diff options
author | Timo Teräs <timo.teras@iki.fi> | 2010-08-27 17:05:18 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2010-08-27 17:05:18 +0300 |
commit | b8944ab71ccdc9951c6b74ef8ed8686d0329f99c (patch) | |
tree | a44327faefdfb99bf61d1249c044bfef66419267 /authdb.c | |
parent | 29331f1c5e940499f282aea8155b89fae69f3fb8 (diff) | |
download | squark-b8944ab71ccdc9951c6b74ef8ed8686d0329f99c.tar.bz2 squark-b8944ab71ccdc9951c6b74ef8ed8686d0329f99c.tar.xz |
authdb: implement basics
Implement a shared memory based authentication cache. It's a simple
local cache indexed by IP-address, and keeps track of that IP's
auth info such as username, allowed categories and timeouts. This
provides basis for captive portal, per-user definable category
restrictions and implementation of soft blocks (block which can
be overridden by user by clicking a button on the blocked page).
Diffstat (limited to 'authdb.c')
-rw-r--r-- | authdb.c | 223 |
1 files changed, 223 insertions, 0 deletions
diff --git a/authdb.c b/authdb.c new file mode 100644 index 0000000..452c94e --- /dev/null +++ b/authdb.c @@ -0,0 +1,223 @@ +#include <sys/mman.h> +#include <sys/stat.h> +#include <unistd.h> +#include <malloc.h> +#include <sched.h> +#include <fcntl.h> + +#include "authdb.h" +#include "addr.h" +#include "blob.h" + +#define AUTHDB_IP_PER_ME 256 +#define AUTHDB_LOGOFF_PERIOD (15*60) /* 15 mins */ + +static struct authdb_map_entry *authdb_me_open(sockaddr_any *addr, int create) +{ + int oflag, fd; + char name[64]; + blob_t b = BLOB_BUF(name); + void *base; + struct authdb_map_entry *me; + + blob_push(&b, BLOB_STR("squark-auth-")); + blob_push_hexdump(&b, addr_get_hostaddr_blob(addr)); + blob_push_byte(&b, 0); + + oflag = O_RDWR; + if (create) + oflag |= O_CREAT; + + fd = shm_open(name, oflag, 0600); + if (fd < 0) + return NULL; + + if (create && + ftruncate(fd, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME])) < 0) { + close(fd); + return NULL; + } + + base = mmap(NULL, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME]), + PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + close(fd); + + if (base == MAP_FAILED) + return NULL; + + me = malloc(sizeof(*me)); + if (me == NULL) { + munmap(base, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME])); + return NULL; + } + + me->next = NULL; + me->baseaddr = *addr; + me->entries = base; + + return me; +} + +static void authdb_me_free(struct authdb_map_entry *me) +{ + munmap(me->entries, sizeof(struct authdb_entry[AUTHDB_IP_PER_ME])); + free(me); +} + +int authdb_open(struct authdb *adb) +{ + memset(adb, 0, sizeof(*adb)); + return 0; +} + +void authdb_close(struct authdb *adb) +{ + struct authdb_map_entry *c, *n; + int i; + + for (i = 0; i < ARRAY_SIZE(adb->hash_bucket); i++) { + for (c = adb->hash_bucket[i]; c != NULL; c = n) { + n = c->next; + authdb_me_free(n); + } + } +} + +static unsigned int MurmurHash2(const void * key, int len, unsigned int seed) +{ + // 'm' and 'r' are mixing constants generated offline. + // They're not really 'magic', they just happen to work well. + const unsigned int m = 0x5bd1e995; + const int r = 24; + unsigned int h = seed ^ len; + const unsigned char * data = (const unsigned char *)key; + + while(len >= 4) + { + unsigned int k = *(unsigned int *)data; + + k *= m; + k ^= k >> r; + k *= m; + + h *= m; + h ^= k; + + data += 4; + len -= 4; + } + + switch(len) + { + case 3: h ^= data[2] << 16; + case 2: h ^= data[1] << 8; + case 1: h ^= data[0]; + h *= m; + } + + h ^= h >> 13; + h *= m; + h ^= h >> 15; + + return h; +} + +static uint32_t authdb_entry_checksum(struct authdb_entry *entry) +{ + return MurmurHash2(&entry->p, sizeof(entry->p), 0); +} + +void *authdb_get(struct authdb *adb, sockaddr_any *addr, struct authdb_entry *entry, int create) +{ + struct authdb_map_entry *me; + int hash, e, i; + sockaddr_any baseaddr; + blob_t b; + + baseaddr = *addr; + b = addr_get_hostaddr_blob(&baseaddr); + if (b.len < 4) + return NULL; + + e = b.ptr[0]; + b.ptr[0] = 0x00; + hash = b.ptr[1] + b.ptr[2] + b.ptr[3]; + + for (me = adb->hash_bucket[hash]; me != NULL; me = me->next) { + if (addr_cmp(&baseaddr, &me->baseaddr) == 0) + break; + } + if (me == NULL) { + me = authdb_me_open(&baseaddr, create); + if (me == NULL) + return NULL; + me->next = adb->hash_bucket[hash]; + adb->hash_bucket[hash] = me; + } + + for (i = 0; i < 3; i++) { + memcpy(&me->entries[e], entry, sizeof(struct authdb_entry)); + if (entry->u.checksum == 0 && entry->u.login_time == 0) + return &me->entries[e]; + if (entry->u.checksum == authdb_entry_checksum(entry)) + return &me->entries[e]; + sched_yield(); + } + + authdb_clear_entry(entry); + + return &me->entries[e]; +} + +int authdb_set(void *token, struct authdb_entry *entry) +{ + struct authdb_entry *mme = token; + uint32_t checksum = entry->u.checksum; + + entry->u.checksum = authdb_entry_checksum(entry); + if (mme->u.checksum != checksum) + return 0; + + mme->u.checksum = entry->u.checksum; + memcpy(mme, entry, sizeof(*entry)); + + return 1; +} + +int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now) +{ + struct authdb_entry *mme = token; + + /* check username */ + if (!blob_is_null(username) && + blob_cmp(username, BLOB_STRLEN(e->p.login_name)) != 0) + return 0; + + /* and dates */ + if (now > e->u.login_time + AUTHDB_LOGOFF_PERIOD) + return 0; + + /* and that no one clobbered the entry */ + if (mme->u.checksum != e->u.checksum) + return 0; + + /* refresh last activity */ + mme->u.login_time = now; + + return 1; +} + +void authdb_clear_entry(struct authdb_entry *entry) +{ + memset(&entry->p, 0, sizeof(entry->p)); + entry->u.login_time = 0; + entry->u.override_time = 0; +} + +void authdb_commit_login(void *token, struct authdb_entry *e, time_t now) +{ + /* fixme read stuff from config files */ + e->u.login_time = now; + + authdb_set(token, e); +} |