]>
Commit | Line | Data |
---|---|---|
ca02e0ec | 1 | /* |
b8ae064d | 2 | * Copyright (C) 1996-2023 The Squid Software Foundation and contributors |
ca02e0ec AJ |
3 | * |
4 | * Squid software is distributed under GPLv2+ license and includes | |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
7 | */ | |
8 | ||
b0c8f295 | 9 | /* |
c152a447 | 10 | * ext_session_acl: Squid external acl helper for tracking sessions |
b0c8f295 | 11 | * |
12 | * Copyright (C) 2006 Henrik Nordstrom <henrik@henriknordstrom.net> | |
13 | * | |
14 | * This program is free software; you can redistribute it and/or modify | |
15 | * it under the terms of the GNU General Public License as published by | |
16 | * the Free Software Foundation; either version 2 of the License, or | |
17 | * (at your option) any later version. | |
26ac0430 | 18 | * |
b0c8f295 | 19 | * This program is distributed in the hope that it will be useful, |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
22 | * GNU General Public License for more details. | |
26ac0430 | 23 | * |
b0c8f295 | 24 | * You should have received a copy of the GNU General Public License |
25 | * along with this program; if not, write to the Free Software | |
26 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. | |
27 | */ | |
28 | ||
32d002cb | 29 | #if HAVE_CONFIG_H |
f7f3304a | 30 | #include "squid.h" |
b9f00e4d | 31 | #endif |
079b1d0f | 32 | #include "helper/protocol_defines.h" |
b9f00e4d | 33 | |
074d6a40 AJ |
34 | #include <cstdlib> |
35 | #include <cstring> | |
36 | #include <ctime> | |
9e8f57e0 AB |
37 | #if HAVE_DB_H |
38 | #include <db.h> | |
39 | #endif | |
b0c8f295 | 40 | #include <fcntl.h> |
9e8f57e0 AB |
41 | #if HAVE_GETOPT_H |
42 | #include <getopt.h> | |
43 | #endif | |
9e8f57e0 AB |
44 | #include <sys/types.h> |
45 | #include <sys/stat.h> | |
acd207af AJ |
46 | #if HAVE_TDB_H |
47 | #include <tdb.h> | |
48 | #endif | |
9e8f57e0 AB |
49 | #if HAVE_UNISTD_H |
50 | #include <unistd.h> | |
b2b03568 | 51 | #endif |
b0c8f295 | 52 | |
04f7fd38 | 53 | /* At this point all Bit Types are already defined, so we must |
0a13cc9d GS |
54 | protect from multiple type definition on platform where |
55 | __BIT_TYPES_DEFINED__ is not defined. | |
56 | */ | |
57 | #ifndef __BIT_TYPES_DEFINED__ | |
58 | #define __BIT_TYPES_DEFINED__ | |
59 | #endif | |
6b5de50d | 60 | |
b0c8f295 | 61 | static int session_ttl = 3600; |
2be46d67 | 62 | static int fixed_timeout = 0; |
aee3523a | 63 | char *db_path = nullptr; |
b0c8f295 | 64 | const char *program_name; |
65 | ||
acd207af | 66 | #if USE_BERKLEYDB |
aee3523a AR |
67 | DB *db = nullptr; |
68 | DB_ENV *db_env = nullptr; | |
acd207af AJ |
69 | typedef DBT DB_ENTRY; |
70 | ||
4f3f75b7 | 71 | #elif HAVE_LIBTDB |
acd207af AJ |
72 | TDB_CONTEXT *db = nullptr; |
73 | typedef TDB_DATA DB_ENTRY; | |
74 | ||
ee244464 | 75 | #else |
2f8abb64 | 76 | #error "Either Berkeley DB or Trivial DB must be available" |
acd207af AJ |
77 | #endif |
78 | ||
79 | static void | |
80 | shutdown_db() | |
81 | { | |
82 | if (db) { | |
83 | #if USE_BERKLEYDB | |
84 | db->close(db, 0); | |
85 | } | |
86 | if (db_env) { | |
87 | db_env->close(db_env, 0); | |
88 | ||
4f3f75b7 | 89 | #elif HAVE_LIBTDB |
acd207af AJ |
90 | if (tdb_close(db) != 0) { |
91 | fprintf(stderr, "%s| WARNING: error closing session db '%s'\n", program_name, db_path); | |
92 | exit(EXIT_FAILURE); | |
93 | } | |
94 | #endif | |
95 | } | |
96 | xfree(db_path); | |
97 | } | |
b0c8f295 | 98 | |
99 | static void init_db(void) | |
100 | { | |
9e8f57e0 AB |
101 | struct stat st_buf; |
102 | ||
103 | if (db_path) { | |
104 | if (!stat(db_path, &st_buf)) { | |
105 | if (S_ISDIR (st_buf.st_mode)) { | |
acd207af | 106 | #if USE_BERKLEYDB |
9e8f57e0 AB |
107 | /* If directory then open database environment. This prevents sync problems |
108 | between different processes. Otherwise fallback to single file */ | |
109 | db_env_create(&db_env, 0); | |
9e167fa2 | 110 | if (db_env->open(db_env, db_path, DB_CREATE | DB_INIT_MPOOL | DB_INIT_LOCK, 0666)) { |
9e8f57e0 AB |
111 | fprintf(stderr, "FATAL: %s: Failed to open database environment in '%s'\n", program_name, db_path); |
112 | db_env->close(db_env, 0); | |
24885773 | 113 | exit(EXIT_FAILURE); |
9e8f57e0 AB |
114 | } |
115 | db_create(&db, db_env, 0); | |
4f3f75b7 | 116 | #elif HAVE_LIBTDB |
acd207af AJ |
117 | std::string newPath(db_path); |
118 | newPath.append("session", 7); | |
119 | db_path = xstrdup(newPath.c_str()); | |
120 | #endif | |
9e8f57e0 AB |
121 | } |
122 | } | |
123 | } | |
124 | ||
acd207af | 125 | #if USE_BERKLEYDB |
9e8f57e0 | 126 | if (db_env) { |
aee3523a | 127 | if (db->open(db, nullptr, "session", nullptr, DB_BTREE, DB_CREATE, 0666)) { |
9e8f57e0 AB |
128 | fprintf(stderr, "FATAL: %s: Failed to open db file '%s' in dir '%s'\n", |
129 | program_name, "session", db_path); | |
130 | db_env->close(db_env, 0); | |
24885773 | 131 | exit(EXIT_FAILURE); |
9e8f57e0 AB |
132 | } |
133 | } else { | |
aee3523a AR |
134 | db_create(&db, nullptr, 0); |
135 | if (db->open(db, nullptr, db_path, nullptr, DB_BTREE, DB_CREATE, 0666)) { | |
acd207af | 136 | db = nullptr; |
9e8f57e0 | 137 | } |
b0c8f295 | 138 | } |
4f3f75b7 | 139 | #elif HAVE_LIBTDB |
d4190e1e AJ |
140 | #if _SQUID_FREEBSD_ && !defined(O_DSYNC) |
141 | // FreeBSD lacks O_DSYNC, O_SYNC is closest to correct behaviour | |
142 | #define O_DSYNC O_SYNC | |
143 | #endif | |
acd207af AJ |
144 | db = tdb_open(db_path, 0, TDB_CLEAR_IF_FIRST, O_CREAT|O_DSYNC, 0666); |
145 | #endif | |
146 | if (!db) { | |
147 | fprintf(stderr, "FATAL: %s: Failed to open session db '%s'\n", program_name, db_path); | |
148 | shutdown_db(); | |
149 | exit(EXIT_FAILURE); | |
150 | } | |
b0c8f295 | 151 | } |
152 | ||
acd207af AJ |
153 | int session_is_active = 0; |
154 | ||
155 | static size_t | |
156 | dataSize(DB_ENTRY *data) | |
b0c8f295 | 157 | { |
acd207af AJ |
158 | #if USE_BERKLEYDB |
159 | return data->size; | |
4f3f75b7 | 160 | #elif HAVE_LIBTDB |
acd207af AJ |
161 | return data->dsize; |
162 | #endif | |
b0c8f295 | 163 | } |
164 | ||
acd207af AJ |
165 | static bool |
166 | fetchKey(/*const*/ DB_ENTRY &key, DB_ENTRY *data) | |
167 | { | |
168 | #if USE_BERKLEYDB | |
169 | return (db->get(db, nullptr, &key, data, 0) == 0); | |
4f3f75b7 | 170 | #elif HAVE_LIBTDB |
acd207af AJ |
171 | // NP: API says returns NULL on errors, but return is a struct type WTF?? |
172 | *data = tdb_fetch(db, key); | |
173 | return (data->dptr != nullptr); | |
174 | #endif | |
175 | } | |
176 | ||
177 | static void | |
178 | deleteEntry(/*const*/ DB_ENTRY &key) | |
179 | { | |
180 | #if USE_BERKLEYDB | |
181 | db->del(db, nullptr, &key, 0); | |
4f3f75b7 | 182 | #elif HAVE_LIBTDB |
acd207af AJ |
183 | tdb_delete(db, key); |
184 | #endif | |
185 | } | |
186 | ||
187 | static void | |
188 | copyValue(void *dst, const DB_ENTRY *src, size_t sz) | |
189 | { | |
190 | #if USE_BERKLEYDB | |
191 | memcpy(dst, src->data, sz); | |
4f3f75b7 | 192 | #elif HAVE_LIBTDB |
acd207af AJ |
193 | memcpy(dst, src->dptr, sz); |
194 | #endif | |
195 | } | |
b0c8f295 | 196 | |
c152a447 | 197 | static int session_active(const char *details, size_t len) |
b0c8f295 | 198 | { |
acd207af | 199 | #if USE_BERKLEYDB |
8b082ed9 | 200 | DBT key = {}; |
dfbef72d | 201 | key.data = const_cast<char*>(details); |
c152a447 | 202 | key.size = len; |
dfbef72d FC |
203 | |
204 | DBT data = {}; | |
4f3f75b7 | 205 | #elif HAVE_LIBTDB |
dfbef72d FC |
206 | TDB_DATA key = {}; |
207 | key.dptr = reinterpret_cast<decltype(key.dptr)>(const_cast<char*>(details)); | |
208 | key.dsize = len; | |
209 | ||
210 | TDB_DATA data = {}; | |
8b082ed9 FC |
211 | #else |
212 | (void)len; | |
acd207af AJ |
213 | #endif |
214 | if (fetchKey(key, &data)) { | |
26ac0430 | 215 | time_t timestamp; |
acd207af | 216 | if (dataSize(&data) != sizeof(timestamp)) { |
c152a447 | 217 | fprintf(stderr, "ERROR: %s: CORRUPTED DATABASE (%s)\n", program_name, details); |
acd207af | 218 | deleteEntry(key); |
26ac0430 AJ |
219 | return 0; |
220 | } | |
acd207af | 221 | copyValue(×tamp, &data, sizeof(timestamp)); |
aee3523a | 222 | if (timestamp + session_ttl >= time(nullptr)) |
26ac0430 | 223 | return 1; |
b0c8f295 | 224 | } |
225 | return 0; | |
226 | } | |
227 | ||
acd207af AJ |
228 | static void |
229 | session_login(/*const*/ char *details, size_t len) | |
b0c8f295 | 230 | { |
8b082ed9 FC |
231 | DB_ENTRY key = {}; |
232 | DB_ENTRY data = {}; | |
aee3523a | 233 | time_t now = time(nullptr); |
acd207af AJ |
234 | #if USE_BERKLEYDB |
235 | key.data = static_cast<decltype(key.data)>(details); | |
c152a447 | 236 | key.size = len; |
b0c8f295 | 237 | data.data = &now; |
238 | data.size = sizeof(now); | |
aee3523a | 239 | db->put(db, nullptr, &key, &data, 0); |
4f3f75b7 | 240 | #elif HAVE_LIBTDB |
acd207af AJ |
241 | key.dptr = reinterpret_cast<decltype(key.dptr)>(details); |
242 | key.dsize = len; | |
243 | data.dptr = reinterpret_cast<decltype(data.dptr)>(&now); | |
244 | data.dsize = sizeof(now); | |
245 | tdb_store(db, key, data, 0); | |
246 | #endif | |
b0c8f295 | 247 | } |
248 | ||
acd207af AJ |
249 | static void |
250 | session_logout(/*const*/ char *details, size_t len) | |
b0c8f295 | 251 | { |
8b082ed9 | 252 | DB_ENTRY key = {}; |
acd207af AJ |
253 | #if USE_BERKLEYDB |
254 | key.data = static_cast<decltype(key.data)>(details); | |
c152a447 | 255 | key.size = len; |
4f3f75b7 | 256 | #elif HAVE_LIBTDB |
acd207af AJ |
257 | key.dptr = reinterpret_cast<decltype(key.dptr)>(details); |
258 | key.dsize = len; | |
259 | #endif | |
260 | deleteEntry(key); | |
b0c8f295 | 261 | } |
262 | ||
263 | static void usage(void) | |
264 | { | |
2be46d67 AB |
265 | fprintf(stderr, "Usage: %s [-t|-T session_timeout] [-b dbpath] [-a]\n", program_name); |
266 | fprintf(stderr, " -t sessiontimeout Idle timeout after which sessions will be forgotten (user activity will reset)\n"); | |
267 | fprintf(stderr, " -T sessiontimeout Fixed timeout after which sessions will be forgotten (regardless of user activity)\n"); | |
b0c8f295 | 268 | fprintf(stderr, " -b dbpath Path where persistent session database will be kept\n"); |
269 | fprintf(stderr, " -a Active mode requiring LOGIN argument to start a session\n"); | |
270 | } | |
271 | int main(int argc, char **argv) | |
272 | { | |
c152a447 | 273 | char request[HELPER_INPUT_BUFFER]; |
b0c8f295 | 274 | int opt; |
275 | int default_action = 1; | |
276 | ||
277 | program_name = argv[0]; | |
278 | ||
2be46d67 | 279 | while ((opt = getopt(argc, argv, "t:T:b:a?")) != -1) { |
26ac0430 | 280 | switch (opt) { |
2be46d67 AB |
281 | case 'T': |
282 | fixed_timeout = 1; | |
09835feb | 283 | [[fallthrough]]; |
26ac0430 | 284 | case 't': |
aee3523a | 285 | session_ttl = strtol(optarg, nullptr, 0); |
26ac0430 AJ |
286 | break; |
287 | case 'b': | |
acd207af | 288 | db_path = xstrdup(optarg); |
26ac0430 AJ |
289 | break; |
290 | case 'a': | |
291 | default_action = 0; | |
292 | break; | |
293 | case '?': | |
294 | usage(); | |
24885773 | 295 | exit(EXIT_SUCCESS); |
26ac0430 AJ |
296 | break; |
297 | } | |
b0c8f295 | 298 | } |
299 | ||
aee3523a | 300 | setbuf(stdout, nullptr); |
b0c8f295 | 301 | |
302 | init_db(); | |
303 | ||
c152a447 | 304 | while (fgets(request, HELPER_INPUT_BUFFER, stdin)) { |
26ac0430 | 305 | int action = 0; |
2be46d67 | 306 | const char *channel_id = strtok(request, " "); |
aee3523a AR |
307 | char *detail = strtok(nullptr, "\n"); |
308 | if (detail == nullptr) { | |
2f8abb64 | 309 | // Only 1 parameter supplied. We are expecting at least 2 (including the channel ID) |
2be46d67 | 310 | fprintf(stderr, "FATAL: %s is concurrent and requires the concurrency option to be specified.\n", program_name); |
9e8f57e0 | 311 | shutdown_db(); |
24885773 | 312 | exit(EXIT_FAILURE); |
2be46d67 | 313 | } |
9e8f57e0 | 314 | char *lastdetail = strrchr(detail, ' '); |
669c316b | 315 | size_t detail_len = strlen(detail); |
26ac0430 AJ |
316 | if (lastdetail) { |
317 | if (strcmp(lastdetail, " LOGIN") == 0) { | |
26ac0430 | 318 | action = 1; |
c152a447 | 319 | detail_len = (size_t)(lastdetail-detail); |
9e8f57e0 | 320 | *lastdetail = '\0'; |
26ac0430 AJ |
321 | } else if (strcmp(lastdetail, " LOGOUT") == 0) { |
322 | action = -1; | |
c152a447 | 323 | detail_len = (size_t)(lastdetail-detail); |
9e8f57e0 | 324 | *lastdetail = '\0'; |
949b5ce0 AJ |
325 | } else if (!default_action && strcmp(lastdetail, " -") == 0) { |
326 | // no action; LOGIN/LOGOUT not supplied | |
327 | // but truncate the '-' %DATA value given by Squid-4 and later | |
328 | detail_len = (size_t)(lastdetail-detail); | |
329 | *lastdetail = '\0'; | |
26ac0430 AJ |
330 | } |
331 | } | |
332 | if (action == -1) { | |
c152a447 | 333 | session_logout(detail, detail_len); |
2be46d67 | 334 | printf("%s OK message=\"Bye\"\n", channel_id); |
26ac0430 | 335 | } else if (action == 1) { |
c152a447 | 336 | session_login(detail, detail_len); |
2be46d67 | 337 | printf("%s OK message=\"Welcome\"\n", channel_id); |
c152a447 | 338 | } else if (session_active(detail, detail_len)) { |
2be46d67 AB |
339 | if (fixed_timeout == 0) { |
340 | session_login(detail, detail_len); | |
341 | } | |
342 | printf("%s OK\n", channel_id); | |
26ac0430 | 343 | } else if (default_action == 1) { |
c152a447 | 344 | session_login(detail, detail_len); |
2be46d67 | 345 | printf("%s ERR message=\"Welcome\"\n", channel_id); |
26ac0430 | 346 | } else { |
2be46d67 | 347 | printf("%s ERR message=\"No session available\"\n", channel_id); |
26ac0430 | 348 | } |
b0c8f295 | 349 | } |
350 | shutdown_db(); | |
24885773 | 351 | return EXIT_SUCCESS; |
b0c8f295 | 352 | } |
f53969cc | 353 |