UserRequest.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#ifndef SQUID_AUTH_USERREQUEST_H
10#define SQUID_AUTH_USERREQUEST_H
11
12#if USE_AUTH
13
14#include "AccessLogEntry.h"
15#include "auth/AuthAclState.h"
16#include "auth/Scheme.h"
17#include "auth/User.h"
18#include "dlink.h"
19#include "helper/forward.h"
20#include "HttpHeader.h"
21#include "ip/Address.h"
22
23class ConnStateData;
24class HttpReply;
25class HttpRequest;
26
30// XXX: Keep in sync with all others: bzr grep 'define MAX_AUTHTOKEN_LEN'
31#define MAX_AUTHTOKEN_LEN 65535
32
37class AuthUserIP
38{
39 MEMPROXY_CLASS(AuthUserIP);
40
41public:
42 AuthUserIP(const Ip::Address &ip, time_t t) : ipaddr(ip), ip_expiretime(t) {}
43
44 dlink_node node;
45
47 Ip::Address ipaddr;
48
53 time_t ip_expiretime;
54};
55
56// TODO: make auth schedule AsyncCalls?
57typedef void AUTHCB(void*);
58
59namespace Auth
60{
61
62// NP: numeric values specified for old code backward compatibility.
63// remove after transition is complete
64enum Direction {
65 CRED_CHALLENGE = 1,
66 CRED_VALID = 0,
67 CRED_LOOKUP = -1,
68 CRED_ERROR = -2
69};
70
77class UserRequest : public RefCountable
78{
79public:
80 typedef RefCount<Auth::UserRequest> Pointer;
81
82 UserRequest();
83 ~UserRequest() override;
84 void *operator new(size_t byteCount);
85 void operator delete(void *address);
86
87public:
93 User::Pointer _auth_user;
94
107 Direction direction();
108
115 virtual int authenticated() const = 0;
116
127 bool valid() const;
128
129 virtual void authenticate(HttpRequest * request, ConnStateData * conn, Http::HdrType type) = 0;
130
131 /* template method - what needs to be done next? advertise schemes, challenge, handle error, nothing? */
132 virtual Direction module_direction() = 0;
133
134 /* add the [Proxy-]Authentication-Info header */
135 virtual void addAuthenticationInfoHeader(HttpReply * rep, int accel);
136
137 /* add the [Proxy-]Authentication-Info trailer */
138 virtual void addAuthenticationInfoTrailer(HttpReply * rep, int accel);
139
140 virtual void releaseAuthServer();
141
142 // User credentials object this UserRequest is managing
143 virtual User::Pointer user() {return _auth_user;}
144 virtual const User::Pointer user() const {return _auth_user;}
145 virtual void user(User::Pointer aUser) {_auth_user=aUser;}
146
165 static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, Http::HdrType, HttpRequest *, ConnStateData *, Ip::Address &, AccessLogEntry::Pointer &);
166
168 static void AddReplyAuthHeader(HttpReply * rep, UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal);
169
180 void start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data);
181
182 char const * denyMessage(char const * const default_message = nullptr) const;
183
185 void setDenyMessage(char const *);
186
188 char const * getDenyMessage() const;
189
198 char const *username() const;
199
200 Scheme::Pointer scheme() const;
201
202 virtual const char * connLastHeader();
203
207 virtual const char *credentialsStr() = 0;
208
209 const char *helperRequestKeyExtras(HttpRequest *, AccessLogEntry::Pointer &al);
210
212 void denyMessageFromHelper(char const *proto, const Helper::Reply &reply);
213
214protected:
220 virtual void startHelperLookup(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data) = 0;
221
222private:
223
224 static AuthAclState authenticate(UserRequest::Pointer * auth_user_request, Http::HdrType headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr, AccessLogEntry::Pointer &al);
225
227 char *message;
228
234 AuthAclState lastReply;
235};
236
237} // namespace Auth
238
239/* AuthUserRequest */
240
242void authenticateAuthUserRequestRemoveIp(Auth::UserRequest::Pointer, Ip::Address const &);
244void authenticateAuthUserRequestClearIp(Auth::UserRequest::Pointer);
246int authenticateAuthUserRequestIPCount(Auth::UserRequest::Pointer);
247
250int authenticateUserAuthenticated(Auth::UserRequest::Pointer);
251
252#endif /* USE_AUTH */
253#endif /* SQUID_AUTHUSERREQUEST_H */
254
AuthAclState
AuthAclState
Definition: AuthAclState.h:14
RefCountable
#define RefCountable
The locking interface for use on Reference-Counted classes.
Definition: Lock.h:66
conn
int conn
the current server connection FD
Definition: Transport.cc:26
authenticateAuthUserRequestRemoveIp
void authenticateAuthUserRequestRemoveIp(Auth::UserRequest::Pointer, Ip::Address const &)
Definition: UserRequest.cc:147
authenticateAuthUserRequestIPCount
int authenticateAuthUserRequestIPCount(Auth::UserRequest::Pointer)
Definition: UserRequest.cc:165
authenticateAuthUserRequestClearIp
void authenticateAuthUserRequestClearIp(Auth::UserRequest::Pointer)
Definition: UserRequest.cc:158
AUTHCB
void AUTHCB(void *)
Definition: UserRequest.h:57
authenticateUserAuthenticated
int authenticateUserAuthenticated(Auth::UserRequest::Pointer)
Definition: UserRequest.cc:176
AuthUserIP::ipaddr
Ip::Address ipaddr
IP address this user authenticated from.
Definition: UserRequest.h:47
AuthUserIP::node
dlink_node node
Definition: UserRequest.h:44
AuthUserIP::AuthUserIP
AuthUserIP(const Ip::Address &ip, time_t t)
Definition: UserRequest.h:42
AuthUserIP::ip_expiretime
time_t ip_expiretime
Definition: UserRequest.h:53
AuthUserIP::MEMPROXY_CLASS
MEMPROXY_CLASS(AuthUserIP)
Auth::UserRequest::addAuthenticationInfoHeader
virtual void addAuthenticationInfoHeader(HttpReply *rep, int accel)
Definition: UserRequest.cc:197
Auth::UserRequest::tryToAuthenticateAndSetAuthUser
static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, Http::HdrType, HttpRequest *, ConnStateData *, Ip::Address &, AccessLogEntry::Pointer &)
Definition: UserRequest.cc:437
Auth::UserRequest::helperRequestKeyExtras
const char * helperRequestKeyExtras(HttpRequest *, AccessLogEntry::Pointer &al)
Definition: UserRequest.cc:547
Auth::UserRequest::AddReplyAuthHeader
static void AddReplyAuthHeader(HttpReply *rep, UserRequest::Pointer auth_user_request, HttpRequest *request, int accelerated, int internal)
Add the appropriate [Proxy-]Authenticate header to the given reply.
Definition: UserRequest.cc:479
Auth::UserRequest::setDenyMessage
void setDenyMessage(char const *)
Definition: UserRequest.cc:114
Auth::UserRequest::denyMessageFromHelper
void denyMessageFromHelper(char const *proto, const Helper::Reply &reply)
Sets the reason of 'authentication denied' helper response.
Definition: UserRequest.cc:564
Auth::UserRequest::startHelperLookup
virtual void startHelperLookup(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data)=0
Auth::UserRequest::scheme
Scheme::Pointer scheme() const
Definition: UserRequest.cc:541
Auth::UserRequest::credentialsStr
virtual const char * credentialsStr()=0
Auth::UserRequest::releaseAuthServer
virtual void releaseAuthServer()
Definition: UserRequest.cc:205
Auth::UserRequest::authenticated
virtual int authenticated() const =0
Auth::UserRequest::user
virtual const User::Pointer user() const
Definition: UserRequest.h:144
Auth::UserRequest::addAuthenticationInfoTrailer
virtual void addAuthenticationInfoTrailer(HttpReply *rep, int accel)
Definition: UserRequest.cc:201
Auth::UserRequest::module_direction
virtual Direction module_direction()=0
Auth::UserRequest::valid
bool valid() const
Definition: UserRequest.cc:53
Auth::UserRequest::denyMessage
char const * denyMessage(char const *const default_message=nullptr) const
Definition: UserRequest.cc:127
Auth::UserRequest::_auth_user
User::Pointer _auth_user
Definition: UserRequest.h:93
Auth::UserRequest::start
void start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data)
Definition: UserRequest.cc:44
Auth::UserRequest::getDenyMessage
char const * getDenyMessage() const
Definition: UserRequest.cc:121
Auth::UserRequest::direction
Direction direction()
Definition: UserRequest.cc:185
Auth::UserRequest::lastReply
AuthAclState lastReply
Definition: UserRequest.h:234
Auth::UserRequest::user
virtual void user(User::Pointer aUser)
Definition: UserRequest.h:145
Auth::UserRequest::connLastHeader
virtual const char * connLastHeader()
Definition: UserRequest.cc:209
Auth::UserRequest::username
char const * username() const
Definition: UserRequest.cc:32
Auth::UserRequest::user
virtual User::Pointer user()
Definition: UserRequest.h:143
Auth::UserRequest::authenticate
virtual void authenticate(HttpRequest *request, ConnStateData *conn, Http::HdrType type)=0
Auth::UserRequest::Pointer
RefCount< Auth::UserRequest > Pointer
Definition: UserRequest.h:80
Auth::UserRequest::~UserRequest
~UserRequest() override
Definition: UserRequest.cc:100
dlink_node
Definition: dlink.h:15
Auth
HTTP Authentication.
Definition: Config.h:19
Auth::Direction
Direction
Definition: UserRequest.h:64
Auth::CRED_ERROR
@ CRED_ERROR
ERROR in the auth module. Cannot determine the state of this request.
Definition: UserRequest.h:68
Auth::CRED_CHALLENGE
@ CRED_CHALLENGE
Client needs to be challenged. secure token.
Definition: UserRequest.h:65
Auth::CRED_LOOKUP
@ CRED_LOOKUP
Credentials need to be validated with the backend helper.
Definition: UserRequest.h:67
Auth::CRED_VALID
@ CRED_VALID
Credentials are valid and a up to date. The OK/Failed state is accurate.
Definition: UserRequest.h:66
handler
static void handler(int signo)
Definition: purge.cc:858

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors