]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/auth/AclMaxUserIp.cc
4 * DEBUG: section 28 Access Control
5 * AUTHOR: Duane Wessels
7 * SQUID Web Proxy Cache http://www.squid-cache.org/
8 * ----------------------------------------------------------
10 * Squid is the result of efforts by numerous individuals from
11 * the Internet community; see the CONTRIBUTORS file for full
12 * details. Many organizations have provided support for Squid's
13 * development; see the SPONSORS file for full details. Squid is
14 * Copyrighted (C) 2001 by the Regents of the University of
15 * California; see the COPYRIGHT file for full details. Squid
16 * incorporates software developed and/or copyrighted by other
17 * sources; see the CREDITS file for full details.
19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation; either version 2 of the License, or
22 * (at your option) any later version.
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
29 * You should have received a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
34 * Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
38 #include "acl/FilledChecklist.h"
40 #include "auth/AclMaxUserIp.h"
41 #include "auth/UserRequest.h"
43 #include "ConfigParser.h"
45 ACL::Prototype
ACLMaxUserIP::RegistryProtoype(&ACLMaxUserIP::RegistryEntry_
, "max_user_ip");
47 ACLMaxUserIP
ACLMaxUserIP::RegistryEntry_("max_user_ip");
50 ACLMaxUserIP::clone() const
52 return new ACLMaxUserIP(*this);
55 ACLMaxUserIP::ACLMaxUserIP (char const *theClass
) : class_ (theClass
), maximum(0)
58 ACLMaxUserIP::ACLMaxUserIP (ACLMaxUserIP
const & old
) :class_ (old
.class_
), maximum (old
.maximum
), flags (old
.flags
)
61 ACLMaxUserIP::~ACLMaxUserIP()
65 ACLMaxUserIP::typeString() const
71 ACLMaxUserIP::empty () const
77 ACLMaxUserIP::valid () const
86 debugs(28, 1, "Attempting to alter already set User max IP acl");
90 char *t
= ConfigParser::strtokFile();
95 debugs(28, 5, "aclParseUserMaxIP: First token is " << t
);
97 if (strcmp("-s", t
) == 0) {
98 debugs(28, 5, "aclParseUserMaxIP: Going strict");
100 t
= ConfigParser::strtokFile();
108 debugs(28, 5, "aclParseUserMaxIP: Max IP address's " << maximum
);
114 * aclMatchUserMaxIP - check for users logging in from multiple IP's
119 ACLMaxUserIP::match(AuthUserRequest
* auth_user_request
,
121 IpAddress
const &src_addr
)
124 * the logic for flush the ip list when the limit is hit vs keep
125 * it sorted in most recent access order and just drop the oldest
126 * one off is currently undecided (RBC)
129 if (authenticateAuthUserRequestIPCount(auth_user_request
) <= maximum
)
132 debugs(28, 1, "aclMatchUserMaxIP: user '" << auth_user_request
->username() << "' tries to use too many IP addresses (max " << maximum
<< " allowed)!");
134 /* this is a match */
137 * simply deny access - the user name is already associated with
140 /* remove _this_ ip, as it is the culprit for going over the limit */
141 authenticateAuthUserRequestRemoveIp(auth_user_request
, src_addr
);
142 debugs(28, 4, "aclMatchUserMaxIP: Denying access in strict mode");
145 * non-strict - remove some/all of the cached entries
146 * ie to allow the user to move machines easily
148 authenticateAuthUserRequestClearIp(auth_user_request
);
149 debugs(28, 4, "aclMatchUserMaxIP: Denying access in non-strict mode - flushing the user ip cache");
156 ACLMaxUserIP::match(ACLChecklist
*cl
)
158 ACLFilledChecklist
*checklist
= Filled(cl
);
161 if ((ti
= AuthenticateAcl(checklist
)) != 1)
164 ti
= match(checklist
->auth_user_request
, checklist
->src_addr
);
166 AUTHUSERREQUESTUNLOCK(checklist
->auth_user_request
, "ACLChecklist via ACLMaxUserIP");
172 ACLMaxUserIP::dump() const
180 wordlistAdd(&W
, "-s");
184 snprintf(buf
, sizeof(buf
), "%lu", (unsigned long int) maximum
);
186 wordlistAdd(&W
, buf
);