SchemeConfig.cc
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 /* DEBUG: section 29 Authenticator */
10 
11 #include "squid.h"
12 #include "auth/Config.h"
13 #include "auth/forward.h"
14 #include "auth/Gadgets.h"
15 #include "auth/UserRequest.h"
16 #include "cache_cf.h"
17 #include "ConfigParser.h"
18 #include "Debug.h"
19 #include "format/Format.h"
20 #include "globals.h"
21 #include "Store.h"
22 #include "wordlist.h"
23 
33 {
34  assert(proxy_auth != NULL);
35  debugs(29, 9, HERE << "header = '" << proxy_auth << "'");
36 
37  Auth::SchemeConfig *config = Find(proxy_auth);
38 
39  if (config == NULL || !config->active()) {
40  debugs(29, (shutting_down?3:DBG_IMPORTANT), (shutting_down?"":"WARNING: ") <<
41  "Unsupported or unconfigured/inactive proxy-auth scheme, '" << proxy_auth << "'");
42  return NULL;
43  }
44  static MemBuf rmb;
45  rmb.reset();
46  if (config->keyExtras) {
47  // %credentials and %username, which normally included in
48  // request_format, are - at this time, but that is OK
49  // because user name is added to key explicitly, and we do
50  // not want to store authenticated credentials at all.
51  config->keyExtras->assemble(rmb, al, 0);
52  }
53 
54  return config->decode(proxy_auth, rmb.hasContent() ? rmb.content() : NULL);
55 }
56 
58 Auth::SchemeConfig::Find(const char *proxy_auth)
59 {
60  for (auto *scheme : Auth::TheConfig.schemes) {
61  if (strncasecmp(proxy_auth, scheme->type(), strlen(scheme->type())) == 0)
62  return scheme;
63  }
64 
65  return NULL;
66 }
67 
69 Auth::SchemeConfig::GetParsed(const char *proxy_auth)
70 {
71  if (auto *cfg = Find(proxy_auth))
72  return cfg;
73  fatalf("auth_schemes: required authentication method '%s' is not configured", proxy_auth);
74  return nullptr;
75 }
76 
78 void
80 {}
81 
82 void
83 Auth::SchemeConfig::parse(Auth::SchemeConfig * scheme, int, char *param_str)
84 {
85  if (strcmp(param_str, "program") == 0) {
86  if (authenticateProgram)
87  wordlistDestroy(&authenticateProgram);
88 
89  parse_wordlist(&authenticateProgram);
90 
91  requirePathnameExists("Authentication helper program", authenticateProgram->key);
92 
93  } else if (strcmp(param_str, "realm") == 0) {
94  realm.clear();
95 
96  char *token = ConfigParser::NextQuotedOrToEol();
97 
98  while (token && *token && xisspace(*token))
99  ++token;
100 
101  if (!token || !*token) {
102  debugs(29, DBG_PARSE_NOTE(DBG_IMPORTANT), "ERROR: Missing auth_param " << scheme->type() << " realm");
103  self_destruct();
104  return;
105  }
106 
107  realm = token;
108 
109  } else if (strcmp(param_str, "children") == 0) {
110  authenticateChildren.parseConfig();
111 
112  } else if (strcmp(param_str, "key_extras") == 0) {
113  keyExtrasLine = ConfigParser::NextQuotedToken();
114  Format::Format *nlf = new ::Format::Format(scheme->type());
115  if (!nlf->parse(keyExtrasLine.termedBuf())) {
116  debugs(29, DBG_CRITICAL, "FATAL: Failed parsing key_extras formatting value");
117  self_destruct();
118  return;
119  }
120  if (keyExtras)
121  delete keyExtras;
122 
123  keyExtras = nlf;
124 
125  if (char *t = strtok(NULL, w_space)) {
126  debugs(29, DBG_CRITICAL, "FATAL: Unexpected argument '" << t << "' after request_format specification");
127  self_destruct();
128  }
129  } else if (strcmp(param_str, "keep_alive") == 0) {
130  parse_onoff(&keep_alive);
131  } else if (strcmp(param_str, "utf8") == 0) {
132  parse_onoff(&utf8);
133  } else {
134  debugs(29, DBG_CRITICAL, "Unrecognised " << scheme->type() << " auth scheme parameter '" << param_str << "'");
135  }
136 }
137 
138 bool
139 Auth::SchemeConfig::dump(StoreEntry *entry, const char *name, Auth::SchemeConfig *scheme) const
140 {
141  if (!authenticateProgram)
142  return false; // not configured
143 
144  const char *schemeType = scheme->type();
145 
146  wordlist *list = authenticateProgram;
147  storeAppendPrintf(entry, "%s %s", name, schemeType);
148  while (list != NULL) {
149  storeAppendPrintf(entry, " %s", list->key);
150  list = list->next;
151  }
152  storeAppendPrintf(entry, "\n");
153 
154  storeAppendPrintf(entry, "%s %s realm " SQUIDSBUFPH "\n", name, schemeType, SQUIDSBUFPRINT(realm));
155 
156  storeAppendPrintf(entry, "%s %s children %d startup=%d idle=%d concurrency=%d\n",
157  name, schemeType,
158  authenticateChildren.n_max, authenticateChildren.n_startup,
159  authenticateChildren.n_idle, authenticateChildren.concurrency);
160 
161  if (keyExtrasLine.size() > 0) // default is none
162  storeAppendPrintf(entry, "%s %s key_extras \"%s\"\n", name, schemeType, keyExtrasLine.termedBuf());
163 
164  if (!keep_alive) // default is on
165  storeAppendPrintf(entry, "%s %s keep_alive off\n", name, schemeType);
166 
167  if (utf8) // default is off
168  storeAppendPrintf(entry, "%s %s utf8 on\n", name, schemeType);
169 
170  return true;
171 }
172 
173 void
175 {
176  delete keyExtras;
177  keyExtras = NULL;
178  keyExtrasLine.clean();
179 }
180 
#define assert(EX)
Definition: assert.h:17
virtual void done()
virtual bool active() const =0
void self_destruct(void)
Definition: cache_cf.cc:255
void wordlistDestroy(wordlist **list)
destroy a wordlist
Definition: wordlist.cc:16
char * key
Definition: wordlist.h:33
static SchemeConfig * GetParsed(const char *proxy_auth)
Definition: SchemeConfig.cc:69
void parse_onoff(int *var)
Definition: cache_cf.cc:2573
#define xisspace(x)
Definition: xis.h:17
#define DBG_CRITICAL
Definition: Debug.h:44
#define DBG_PARSE_NOTE(x)
Definition: Debug.h:49
#define w_space
void fatalf(const char *fmt,...)
Definition: fatal.cc:79
int shutting_down
Definition: testAddress.cc:36
bool hasContent() const
Definition: MemBuf.h:54
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Debug.h:123
#define DBG_IMPORTANT
Definition: Debug.h:45
static char * NextQuotedToken()
void reset()
Definition: MemBuf.cc:141
virtual void parse(SchemeConfig *, int, char *)
Definition: SchemeConfig.cc:83
void parse_wordlist(wordlist **list)
Definition: cache_cf.cc:3176
Format::Format * keyExtras
The compiled request format.
Definition: SchemeConfig.h:131
char * content()
start of the added data
Definition: MemBuf.h:41
bool parse(const char *def)
Definition: Format.cc:65
std::ostream & HERE(std::ostream &s)
Definition: Debug.h:147
Auth::Config TheConfig
Definition: stub_libauth.cc:21
static SchemeConfig * Find(const char *proxy_auth)
Definition: SchemeConfig.cc:58
static UserRequest::Pointer CreateAuthUser(const char *proxy_auth, AccessLogEntry::Pointer &al)
Definition: SchemeConfig.cc:32
void assemble(MemBuf &mb, const AccessLogEntryPointer &al, int logSequenceNumber) const
assemble the state information into a formatted line.
Definition: Format.cc:367
static char * NextQuotedOrToEol()
Definition: MemBuf.h:23
virtual const char * type() const =0
#define SQUIDSBUFPH
Definition: SBuf.h:32
virtual bool dump(StoreEntry *, const char *, SchemeConfig *) const
void requirePathnameExists(const char *name, const char *path)
Definition: cache_cf.cc:3956
#define SQUIDSBUFPRINT(s)
Definition: SBuf.h:33
void storeAppendPrintf(StoreEntry *e, const char *fmt,...)
Definition: store.cc:904
#define NULL
Definition: types.h:166
virtual void registerWithCacheManager(void)
Definition: SchemeConfig.cc:79
virtual UserRequest::Pointer decode(char const *proxy_auth, const char *requestRealm)=0
wordlist * next
Definition: wordlist.h:34

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors