From: hno <> Date: Wed, 3 Jan 2007 19:40:41 +0000 (+0000) Subject: Move the AuthUser ip_list management to AuthUser where it belongs. X-Git-Tag: SQUID_3_0_PRE6~160 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c19ba24504f6b049c32eb81ad9094e28ea0a29d;p=thirdparty%2Fsquid.git Move the AuthUser ip_list management to AuthUser where it belongs. --- diff --git a/src/AuthUser.cc b/src/AuthUser.cc index bcf74576cd..05e333bcd5 100644 --- a/src/AuthUser.cc +++ b/src/AuthUser.cc @@ -1,6 +1,6 @@ /* - * $Id: AuthUser.cc,v 1.2 2006/08/07 02:28:22 robertc Exp $ + * $Id: AuthUser.cc,v 1.3 2007/01/03 12:40:41 hno Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Robert Collins @@ -41,11 +41,15 @@ #include "authenticate.h" #include "ACL.h" #include "event.h" +#include "SquidTime.h" #ifndef _USE_INLINE_ #include "AuthUser.cci" #endif +// This should be converted into a pooled type. Does not need to be cbdata +CBDATA_TYPE(auth_user_ip_t); + AuthUser::AuthUser (AuthConfig *aConfig) : auth_type (AUTH_UNKNOWN), config(aConfig), usernamehash (NULL), ipcount (0), expiretime (0), references (0), username_(NULL) @@ -232,7 +236,88 @@ AuthUser::clearIp() } void +AuthUser::removeIp(struct IN_ADDR ipaddr) +{ + auth_user_ip_t *ipdata = (auth_user_ip_t *) ip_list.head; + + while (ipdata) + { + /* walk the ip list */ + + if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { + /* remove the node */ + dlinkDelete(&ipdata->node, &ip_list); + cbdataFree(ipdata); + /* catch incipient underflow */ + assert(ipcount); + ipcount--; + return; + } + + ipdata = (auth_user_ip_t *) ipdata->node.next; + } + +} + +void +AuthUser::addIp(struct IN_ADDR ipaddr) +{ + auth_user_ip_t *ipdata = (auth_user_ip_t *) ip_list.head; + char *ip1; + int found = 0; + + CBDATA_INIT_TYPE(auth_user_ip_t); + + /* + * we walk the entire list to prevent the first item in the list + * preventing old entries being flushed and locking a user out after + * a timeout+reconfigure + */ + while (ipdata) + { + auth_user_ip_t *tempnode = (auth_user_ip_t *) ipdata->node.next; + /* walk the ip list */ + if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { + /* This ip has alreadu been seen. */ + found = 1; + /* update IP ttl */ + ipdata->ip_expiretime = squid_curtime; + } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { + /* This IP has expired - remove from the seen list */ + dlinkDelete(&ipdata->node, &ip_list); + cbdataFree(ipdata); + /* catch incipient underflow */ + assert(ipcount); + ipcount--; + } + + ipdata = tempnode; + } + + if (found) + return; + + /* This ip is not in the seen list */ + ipdata = cbdataAlloc(auth_user_ip_t); + + ipdata->ip_expiretime = squid_curtime; + + ipdata->ipaddr = ipaddr; + + dlinkAddTail(ipdata, &ipdata->node, &ip_list); + + ipcount++; + + ip1 = xstrdup(inet_ntoa(ipaddr)); + + debug(29, 2) ("authenticateAuthUserAddIp: user '%s' has been seen at a new IP address (%s)\n", username(), ip1); + + safe_free(ip1); +} + + +void AuthUser::lock() { debug(29, 9) ("authenticateAuthUserLock auth_user '%p'.\n", this); diff --git a/src/AuthUser.h b/src/AuthUser.h index 1c3fe86e62..d49bb364c8 100644 --- a/src/AuthUser.h +++ b/src/AuthUser.h @@ -1,6 +1,6 @@ /* - * $Id: AuthUser.h,v 1.2 2005/10/23 11:55:31 hno Exp $ + * $Id: AuthUser.h,v 1.3 2007/01/03 12:40:41 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -52,8 +52,6 @@ public: /* we may have many proxy-authenticate strings that decode to the same user */ dlink_list proxy_auth_list; dlink_list proxy_match_cache; - /* what ip addresses has this user been seen at?, plus a list length cache */ - dlink_list ip_list; size_t ipcount; long expiretime; /* how many references are outstanding to this instance */ @@ -70,6 +68,8 @@ public: _SQUID_INLINE_ char const *username() const; _SQUID_INLINE_ void username(char const *); void clearIp(); + void removeIp(struct IN_ADDR); + void addIp(struct IN_ADDR); _SQUID_INLINE_ void addRequest(AuthUserRequest *); void lock() @@ -86,6 +86,9 @@ private: static void cacheCleanup (void *unused); char const *username_; + + /* what ip addresses has this user been seen at?, plus a list length cache */ + dlink_list ip_list; }; #ifdef _USE_INLINE_ diff --git a/src/AuthUserRequest.cc b/src/AuthUserRequest.cc index 561c8e37fc..8a0404f1a0 100644 --- a/src/AuthUserRequest.cc +++ b/src/AuthUserRequest.cc @@ -1,6 +1,6 @@ /* - * $Id: AuthUserRequest.cc,v 1.9 2006/07/09 09:09:45 serassio Exp $ + * $Id: AuthUserRequest.cc,v 1.10 2007/01/03 12:40:41 hno Exp $ * * DO NOT MODIFY NEXT 2 LINES: * arch-tag: 6803fde1-d5a2-4c29-9034-1c0c9f650eb4 @@ -51,9 +51,6 @@ #include "AuthScheme.h" #include "HttpReply.h" #include "HttpRequest.h" -#include "SquidTime.h" - -CBDATA_TYPE(auth_user_ip_t); /* Generic Functions */ @@ -201,101 +198,25 @@ AuthUserRequest::denyMessage(char const * const default_message) } static void - authenticateAuthUserRequestSetIp(auth_user_request_t * auth_user_request, struct IN_ADDR ipaddr) { - auth_user_ip_t *ipdata, *tempnode; - auth_user_t *auth_user; - char *ip1; - int found = 0; - CBDATA_INIT_TYPE(auth_user_ip_t); - - if (!auth_user_request->user()) - return; - - auth_user = auth_user_request->user(); - - ipdata = (auth_user_ip_t *) auth_user->ip_list.head; - - /* - * we walk the entire list to prevent the first item in the list - * preventing old entries being flushed and locking a user out after - * a timeout+reconfigure - */ - while (ipdata) - { - tempnode = (auth_user_ip_t *) ipdata->node.next; - /* walk the ip list */ - - if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { - /* This ip has alreadu been seen. */ - found = 1; - /* update IP ttl */ - ipdata->ip_expiretime = squid_curtime; - } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) { - /* This IP has expired - remove from the seen list */ - dlinkDelete(&ipdata->node, &auth_user->ip_list); - cbdataFree(ipdata); - /* catch incipient underflow */ - assert(auth_user->ipcount); - auth_user->ipcount--; - } + auth_user_t *auth_user = auth_user_request->user(); - ipdata = tempnode; - } - - if (found) + if (!auth_user) return; - /* This ip is not in the seen list */ - ipdata = cbdataAlloc(auth_user_ip_t); - - ipdata->ip_expiretime = squid_curtime; - - ipdata->ipaddr = ipaddr; - - dlinkAddTail(ipdata, &ipdata->node, &auth_user->ip_list); - - auth_user->ipcount++; - - ip1 = xstrdup(inet_ntoa(ipaddr)); - - debug(29, 2) ("authenticateAuthUserRequestSetIp: user '%s' has been seen at a new IP address (%s)\n", auth_user->username(), ip1); - - safe_free(ip1); + auth_user->addIp(ipaddr); } void - authenticateAuthUserRequestRemoveIp(auth_user_request_t * auth_user_request, struct IN_ADDR ipaddr) { - auth_user_ip_t *ipdata; - auth_user_t *auth_user; + auth_user_t *auth_user = auth_user_request->user(); - if (!auth_user_request->user()) + if (!auth_user) return; - auth_user = auth_user_request->user(); - - ipdata = (auth_user_ip_t *) auth_user->ip_list.head; - - while (ipdata) - { - /* walk the ip list */ - - if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { - /* remove the node */ - dlinkDelete(&ipdata->node, &auth_user->ip_list); - cbdataFree(ipdata); - /* catch incipient underflow */ - assert(auth_user->ipcount); - auth_user->ipcount--; - return; - } - - ipdata = (auth_user_ip_t *) ipdata->node.next; - } - + auth_user->removeIp(ipaddr); } void