknown scheme."); return false; } if (user()->auth_type == Auth::AUTH_BROKEN) { - debugs(29, 4, HERE << "AuthUser '" << user() << "' is broken for it's scheme."); + debugs(29, 4, HERE << "Auth::User '" << user() << "' is broken for it's scheme."); return false; } @@ -161,7 +161,7 @@ AuthUserRequest::denyMessage(char const * const default_message) static void authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip::Address &ipaddr) { - AuthUser::Pointer auth_user = auth_user_request->user(); + Auth::User::Pointer auth_user = auth_user_request->user(); if (!auth_user) return; @@ -172,7 +172,7 @@ authenticateAuthUserRequestSetIp(AuthUserRequest::Pointer auth_user_request, Ip: void authenticateAuthUserRequestRemoveIp(AuthUserRequest::Pointer auth_user_request, Ip::Address const &ipaddr) { - AuthUser::Pointer auth_user = auth_user_request->user(); + Auth::User::Pointer auth_user = auth_user_request->user(); if (!auth_user) return; diff --git a/src/auth/UserRequest.h b/src/auth/UserRequest.h index 3a119634b3..c2db0b434b 100644 --- a/src/auth/UserRequest.h +++ b/src/auth/UserRequest.h @@ -78,7 +78,7 @@ public: * it has request specific data, and links to user specific data * the user */ - AuthUser::Pointer _auth_user; + Auth::User::Pointer _auth_user; /** * Used by squid to determine what the next step in performing authentication for a given scheme is. @@ -128,11 +128,11 @@ public: */ virtual void module_start(RH *handler, void *data) = 0; - virtual AuthUser::Pointer user() {return _auth_user;} + virtual Auth::User::Pointer user() {return _auth_user;} - virtual const AuthUser::Pointer user() const {return _auth_user;} + virtual const Auth::User::Pointer user() const {return _auth_user;} - virtual void user(AuthUser::Pointer aUser) {_auth_user=aUser;} + virtual void user(Auth::User::Pointer aUser) {_auth_user=aUser;} static AuthAclState tryToAuthenticateAndSetAuthUser(AuthUserRequest::Pointer *, http_hdr_type, HttpRequest *, ConnStateData *, Ip::Address &); static void addReplyAuthHeader(HttpReply * rep, AuthUserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal); diff --git a/src/auth/basic/UserRequest.cc b/src/auth/basic/UserRequest.cc index c35939f606..6ff9526564 100644 --- a/src/auth/basic/UserRequest.cc +++ b/src/auth/basic/UserRequest.cc @@ -22,7 +22,7 @@ AuthBasicUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, assert(user() != NULL); /* if the password is not ok, do an identity */ - if (!user() || user()->credentials() != AuthUser::Ok) + if (!user() || user()->credentials() != Auth::Ok) return; /* are we about to recheck the credentials externally? */ @@ -50,16 +50,16 @@ AuthBasicUserRequest::module_direction() switch (user()->credentials()) { - case AuthUser::Unchecked: - case AuthUser::Pending: + case Auth::Unchecked: + case Auth::Pending: return -1; - case AuthUser::Ok: + case Auth::Ok: if (user()->expiretime + static_cast(Auth::Config::Find("basic"))->credentialsTTL <= squid_curtime) return -1; return 0; - case AuthUser::Failed: + case Auth::Failed: return 0; default: @@ -83,7 +83,7 @@ AuthBasicUserRequest::module_start(RH * handler, void *data) } /* check to see if the auth_user already has a request outstanding */ - if (user()->credentials() == AuthUser::Pending) { + if (user()->credentials() == Auth::Pending) { /* there is a request with the same credentials already being verified */ basic_auth->queueRequest(this, handler, data); return; diff --git a/src/auth/basic/auth_basic.cc b/src/auth/basic/auth_basic.cc index 86ccb1bbaa..be79e18821 100644 --- a/src/auth/basic/auth_basic.cc +++ b/src/auth/basic/auth_basic.cc @@ -97,7 +97,7 @@ Auth::Basic::Config::type() const int32_t BasicUser::ttl() const { - if (credentials() != Ok && credentials() != Pending) + if (credentials() != Auth::Ok && credentials() != Auth::Pending) return -1; // TTL is obsolete NOW. int32_t basic_ttl = expiretime - squid_curtime + static_cast(config)->credentialsTTL; @@ -109,7 +109,7 @@ BasicUser::ttl() const bool BasicUser::authenticated() const { - if ((credentials() == Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime)) + if ((credentials() == Auth::Ok) && (expiretime + static_cast(config)->credentialsTTL > squid_curtime)) return true; debugs(29, 4, "User not authenticated or credentials need rechecking."); @@ -189,9 +189,9 @@ authenticateBasicHandleReply(void *data, char *reply) assert(basic_auth != NULL); if (reply && (strncasecmp(reply, "OK", 2) == 0)) - basic_auth->credentials(AuthUser::Ok); + basic_auth->credentials(Auth::Ok); else { - basic_auth->credentials(AuthUser::Failed); + basic_auth->credentials(Auth::Failed); if (t && *t) r->auth_user_request->setDenyMessage(t); @@ -281,7 +281,7 @@ authenticateBasicStats(StoreEntry * sentry) helperStats(sentry, basicauthenticators, "Basic Authenticator Statistics"); } -static AuthUser::Pointer +static Auth::User::Pointer authBasicAuthUserFindUsername(const char *username) { AuthUserHashPointer *usernamehash; @@ -301,7 +301,7 @@ authBasicAuthUserFindUsername(const char *username) } BasicUser::BasicUser(Auth::Config *aConfig) : - AuthUser(aConfig), + Auth::User(aConfig), passwd(NULL), auth_queue(NULL), currentRequest(NULL) @@ -361,15 +361,15 @@ BasicUser::updateCached(BasicUser *from) if (strcmp(from->passwd, passwd)) { debugs(29, 4, HERE << "new password found. Updating in user master record and resetting auth state to unchecked"); - credentials(Unchecked); + credentials(Auth::Unchecked); xfree(passwd); passwd = from->passwd; from->passwd = NULL; } - if (credentials() == Failed) { + if (credentials() == Auth::Failed) { debugs(29, 4, HERE << "last attempt to authenticate this user failed, resetting auth state to unchecked"); - credentials(Unchecked); + credentials(Auth::Unchecked); } } @@ -393,7 +393,7 @@ Auth::Basic::Config::decode(char const *proxy_auth) if (!cleartext) return auth_user_request; - AuthUser::Pointer lb; + Auth::User::Pointer lb; /* permitted because local_basic is purely local function scope. */ BasicUser *local_basic = NULL; @@ -432,7 +432,7 @@ Auth::Basic::Config::decode(char const *proxy_auth) } /* now lookup and see if we have a matching auth_user structure in memory. */ - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; if ((auth_user = authBasicAuthUserFindUsername(lb->username())) == NULL) { /* the user doesn't exist in the username cache yet */ @@ -512,7 +512,7 @@ void BasicUser::submitRequest(AuthUserRequest::Pointer auth_user_request, RH * handler, void *data) { /* mark the user as having verification in progress */ - credentials(Pending); + credentials(Auth::Pending); authenticateStateData *r = NULL; char buf[8192]; char user[1024], pass[1024]; diff --git a/src/auth/basic/auth_basic.h b/src/auth/basic/auth_basic.h index a4e3ae092c..c710a938dc 100644 --- a/src/auth/basic/auth_basic.h +++ b/src/auth/basic/auth_basic.h @@ -25,7 +25,7 @@ public: void *data; }; -class BasicUser : public AuthUser +class BasicUser : public Auth::User { public: diff --git a/src/auth/digest/Scheme.cc b/src/auth/digest/Scheme.cc index 86f9c83b1e..31e8929928 100644 --- a/src/auth/digest/Scheme.cc +++ b/src/auth/digest/Scheme.cc @@ -81,7 +81,7 @@ Auth::Digest::Scheme::PurgeCredentialsCache(void) hash_first(proxy_auth_username_cache); while ((usernamehash = static_cast(hash_next(proxy_auth_username_cache)) )) { - AuthUser::Pointer auth_user = usernamehash->user(); + Auth::User::Pointer auth_user = usernamehash->user(); if (strcmp(auth_user->config->type(), "digest") == 0) { hash_remove_link(proxy_auth_username_cache, static_cast(usernamehash)); diff --git a/src/auth/digest/UserRequest.cc b/src/auth/digest/UserRequest.cc index 7e1888656e..0e54cdae10 100644 --- a/src/auth/digest/UserRequest.cc +++ b/src/auth/digest/UserRequest.cc @@ -45,7 +45,7 @@ AuthDigestUserRequest::~AuthDigestUserRequest() int AuthDigestUserRequest::authenticated() const { - if (user() != NULL && user()->credentials() == AuthUser::Ok) + if (user() != NULL && user()->credentials() == Auth::Ok) return 1; return 0; @@ -61,11 +61,11 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, HASHHEX Response; /* if the check has corrupted the user, just return */ - if (user() == NULL || user()->credentials() == AuthUser::Failed) { + if (user() == NULL || user()->credentials() == Auth::Failed) { return; } - AuthUser::Pointer auth_user = user(); + Auth::User::Pointer auth_user = user(); DigestUser *digest_user = dynamic_cast(auth_user.getRaw()); assert(digest_user != NULL); @@ -74,13 +74,13 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, /* do we have the HA1 */ if (!digest_user->HA1created) { - auth_user->credentials(AuthUser::Pending); + auth_user->credentials(Auth::Pending); return; } if (digest_request->nonce == NULL) { /* this isn't a nonce we issued */ - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); return; } @@ -98,7 +98,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, if (!digest_request->flags.helper_queried) { /* Query the helper in case the password has changed */ digest_request->flags.helper_queried = 1; - auth_user->credentials(AuthUser::Pending); + auth_user->credentials(Auth::Pending); return; } @@ -114,7 +114,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, RequestMethodStr(METHOD_GET), digest_request->uri, HA2, Response); if (strcasecmp(digest_request->response, Response)) { - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); digest_request->flags.invalid_password = 1; digest_request->setDenyMessage("Incorrect password"); return; @@ -139,7 +139,7 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, } } } else { - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); digest_request->flags.invalid_password = 1; digest_request->setDenyMessage("Incorrect password"); return; @@ -148,13 +148,13 @@ AuthDigestUserRequest::authenticate(HttpRequest * request, ConnStateData * conn, /* check for stale nonce */ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { debugs(29, 3, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(AuthUser::Failed); + auth_user->credentials(Auth::Failed); digest_request->setDenyMessage("Stale nonce"); return; } } - auth_user->credentials(AuthUser::Ok); + auth_user->credentials(Auth::Ok); /* password was checked and did match */ debugs(29, 4, "authenticateDigestAuthenticateuser: user '" << auth_user->username() << "' validated OK"); @@ -173,15 +173,15 @@ AuthDigestUserRequest::module_direction() switch (user()->credentials()) { - case AuthUser::Ok: + case Auth::Ok: return 0; - case AuthUser::Failed: + case Auth::Failed: /* send new challenge */ return 1; - case AuthUser::Unchecked: - case AuthUser::Pending: + case Auth::Unchecked: + case Auth::Pending: return -1; default: @@ -299,7 +299,7 @@ AuthDigestUserRequest::HandleReply(void *data, char *reply) AuthDigestUserRequest *digest_request = dynamic_cast(auth_user_request.getRaw()); assert(digest_request); - digest_request->user()->credentials(AuthUser::Failed); + digest_request->user()->credentials(Auth::Failed); digest_request->flags.invalid_password = 1; if (t && *t) diff --git a/src/auth/digest/auth_digest.cc b/src/auth/digest/auth_digest.cc index cb998d8317..411b0de609 100644 --- a/src/auth/digest/auth_digest.cc +++ b/src/auth/digest/auth_digest.cc @@ -474,7 +474,7 @@ authDigestNoncePurge(digest_nonce_h * nonce) } /* USER related functions */ -static AuthUser::Pointer +static Auth::User::Pointer authDigestUserFindUsername(const char *username) { AuthUserHashPointer *usernamehash; @@ -810,7 +810,7 @@ authDigestLogUsername(char *username, AuthUserRequest::Pointer auth_user_request /* log the username */ debugs(29, 9, "authDigestLogUsername: Creating new user for logging '" << username << "'"); - AuthUser::Pointer digest_user = new DigestUser(static_cast(Auth::Config::Find("digest"))); + Auth::User::Pointer digest_user = new DigestUser(static_cast(Auth::Config::Find("digest"))); /* save the credentials */ digest_user->username(username); /* set the auth_user type */ @@ -1045,7 +1045,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) /* we couldn't find a matching nonce! */ debugs(29, 2, "authenticateDigestDecode: Unexpected or invalid nonce received"); if (digest_request->user() != NULL) - digest_request->user()->credentials(AuthUser::Failed); + digest_request->user()->credentials(Auth::Failed); return authDigestLogUsername(username, digest_request); } @@ -1066,7 +1066,7 @@ Auth::Digest::Config::decode(char const *proxy_auth) /* find the user */ DigestUser *digest_user; - AuthUser::Pointer auth_user; + Auth::User::Pointer auth_user; if ((auth_user = authDigestUserFindUsername(username)) == NULL) { /* the user doesn't exist in the username cache yet */ @@ -1110,5 +1110,5 @@ Auth::Digest::Config::decode(char const *proxy_auth) return digest_request; } -DigestUser::DigestUser(Auth::Config *aConfig) : AuthUser(aConfig), HA1created (0) +DigestUser::DigestUser(Auth::Config *aConfig) : Auth::User(aConfig), HA1created (0) {} diff --git a/src/auth/digest/auth_digest.h b/src/auth/digest/auth_digest.h index e5ec3b8b0b..a38ef25123 100644 --- a/src/auth/digest/auth_digest.h +++ b/src/auth/digest/auth_digest.h @@ -20,7 +20,7 @@ typedef struct _digest_nonce_data digest_nonce_data; typedef struct _digest_nonce_h digest_nonce_h; -class DigestUser : public AuthUser +class DigestUser : public Auth::User { public: diff --git a/src/auth/negotiate/UserRequest.cc b/src/auth/negotiate/UserRequest.cc index 1af59bf216..eecf9e73e1 100644 --- a/src/auth/negotiate/UserRequest.cc +++ b/src/auth/negotiate/UserRequest.cc @@ -48,7 +48,7 @@ AuthNegotiateUserRequest::connLastHeader() int AuthNegotiateUserRequest::authenticated() const { - if (user() != NULL && user()->credentials() == AuthUser::Ok) { + if (user() != NULL && user()->credentials() == Auth::Ok) { debugs(29, 9, HERE << "user authenticated."); return 1; } @@ -71,14 +71,14 @@ AuthNegotiateUserRequest::module_direction() switch (user()->credentials()) { - case AuthUser::Handshake: + case Auth::Handshake: assert(server_blob); return 1; /* send to client */ - case AuthUser::Ok: + case Auth::Ok: return 0; /* do nothing */ - case AuthUser::Failed: + case Auth::Failed: return -2; default: @@ -132,7 +132,7 @@ AuthNegotiateUserRequest::module_start(RH * handler, void *data) r->data = cbdataReference(data); r->auth_user_request = this; - if (user()->credentials() == AuthUser::Pending) { + if (user()->credentials() == Auth::Pending) { snprintf(buf, MAX_AUTHTOKEN_LEN, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here? } else { snprintf(buf, MAX_AUTHTOKEN_LEN, "KK %s\n", client_blob); @@ -187,7 +187,7 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c /** Check that we are in the client side, where we can generate auth challenges */ if (conn == NULL) { - user()->credentials(AuthUser::Failed); + user()->credentials(Auth::Failed); debugs(29, DBG_IMPORTANT, "WARNING: Negotiate Authentication attempt to perform authentication without a connection!"); return; } @@ -221,10 +221,10 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c switch (user()->credentials()) { - case AuthUser::Unchecked: + case Auth::Unchecked: /* we've received a negotiate request. pass to a helper */ debugs(29, 9, HERE << "auth state negotiate none. Received blob: '" << proxy_auth << "'"); - user()->credentials(AuthUser::Pending); + user()->credentials(Auth::Pending); safe_free(client_blob); client_blob=xstrdup(blob); assert(conn->auth_user_request == NULL); @@ -233,11 +233,11 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c HTTPMSGLOCK(request); break; - case AuthUser::Pending: + case Auth::Pending: debugs(29, 1, HERE << "need to ask helper"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we should have received a blob from the client. Hand it off to * some helper */ safe_free(client_blob); @@ -248,11 +248,11 @@ AuthNegotiateUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * c HTTPMSGLOCK(request); break; - case AuthUser::Ok: + case Auth::Ok: fatal("AuthNegotiateUserRequest::authenticate: unexpected auth state DONE! Report a bug to the squid developers.\n"); break; - case AuthUser::Failed: + case Auth::Failed: /* we've failed somewhere in authentication */ debugs(29, 9, HERE << "auth state negotiate failed. " << proxy_auth); break; @@ -320,11 +320,11 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) negotiate_request->request->flags.must_keepalive = 1; if (negotiate_request->request->flags.proxy_keepalive) { negotiate_request->server_blob = xstrdup(blob); - auth_user_request->user()->credentials(AuthUser::Handshake); + auth_user_request->user()->credentials(Auth::Handshake); auth_user_request->denyMessage("Authentication in progress"); debugs(29, 4, HERE << "Need to challenge the client with a server blob '" << blob << "'"); } else { - auth_user_request->user()->credentials(AuthUser::Failed); + auth_user_request->user()->credentials(Auth::Failed); auth_user_request->denyMessage("NTLM authentication requires a persistent connection"); } } else if (strncasecmp(reply, "AF ", 3) == 0 && arg != NULL) { @@ -338,7 +338,7 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) safe_free(negotiate_request->server_blob); negotiate_request->server_blob = xstrdup(blob); negotiate_request->releaseAuthServer(); - auth_user_request->user()->credentials(AuthUser::Ok); + auth_user_request->user()->credentials(Auth::Ok); debugs(29, 4, HERE << "Successfully validated user via Negotiate. Username '" << blob << "'"); /* connection is authenticated */ @@ -346,7 +346,7 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) /* see if this is an existing user with a different proxy_auth * string */ AuthUserHashPointer *usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username())); - AuthUser::Pointer local_auth_user = negotiate_request->user(); + Auth::User::Pointer local_auth_user = negotiate_request->user(); while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NEGOTIATE || strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0)) usernamehash = static_cast(usernamehash->next); @@ -367,7 +367,7 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) * existing user or a new user */ local_auth_user->expiretime = current_time.tv_sec; negotiate_request->releaseAuthServer(); - negotiate_request->user()->credentials(AuthUser::Ok); + negotiate_request->user()->credentials(Auth::Ok); } else if (strncasecmp(reply, "NA ", 3) == 0 && arg != NULL) { /* authentication failure (wrong password, etc.) */ @@ -376,7 +376,7 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) *arg++ = '\0'; auth_user_request->denyMessage(arg); - negotiate_request->user()->credentials(AuthUser::Failed); + negotiate_request->user()->credentials(Auth::Failed); safe_free(negotiate_request->server_blob); negotiate_request->server_blob = xstrdup(blob); negotiate_request->releaseAuthServer(); @@ -388,7 +388,7 @@ AuthNegotiateUserRequest::HandleReply(void *data, void *lastserver, char *reply) * If after a KK deny the user's request w/ 407 and mark the helper as * Needing YR. */ auth_user_request->denyMessage(blob); - auth_user_request->user()->credentials(AuthUser::Failed); + auth_user_request->user()->credentials(Auth::Failed); safe_free(negotiate_request->server_blob); negotiate_request->releaseAuthServer(); debugs(29, DBG_IMPORTANT, "ERROR: Negotiate Authentication validating user. Error returned '" << reply << "'"); diff --git a/src/auth/negotiate/auth_negotiate.cc b/src/auth/negotiate/auth_negotiate.cc index c8f01f9839..48a895220e 100644 --- a/src/auth/negotiate/auth_negotiate.cc +++ b/src/auth/negotiate/auth_negotiate.cc @@ -241,14 +241,14 @@ Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, H switch (negotiate_request->user()->credentials()) { - case AuthUser::Failed: + case Auth::Failed: /* here it makes sense to drop the connection, as auth is * tied to it, even if MAYBE the client could handle it - Kinkie */ rep->header.delByName("keep-alive"); request->flags.proxy_keepalive = 0; /* fall through */ - case AuthUser::Ok: + case Auth::Ok: /* Special case: authentication finished OK but disallowed by ACL. * Need to start over to give the client another chance. */ @@ -262,14 +262,14 @@ Auth::Negotiate::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, H } break; - case AuthUser::Unchecked: + case Auth::Unchecked: /* semantic change: do not drop the connection. * 2.5 implementation used to keep it open - Kinkie */ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate'"); httpHeaderPutStrf(&rep->header, reqType, "Negotiate"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we're waiting for a response from the client. Pass it the blob */ debugs(29, 9, HERE << "Sending type:" << reqType << " header: 'Negotiate " << negotiate_request->server_blob << "'"); httpHeaderPutStrf(&rep->header, reqType, "Negotiate %s", negotiate_request->server_blob); @@ -319,7 +319,7 @@ Auth::Negotiate::Config::decode(char const *proxy_auth) return auth_user_request; } -NegotiateUser::NegotiateUser(Auth::Config *aConfig) : AuthUser(aConfig) +NegotiateUser::NegotiateUser(Auth::Config *aConfig) : Auth::User(aConfig) { proxy_auth_list.head = proxy_auth_list.tail = NULL; } diff --git a/src/auth/negotiate/auth_negotiate.h b/src/auth/negotiate/auth_negotiate.h index 4da9658d52..f4191adfc9 100644 --- a/src/auth/negotiate/auth_negotiate.h +++ b/src/auth/negotiate/auth_negotiate.h @@ -22,7 +22,7 @@ #define DefaultAuthenticateChildrenMax 32 /* 32 processes */ /// \ingroup AuthNegotiateAPI -class NegotiateUser : public AuthUser +class NegotiateUser : public Auth::User { public: diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc index ccd7e6821f..237b090194 100644 --- a/src/auth/ntlm/UserRequest.cc +++ b/src/auth/ntlm/UserRequest.cc @@ -51,14 +51,14 @@ AuthNTLMUserRequest::module_direction() switch (user()->credentials()) { - case AuthUser::Handshake: + case Auth::Handshake: assert(server_blob); return 1; /* send to client */ - case AuthUser::Ok: + case Auth::Ok: return 0; /* do nothing */ - case AuthUser::Failed: + case Auth::Failed: return -2; default: @@ -90,7 +90,7 @@ AuthNTLMUserRequest::module_start(RH * handler, void *data) r->data = cbdataReference(data); r->auth_user_request = this; - if (user()->credentials() == AuthUser::Pending) { + if (user()->credentials() == Auth::Pending) { snprintf(buf, 8192, "YR %s\n", client_blob); //CHECKME: can ever client_blob be 0 here? } else { snprintf(buf, 8192, "KK %s\n", client_blob); @@ -141,7 +141,7 @@ AuthNTLMUserRequest::onConnectionClose(ConnStateData *conn) int AuthNTLMUserRequest::authenticated() const { - if (user()->credentials() == AuthUser::Ok) { + if (user()->credentials() == Auth::Ok) { debugs(29, 9, "AuthNTLMUserRequest::authenticated: user authenticated."); return 1; } @@ -162,7 +162,7 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, * auth challenges */ if (conn == NULL || !cbdataReferenceValid(conn)) { - user()->credentials(AuthUser::Failed); + user()->credentials(Auth::Failed); debugs(29, 1, "AuthNTLMUserRequest::authenticate: attempt to perform authentication without a connection!"); return; } @@ -197,10 +197,10 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, switch (user()->credentials()) { - case AuthUser::Unchecked: + case Auth::Unchecked: /* we've received a ntlm request. pass to a helper */ debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm none. Received blob: '" << proxy_auth << "'"); - user()->credentials(AuthUser::Pending); + user()->credentials(Auth::Pending); safe_free(client_blob); client_blob=xstrdup(blob); assert(conn->auth_user_request == NULL); @@ -209,11 +209,11 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, HTTPMSGLOCK(request); break; - case AuthUser::Pending: + case Auth::Pending: debugs(29, 1, "AuthNTLMUserRequest::authenticate: need to ask helper"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we should have received a blob from the client. Hand it off to * some helper */ safe_free(client_blob); @@ -225,11 +225,11 @@ AuthNTLMUserRequest::authenticate(HttpRequest * aRequest, ConnStateData * conn, HTTPMSGLOCK(request); break; - case AuthUser::Ok: + case Auth::Ok: fatal("AuthNTLMUserRequest::authenticate: unexpect auth state DONE! Report a bug to the squid developers.\n"); break; - case AuthUser::Failed: + case Auth::Failed: /* we've failed somewhere in authentication */ debugs(29, 9, "AuthNTLMUserRequest::authenticate: auth state ntlm failed. " << proxy_auth); break; @@ -287,11 +287,11 @@ AuthNTLMUserRequest::HandleReply(void *data, void *lastserver, char *reply) ntlm_request->request->flags.must_keepalive = 1; if (ntlm_request->request->flags.proxy_keepalive) { ntlm_request->server_blob = xstrdup(blob); - ntlm_request->user()->credentials(AuthUser::Handshake); + ntlm_request->user()->credentials(Auth::Handshake); auth_user_request->denyMessage("Authentication in progress"); debugs(29, 4, "authenticateNTLMHandleReply: Need to challenge the client with a server blob '" << blob << "'"); } else { - ntlm_request->user()->credentials(AuthUser::Failed); + ntlm_request->user()->credentials(Auth::Failed); auth_user_request->denyMessage("NTLM authentication requires a persistent connection"); } } else if (strncasecmp(reply, "AF ", 3) == 0) { @@ -306,7 +306,7 @@ AuthNTLMUserRequest::HandleReply(void *data, void *lastserver, char *reply) /* see if this is an existing user with a different proxy_auth * string */ auth_user_hash_pointer *usernamehash = static_cast(hash_lookup(proxy_auth_username_cache, auth_user_request->user()->username())); - AuthUser::Pointer local_auth_user = ntlm_request->user(); + Auth::User::Pointer local_auth_user = ntlm_request->user(); while (usernamehash && (usernamehash->user()->auth_type != Auth::AUTH_NTLM || strcmp(usernamehash->user()->username(), auth_user_request->user()->username()) != 0)) usernamehash = static_cast(usernamehash->next); @@ -325,11 +325,11 @@ AuthNTLMUserRequest::HandleReply(void *data, void *lastserver, char *reply) * existing user or a new user */ local_auth_user->expiretime = current_time.tv_sec; ntlm_request->releaseAuthServer(); - local_auth_user->credentials(AuthUser::Ok); + local_auth_user->credentials(Auth::Ok); } else if (strncasecmp(reply, "NA ", 3) == 0) { /* authentication failure (wrong password, etc.) */ auth_user_request->denyMessage(blob); - ntlm_request->user()->credentials(AuthUser::Failed); + ntlm_request->user()->credentials(Auth::Failed); safe_free(ntlm_request->server_blob); ntlm_request->releaseAuthServer(); debugs(29, 4, "authenticateNTLMHandleReply: Failed validating user via NTLM. Error returned '" << blob << "'"); @@ -340,7 +340,7 @@ AuthNTLMUserRequest::HandleReply(void *data, void *lastserver, char *reply) * If after a KK deny the user's request w/ 407 and mark the helper as * Needing YR. */ auth_user_request->denyMessage(blob); - auth_user_request->user()->credentials(AuthUser::Failed); + auth_user_request->user()->credentials(Auth::Failed); safe_free(ntlm_request->server_blob); ntlm_request->releaseAuthServer(); debugs(29, 1, "authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '" << reply << "'"); diff --git a/src/auth/ntlm/auth_ntlm.cc b/src/auth/ntlm/auth_ntlm.cc index 09242e6b07..17a9f0c154 100644 --- a/src/auth/ntlm/auth_ntlm.cc +++ b/src/auth/ntlm/auth_ntlm.cc @@ -225,26 +225,26 @@ Auth::Ntlm::Config::fixHeader(AuthUserRequest::Pointer auth_user_request, HttpRe switch (ntlm_request->user()->credentials()) { - case AuthUser::Failed: + case Auth::Failed: /* here it makes sense to drop the connection, as auth is * tied to it, even if MAYBE the client could handle it - Kinkie */ request->flags.proxy_keepalive = 0; /* fall through */ - case AuthUser::Ok: + case Auth::Ok: /* Special case: authentication finished OK but disallowed by ACL. * Need to start over to give the client another chance. */ /* fall through */ - case AuthUser::Unchecked: + case Auth::Unchecked: /* semantic change: do not drop the connection. * 2.5 implementation used to keep it open - Kinkie */ debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM'"); httpHeaderPutStrf(&rep->header, hdrType, "NTLM"); break; - case AuthUser::Handshake: + case Auth::Handshake: /* we're waiting for a response from the client. Pass it the blob */ debugs(29, 9, HERE << "Sending type:" << hdrType << " header: 'NTLM " << ntlm_request->server_blob << "'"); httpHeaderPutStrf(&rep->header, hdrType, "NTLM %s", ntlm_request->server_blob); @@ -294,7 +294,7 @@ Auth::Ntlm::Config::decode(char const *proxy_auth) return auth_user_request; } -NTLMUser::NTLMUser(Auth::Config *aConfig) : AuthUser(aConfig) +NTLMUser::NTLMUser(Auth::Config *aConfig) : Auth::User(aConfig) { proxy_auth_list.head = proxy_auth_list.tail = NULL; } diff --git a/src/auth/ntlm/auth_ntlm.h b/src/auth/ntlm/auth_ntlm.h index bfe52f7150..4873c99ae6 100644 --- a/src/auth/ntlm/auth_ntlm.h +++ b/src/auth/ntlm/auth_ntlm.h @@ -13,7 +13,7 @@ #define DefaultAuthenticateChildrenMax 32 /* 32 processes */ -class NTLMUser : public AuthUser +class NTLMUser : public Auth::User { public: diff --git a/src/stat.cc b/src/stat.cc index 8fb979f435..a1413ee2c6 100644 --- a/src/stat.cc +++ b/src/stat.cc @@ -1376,7 +1376,7 @@ statRegisterWithCacheManager(void) #if USE_AUTH Mgr::RegisterAction("username_cache", "Active Cached Usernames", - AuthUser::UsernameCacheStats, 0, 1); + Auth::User::UsernameCacheStats, 0, 1); #endif #if DEBUG_OPENFD Mgr::RegisterAction("openfd_objects", "Objects with Swapout files open",