📄 auth_basic.c
字号:
/* * $Id: auth_basic.c,v 1.25 2006/07/30 23:27:04 hno Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels * * SQUID Web Proxy Cache http://www.squid-cache.org/ * ---------------------------------------------------------- * * Squid is the result of efforts by numerous individuals from * the Internet community; see the CONTRIBUTORS file for full * details. Many organizations have provided support for Squid's * development; see the SPONSORS file for full details. Squid is * Copyrighted (C) 2001 by the Regents of the University of * California; see the COPYRIGHT file for full details. Squid * incorporates software developed and/or copyrighted by other * sources; see the CREDITS file for full details. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * *//* The functions in this file handle authentication. * They DO NOT perform access control or auditing. * See acl.c for access control and client_side.c for auditing */#include "squid.h"#include "auth_basic.h"static voidauthenticateStateFree(authenticateStateData * r){ if (r->auth_user_request) { authenticateAuthUserRequestUnlock(r->auth_user_request); r->auth_user_request = NULL; } cbdataFree(r);}/* Basic Scheme */static HLPCB authenticateBasicHandleReply;static AUTHSACTIVE authenticateBasicActive;static AUTHSAUTHED authenticateBasicAuthenticated;static AUTHSAUTHUSER authenticateBasicAuthenticateUser;static AUTHSCONFIGURED authBasicConfigured;static AUTHSDIRECTION authenticateBasicDirection;static AUTHSDECODE authenticateBasicDecodeAuth;static AUTHSDUMP authBasicCfgDump;static AUTHSFIXERR authenticateBasicFixErrorHeader;static AUTHSFREE authenticateBasicFreeUser;static AUTHSFREECONFIG authBasicFreeConfig;static AUTHSPARSE authBasicParse;static AUTHSCHECKCONFIG authBasicCheckConfig;static AUTHSINIT authBasicInit;static AUTHSSTART authenticateBasicStart;static AUTHSSTATS authenticateBasicStats;static AUTHSUSERNAME authenticateBasicUsername;static AUTHSSHUTDOWN authBasicDone;static helper *basicauthenticators = NULL;static auth_basic_config *basicConfig = NULL;static int authbasic_initialised = 0;MemPool *basic_data_pool = NULL;/* * * Public Functions * */AUTHSSETUP authSchemeSetup_basic;voidauthSchemeSetup_basic(authscheme_entry_t * authscheme){ assert(!authbasic_initialised); authscheme->Active = authenticateBasicActive; authscheme->parse = authBasicParse; authscheme->checkconfig = authBasicCheckConfig; authscheme->dump = authBasicCfgDump; authscheme->init = authBasicInit; authscheme->authAuthenticate = authenticateBasicAuthenticateUser; authscheme->authenticated = authenticateBasicAuthenticated; authscheme->configured = authBasicConfigured; authscheme->authFixHeader = authenticateBasicFixErrorHeader; authscheme->FreeUser = authenticateBasicFreeUser; authscheme->freeconfig = authBasicFreeConfig; authscheme->authStart = authenticateBasicStart; authscheme->authStats = authenticateBasicStats; authscheme->authUserUsername = authenticateBasicUsername; authscheme->getdirection = authenticateBasicDirection; authscheme->oncloseconnection = NULL; authscheme->decodeauth = authenticateBasicDecodeAuth; authscheme->donefunc = authBasicDone; authscheme->authConnLastHeader = NULL;}/* internal functions */static voidauthBasicDone(void){ if (basicauthenticators) helperShutdown(basicauthenticators); authbasic_initialised = 0; if (!shutting_down) return; if (basicauthenticators) helperFree(basicauthenticators); basicauthenticators = NULL; if (basic_data_pool) { memPoolDestroy(basic_data_pool); basic_data_pool = NULL; } debug(29, 2) ("authBasicDone: Basic authentication Shutdown.\n");}static intauthenticateBasicActive(){ return (authbasic_initialised == 1) ? 1 : 0;}static intauthBasicConfigured(){ if ((basicConfig != NULL) && (basicConfig->authenticate != NULL) && (basicConfig->authenticateChildren != 0) && (basicConfig->basicAuthRealm != NULL)) { debug(29, 9) ("authBasicConfigured: returning configured\n"); return 1; } debug(29, 9) ("authBasicConfigured: returning unconfigured\n"); return 0;}static intauthenticateBasicAuthenticated(auth_user_request_t * auth_user_request){ basic_data *basic_auth = auth_user_request->auth_user->scheme_data; if ((basic_auth->flags.credentials_ok == 1) && (basic_auth->credentials_checkedtime + basicConfig->credentialsTTL > squid_curtime)) return 1; debug(29, 4) ("User not authenticated or credentials need rechecking.\n"); return 0;}#if UNUSED_CODEstatic intauthenticateBasiccmpUsername(basic_data * u1, basic_data * u2){ return strcmp(u1->username, u2->username);}#endif/* log a basic user in */static voidauthenticateBasicAuthenticateUser(auth_user_request_t * auth_user_request, request_t * request, ConnStateData * conn, http_hdr_type type){ auth_user_t *auth_user; basic_data *basic_auth; assert(auth_user_request->auth_user != NULL); auth_user = auth_user_request->auth_user; assert(auth_user->scheme_data != NULL); basic_auth = auth_user->scheme_data; /* if the password is not ok, do an identity */ if (basic_auth->flags.credentials_ok != 1) return; /* are we about to recheck the credentials externally? */ if ((basic_auth->credentials_checkedtime + basicConfig->credentialsTTL) <= squid_curtime) { debug(29, 4) ("authBasicAuthenticate: credentials expired - rechecking\n"); return; } /* we have been through the external helper, and the credentials haven't expired */ debug(29, 9) ("authenticateBasicAuthenticateuser: user '%s' authenticated\n", basic_auth->username); /* Decode now takes care of finding the auth_user struct in the cache */ /* after external auth occurs anyway */ auth_user->expiretime = current_time.tv_sec; return;}intauthenticateBasicDirection(auth_user_request_t * auth_user_request){/* null auth_user is checked for by authenticateDirection */ auth_user_t *auth_user = auth_user_request->auth_user; basic_data *basic_auth = auth_user->scheme_data; switch (basic_auth->flags.credentials_ok) { case 0: /* not checked */ return -1; case 1: /* checked & ok */ if (basic_auth->credentials_checkedtime + basicConfig->credentialsTTL <= squid_curtime) return -1; return 0; case 2: /* paused while waiting for a username:password check on another request */ return -1; case 3: /* authentication process failed. */ return 0; } return -2;}voidauthenticateBasicFixErrorHeader(auth_user_request_t * auth_user_request, HttpReply * rep, http_hdr_type type, request_t * request){ if (basicConfig->authenticate) { debug(29, 9) ("authenticateFixErrorHeader: Sending type:%d header: 'Basic realm=\"%s\"'\n", type, basicConfig->basicAuthRealm); httpHeaderPutStrf(&rep->header, type, "Basic realm=\"%s\"", basicConfig->basicAuthRealm); }}/* free any allocated configuration details */voidauthBasicFreeConfig(authScheme * scheme){ if (basicConfig == NULL) return; assert(basicConfig == scheme->scheme_data); if (basicConfig->authenticate) wordlistDestroy(&basicConfig->authenticate); if (basicConfig->basicAuthRealm) safe_free(basicConfig->basicAuthRealm); xfree(basicConfig); basicConfig = NULL;}voidauthenticateBasicFreeUser(auth_user_t * auth_user){ basic_data *basic_auth = auth_user->scheme_data; debug(29, 5) ("authenticateBasicFreeUser: Clearing Basic scheme data\n"); if (basic_auth->username) xfree(basic_auth->username); if (basic_auth->passwd) xfree(basic_auth->passwd); memPoolFree(basic_data_pool, auth_user->scheme_data); auth_user->scheme_data = NULL;}static voidauthenticateBasicHandleReply(void *data, char *reply){ authenticateStateData *r = data; auth_user_t *auth_user; basic_data *basic_auth; auth_basic_queue_node *tmpnode; int valid; char *t = NULL; debug(29, 9) ("authenticateBasicHandleReply: {%s}\n", reply ? reply : "<NULL>"); if (reply) { if ((t = strchr(reply, ' '))) *t++ = '\0'; if (*reply == '\0') reply = NULL; } assert(r->auth_user_request != NULL); assert(r->auth_user_request->auth_user->auth_type == AUTH_BASIC); auth_user = r->auth_user_request->auth_user; basic_auth = auth_user->scheme_data; if (reply && (strncasecmp(reply, "OK", 2) == 0)) basic_auth->flags.credentials_ok = 1; else { basic_auth->flags.credentials_ok = 3; safe_free(r->auth_user_request->message); if (t && *t) r->auth_user_request->message = xstrdup(t); } basic_auth->credentials_checkedtime = squid_curtime; valid = cbdataValid(r->data); if (valid) r->handler(r->data, NULL); cbdataUnlock(r->data); while (basic_auth->auth_queue) { tmpnode = basic_auth->auth_queue->next; valid = cbdataValid(basic_auth->auth_queue->data); if (valid) basic_auth->auth_queue->handler(basic_auth->auth_queue->data, NULL); cbdataUnlock(basic_auth->auth_queue->data); xfree(basic_auth->auth_queue); basic_auth->auth_queue = tmpnode; } authenticateStateFree(r);}static voidauthBasicCfgDump(StoreEntry * entry, const char *name, authScheme * scheme){ auth_basic_config *config = scheme->scheme_data; wordlist *list = config->authenticate; storeAppendPrintf(entry, "%s %s", name, "basic"); while (list != NULL) { storeAppendPrintf(entry, " %s", list->key); list = list->next; } storeAppendPrintf(entry, "\n%s %s realm %s\n", name, "basic", config->basicAuthRealm);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -