UserRequest.h

Go to the documentation of this file.

/*
 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */
 
#ifndef SQUID_SRC_AUTH_USERREQUEST_H
#define SQUID_SRC_AUTH_USERREQUEST_H
 
#if USE_AUTH
 
#include "AccessLogEntry.h"
#include "auth/AuthAclState.h"
#include "auth/Scheme.h"
#include "auth/User.h"
#include "dlink.h"
#include "helper/forward.h"
#include "HttpHeader.h"
#include "ip/Address.h"
 
class ConnStateData;
class HttpReply;
class HttpRequest;
 
// XXX: Keep in sync with all others: bzr grep 'define MAX_AUTHTOKEN_LEN'
#define MAX_AUTHTOKEN_LEN   65535
 
class AuthUserIP
{
    MEMPROXY_CLASS(AuthUserIP);
 
public:
    AuthUserIP(const Ip::Address &ip, time_t t) : ipaddr(ip), ip_expiretime(t) {}
 
    dlink_node node;
 
    Ip::Address ipaddr;
 
    time_t ip_expiretime;
};
 
// TODO: make auth schedule AsyncCalls?
typedef void AUTHCB(void*);
 
namespace Auth
{
 
// NP: numeric values specified for old code backward compatibility.
//  remove after transition is complete
enum Direction {
    CRED_CHALLENGE = 1, 
    CRED_VALID = 0,     
    CRED_LOOKUP = -1,   
    CRED_ERROR = -2     
};
 
class UserRequest : public RefCountable
{
public:
    typedef RefCount<Auth::UserRequest> Pointer;
 
    UserRequest();
    ~UserRequest() override;
    void *operator new(size_t byteCount);
    void operator delete(void *address);
 
public:
    User::Pointer _auth_user;
 
    Direction direction();
 
    virtual bool authenticated() const;
 
    bool valid() const;
 
    virtual void authenticate(HttpRequest * request, ConnStateData * conn, Http::HdrType type) = 0;
 
    /* template method - what needs to be done next? advertise schemes, challenge, handle error, nothing? */
    virtual Direction module_direction() = 0;
 
    /* add the [Proxy-]Authentication-Info header */
    virtual void addAuthenticationInfoHeader(HttpReply * rep, int accel);
 
    /* add the [Proxy-]Authentication-Info trailer */
    virtual void addAuthenticationInfoTrailer(HttpReply * rep, int accel);
 
    virtual void releaseAuthServer();
 
    // User credentials object this UserRequest is managing
    virtual User::Pointer user() {return _auth_user;}
    virtual const User::Pointer user() const {return _auth_user;}
    virtual void user(User::Pointer aUser) {_auth_user=aUser;}
 
    static AuthAclState tryToAuthenticateAndSetAuthUser(UserRequest::Pointer *aUR, Http::HdrType, HttpRequest *, ConnStateData *, Ip::Address &, AccessLogEntry::Pointer &);
 
    static void AddReplyAuthHeader(HttpReply * rep, UserRequest::Pointer auth_user_request, HttpRequest * request, int accelerated, int internal);
 
    void start(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data);
 
    char const * denyMessage(char const * const default_message = nullptr) const;
 
    void setDenyMessage(char const *);
 
    char const * getDenyMessage() const;
 
    char const *username() const;
 
    Scheme::Pointer scheme() const;
 
    virtual const char * connLastHeader();
 
    virtual const char *credentialsStr() = 0;
 
    const char *helperRequestKeyExtras(HttpRequest *, AccessLogEntry::Pointer &al);
 
    void denyMessageFromHelper(char const *proto, const Helper::Reply &reply);
 
protected:
    virtual void startHelperLookup(HttpRequest *request, AccessLogEntry::Pointer &al, AUTHCB *handler, void *data) = 0;
 
private:
 
    static AuthAclState authenticate(UserRequest::Pointer * auth_user_request, Http::HdrType headertype, HttpRequest * request, ConnStateData * conn, Ip::Address &src_addr, AccessLogEntry::Pointer &al);
 
    char *message;
 
    AuthAclState lastReply;
};
 
} // namespace Auth
 
/* AuthUserRequest */
 
void authenticateAuthUserRequestRemoveIp(Auth::UserRequest::Pointer, Ip::Address const &);
void authenticateAuthUserRequestClearIp(Auth::UserRequest::Pointer);
int authenticateAuthUserRequestIPCount(Auth::UserRequest::Pointer);
 
bool authenticateUserAuthenticated(const Auth::UserRequest::Pointer &);
 
#endif /* USE_AUTH */
#endif /* SQUID_SRC_AUTH_USERREQUEST_H */