From 75af33433f3ffbe25c81960d8d1888be7ce35418 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Tue, 10 Jan 2012 15:44:27 +0200
Subject: auth-snmp: commit login only if credentials are not valid

This makes sure the other session things are not reset when the
squid helper cache needs revalidation. Fixes premature reset of
override timestamp amongst other issues.
---
 src/squark-auth-snmp.c | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/squark-auth-snmp.c b/src/squark-auth-snmp.c
index 3681ea5..e6947c4 100644
--- a/src/squark-auth-snmp.c
+++ b/src/squark-auth-snmp.c
@@ -570,38 +570,45 @@ static void auth_completed(struct auth_context *auth)
 	char tmp[256], *uf_a, *uf_b;
 	void *token;
 	struct authdb_entry entry;
-	blob_t b = BLOB_BUF(tmp), un;
+	blob_t b, uf;
 
 	token = authdb_get(&adb, &auth->addr, &entry, 1);
 	authdb_clear_entry(&entry);
 
+	b = BLOB_BUF(tmp);
 	blob_push(&b, BLOB_STRLEN(auth->token));
-	if (auth_ok(auth)) {
-		if (token != NULL) {
-			un = BLOB_BUF(entry.p.login_name);
-			blob_push_formatted_username(&un, username_format, auth);
+	blob_push(&b, BLOB_STR(" OK user="));
+	uf_a = b.ptr;
+	blob_push_formatted_username(&b, username_format, auth);
+	uf_b = b.ptr;
+	blob_push(&b, BLOB_PTR_LEN("\n", 1));
+	uf = BLOB_PTR_PTR(uf_a, uf_b);
+
+	if (auth_ok(auth) && uf.len <= sizeof(entry.p.login_name)) {
+		if (token != NULL &&
+		    !authdb_check_login(token, &entry, uf, current_time, &adbc)) {
+			authdb_clear_entry(&entry);
+			memcpy(entry.p.login_name, uf.ptr, uf.len);
 			memcpy(entry.p.mac_address, auth->mac, MAC_LEN);
 			entry.p.switch_ip = auth->current_switch->addr;
 			entry.p.switch_port = auth->local_port;
 			authdb_commit_login(token, &entry, current_time, &adbc);
 		}
 
-		blob_push(&b, BLOB_STR(" OK user="));
-		uf_a = b.ptr;
-		blob_push_formatted_username(&b, username_format, auth);
-		uf_b = b.ptr;
-		blob_push(&b, BLOB_PTR_LEN("\n", 1));
 		if (do_syslog) {
-			blob_t tmp = BLOB_PTR_PTR(uf_a, uf_b);
 			syslog(LOG_AUTHPRIV | LOG_INFO,
 				"%s authenticated as %.*s",
 				addr_print(&auth->addr),
-				tmp.len, tmp.ptr);
+				uf.len, uf.ptr);
 		}
 	} else {
 		if (token != NULL)
 			authdb_commit_logout(token);
+
+		b = BLOB_BUF(tmp);
+		blob_push(&b, BLOB_STRLEN(auth->token));
 		blob_push(&b, BLOB_STR(" ERR\n"));
+
 		if (do_syslog) {
 			syslog(LOG_AUTHPRIV | LOG_WARNING,
 				"%s failed: %s",
-- 
cgit v1.2.3