src/auth/CredentialsCache.cc

   1 /*
   2  * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 29    Authenticator */
  10
  11 #include "squid.h"
  12 #include "acl/Gadgets.h"
  13 #include "auth/CredentialsCache.h"
  14 #include "base/RunnersRegistry.h"
  15 #include "Debug.h"
  16 #include "event.h"
  17 #include "SquidConfig.h"
  18 #include "SquidTime.h"
  19
  20 namespace Auth {
  21
  22 class CredentialCacheRr : public RegisteredRunner
  23 {
  24 public:
  25     explicit CredentialCacheRr(const char *n, CredentialsCache * const c) :
  26         name(n),
  27         whichCache(c)
  28     {}
  29
  30     virtual ~CredentialCacheRr() {
  31         debugs(29, 5, "Terminating Auth credentials cache: " << name);
  32         // invalidate the CBDATA reference.
  33         // causes Auth::*::User::Cache() to produce nil / invalid pointer
  34         delete whichCache.get();
  35     }
  36
  37     virtual void endingShutdown() override {
  38         debugs(29, 5, "Clearing Auth credentials cache: " << name);
  39         whichCache->reset();
  40     }
  41
  42     virtual void syncConfig() override {
  43         debugs(29, 5, "Reconfiguring Auth credentials cache: " << name);
  44         whichCache->doConfigChangeCleanup();
  45     }
  46
  47 private:
  48     /// name of the cache being managed, for logs
  49     const char *name;
  50
  51     /// reference to the scheme cache which is being managed
  52     CbcPointer<CredentialsCache> whichCache;
  53 };
  54
  55 CBDATA_CLASS_INIT(CredentialsCache);
  56
  57 CredentialsCache::CredentialsCache(const char *name, const char * const prettyEvName) :
  58     gcScheduled_(false),
  59     cacheCleanupEventName(prettyEvName)
  60 {
  61     debugs(29, 5, "initializing " << name << " credentials cache");
  62     RegisterRunner(new Auth::CredentialCacheRr(name, this));
  63 }
  64
  65 Auth::User::Pointer
  66 CredentialsCache::lookup(const SBuf &userKey) const
  67 {
  68     debugs(29, 6, "lookup for " << userKey);
  69     auto p = store_.find(userKey);
  70     if (p == store_.end())
  71         return User::Pointer(nullptr);
  72     return p->second;
  73 }
  74
  75 void
  76 CredentialsCache::Cleanup(void *data)
  77 {
  78     debugs(29, 5, "checkpoint");
  79     // data is this in disguise
  80     CredentialsCache *self = static_cast<CredentialsCache *>(data);
  81     self->cleanup();
  82 }
  83
  84 void
  85 CredentialsCache::cleanup()
  86 {
  87     // cache entries with expiretime <= expirationTime are to be evicted
  88     const time_t expirationTime =  current_time.tv_sec - ::Config.authenticateTTL;
  89
  90     const auto end = store_.end();
  91     for (auto i = store_.begin(); i != end;) {
  92         debugs(29, 6, "considering " << i->first << "(expires in " <<
  93                (expirationTime - i->second->expiretime) << " sec)");
  94         if (i->second->expiretime <= expirationTime) {
  95             debugs(29, 6, "evicting " << i->first);
  96             i = store_.erase(i); //erase advances i
  97         } else {
  98             ++i;
  99         }
 100     }
 101     scheduleCleanup();
 102 }
 103
 104 void
 105 CredentialsCache::insert(const SBuf &userKey, Auth::User::Pointer anAuth_user)
 106 {
 107     debugs(29, 6, "adding " << userKey << " (" << anAuth_user->username() << ")");
 108     store_[userKey] = anAuth_user;
 109     scheduleCleanup();
 110 }
 111
 112 // generates the list of cached usernames in a format that is convenient
 113 // to merge with equivalent lists obtained from other CredentialsCaches.
 114 std::vector<Auth::User::Pointer>
 115 CredentialsCache::sortedUsersList() const
 116 {
 117     std::vector<Auth::User::Pointer> rv(size(), nullptr);
 118     std::transform(store_.begin(), store_.end(), rv.begin(),
 119     [](StoreType::value_type v) { return v.second; }
 120                   );
 121     std::sort(rv.begin(), rv.end(),
 122     [](const Auth::User::Pointer &lhs, const Auth::User::Pointer &rhs) {
 123         return strcmp(lhs->username(), rhs->username()) < 0;
 124     }
 125              );
 126     return rv;
 127 }
 128
 129 void
 130 CredentialsCache::scheduleCleanup()
 131 {
 132     if (!gcScheduled_ && store_.size()) {
 133         gcScheduled_ = true;
 134         eventAdd(cacheCleanupEventName, &CredentialsCache::Cleanup,
 135                  this, ::Config.authenticateGCInterval, 1);
 136     }
 137 }
 138
 139 void
 140 CredentialsCache::doConfigChangeCleanup()
 141 {
 142     // purge expired entries entirely
 143     cleanup();
 144     // purge the ACL match data stored in the credentials
 145     for (auto i : store_) {
 146         aclCacheMatchFlush(&i.second->proxy_match_cache);
 147     }
 148 }
 149
 150 } /* namespace Auth */
 151