helpers/basic_auth/MSNT/denyusers.cc

   1 #include "config.h"
   2
   3 /*
   4  * denyusers.c
   5  * (C) 2000 Antonino Iannella, Stellar-X Pty Ltd
   6  * Released under GPL, see COPYING-2.0 for details.
   7  *
   8  * These routines are to block users attempting to use the proxy which
   9  * have been explicitly denied by the system administrator.
  10  * Routines at the bottom also use the allowed user functions.
  11  */
  12
  13 #include <stdlib.h>
  14 #include <unistd.h>
  15 #include <time.h>
  16 #include <sys/types.h>
  17 #include <sys/param.h>
  18 #include <string.h>
  19 #include "usersfile.h"
  20 #include "msntauth.h"
  21
  22 static usersfile DenyUsers;
  23 static int init = 0;
  24
  25 /* shared */
  26 char Denyuserpath[MAXPATHLEN];  /* MAXPATHLEN defined in param.h */
  27
  28 int
  29 Read_denyusers(void)
  30 {
  31     if (!init) {
  32         memset(&DenyUsers, '\0', sizeof(DenyUsers));
  33         init = 1;
  34     }
  35     if (*Denyuserpath)
  36         return Read_usersfile(Denyuserpath, &DenyUsers);
  37     else
  38         return 0;
  39 }
  40
  41 static void
  42 Check_fordenychange(void)
  43 {
  44     Check_forfilechange(&DenyUsers);
  45 }
  46
  47
  48 /*
  49  * Check to see if the username provided by Squid appears in the denied
  50  * user list. Returns 0 if the user was not found, and 1 if they were.
  51  */
  52
  53 static int
  54 Check_ifuserdenied(char *ConnectingUser)
  55 {
  56     /* If user string is empty, deny */
  57     if (ConnectingUser[0] == '\0')
  58         return 1;
  59
  60     /* If denied user list is empty, allow */
  61     if (DenyUsers.Inuse == 0)
  62         return 0;
  63
  64     return Check_userlist(&DenyUsers, ConnectingUser);
  65 }
  66
  67 /*
  68  * Decides if a user is denied or allowed.
  69  * If they have been denied, or not allowed, return 1.
  70  * Else return 0.
  71  */
  72
  73 int
  74 Check_user(char *ConnectingUser)
  75 {
  76     if (Check_ifuserdenied(ConnectingUser) == 1)
  77         return 1;
  78
  79     if (Check_ifuserallowed(ConnectingUser) == 0)
  80         return 1;
  81
  82     return 0;
  83 }
  84
  85 /*
  86  * Checks the denied and allowed user files for change.
  87  * This function is invoked when a SIGHUP signal is received.
  88  * It is also run after every 60 seconds, at the next request.
  89  */
  90
  91 void
  92 Check_forchange(int signal)
  93 {
  94     Check_fordenychange();
  95     Check_forallowchange();
  96 }
  97
  98 /*
  99  * Checks the timer. If longer than 1 minute has passed since the last
 100  * time someone has accessed the proxy, then check for changes in the
 101  * denied user file. If longer than one minute hasn't passed, return.
 102  */
 103
 104 void
 105 Checktimer()
 106 {
 107     static time_t Lasttime;     /* The last time the timer was checked */
 108     static time_t Currenttime;  /* The current time */
 109
 110     Currenttime = time(NULL);
 111
 112     /* If timeout has expired, check the denied user file, else return */
 113     if (difftime(Currenttime, Lasttime) < 60)
 114         return;
 115     else {
 116         Check_forchange(-1);
 117         Lasttime = Currenttime;
 118     }
 119 }