1 /* 2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors 3 * 4 * Squid software is distributed under GPLv2+ license and includes 5 * contributions from numerous individuals and organizations. 6 * Please see the COPYING and CONTRIBUTORS files for details. 7 */ 8 9 #ifndef SQUID_AUTH_USER_H 10 #define SQUID_AUTH_USER_H 11 12 #if USE_AUTH 13 14 #include "auth/CredentialState.h" 15 #include "auth/Type.h" 16 #include "base/CbcPointer.h" 17 #include "base/RefCount.h" 18 #include "dlink.h" 19 #include "ip/Address.h" 20 #include "Notes.h" 21 #include "sbuf/SBuf.h" 22 23 class StoreEntry; 24 25 namespace Auth 26 { 27 28 class Config; 29 class CredentialsCache; 30 31 /** 32 * This is the main user related structure. It stores user-related data, 33 * and is persistent across requests. It can even persist across 34 * multiple external authentications. One major benefit of preserving this 35 * structure is the cached ACL match results. This structure, is private to 36 * the authentication framework. 37 */ 38 class User : public RefCountable 39 { 40 public: 41 typedef RefCount<User> Pointer; 42 43 protected: 44 User(Auth::Config *, const char *requestRealm); 45 public: 46 virtual ~User(); 47 48 /* extra fields for proxy_auth */ 49 /** \deprecated this determines what scheme owns the user data. */ 50 Auth::Type auth_type; 51 /** the config for this user */ 52 Auth::Config *config; 53 dlink_list proxy_match_cache; 54 size_t ipcount; 55 long expiretime; 56 57 /// list of key=value pairs the helper produced 58 NotePairs notes; 59 60 public: 61 static SBuf BuildUserKey(const char *username, const char *realm); 62 63 void absorb(Auth::User::Pointer from); username()64 char const *username() const { return username_; } 65 void username(char const *); ///< set stored username and userKey 66 67 // NP: key is set at the same time as username_. Until then both are empty/NULL. userKey()68 const SBuf userKey() const {return userKey_;} 69 70 /** 71 * How long these credentials are still valid for. 72 * Negative numbers means already expired. 73 */ 74 virtual int32_t ttl() const = 0; 75 76 /* Manage list of IPs using this username */ 77 void clearIp(); 78 void removeIp(Ip::Address); 79 void addIp(Ip::Address); 80 81 /// add the Auth::User to the protocol-specific username cache. 82 virtual void addToNameCache() = 0; 83 static void CredentialsCacheStats(StoreEntry * output); 84 85 // userKey ->Auth::User::Pointer cache 86 // must be reimplemented in subclasses 87 static CbcPointer<Auth::CredentialsCache> Cache(); 88 89 CredentialState credentials() const; 90 void credentials(CredentialState); 91 92 private: 93 /** 94 * The current state these credentials are in: 95 * Unchecked 96 * Authenticated 97 * Pending helper result 98 * Handshake happening in stateful auth. 99 * Failed auth 100 */ 101 CredentialState credentials_state; 102 103 private: 104 /** 105 * DPW 2007-05-08 106 * The username_ memory will be allocated via 107 * xstrdup(). It is our responsibility. 108 */ 109 const char *username_; 110 111 /** 112 * A realm for the user depending on request, designed to identify users, 113 * with the same username and different authentication domains. 114 */ 115 SBuf requestRealm_; 116 117 /** 118 * A Unique key for the user, consist by username and requestRealm_ 119 */ 120 SBuf userKey_; 121 122 /** what ip addresses has this user been seen at?, plus a list length cache */ 123 dlink_list ip_list; 124 }; 125 126 } // namespace Auth 127 128 #endif /* USE_AUTH */ 129 #endif /* SQUID_AUTH_USER_H */ 130 131