authdb: implement basics

Implement a shared memory based authentication cache. It's a simple
local cache indexed by IP-address, and keeps track of that IP's
auth info such as username, allowed categories and timeouts. This
provides basis for captive portal, per-user definable category
restrictions and implementation of soft blocks (block which can
be overridden by user by clicking a button on the blocked page).

1 files changed, 223 insertions, 0 deletions

diff --git a/authdb.c b/authdb.c
new file mode 100644
index 0000000..452c94e
--- /dev/null
+++ b/authdb.c
@@ -0,0 +1,223 @@
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <malloc.h>
+#include <sched.h>
+#include <fcntl.h>
+
+#include "authdb.h"
+#include "addr.h"
+#include "blob.h"
+
+#define AUTHDB_IP_PER_ME		256
+#define AUTHDB_LOGOFF_PERIOD		(15*60)		/* 15 mins */
+
+static struct authdb_map_entry *authdb_me_open(sockaddr_any *addr, int create)
+{
+	int oflag, fd;
+	char name[64];
+	blob_t b = BLOB_BUF(name);
+	void *base;
+	struct authdb_map_entry *me;
+
+	blob_push(&b, BLOB_STR("squark-auth-"));
+	blob_push_hexdump(&b, addr_get_hostaddr_blob(addr));
+	blob_push_byte(&b, 0);
+
+	oflag = O_RDWR;
+	if (create)
+		oflag |= O_CREAT;
+
+	fd = shm_open(name, oflag, 0600);
+	if (fd < 0)
+		return NULL;
+
+	if (create &&
+	    ftruncate(fd, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME])) < 0) {
+		close(fd);
+		return NULL;
+	}
+
+	base = mmap(NULL, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME]),
+		    PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+	close(fd);
+
+	if (base == MAP_FAILED)
+		return NULL;
+
+	me = malloc(sizeof(*me));
+	if (me == NULL) {
+		munmap(base, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME]));
+		return NULL;
+	}
+
+	me->next = NULL;
+	me->baseaddr = *addr;
+	me->entries = base;
+
+	return me;
+}
+
+static void authdb_me_free(struct authdb_map_entry *me)
+{
+	munmap(me->entries, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME]));
+	free(me);
+}
+
+int authdb_open(struct authdb *adb)
+{
+	memset(adb, 0, sizeof(*adb));
+	return 0;
+}
+
+void authdb_close(struct authdb *adb)
+{
+	struct authdb_map_entry *c, *n;
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(adb->hash_bucket); i++) {
+		for (c = adb->hash_bucket[i]; c != NULL; c = n) {
+			n = c->next;
+			authdb_me_free(n);
+		}
+	}
+}
+
+static unsigned int MurmurHash2(const void * key, int len, unsigned int seed)
+{
+	// 'm' and 'r' are mixing constants generated offline.
+	// They're not really 'magic', they just happen to work well.
+	const unsigned int m = 0x5bd1e995;
+	const int r = 24;
+	unsigned int h = seed ^ len;
+	const unsigned char * data = (const unsigned char *)key;
+
+	while(len >= 4)
+	{
+		unsigned int k = *(unsigned int *)data;
+
+		k *= m;
+		k ^= k >> r;
+		k *= m;
+
+		h *= m;
+		h ^= k;
+
+		data += 4;
+		len -= 4;
+	}
+
+	switch(len)
+	{
+	case 3:	h ^= data[2] << 16;
+	case 2:	h ^= data[1] << 8;
+	case 1:	h ^= data[0];
+		h *= m;
+	}
+
+	h ^= h >> 13;
+	h *= m;
+	h ^= h >> 15;
+
+	return h;
+}
+
+static uint32_t authdb_entry_checksum(struct authdb_entry *entry)
+{
+	return MurmurHash2(&entry->p, sizeof(entry->p), 0);
+}
+
+void *authdb_get(struct authdb *adb, sockaddr_any *addr, struct authdb_entry *entry, int create)
+{
+	struct authdb_map_entry *me;
+	int hash, e, i;
+	sockaddr_any baseaddr;
+	blob_t b;
+
+	baseaddr = *addr;
+	b = addr_get_hostaddr_blob(&baseaddr);
+	if (b.len < 4)
+		return NULL;
+
+	e = b.ptr[0];
+	b.ptr[0] = 0x00;
+	hash = b.ptr[1] + b.ptr[2] + b.ptr[3];
+
+	for (me = adb->hash_bucket[hash]; me != NULL; me = me->next) {
+		if (addr_cmp(&baseaddr, &me->baseaddr) == 0)
+			break;
+	}
+	if (me == NULL) {
+		me = authdb_me_open(&baseaddr, create);
+		if (me == NULL)
+			return NULL;
+		me->next = adb->hash_bucket[hash];
+		adb->hash_bucket[hash] = me;
+	}
+
+	for (i = 0; i < 3; i++) {
+		memcpy(&me->entries[e], entry, sizeof(struct authdb_entry));
+		if (entry->u.checksum == 0 && entry->u.login_time == 0)
+			return &me->entries[e];
+		if (entry->u.checksum == authdb_entry_checksum(entry))
+			return &me->entries[e];
+		sched_yield();
+	}
+
+	authdb_clear_entry(entry);
+
+	return &me->entries[e];
+}
+
+int authdb_set(void *token, struct authdb_entry *entry)
+{
+	struct authdb_entry *mme = token;
+	uint32_t checksum = entry->u.checksum;
+
+	entry->u.checksum = authdb_entry_checksum(entry);
+	if (mme->u.checksum != checksum)
+		return 0;
+
+	mme->u.checksum = entry->u.checksum;
+	memcpy(mme, entry, sizeof(*entry));
+
+	return 1;
+}
+
+int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now)
+{
+	struct authdb_entry *mme = token;
+
+	/* check username */
+	if (!blob_is_null(username) &&
+	    blob_cmp(username, BLOB_STRLEN(e->p.login_name)) != 0)
+		return 0;
+
+	/* and dates */
+	if (now > e->u.login_time + AUTHDB_LOGOFF_PERIOD)
+		return 0;
+
+	/* and that no one clobbered the entry */
+	if (mme->u.checksum != e->u.checksum)
+		return 0;
+
+	/* refresh last activity */
+	mme->u.login_time = now;
+
+	return 1;
+}
+
+void authdb_clear_entry(struct authdb_entry *entry)
+{
+	memset(&entry->p, 0, sizeof(entry->p));
+	entry->u.login_time = 0;
+	entry->u.override_time = 0;
+}
+
+void authdb_commit_login(void *token, struct authdb_entry *e, time_t now)
+{
+	/* fixme read stuff from config files */
+	e->u.login_time = now;
+
+	authdb_set(token, e);
+}