src/auth/CredentialsCache.cc

   1 /*
   2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 29    Authenticator */
  10
  11 #include "squid.h"
  12 #include "acl/Gadgets.h"
  13 #include "auth/Config.h"
  14 #include "auth/CredentialsCache.h"
  15 #include "base/RunnersRegistry.h"
  16 #include "Debug.h"
  17 #include "event.h"
  18
  19 namespace Auth {
  20
  21 class CredentialCacheRr : public RegisteredRunner
  22 {
  23 public:
  24     explicit CredentialCacheRr(const char *n, CredentialsCache * const c) :
  25         name(n),
  26         whichCache(c)
  27     {}
  28
  29     virtual ~CredentialCacheRr() {
  30         debugs(29, 5, "Terminating Auth credentials cache: " << name);
  31         // invalidate the CBDATA reference.
  32         // causes Auth::*::User::Cache() to produce nil / invalid pointer
  33         delete whichCache.get();
  34     }
  35
  36     virtual void endingShutdown() override {
  37         debugs(29, 5, "Clearing Auth credentials cache: " << name);
  38         whichCache->reset();
  39     }
  40
  41     virtual void syncConfig() override {
  42         debugs(29, 5, "Reconfiguring Auth credentials cache: " << name);
  43         whichCache->doConfigChangeCleanup();
  44     }
  45
  46 private:
  47     /// name of the cache being managed, for logs
  48     const char *name;
  49
  50     /// reference to the scheme cache which is being managed
  51     CbcPointer<CredentialsCache> whichCache;
  52 };
  53
  54 CBDATA_CLASS_INIT(CredentialsCache);
  55
  56 CredentialsCache::CredentialsCache(const char *name, const char * const prettyEvName) :
  57     gcScheduled_(false),
  58     cacheCleanupEventName(prettyEvName)
  59 {
  60     debugs(29, 5, "initializing " << name << " credentials cache");
  61     RegisterRunner(new Auth::CredentialCacheRr(name, this));
  62 }
  63
  64 Auth::User::Pointer
  65 CredentialsCache::lookup(const SBuf &userKey) const
  66 {
  67     debugs(29, 6, "lookup for " << userKey);
  68     auto p = store_.find(userKey);
  69     if (p == store_.end())
  70         return User::Pointer(nullptr);
  71     return p->second;
  72 }
  73
  74 void
  75 CredentialsCache::Cleanup(void *data)
  76 {
  77     debugs(29, 5, "checkpoint");
  78     // data is this in disguise
  79     CredentialsCache *self = static_cast<CredentialsCache *>(data);
  80     self->cleanup();
  81 }
  82
  83 void
  84 CredentialsCache::cleanup()
  85 {
  86     // cache entries with expiretime <= expirationTime are to be evicted
  87     const time_t expirationTime =  current_time.tv_sec - Auth::TheConfig.credentialsTtl;
  88
  89     const auto end = store_.end();
  90     for (auto i = store_.begin(); i != end;) {
  91         debugs(29, 6, "considering " << i->first << "(expires in " <<
  92                (expirationTime - i->second->expiretime) << " sec)");
  93         if (i->second->expiretime <= expirationTime) {
  94             debugs(29, 6, "evicting " << i->first);
  95             i = store_.erase(i); //erase advances i
  96         } else {
  97             ++i;
  98         }
  99     }
 100     gcScheduled_ = false;
 101     scheduleCleanup();
 102 }
 103
 104 void
 105 CredentialsCache::insert(const SBuf &userKey, Auth::User::Pointer anAuth_user)
 106 {
 107     debugs(29, 6, "adding " << userKey << " (" << anAuth_user->username() << ")");
 108     store_[userKey] = anAuth_user;
 109     scheduleCleanup();
 110 }
 111
 112 // generates the list of cached usernames in a format that is convenient
 113 // to merge with equivalent lists obtained from other CredentialsCaches.
 114 std::vector<Auth::User::Pointer>
 115 CredentialsCache::sortedUsersList() const
 116 {
 117     std::vector<Auth::User::Pointer> rv(size(), nullptr);
 118     std::transform(store_.begin(), store_.end(), rv.begin(),
 119     [](StoreType::value_type v) { return v.second; }
 120                   );
 121     std::sort(rv.begin(), rv.end(),
 122     [](const Auth::User::Pointer &lhs, const Auth::User::Pointer &rhs) {
 123         return strcmp(lhs->username(), rhs->username()) < 0;
 124     }
 125              );
 126     return rv;
 127 }
 128
 129 void
 130 CredentialsCache::scheduleCleanup()
 131 {
 132     if (!gcScheduled_ && store_.size()) {
 133         gcScheduled_ = true;
 134         eventAdd(cacheCleanupEventName, &CredentialsCache::Cleanup,
 135                  this, Auth::TheConfig.garbageCollectInterval, 1);
 136     }
 137 }
 138
 139 void
 140 CredentialsCache::doConfigChangeCleanup()
 141 {
 142     // purge expired entries entirely
 143     cleanup();
 144     // purge the ACL match data stored in the credentials
 145     for (auto i : store_) {
 146         aclCacheMatchFlush(&i.second->proxy_match_cache);
 147     }
 148 }
 149
 150 } /* namespace Auth */
 151