From 1c23dbef0405d8ca9776737a209fb5b549219bc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Sun, 7 Nov 2010 01:57:30 +0200 Subject: authdb, auth-ip: make logout_timeout configurable * authdb: change to use squark.conf instead of filter.conf * authdb: config option logout_timeout added (defaults to 15mins) * auth-ip: add -r parameter to refresh login time fixes #452 --- src/authdb.c | 22 +++++++++++++++------- src/authdb.h | 3 ++- src/squark-auth-ip.c | 20 ++++++++++++++------ src/squark-filter.c | 2 +- 4 files changed, 32 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/authdb.c b/src/authdb.c index 85fb44e..d48c43d 100644 --- a/src/authdb.c +++ b/src/authdb.c @@ -8,6 +8,7 @@ #include #include +#include "config.h" #include "authdb.h" #include "filterdb.h" #include "addr.h" @@ -16,7 +17,6 @@ #define ALIGN(s,a) (((s) + a - 1) & ~(a - 1)) #define AUTHDB_IP_PER_ME 256 -#define AUTHDB_LOGOFF_PERIOD (15*60) /* 15 mins */ #define AUTHDB_SHM_SIZE ALIGN(sizeof(struct authdb_entry[AUTHDB_IP_PER_ME]), 4096) static struct authdb_map_entry *authdb_me_open(sockaddr_any *addr, int create) @@ -201,7 +201,9 @@ int authdb_set(void *token, struct authdb_entry *entry) return 1; } -int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now) +int authdb_check_login(void *token, struct authdb_entry *e, + blob_t username, time_t now, + struct authdb_config *adbc) { struct authdb_entry *mme = token; @@ -211,15 +213,17 @@ int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, tim return 0; /* and dates */ - if (now > e->last_activity_time + AUTHDB_LOGOFF_PERIOD) + if (now > e->last_activity_time + adbc->logout_timeout) return 0; /* and that no one clobbered the entry */ if (mme->checksum != e->checksum) return 0; - /* refresh last activity */ - mme->last_activity_time = now; + /* refresh last activity -- avoid writes to page so + * caches don't get invalidated too often */ + if (now > mme->last_activity_time + 2) + mme->last_activity_time = now; return 1; } @@ -330,7 +334,7 @@ int adbc_refresh(struct authdb_config *cfg, time_t now) if (cfg->last_check != 0 && cfg->last_check + 2*60 > now) return 0; - if (stat("/etc/squark/filter.conf", &st) != 0) + if (stat(squark_config, &st) != 0) return -1; if (cfg->last_change == st.st_ctime) @@ -338,12 +342,14 @@ int adbc_refresh(struct authdb_config *cfg, time_t now) /* check timestamp */ - in = fopen("/etc/squark/filter.conf", "r"); + in = fopen(squark_config, "r"); if (in == NULL) return -1; cfg->block_categories = 0; cfg->hard_block_categories = 0; + cfg->logout_timeout = DEFAULT_LOGOUT_TIMEOUT; + while (1) { b = read_word(in, &lineno, BLOB_BUF(word1)); if (blob_is_null(b)) @@ -356,6 +362,8 @@ int adbc_refresh(struct authdb_config *cfg, time_t now) cfg->hard_block_categories |= to_category(cfg->db, p); } else if (blob_cmp(b, BLOB_STR("warn")) == 0) { cfg->block_categories |= to_category(cfg->db, p); + } else if (blob_cmp(b, BLOB_STR("logout_timeout")) == 0) { + cfg->logout_timeout = blob_pull_uint(&p, 10); } } cfg->block_categories |= cfg->hard_block_categories; diff --git a/src/authdb.h b/src/authdb.h index 7bfa2f4..562ed17 100644 --- a/src/authdb.h +++ b/src/authdb.h @@ -18,6 +18,7 @@ struct authdb_config { uint64_t block_categories; uint64_t hard_block_categories; blob_t redirect_url_base; + unsigned int logout_timeout; }; struct authdb { @@ -52,7 +53,7 @@ void *authdb_get(struct authdb *adb, sockaddr_any *addr, struct authdb_entry *en void authdb_clear_entry(struct authdb_entry *entry); int authdb_set(void *token, struct authdb_entry *entry); -int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now); +int authdb_check_login(void *token, struct authdb_entry *e, blob_t username, time_t now, struct authdb_config *cfg); void authdb_commit_login(void *token, struct authdb_entry *e, time_t now, struct authdb_config *cfg); void authdb_commit_logout(void *token); void authdb_commit_override(void *token, struct authdb_entry *entry, time_t now); diff --git a/src/squark-auth-ip.c b/src/squark-auth-ip.c index 08adca9..ec6a44d 100644 --- a/src/squark-auth-ip.c +++ b/src/squark-auth-ip.c @@ -23,6 +23,7 @@ #define DO_OVERRIDE -2 #define DO_PRINT -3 #define DO_LOGOUT -4 +#define DO_REFRESH -5 static int running = 1; static struct sqdb db; @@ -48,7 +49,7 @@ static void handle_line(blob_t line) if (addr_parse(ipaddr, &addr)) { token = authdb_get(&adb, &addr, &entry, 1); - if (authdb_check_login(token, &entry, BLOB_NULL, now)) + if (authdb_check_login(token, &entry, BLOB_NULL, now, &adbc)) auth_ok = 1; } @@ -118,7 +119,7 @@ int main(int argc, char **argv) sockaddr_any ipaddr = { .any.sa_family = AF_UNSPEC }; blob_t ip = BLOB_NULL, username = BLOB_NULL; - while ((opt = getopt(argc, argv, "Vi:u:olpL")) != -1) { + while ((opt = getopt(argc, argv, "Vi:u:olpLr")) != -1) { switch (opt) { case 'V': fprintf(stderr, "squark-auth-ip %s\n", squark_version); @@ -146,6 +147,9 @@ int main(int argc, char **argv) case 'L': running = DO_LOGOUT; break; + case 'r': + running = DO_REFRESH; + break; } } @@ -160,6 +164,7 @@ int main(int argc, char **argv) goto err_adb; } + rc = 0; if (running < 0) { struct authdb_entry entry; void *token; @@ -185,8 +190,12 @@ int main(int argc, char **argv) memcpy(entry.p.login_name, username.ptr, username.len); authdb_commit_login(token, &entry, now, &adbc); break; + case DO_REFRESH: + if (!authdb_check_login(token, &entry, username, now, &adbc)) + rc = 3; + break; case DO_OVERRIDE: - if (authdb_check_login(token, &entry, username, now)) + if (authdb_check_login(token, &entry, username, now, &adbc)) authdb_commit_override(token, &entry, now); break; case DO_PRINT: { @@ -213,9 +222,9 @@ int main(int argc, char **argv) b = blob_pushed(BLOB_BUF(buf), b); fwrite(b.ptr, b.len, 1, stdout); break; - } + } case DO_LOGOUT: - if (authdb_check_login(token, &entry, username, now)) + if (authdb_check_login(token, &entry, username, now, &adbc)) authdb_commit_logout(token); break; } @@ -223,7 +232,6 @@ int main(int argc, char **argv) while (running) read_input(); } - rc = 0; authdb_close(&adb); err_adb: diff --git a/src/squark-filter.c b/src/squark-filter.c index 567201a..eff88b1 100644 --- a/src/squark-filter.c +++ b/src/squark-filter.c @@ -395,7 +395,7 @@ static void read_input(struct sqdb *db) category = 0; token = authdb_get(&adb, &addr, &entry, 1); - if (authdb_check_login(token, &entry, username, now)) { + if (authdb_check_login(token, &entry, username, now, &adbc)) { auth_ok = 1; username = BLOB_STRLEN(entry.p.login_name); } else { -- cgit v1.2.3