src/acl/external/session/ext_session_acl.cc

   1 /*
   2  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /*
  10  * ext_session_acl: Squid external acl helper for tracking sessions
  11  *
  12  * Copyright (C) 2006 Henrik Nordstrom <henrik@henriknordstrom.net>
  13  *
  14  * This program is free software; you can redistribute it and/or modify
  15  * it under the terms of the GNU General Public License as published by
  16  * the Free Software Foundation; either version 2 of the License, or
  17  * (at your option) any later version.
  18  *
  19  * This program is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with this program; if not, write to the Free Software
  26  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
  27  */
  28
  29 #if HAVE_CONFIG_H
  30 #include "squid.h"
  31 #endif
  32 #include "helper/protocol_defines.h"
  33
  34 #include <cstdlib>
  35 #include <cstring>
  36 #include <ctime>
  37 #if HAVE_DB_H
  38 #include <db.h>
  39 #endif
  40 #include <fcntl.h>
  41 #if HAVE_GETOPT_H
  42 #include <getopt.h>
  43 #endif
  44 #include <sys/types.h>
  45 #include <sys/stat.h>
  46 #if HAVE_TDB_H
  47 #include <tdb.h>
  48 #endif
  49 #if HAVE_UNISTD_H
  50 #include <unistd.h>
  51 #endif
  52
  53 /* At this point all Bit Types are already defined, so we must
  54    protect from multiple type definition on platform where
  55    __BIT_TYPES_DEFINED__ is not defined.
  56  */
  57 #ifndef        __BIT_TYPES_DEFINED__
  58 #define        __BIT_TYPES_DEFINED__
  59 #endif
  60
  61 static int session_ttl = 3600;
  62 static int fixed_timeout = 0;
  63 char *db_path = NULL;
  64 const char *program_name;
  65
  66 #if USE_BERKLEYDB
  67 DB *db = NULL;
  68 DB_ENV *db_env = NULL;
  69 typedef DBT DB_ENTRY;
  70
  71 #elif USE_TRIVIALDB
  72 TDB_CONTEXT *db = nullptr;
  73 typedef TDB_DATA DB_ENTRY;
  74
  75 #else
  76 #error "Either Berkeley DB or Trivial DB must be available"
  77 #endif
  78
  79 static void
  80 shutdown_db()
  81 {
  82     if (db) {
  83 #if USE_BERKLEYDB
  84         db->close(db, 0);
  85     }
  86     if (db_env) {
  87         db_env->close(db_env, 0);
  88
  89 #elif USE_TRIVIALDB
  90         if (tdb_close(db) != 0) {
  91             fprintf(stderr, "%s| WARNING: error closing session db '%s'\n", program_name, db_path);
  92             exit(EXIT_FAILURE);
  93         }
  94 #endif
  95     }
  96     xfree(db_path);
  97 }
  98
  99 static void init_db(void)
 100 {
 101     struct stat st_buf;
 102
 103     if (db_path) {
 104         if (!stat(db_path, &st_buf)) {
 105             if (S_ISDIR (st_buf.st_mode)) {
 106 #if USE_BERKLEYDB
 107                 /* If directory then open database environment. This prevents sync problems
 108                     between different processes. Otherwise fallback to single file */
 109                 db_env_create(&db_env, 0);
 110                 if (db_env->open(db_env, db_path, DB_CREATE | DB_INIT_MPOOL | DB_INIT_LOCK, 0666)) {
 111                     fprintf(stderr, "FATAL: %s: Failed to open database environment in '%s'\n", program_name, db_path);
 112                     db_env->close(db_env, 0);
 113                     exit(EXIT_FAILURE);
 114                 }
 115                 db_create(&db, db_env, 0);
 116 #elif USE_TRIVIALDB
 117                 std::string newPath(db_path);
 118                 newPath.append("session", 7);
 119                 db_path = xstrdup(newPath.c_str());
 120 #endif
 121             }
 122         }
 123     }
 124
 125 #if USE_BERKLEYDB
 126     if (db_env) {
 127         if (db->open(db, NULL, "session", NULL, DB_BTREE, DB_CREATE, 0666)) {
 128             fprintf(stderr, "FATAL: %s: Failed to open db file '%s' in dir '%s'\n",
 129                     program_name, "session", db_path);
 130             db_env->close(db_env, 0);
 131             exit(EXIT_FAILURE);
 132         }
 133     } else {
 134         db_create(&db, NULL, 0);
 135         if (db->open(db, NULL, db_path, NULL, DB_BTREE, DB_CREATE, 0666)) {
 136             db = nullptr;
 137         }
 138     }
 139 #elif USE_TRIVIALDB
 140 #if _SQUID_FREEBSD_ && !defined(O_DSYNC)
 141     // FreeBSD lacks O_DSYNC, O_SYNC is closest to correct behaviour
 142 #define O_DSYNC O_SYNC
 143 #endif
 144     db = tdb_open(db_path, 0, TDB_CLEAR_IF_FIRST, O_CREAT|O_DSYNC, 0666);
 145 #endif
 146     if (!db) {
 147         fprintf(stderr, "FATAL: %s: Failed to open session db '%s'\n", program_name, db_path);
 148         shutdown_db();
 149         exit(EXIT_FAILURE);
 150     }
 151 }
 152
 153 int session_is_active = 0;
 154
 155 static size_t
 156 dataSize(DB_ENTRY *data)
 157 {
 158 #if USE_BERKLEYDB
 159     return data->size;
 160 #elif USE_TRIVIALDB
 161     return data->dsize;
 162 #endif
 163 }
 164
 165 static bool
 166 fetchKey(/*const*/ DB_ENTRY &key, DB_ENTRY *data)
 167 {
 168 #if USE_BERKLEYDB
 169     return (db->get(db, nullptr, &key, data, 0) == 0);
 170 #elif USE_TRIVIALDB
 171     // NP: API says returns NULL on errors, but return is a struct type WTF??
 172     *data = tdb_fetch(db, key);
 173     return (data->dptr != nullptr);
 174 #endif
 175 }
 176
 177 static void
 178 deleteEntry(/*const*/ DB_ENTRY &key)
 179 {
 180 #if USE_BERKLEYDB
 181     db->del(db, nullptr, &key, 0);
 182 #elif USE_TRIVIALDB
 183     tdb_delete(db, key);
 184 #endif
 185 }
 186
 187 static void
 188 copyValue(void *dst, const DB_ENTRY *src, size_t sz)
 189 {
 190 #if USE_BERKLEYDB
 191     memcpy(dst, src->data, sz);
 192 #elif USE_TRIVIALDB
 193     memcpy(dst, src->dptr, sz);
 194 #endif
 195 }
 196
 197 static int session_active(const char *details, size_t len)
 198 {
 199 #if USE_BERKLEYDB
 200     DBT key = {0};
 201     DBT data = {0};
 202     key.data = (void *)details;
 203     key.size = len;
 204 #elif USE_TRIVIALDB
 205     TDB_DATA key;
 206     TDB_DATA data;
 207 #endif
 208     if (fetchKey(key, &data)) {
 209         time_t timestamp;
 210         if (dataSize(&data) != sizeof(timestamp)) {
 211             fprintf(stderr, "ERROR: %s: CORRUPTED DATABASE (%s)\n", program_name, details);
 212             deleteEntry(key);
 213             return 0;
 214         }
 215         copyValue(&timestamp, &data, sizeof(timestamp));
 216         if (timestamp + session_ttl >= time(NULL))
 217             return 1;
 218     }
 219     return 0;
 220 }
 221
 222 static void
 223 session_login(/*const*/ char *details, size_t len)
 224 {
 225     DB_ENTRY key = {0};
 226     DB_ENTRY data = {0};
 227     time_t now = time(0);
 228 #if USE_BERKLEYDB
 229     key.data = static_cast<decltype(key.data)>(details);
 230     key.size = len;
 231     data.data = &now;
 232     data.size = sizeof(now);
 233     db->put(db, NULL, &key, &data, 0);
 234 #elif USE_TRIVIALDB
 235     key.dptr = reinterpret_cast<decltype(key.dptr)>(details);
 236     key.dsize = len;
 237     data.dptr = reinterpret_cast<decltype(data.dptr)>(&now);
 238     data.dsize = sizeof(now);
 239     tdb_store(db, key, data, 0);
 240 #endif
 241 }
 242
 243 static void
 244 session_logout(/*const*/ char *details, size_t len)
 245 {
 246     DB_ENTRY key = {0};
 247 #if USE_BERKLEYDB
 248     key.data = static_cast<decltype(key.data)>(details);
 249     key.size = len;
 250 #elif USE_TRIVIALDB
 251     key.dptr = reinterpret_cast<decltype(key.dptr)>(details);
 252     key.dsize = len;
 253 #endif
 254     deleteEntry(key);
 255 }
 256
 257 static void usage(void)
 258 {
 259     fprintf(stderr, "Usage: %s [-t|-T session_timeout] [-b dbpath] [-a]\n", program_name);
 260     fprintf(stderr, "   -t sessiontimeout       Idle timeout after which sessions will be forgotten (user activity will reset)\n");
 261     fprintf(stderr, "   -T sessiontimeout       Fixed timeout after which sessions will be forgotten (regardless of user activity)\n");
 262     fprintf(stderr, "   -b dbpath               Path where persistent session database will be kept\n");
 263     fprintf(stderr, "   -a                      Active mode requiring LOGIN argument to start a session\n");
 264 }
 265 int main(int argc, char **argv)
 266 {
 267     char request[HELPER_INPUT_BUFFER];
 268     int opt;
 269     int default_action = 1;
 270
 271     program_name = argv[0];
 272
 273     while ((opt = getopt(argc, argv, "t:T:b:a?")) != -1) {
 274         switch (opt) {
 275         case 'T':
 276             fixed_timeout = 1;
 277         case 't':
 278             session_ttl = strtol(optarg, NULL, 0);
 279             break;
 280         case 'b':
 281             db_path = xstrdup(optarg);
 282             break;
 283         case 'a':
 284             default_action = 0;
 285             break;
 286         case '?':
 287             usage();
 288             exit(EXIT_SUCCESS);
 289             break;
 290         }
 291     }
 292
 293     setbuf(stdout, NULL);
 294
 295     init_db();
 296
 297     while (fgets(request, HELPER_INPUT_BUFFER, stdin)) {
 298         int action = 0;
 299         const char *channel_id = strtok(request, " ");
 300         char *detail = strtok(NULL, "\n");
 301         if (detail == NULL) {
 302             // Only 1 parameter supplied. We are expecting at least 2 (including the channel ID)
 303             fprintf(stderr, "FATAL: %s is concurrent and requires the concurrency option to be specified.\n", program_name);
 304             shutdown_db();
 305             exit(EXIT_FAILURE);
 306         }
 307         char *lastdetail = strrchr(detail, ' ');
 308         size_t detail_len = strlen(detail);
 309         if (lastdetail) {
 310             if (strcmp(lastdetail, " LOGIN") == 0) {
 311                 action = 1;
 312                 detail_len = (size_t)(lastdetail-detail);
 313                 *lastdetail = '\0';
 314             } else if (strcmp(lastdetail, " LOGOUT") == 0) {
 315                 action = -1;
 316                 detail_len = (size_t)(lastdetail-detail);
 317                 *lastdetail = '\0';
 318             } else if (!default_action && strcmp(lastdetail, " -") == 0) {
 319                 // no action; LOGIN/LOGOUT not supplied
 320                 // but truncate the '-' %DATA value given by Squid-4 and later
 321                 detail_len = (size_t)(lastdetail-detail);
 322                 *lastdetail = '\0';
 323             }
 324         }
 325         if (action == -1) {
 326             session_logout(detail, detail_len);
 327             printf("%s OK message=\"Bye\"\n", channel_id);
 328         } else if (action == 1) {
 329             session_login(detail, detail_len);
 330             printf("%s OK message=\"Welcome\"\n", channel_id);
 331         } else if (session_active(detail, detail_len)) {
 332             if (fixed_timeout == 0) {
 333                 session_login(detail, detail_len);
 334             }
 335             printf("%s OK\n", channel_id);
 336         } else if (default_action == 1) {
 337             session_login(detail, detail_len);
 338             printf("%s ERR message=\"Welcome\"\n", channel_id);
 339         } else {
 340             printf("%s ERR message=\"No session available\"\n", channel_id);
 341         }
 342     }
 343     shutdown_db();
 344     return EXIT_SUCCESS;
 345 }
 346