1 /*
2  * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_AUTH_USER_H
10 #define SQUID_AUTH_USER_H
11 
12 #if USE_AUTH
13 
14 #include "auth/CredentialState.h"
15 #include "auth/Type.h"
16 #include "base/CbcPointer.h"
17 #include "base/RefCount.h"
18 #include "dlink.h"
19 #include "ip/Address.h"
20 #include "Notes.h"
21 #include "sbuf/SBuf.h"
22 
23 class StoreEntry;
24 
25 namespace Auth
26 {
27 
28 class Config;
29 class CredentialsCache;
30 
31 /**
32  * This is the main user related structure. It stores user-related data,
33  * and is persistent across requests. It can even persist across
34  * multiple external authentications. One major benefit of preserving this
35  * structure is the cached ACL match results. This structure, is private to
36  * the authentication framework.
37  */
38 class User : public RefCountable
39 {
40 public:
41     typedef RefCount<User> Pointer;
42 
43 protected:
44     User(Auth::Config *, const char *requestRealm);
45 public:
46     virtual ~User();
47 
48     /* extra fields for proxy_auth */
49     /** \deprecated this determines what scheme owns the user data. */
50     Auth::Type auth_type;
51     /** the config for this user */
52     Auth::Config *config;
53     dlink_list proxy_match_cache;
54     size_t ipcount;
55     long expiretime;
56 
57     /// list of key=value pairs the helper produced
58     NotePairs notes;
59 
60 public:
61     static SBuf BuildUserKey(const char *username, const char *realm);
62 
63     void absorb(Auth::User::Pointer from);
username()64     char const *username() const { return username_; }
65     void username(char const *); ///< set stored username and userKey
66 
67     // NP: key is set at the same time as username_. Until then both are empty/NULL.
userKey()68     const SBuf userKey() const {return userKey_;}
69 
70     /**
71      * How long these credentials are still valid for.
72      * Negative numbers means already expired.
73      */
74     virtual int32_t ttl() const = 0;
75 
76     /* Manage list of IPs using this username */
77     void clearIp();
78     void removeIp(Ip::Address);
79     void addIp(Ip::Address);
80 
81     /// add the Auth::User to the protocol-specific username cache.
82     virtual void addToNameCache() = 0;
83     static void CredentialsCacheStats(StoreEntry * output);
84 
85     // userKey ->Auth::User::Pointer cache
86     // must be reimplemented in subclasses
87     static CbcPointer<Auth::CredentialsCache> Cache();
88 
89     CredentialState credentials() const;
90     void credentials(CredentialState);
91 
92 private:
93     /**
94      * The current state these credentials are in:
95      *   Unchecked
96      *   Authenticated
97      *   Pending helper result
98      *   Handshake happening in stateful auth.
99      *   Failed auth
100      */
101     CredentialState credentials_state;
102 
103 private:
104     /**
105      * DPW 2007-05-08
106      * The username_ memory will be allocated via
107      * xstrdup().  It is our responsibility.
108      */
109     const char *username_;
110 
111     /**
112      * A realm for the user depending on request, designed to identify users,
113      * with the same username and different authentication domains.
114      */
115     SBuf requestRealm_;
116 
117     /**
118      * A Unique key for the user, consist by username and requestRealm_
119      */
120     SBuf userKey_;
121 
122     /** what ip addresses has this user been seen at?, plus a list length cache */
123     dlink_list ip_list;
124 };
125 
126 } // namespace Auth
127 
128 #endif /* USE_AUTH */
129 #endif /* SQUID_AUTH_USER_H */
130 
131