class Config
{
+ explicit Config(const Config &) = delete;
+ explicit Config(const Config *) = delete;
+
public:
+ Config() = default;
+ explicit Config(Config &&) = default;
+ ~Config() { assert(!schemeAccess); }
+
/// set of auth_params directives
Auth::ConfigVector schemes;
acl_access *schemeAccess = nullptr;
/// the authenticate_cache_garbage_interval
- time_t authenticateGCInterval;
+ time_t garbageCollectInterval = 0;
+ // TODO replace this directive with per-Scheme 'credentialsttl'
+ // and make Scheme::expirestime the real time-when-expires.
/// the authenticate_ttl
- time_t authenticateTTL;
+ time_t credentialsTtl = 0;
/// the authenticate_ip_ttl
- time_t authenticateIpTTL;
+ time_t ipTtl = 0;
};
extern Auth::Config TheConfig;
CredentialsCache::cleanup()
{
// cache entries with expiretime <= expirationTime are to be evicted
- const time_t expirationTime = current_time.tv_sec - Auth::TheConfig.authenticateTTL;
+ const time_t expirationTime = current_time.tv_sec - Auth::TheConfig.credentialsTtl;
const auto end = store_.end();
for (auto i = store_.begin(); i != end;) {
if (!gcScheduled_ && store_.size()) {
gcScheduled_ = true;
eventAdd(cacheCleanupEventName, &CredentialsCache::Cleanup,
- this, Auth::TheConfig.authenticateGCInterval, 1);
+ this, Auth::TheConfig.garbageCollectInterval, 1);
}
}
{
int rv = 0;
- for (auto *scheme : Auth::TheConfig.schemes) {
+ for (const auto *scheme : Auth::TheConfig.schemes) {
if (scheme->configured())
++rv;
}
/* This ip has already been seen. */
found = 1;
/* update IP ttl */
- ipdata->ip_expiretime = squid_curtime + Auth::TheConfig.authenticateIpTTL;
+ ipdata->ip_expiretime = squid_curtime + Auth::TheConfig.ipTtl;
} else if (ipdata->ip_expiretime <= squid_curtime) {
/* This IP has expired - remove from the seen list */
dlinkDelete(&ipdata->node, &ip_list);
return;
/* This ip is not in the seen list */
- ipdata = new AuthUserIP(ipaddr, squid_curtime + Auth::TheConfig.authenticateIpTTL);
+ ipdata = new AuthUserIP(ipaddr, squid_curtime + Auth::TheConfig.ipTtl);
dlinkAddTail(ipdata, &ipdata->node, &ip_list);
Auth::Type_str[auth_user->auth_type],
CredentialState_str[auth_user->credentials()],
auth_user->ttl(),
- static_cast<int32_t>(auth_user->expiretime - squid_curtime + Auth::TheConfig.authenticateTTL),
+ static_cast<int32_t>(auth_user->expiretime - squid_curtime + Auth::TheConfig.credentialsTtl),
auth_user->username(),
SQUIDSBUFPRINT(auth_user->userKey())
);
return -1; // TTL is obsolete NOW.
int32_t basic_ttl = expiretime - squid_curtime + static_cast<Auth::Basic::Config*>(config)->credentialsTTL;
- int32_t global_ttl = static_cast<int32_t>(expiretime - squid_curtime + Auth::TheConfig.authenticateTTL);
+ int32_t global_ttl = static_cast<int32_t>(expiretime - squid_curtime + Auth::TheConfig.credentialsTtl);
return min(basic_ttl, global_ttl);
}
int32_t
Auth::Digest::User::ttl() const
{
- int32_t global_ttl = static_cast<int32_t>(expiretime - squid_curtime + Auth::TheConfig.authenticateTTL);
+ int32_t global_ttl = static_cast<int32_t>(expiretime - squid_curtime + Auth::TheConfig.credentialsTtl);
/* find the longest lasting nonce. */
int32_t latest_nonce = -1;
IFDEF: USE_AUTH
TYPE: time_t
DEFAULT: 1 hour
-LOC: Auth::TheConfig.authenticateGCInterval
+LOC: Auth::TheConfig.garbageCollectInterval
DOC_START
The time period between garbage collection across the username cache.
This is a trade-off between memory utilization (long intervals - say
IFDEF: USE_AUTH
TYPE: time_t
DEFAULT: 1 hour
-LOC: Auth::TheConfig.authenticateTTL
+LOC: Auth::TheConfig.credentialsTtl
DOC_START
The time a user & their credentials stay in the logged in
user cache since their last request. When the garbage
NAME: authenticate_ip_ttl
IFDEF: USE_AUTH
TYPE: time_t
-LOC: Auth::TheConfig.authenticateIpTTL
+LOC: Auth::TheConfig.ipTtl
DEFAULT: 1 second
DOC_START
If you use proxy authentication and the 'max_user_ip' ACL,
projects / thirdparty / squid.git / commitdiff
