authdb, auth-ip: make logout_timeout configurable

* authdb: change to use squark.conf instead of filter.conf * authdb: config option logout_timeout added (defaults to 15mins) * auth-ip: add -r parameter to refresh login time fixes #452
author: Timo Teräs <timo.teras@iki.fi> 2010-11-07 01:57:30 +0200
committer: Timo Teräs <timo.teras@iki.fi> 2010-11-07 01:57:30 +0200
commit: 1c23dbef0405d8ca9776737a209fb5b549219bc8 (patch)
tree: 378ac096a56dca5a6a6ac52ed138d85f888f4dd3 /src
parent: cb2db2f1c759c60849b66dabf8ee03c9cdfb2dd5 (diff)
download: squark-1c23dbef0405d8ca9776737a209fb5b549219bc8.tar.bz2
squark-1c23dbef0405d8ca9776737a209fb5b549219bc8.tar.xz
4 files changed, 32 insertions, 15 deletions
diff --git a/src/authdb.c b/src/authdb.c
index 85fb44e..d48c43d 100644
--- a/src/authdb.c
+++ b/src/authdb.c
@@ -8,6 +8,7 @@
 #include <time.h>
 #include <grp.h>
 
+#include "config.h"
 #include "authdb.h"
 #include "filterdb.h"
 #include "addr.h"
@@ -16,7 +17,6 @@
 #define ALIGN(s,a)		(((s) + a - 1) & ~(a - 1))
 
 #define AUTHDB_IP_PER_ME		256
-#define AUTHDB_LOGOFF_PERIOD		(15*60)		/* 15 mins */
 #define AUTHDB_SHM_SIZE			ALIGN(sizeof(struct authdb_entry[AUTHDB_IP_PER_ME]), 4096)
 
 static struct authdb_map_entry *authdb_me_open(sockaddr_any *addr, int create)
@@ -201,7 +201,9 @@ int authdb_set(void *token, struct authdb_entry *entry)
 	return 1;
 }
 
-int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now)
+int authdb_check_login(void *token, struct authdb_entry *e,
+		       blob_t username, time_t now,
+		       struct authdb_config *adbc)
 {
 	struct authdb_entry *mme = token;
 
@@ -211,15 +213,17 @@ int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, tim
 		return 0;
 
 	/* and dates */
-	if (now > e->last_activity_time + AUTHDB_LOGOFF_PERIOD)
+	if (now > e->last_activity_time + adbc->logout_timeout)
 		return 0;
 
 	/* and that no one clobbered the entry */
 	if (mme->checksum != e->checksum)
 		return 0;
 
-	/* refresh last activity */
-	mme->last_activity_time = now;
+	/* refresh last activity -- avoid writes to page so
+	 * caches don't get invalidated too often */
+	if (now > mme->last_activity_time + 2)
+		mme->last_activity_time = now;
 
 	return 1;
 }
@@ -330,7 +334,7 @@ int adbc_refresh(struct authdb_config *cfg, time_t now)
 	if (cfg->last_check != 0 && cfg->last_check + 2*60 > now)
 		return 0;
 
-	if (stat("/etc/squark/filter.conf", &st) != 0)
+	if (stat(squark_config, &st) != 0)
 		return -1;
 
 	if (cfg->last_change == st.st_ctime)
@@ -338,12 +342,14 @@ int adbc_refresh(struct authdb_config *cfg, time_t now)
 
 	/* check timestamp */
 
-	in = fopen("/etc/squark/filter.conf", "r");
+	in = fopen(squark_config, "r");
 	if (in == NULL)
 		return -1;
 
 	cfg->block_categories = 0;
 	cfg->hard_block_categories = 0;
+	cfg->logout_timeout = DEFAULT_LOGOUT_TIMEOUT;
+
 	while (1) {
 		b = read_word(in, &lineno, BLOB_BUF(word1));
 		if (blob_is_null(b))
@@ -356,6 +362,8 @@ int adbc_refresh(struct authdb_config *cfg, time_t now)
 			cfg->hard_block_categories |= to_category(cfg->db, p);
 		} else if (blob_cmp(b, BLOB_STR("warn")) == 0) {
 			cfg->block_categories |= to_category(cfg->db, p);
+		} else if (blob_cmp(b, BLOB_STR("logout_timeout")) == 0) {
+			cfg->logout_timeout = blob_pull_uint(&p, 10);
 		}
 	}
 	cfg->block_categories |= cfg->hard_block_categories;
diff --git a/src/authdb.h b/src/authdb.h
index 7bfa2f4..562ed17 100644
--- a/src/authdb.h
+++ b/src/authdb.h
@@ -18,6 +18,7 @@ struct authdb_config {
 	uint64_t block_categories;
 	uint64_t hard_block_categories;
 	blob_t redirect_url_base;
+	unsigned int logout_timeout;
 };
 
 struct authdb {
@@ -52,7 +53,7 @@ void *authdb_get(struct authdb *adb, sockaddr_any *addr, struct authdb_entry *en
 
 void authdb_clear_entry(struct authdb_entry *entry);
 int authdb_set(void *token, struct authdb_entry *entry);
-int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now);
+int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now, struct authdb_config *cfg);
 void authdb_commit_login(void *token, struct authdb_entry *e, time_t now, struct authdb_config *cfg);
 void authdb_commit_logout(void *token);
 void authdb_commit_override(void *token, struct authdb_entry *entry, time_t now);
diff --git a/src/squark-auth-ip.c b/src/squark-auth-ip.c
index 08adca9..ec6a44d 100644
--- a/src/squark-auth-ip.c
+++ b/src/squark-auth-ip.c
@@ -23,6 +23,7 @@
 #define DO_OVERRIDE	-2
 #define DO_PRINT	-3
 #define DO_LOGOUT	-4
+#define DO_REFRESH	-5
 
 static int running = 1;
 static struct sqdb db;
@@ -48,7 +49,7 @@ static void handle_line(blob_t line)
 	if (addr_parse(ipaddr, &addr)) {
 		token = authdb_get(&adb, &addr, &entry, 1);
 
-		if (authdb_check_login(token, &entry, BLOB_NULL, now))
+		if (authdb_check_login(token, &entry, BLOB_NULL, now, &adbc))
 			auth_ok = 1;
 	}
 
@@ -118,7 +119,7 @@ int main(int argc, char **argv)
 	sockaddr_any ipaddr = { .any.sa_family = AF_UNSPEC };
 	blob_t ip = BLOB_NULL, username = BLOB_NULL;
 
-	while ((opt = getopt(argc, argv, "Vi:u:olpL")) != -1) {
+	while ((opt = getopt(argc, argv, "Vi:u:olpLr")) != -1) {
 		switch (opt) {
 		case 'V':
 			fprintf(stderr, "squark-auth-ip %s\n", squark_version);
@@ -146,6 +147,9 @@ int main(int argc, char **argv)
 		case 'L':
 			running = DO_LOGOUT;
 			break;
+		case 'r':
+			running = DO_REFRESH;
+			break;
 		}
 	}
 
@@ -160,6 +164,7 @@ int main(int argc, char **argv)
 		goto err_adb;
 	}
 
+	rc = 0;
 	if (running < 0) {
 		struct authdb_entry entry;
 		void *token;
@@ -185,8 +190,12 @@ int main(int argc, char **argv)
 			memcpy(entry.p.login_name, username.ptr, username.len);
 			authdb_commit_login(token, &entry, now, &adbc);
 			break;
+		case DO_REFRESH:
+			if (!authdb_check_login(token, &entry, username, now, &adbc))
+				rc = 3;
+			break;
 		case DO_OVERRIDE:
-			if (authdb_check_login(token, &entry, username, now))
+			if (authdb_check_login(token, &entry, username, now, &adbc))
 				authdb_commit_override(token, &entry, now);
 			break;
 		case DO_PRINT: {
@@ -213,9 +222,9 @@ int main(int argc, char **argv)
 			b = blob_pushed(BLOB_BUF(buf), b);
 			fwrite(b.ptr, b.len, 1, stdout);
 			break;
-		}
+			}
 		case DO_LOGOUT:
-			if (authdb_check_login(token, &entry, username, now))
+			if (authdb_check_login(token, &entry, username, now, &adbc))
 				authdb_commit_logout(token);
 			break;
 		}
@@ -223,7 +232,6 @@ int main(int argc, char **argv)
 		while (running)
 			read_input();
 	}
-	rc = 0;
 
 	authdb_close(&adb);
 err_adb:
diff --git a/src/squark-filter.c b/src/squark-filter.c
index 567201a..eff88b1 100644
--- a/src/squark-filter.c
+++ b/src/squark-filter.c
@@ -395,7 +395,7 @@ static void read_input(struct sqdb *db)
 				category = 0;
 
 			token = authdb_get(&adb, &addr, &entry, 1);
-			if (authdb_check_login(token, &entry, username, now)) {
+			if (authdb_check_login(token, &entry, username, now, &adbc)) {
 				auth_ok = 1;
 				username = BLOB_STRLEN(entry.p.login_name);
 			} else {
author	Timo Teräs <timo.teras@iki.fi>	2010-11-07 01:57:30 +0200
committer	Timo Teräs <timo.teras@iki.fi>	2010-11-07 01:57:30 +0200
commit	1c23dbef0405d8ca9776737a209fb5b549219bc8 (patch)
tree	378ac096a56dca5a6a6ac52ed138d85f888f4dd3 /src
parent	cb2db2f1c759c60849b66dabf8ee03c9cdfb2dd5 (diff)
download	squark-1c23dbef0405d8ca9776737a209fb5b549219bc8.tar.bz2 squark-1c23dbef0405d8ca9776737a209fb5b549219bc8.tar.xz