/*
- * $Id: AuthUser.cc,v 1.2 2006/08/07 02:28:22 robertc Exp $
+ * $Id: AuthUser.cc,v 1.3 2007/01/03 12:40:41 hno Exp $
*
* DEBUG: section 29 Authenticator
* AUTHOR: Robert Collins
#include "authenticate.h"
#include "ACL.h"
#include "event.h"
+#include "SquidTime.h"
#ifndef _USE_INLINE_
#include "AuthUser.cci"
#endif
+// This should be converted into a pooled type. Does not need to be cbdata
+CBDATA_TYPE(auth_user_ip_t);
+
AuthUser::AuthUser (AuthConfig *aConfig) :
auth_type (AUTH_UNKNOWN), config(aConfig),
usernamehash (NULL), ipcount (0), expiretime (0), references (0), username_(NULL)
}
void
+AuthUser::removeIp(struct IN_ADDR ipaddr)
+{
+ auth_user_ip_t *ipdata = (auth_user_ip_t *) ip_list.head;
+
+ while (ipdata)
+ {
+ /* walk the ip list */
+
+ if (ipdata->ipaddr.s_addr == ipaddr.s_addr) {
+ /* remove the node */
+ dlinkDelete(&ipdata->node, &ip_list);
+ cbdataFree(ipdata);
+ /* catch incipient underflow */
+ assert(ipcount);
+ ipcount--;
+ return;
+ }
+
+ ipdata = (auth_user_ip_t *) ipdata->node.next;
+ }
+
+}
+
+void
+AuthUser::addIp(struct IN_ADDR ipaddr)
+{
+ auth_user_ip_t *ipdata = (auth_user_ip_t *) ip_list.head;
+ char *ip1;
+ int found = 0;
+
+ CBDATA_INIT_TYPE(auth_user_ip_t);
+
+ /*
+ * we walk the entire list to prevent the first item in the list
+ * preventing old entries being flushed and locking a user out after
+ * a timeout+reconfigure
+ */
+ while (ipdata)
+ {
+ auth_user_ip_t *tempnode = (auth_user_ip_t *) ipdata->node.next;
+ /* walk the ip list */
+ if (ipdata->ipaddr.s_addr == ipaddr.s_addr) {
+ /* This ip has alreadu been seen. */
+ found = 1;
+ /* update IP ttl */
+ ipdata->ip_expiretime = squid_curtime;
+ } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
+ /* This IP has expired - remove from the seen list */
+ dlinkDelete(&ipdata->node, &ip_list);
+ cbdataFree(ipdata);
+ /* catch incipient underflow */
+ assert(ipcount);
+ ipcount--;
+ }
+
+ ipdata = tempnode;
+ }
+
+ if (found)
+ return;
+
+ /* This ip is not in the seen list */
+ ipdata = cbdataAlloc(auth_user_ip_t);
+
+ ipdata->ip_expiretime = squid_curtime;
+
+ ipdata->ipaddr = ipaddr;
+
+ dlinkAddTail(ipdata, &ipdata->node, &ip_list);
+
+ ipcount++;
+
+ ip1 = xstrdup(inet_ntoa(ipaddr));
+
+ debug(29, 2) ("authenticateAuthUserAddIp: user '%s' has been seen at a new IP address (%s)\n", username(), ip1);
+
+ safe_free(ip1);
+}
+
+
+void
AuthUser::lock()
{
debug(29, 9) ("authenticateAuthUserLock auth_user '%p'.\n", this);
/*
- * $Id: AuthUser.h,v 1.2 2005/10/23 11:55:31 hno Exp $
+ * $Id: AuthUser.h,v 1.3 2007/01/03 12:40:41 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
/* we may have many proxy-authenticate strings that decode to the same user */
dlink_list proxy_auth_list;
dlink_list proxy_match_cache;
- /* what ip addresses has this user been seen at?, plus a list length cache */
- dlink_list ip_list;
size_t ipcount;
long expiretime;
/* how many references are outstanding to this instance */
_SQUID_INLINE_ char const *username() const;
_SQUID_INLINE_ void username(char const *);
void clearIp();
+ void removeIp(struct IN_ADDR);
+ void addIp(struct IN_ADDR);
_SQUID_INLINE_ void addRequest(AuthUserRequest *);
void lock()
static void cacheCleanup (void *unused);
char const *username_;
+
+ /* what ip addresses has this user been seen at?, plus a list length cache */
+ dlink_list ip_list;
};
#ifdef _USE_INLINE_
/*
- * $Id: AuthUserRequest.cc,v 1.9 2006/07/09 09:09:45 serassio Exp $
+ * $Id: AuthUserRequest.cc,v 1.10 2007/01/03 12:40:41 hno Exp $
*
* DO NOT MODIFY NEXT 2 LINES:
* arch-tag: 6803fde1-d5a2-4c29-9034-1c0c9f650eb4
#include "AuthScheme.h"
#include "HttpReply.h"
#include "HttpRequest.h"
-#include "SquidTime.h"
-
-CBDATA_TYPE(auth_user_ip_t);
/* Generic Functions */
}
static void
-
authenticateAuthUserRequestSetIp(auth_user_request_t * auth_user_request, struct IN_ADDR ipaddr)
{
- auth_user_ip_t *ipdata, *tempnode;
- auth_user_t *auth_user;
- char *ip1;
- int found = 0;
- CBDATA_INIT_TYPE(auth_user_ip_t);
-
- if (!auth_user_request->user())
- return;
-
- auth_user = auth_user_request->user();
-
- ipdata = (auth_user_ip_t *) auth_user->ip_list.head;
-
- /*
- * we walk the entire list to prevent the first item in the list
- * preventing old entries being flushed and locking a user out after
- * a timeout+reconfigure
- */
- while (ipdata)
- {
- tempnode = (auth_user_ip_t *) ipdata->node.next;
- /* walk the ip list */
-
- if (ipdata->ipaddr.s_addr == ipaddr.s_addr) {
- /* This ip has alreadu been seen. */
- found = 1;
- /* update IP ttl */
- ipdata->ip_expiretime = squid_curtime;
- } else if (ipdata->ip_expiretime + Config.authenticateIpTTL < squid_curtime) {
- /* This IP has expired - remove from the seen list */
- dlinkDelete(&ipdata->node, &auth_user->ip_list);
- cbdataFree(ipdata);
- /* catch incipient underflow */
- assert(auth_user->ipcount);
- auth_user->ipcount--;
- }
+ auth_user_t *auth_user = auth_user_request->user();
- ipdata = tempnode;
- }
-
- if (found)
+ if (!auth_user)
return;
- /* This ip is not in the seen list */
- ipdata = cbdataAlloc(auth_user_ip_t);
-
- ipdata->ip_expiretime = squid_curtime;
-
- ipdata->ipaddr = ipaddr;
-
- dlinkAddTail(ipdata, &ipdata->node, &auth_user->ip_list);
-
- auth_user->ipcount++;
-
- ip1 = xstrdup(inet_ntoa(ipaddr));
-
- debug(29, 2) ("authenticateAuthUserRequestSetIp: user '%s' has been seen at a new IP address (%s)\n", auth_user->username(), ip1);
-
- safe_free(ip1);
+ auth_user->addIp(ipaddr);
}
void
-
authenticateAuthUserRequestRemoveIp(auth_user_request_t * auth_user_request, struct IN_ADDR ipaddr)
{
- auth_user_ip_t *ipdata;
- auth_user_t *auth_user;
+ auth_user_t *auth_user = auth_user_request->user();
- if (!auth_user_request->user())
+ if (!auth_user)
return;
- auth_user = auth_user_request->user();
-
- ipdata = (auth_user_ip_t *) auth_user->ip_list.head;
-
- while (ipdata)
- {
- /* walk the ip list */
-
- if (ipdata->ipaddr.s_addr == ipaddr.s_addr) {
- /* remove the node */
- dlinkDelete(&ipdata->node, &auth_user->ip_list);
- cbdataFree(ipdata);
- /* catch incipient underflow */
- assert(auth_user->ipcount);
- auth_user->ipcount--;
- return;
- }
-
- ipdata = (auth_user_ip_t *) ipdata->node.next;
- }
-
+ auth_user->removeIp(ipaddr);
}
void
projects / thirdparty / squid.git / commitdiff
