--------------------- PatchSet 1028 Date: 2001/01/01 10:48:28 Author: rbcollins Branch: auth_rewrite Tag: (none) Log: credentials TTL reimplemented Members: src/acl.c:1.1.1.3.12.26.2.11->1.1.1.3.12.26.2.12 src/cache_cf.c:1.1.1.3.4.1.2.9.2.5->1.1.1.3.4.1.2.9.2.6 src/cf.data.pre:1.1.1.3.4.1.2.18.2.8->1.1.1.3.4.1.2.18.2.9 src/protos.h:1.1.1.3.12.17.2.11->1.1.1.3.12.17.2.12 src/auth/basic/auth_basic.c:1.1.2.10->1.1.2.11 src/auth/basic/auth_basic.h:1.1.2.2->1.1.2.3 Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.1.1.3.12.26.2.11 retrieving revision 1.1.1.3.12.26.2.12 diff -u -r1.1.1.3.12.26.2.11 -r1.1.1.3.12.26.2.12 --- squid/src/acl.c 1 Jan 2001 09:51:18 -0000 1.1.1.3.12.26.2.11 +++ squid/src/acl.c 1 Jan 2001 10:48:28 -0000 1.1.1.3.12.26.2.12 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.1.1.3.12.26.2.11 2001/01/01 09:51:18 rbcollins Exp $ + * $Id: acl.c,v 1.1.1.3.12.26.2.12 2001/01/01 10:48:28 rbcollins Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -807,18 +807,10 @@ #else aclParseWordList(&A->data); #endif -#if 0 - /* this should probably be if(!authenticateUserCacheInited()) - * authenticateInitUserCache() */ - if (!proxy_auth_username_cache) - authenticateInitUserCache(); -#endif } break; case ACL_PROXY_AUTH_REGEX: aclParseRegexList(&A->data); - if (!proxy_auth_username_cache) - authenticateInitUserCache(); break; #if SQUID_SNMP case ACL_SNMP_COMMUNITY: Index: squid/src/cache_cf.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cache_cf.c,v retrieving revision 1.1.1.3.4.1.2.9.2.5 retrieving revision 1.1.1.3.4.1.2.9.2.6 diff -u -r1.1.1.3.4.1.2.9.2.5 -r1.1.1.3.4.1.2.9.2.6 --- squid/src/cache_cf.c 1 Jan 2001 09:51:21 -0000 1.1.1.3.4.1.2.9.2.5 +++ squid/src/cache_cf.c 1 Jan 2001 10:48:28 -0000 1.1.1.3.4.1.2.9.2.6 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.1.1.3.4.1.2.9.2.5 2001/01/01 09:51:21 rbcollins Exp $ + * $Id: cache_cf.c,v 1.1.1.3.4.1.2.9.2.6 2001/01/01 10:48:28 rbcollins Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -1676,7 +1676,7 @@ storeAppendPrintf(entry, "%s %d seconds\n", name, (int) var); } -static void +void parse_time_t(time_t * var) { parseTimeLine(var, T_SECOND_STR); Index: squid/src/cf.data.pre =================================================================== RCS file: /cvsroot/squid-sf//squid/src/cf.data.pre,v retrieving revision 1.1.1.3.4.1.2.18.2.8 retrieving revision 1.1.1.3.4.1.2.18.2.9 diff -u -r1.1.1.3.4.1.2.18.2.8 -r1.1.1.3.4.1.2.18.2.9 --- squid/src/cf.data.pre 1 Jan 2001 09:51:21 -0000 1.1.1.3.4.1.2.18.2.8 +++ squid/src/cf.data.pre 1 Jan 2001 10:48:28 -0000 1.1.1.3.4.1.2.18.2.9 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.1.1.3.4.1.2.18.2.8 2001/01/01 09:51:21 rbcollins Exp $ +# $Id: cf.data.pre,v 1.1.1.3.4.1.2.18.2.9 2001/01/01 10:48:28 rbcollins Exp $ # # # SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -1148,7 +1148,7 @@ #authparam basic program authparam basic children 5 authparam basic realm Squid proxy-caching web server -#authparam basic credentialsttl 2 hours +authparam basic credentialsttl 2 hours NOCOMMENT_END DOC_END Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.1.1.3.12.17.2.11 retrieving revision 1.1.1.3.12.17.2.12 diff -u -r1.1.1.3.12.17.2.11 -r1.1.1.3.12.17.2.12 --- squid/src/protos.h 1 Jan 2001 09:51:21 -0000 1.1.1.3.12.17.2.11 +++ squid/src/protos.h 1 Jan 2001 10:48:28 -0000 1.1.1.3.12.17.2.12 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.1.1.3.12.17.2.11 2001/01/01 09:51:21 rbcollins Exp $ + * $Id: protos.h,v 1.1.1.3.12.17.2.12 2001/01/01 10:48:28 rbcollins Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -87,6 +87,8 @@ extern void self_destruct(void); extern int GetInteger(void); +/* extra functions from cache_cf.c useful for lib modules */ +extern void parse_time_t(time_t * var); extern void cbdataInit(void); #if CBDATA_DEBUG Index: squid/src/auth/basic/auth_basic.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/basic/auth_basic.c,v retrieving revision 1.1.2.10 retrieving revision 1.1.2.11 diff -u -r1.1.2.10 -r1.1.2.11 --- squid/src/auth/basic/auth_basic.c 1 Jan 2001 09:51:23 -0000 1.1.2.10 +++ squid/src/auth/basic/auth_basic.c 1 Jan 2001 10:48:29 -0000 1.1.2.11 @@ -129,10 +129,12 @@ int authenticateBasicAuthenticated(auth_user_t * auth_user) { - /* if they are in the hash they must be authenticated */ - if (auth_user->usernamehash) return 1; - debug (29, 7) ("Couldn't find user in cache: assuming not logged in.\n"); - return 0; + basic_data *basic_auth=auth_user->scheme_data; + /* if they are in the hash they must be authenticated */ + if ((auth_user->usernamehash) && (basic_auth->credentials_checkedtime+basicConfig->credentialsTTL > squid_curtime)) + return 1; + debug (29, 7) ("Couldn't find user in cache or credentials need rechecking.\n"); + return 0; } int authenticateBasiccmpUsername(basic_data * u1, basic_data *u2) @@ -151,12 +153,16 @@ if (auth_user->flags.credentials_ok!=1) return auth_user; + assert(auth_user->scheme_data != NULL); + basic_auth = auth_user->scheme_data; + + /* are we about to recheck the credentials externally? */ + if (basic_auth->credentials_checkedtime+basicConfig->credentialsTTL<=squid_curtime) + return auth_user; + /* get the header. */ proxy_auth = httpHeaderGetStr(&request->header, type); - assert(auth_user->scheme_data != NULL); - basic_auth = auth_user->scheme_data; - /* password was checked and did match */ debug(29, 4) ("authenticateBasicAuthenticateuser: user '%s' validated OK\n", basic_auth->username); @@ -203,10 +209,13 @@ int authenticateBasicDirection(auth_user_t *auth_user) { /* null auth_user is checked for by authenticateDirection */ + basic_data *basic_auth=auth_user->scheme_data; switch (auth_user->flags.credentials_ok) { case 0: /* not checked */ return -1; case 1: /* checked & ok */ + if (basic_auth->credentials_checkedtime+basicConfig->credentialsTTL<=squid_curtime) + return -1; return 0; case 2: /* partway through checking. Invalid for basic */ return -2; @@ -230,9 +239,9 @@ { if (basicConfig==NULL) return; - assert(basicConfig==scheme); + assert(basicConfig==scheme->scheme_data); if (basicConfig->authenticate) - wordlistDestroy(basicConfig->authenticate); + wordlistDestroy(&basicConfig->authenticate); if (basicConfig->basicAuthRealm) safe_free(basicConfig->basicAuthRealm); xfree(basicConfig); @@ -256,6 +265,7 @@ { authenticateStateData *r = data; auth_user_t *auth_user; + basic_data *basic_auth; int valid; char *t = NULL; debug(29, 5) ("authenticateBasicHandleReply: {%s}\n", reply ? reply : ""); @@ -268,10 +278,12 @@ assert(r->auth_user != NULL); assert(r->auth_user->auth_type == AUTH_BASIC); auth_user=r->auth_user; + basic_auth=auth_user->scheme_data; if (reply && (strncasecmp(reply, "OK", 2) == 0)) auth_user->flags.credentials_ok = 1; else auth_user->flags.credentials_ok = 2; + basic_auth->credentials_checkedtime=squid_curtime; valid = cbdataValid(r->data); cbdataUnlock(r->data); if (valid) @@ -342,9 +354,13 @@ { parse_eol(&basicConfig->basicAuthRealm); } + else if (strcasecmp(param_str,"credentialsttl")==0) + { + parse_time_t(&basicConfig->credentialsTTL); + } else { - fatalf("unrecognised basic auth scheme parameter '%s'\n",param_str); + debug(28,0)("unrecognised basic auth scheme parameter '%s'\n",param_str); } } Index: squid/src/auth/basic/auth_basic.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/auth/basic/auth_basic.h,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- squid/src/auth/basic/auth_basic.h 1 Jan 2001 09:51:23 -0000 1.1.2.2 +++ squid/src/auth/basic/auth_basic.h 1 Jan 2001 10:48:29 -0000 1.1.2.3 @@ -18,6 +18,7 @@ struct _basic_data { char *username; char *passwd; + time_t credentials_checkedtime; }; /* configuration runtime data */ @@ -25,6 +26,7 @@ int authenticateChildren; char *basicAuthRealm; wordlist *authenticate; + time_t credentialsTTL; }; typedef struct _auth_basic_config auth_basic_config;