summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-01-10 15:44:27 +0200
committerTimo Teräs <timo.teras@iki.fi>2012-01-10 15:44:27 +0200
commit75af33433f3ffbe25c81960d8d1888be7ce35418 (patch)
tree24e487c8026011b645f83df2623422aa93a22e6e
parent7de37bf29937459edac8e878c87bfb331b9d6382 (diff)
downloadsquark-75af33433f3ffbe25c81960d8d1888be7ce35418.tar.bz2
squark-75af33433f3ffbe25c81960d8d1888be7ce35418.tar.xz
auth-snmp: commit login only if credentials are not valid
This makes sure the other session things are not reset when the squid helper cache needs revalidation. Fixes premature reset of override timestamp amongst other issues.
-rw-r--r--src/squark-auth-snmp.c31
1 files changed, 19 insertions, 12 deletions
diff --git a/src/squark-auth-snmp.c b/src/squark-auth-snmp.c
index 3681ea5..e6947c4 100644
--- a/src/squark-auth-snmp.c
+++ b/src/squark-auth-snmp.c
@@ -570,38 +570,45 @@ static void auth_completed(struct auth_context *auth)
char tmp[256], *uf_a, *uf_b;
void *token;
struct authdb_entry entry;
- blob_t b = BLOB_BUF(tmp), un;
+ blob_t b, uf;
token = authdb_get(&adb, &auth->addr, &entry, 1);
authdb_clear_entry(&entry);
+ b = BLOB_BUF(tmp);
blob_push(&b, BLOB_STRLEN(auth->token));
- if (auth_ok(auth)) {
- if (token != NULL) {
- un = BLOB_BUF(entry.p.login_name);
- blob_push_formatted_username(&un, username_format, auth);
+ blob_push(&b, BLOB_STR(" OK user="));
+ uf_a = b.ptr;
+ blob_push_formatted_username(&b, username_format, auth);
+ uf_b = b.ptr;
+ blob_push(&b, BLOB_PTR_LEN("\n", 1));
+ uf = BLOB_PTR_PTR(uf_a, uf_b);
+
+ if (auth_ok(auth) && uf.len <= sizeof(entry.p.login_name)) {
+ if (token != NULL &&
+ !authdb_check_login(token, &entry, uf, current_time, &adbc)) {
+ authdb_clear_entry(&entry);
+ memcpy(entry.p.login_name, uf.ptr, uf.len);
memcpy(entry.p.mac_address, auth->mac, MAC_LEN);
entry.p.switch_ip = auth->current_switch->addr;
entry.p.switch_port = auth->local_port;
authdb_commit_login(token, &entry, current_time, &adbc);
}
- blob_push(&b, BLOB_STR(" OK user="));
- uf_a = b.ptr;
- blob_push_formatted_username(&b, username_format, auth);
- uf_b = b.ptr;
- blob_push(&b, BLOB_PTR_LEN("\n", 1));
if (do_syslog) {
- blob_t tmp = BLOB_PTR_PTR(uf_a, uf_b);
syslog(LOG_AUTHPRIV | LOG_INFO,
"%s authenticated as %.*s",
addr_print(&auth->addr),
- tmp.len, tmp.ptr);
+ uf.len, uf.ptr);
}
} else {
if (token != NULL)
authdb_commit_logout(token);
+
+ b = BLOB_BUF(tmp);
+ blob_push(&b, BLOB_STRLEN(auth->token));
blob_push(&b, BLOB_STR(" ERR\n"));
+
if (do_syslog) {
syslog(LOG_AUTHPRIV | LOG_WARNING,
"%s failed: %s",