src/auth/CredentialsCache.cc

   1 /*
   2  * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 29    Authenticator */
  10
  11 #include "squid.h"
  12 #include "acl/Gadgets.h"
  13 #include "auth/CredentialsCache.h"
  14 #include "base/RunnersRegistry.h"
  15 #include "Debug.h"
  16 #include "event.h"
  17 #include "SquidConfig.h"
  18 #include "SquidTime.h"
  19
  20 namespace Auth {
  21
  22 class CredentialCacheRr : public RegisteredRunner
  23 {
  24 public:
  25     explicit CredentialCacheRr(const char *n, CredentialsCache * const c) :
  26         name(n),
  27         whichCache(c)
  28     {}
  29
  30     virtual ~CredentialCacheRr() {
  31         debugs(29, 5, "Terminating username cache: " << name);
  32         // invalidate the CBDATA reference.
  33         // causes Auth::*::User::Cache() to produce nil / invalid pointer
  34         delete whichCache.get();
  35     }
  36
  37     virtual void endingShutdown() override {
  38         debugs(29, 5, "Clearing username cache: " << name);
  39         whichCache->reset();
  40     }
  41
  42     virtual void syncConfig() override {
  43         if (!whichCache.valid())
  44             return;
  45
  46         debugs(29, 5, "Reconfiguring username cache: " << name);
  47         whichCache->doConfigChangeCleanup();
  48     }
  49
  50 private:
  51     /// name of the cache being managed, for logs
  52     const char *name;
  53
  54     /// reference to the scheme cache which is being managed
  55     CbcPointer<CredentialsCache> whichCache;
  56 };
  57
  58 CBDATA_CLASS_INIT(CredentialsCache);
  59
  60 CredentialsCache::CredentialsCache(const char *name, const char * const prettyEvName) :
  61     gcScheduled_(false),
  62     cacheCleanupEventName(prettyEvName)
  63 {
  64     debugs(29, 5, "initializing " << name << " username cache");
  65     RegisterRunner(new Auth::CredentialCacheRr(name, this));
  66 }
  67
  68 Auth::User::Pointer
  69 CredentialsCache::lookup(const SBuf &userKey) const
  70 {
  71     debugs(29, 6, "lookup for " << userKey);
  72     auto p = store_.find(userKey);
  73     if (p == store_.end())
  74         return User::Pointer(nullptr);
  75     return p->second;
  76 }
  77
  78 void
  79 CredentialsCache::Cleanup(void *data)
  80 {
  81     debugs(29, 5, "checkpoint");
  82     // data is this in disguise
  83     CredentialsCache *self = static_cast<CredentialsCache *>(data);
  84     self->cleanup();
  85 }
  86
  87 void
  88 CredentialsCache::cleanup()
  89 {
  90     // cache entries with expiretime <= expirationTime are to be evicted
  91     const time_t expirationTime =  current_time.tv_sec - ::Config.authenticateTTL;
  92
  93     const auto end = store_.end();
  94     for (auto i = store_.begin(); i != end;) {
  95         debugs(29, 6, "considering " << i->first << "(expires in " <<
  96                (expirationTime - i->second->expiretime) << " sec)");
  97         if (i->second->expiretime <= expirationTime) {
  98             debugs(29, 6, "evicting " << i->first);
  99             i = store_.erase(i); //erase advances i
 100         } else {
 101             ++i;
 102         }
 103     }
 104     scheduleCleanup();
 105 }
 106
 107 void
 108 CredentialsCache::insert(Auth::User::Pointer anAuth_user)
 109 {
 110     debugs(29, 6, "adding " << anAuth_user->userKey());
 111     store_[anAuth_user->userKey()] = anAuth_user;
 112     scheduleCleanup();
 113 }
 114
 115 // generates the list of cached usernames in a format that is convenient
 116 // to merge with equivalent lists obtained from other CredentialsCaches.
 117 std::vector<Auth::User::Pointer>
 118 CredentialsCache::sortedUsersList() const
 119 {
 120     std::vector<Auth::User::Pointer> rv(size(), nullptr);
 121     std::transform(store_.begin(), store_.end(), rv.begin(),
 122     [](StoreType::value_type v) { return v.second; }
 123                   );
 124     std::sort(rv.begin(), rv.end(),
 125     [](const Auth::User::Pointer &lhs, const Auth::User::Pointer &rhs) {
 126         return strcmp(lhs->username(), rhs->username()) < 0;
 127     }
 128              );
 129     return rv;
 130 }
 131
 132 void
 133 CredentialsCache::scheduleCleanup()
 134 {
 135     if (!gcScheduled_ && store_.size()) {
 136         gcScheduled_ = true;
 137         eventAdd(cacheCleanupEventName, &CredentialsCache::Cleanup,
 138                  this, ::Config.authenticateGCInterval, 1);
 139     }
 140 }
 141
 142 void
 143 CredentialsCache::doConfigChangeCleanup()
 144 {
 145     // purge expired entries entirely
 146     cleanup();
 147     // purge the ACL match data stored in the credentials
 148     for (auto i : store_) {
 149         aclCacheMatchFlush(&i.second->proxy_match_cache);
 150     }
 151 }
 152
 153 } /* namespace Auth */
 154