diff options
author | Timo Teräs <timo.teras@iki.fi> | 2012-01-10 15:44:27 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2012-01-10 15:44:27 +0200 |
commit | 75af33433f3ffbe25c81960d8d1888be7ce35418 (patch) | |
tree | 24e487c8026011b645f83df2623422aa93a22e6e /src | |
parent | 7de37bf29937459edac8e878c87bfb331b9d6382 (diff) | |
download | squark-75af33433f3ffbe25c81960d8d1888be7ce35418.tar.bz2 squark-75af33433f3ffbe25c81960d8d1888be7ce35418.tar.xz |
auth-snmp: commit login only if credentials are not valid
This makes sure the other session things are not reset when the
squid helper cache needs revalidation. Fixes premature reset of
override timestamp amongst other issues.
Diffstat (limited to 'src')
-rw-r--r-- | src/squark-auth-snmp.c | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/src/squark-auth-snmp.c b/src/squark-auth-snmp.c index 3681ea5..e6947c4 100644 --- a/src/squark-auth-snmp.c +++ b/src/squark-auth-snmp.c @@ -570,38 +570,45 @@ static void auth_completed(struct auth_context *auth) char tmp[256], *uf_a, *uf_b; void *token; struct authdb_entry entry; - blob_t b = BLOB_BUF(tmp), un; + blob_t b, uf; token = authdb_get(&adb, &auth->addr, &entry, 1); authdb_clear_entry(&entry); + b = BLOB_BUF(tmp); blob_push(&b, BLOB_STRLEN(auth->token)); - if (auth_ok(auth)) { - if (token != NULL) { - un = BLOB_BUF(entry.p.login_name); - blob_push_formatted_username(&un, username_format, auth); + blob_push(&b, BLOB_STR(" OK user=")); + uf_a = b.ptr; + blob_push_formatted_username(&b, username_format, auth); + uf_b = b.ptr; + blob_push(&b, BLOB_PTR_LEN("\n", 1)); + uf = BLOB_PTR_PTR(uf_a, uf_b); + + if (auth_ok(auth) && uf.len <= sizeof(entry.p.login_name)) { + if (token != NULL && + !authdb_check_login(token, &entry, uf, current_time, &adbc)) { + authdb_clear_entry(&entry); + memcpy(entry.p.login_name, uf.ptr, uf.len); memcpy(entry.p.mac_address, auth->mac, MAC_LEN); entry.p.switch_ip = auth->current_switch->addr; entry.p.switch_port = auth->local_port; authdb_commit_login(token, &entry, current_time, &adbc); } - blob_push(&b, BLOB_STR(" OK user=")); - uf_a = b.ptr; - blob_push_formatted_username(&b, username_format, auth); - uf_b = b.ptr; - blob_push(&b, BLOB_PTR_LEN("\n", 1)); if (do_syslog) { - blob_t tmp = BLOB_PTR_PTR(uf_a, uf_b); syslog(LOG_AUTHPRIV | LOG_INFO, "%s authenticated as %.*s", addr_print(&auth->addr), - tmp.len, tmp.ptr); + uf.len, uf.ptr); } } else { if (token != NULL) authdb_commit_logout(token); + + b = BLOB_BUF(tmp); + blob_push(&b, BLOB_STRLEN(auth->token)); blob_push(&b, BLOB_STR(" ERR\n")); + if (do_syslog) { syslog(LOG_AUTHPRIV | LOG_WARNING, "%s failed: %s", |