ext_session_acl.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/*
10 * ext_session_acl: Squid external acl helper for tracking sessions
11 *
12 * Copyright (C) 2006 Henrik Nordstrom <henrik@henriknordstrom.net>
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
27 */
28
29#if HAVE_CONFIG_H
30#include "squid.h"
31#endif
32#include "helper/protocol_defines.h"
33
34#include <cstdlib>
35#include <cstring>
36#include <ctime>
37#if HAVE_DB_H
38#include <db.h>
39#endif
40#include <fcntl.h>
41#if HAVE_GETOPT_H
42#include <getopt.h>
43#endif
44#include <sys/types.h>
45#include <sys/stat.h>
46#if HAVE_TDB_H
47#include <tdb.h>
48#endif
49#if HAVE_UNISTD_H
50#include <unistd.h>
51#endif
52
53/* At this point all Bit Types are already defined, so we must
54 protect from multiple type definition on platform where
55 __BIT_TYPES_DEFINED__ is not defined.
56 */
57#ifndef __BIT_TYPES_DEFINED__
58#define __BIT_TYPES_DEFINED__
59#endif
60
61static int session_ttl = 3600;
62static int fixed_timeout = 0;
63char *db_path = nullptr;
64const char *program_name;
65
66#if USE_BERKLEYDB
67DB *db = nullptr;
68DB_ENV *db_env = nullptr;
69typedef DBT DB_ENTRY;
70
71#elif USE_TRIVIALDB
72TDB_CONTEXT *db = nullptr;
73typedef TDB_DATA DB_ENTRY;
74
75#else
76#error "Either Berkeley DB or Trivial DB must be available"
77#endif
78
79static void
80shutdown_db()
81{
82 if (db) {
83#if USE_BERKLEYDB
84 db->close(db, 0);
85 }
86 if (db_env) {
87 db_env->close(db_env, 0);
88
89#elif USE_TRIVIALDB
90 if (tdb_close(db) != 0) {
91 fprintf(stderr, "%s| WARNING: error closing session db '%s'\n", program_name, db_path);
92 exit(EXIT_FAILURE);
93 }
94#endif
95 }
96 xfree(db_path);
97}
98
99static void init_db(void)
100{
101 struct stat st_buf;
102
103 if (db_path) {
104 if (!stat(db_path, &st_buf)) {
105 if (S_ISDIR (st_buf.st_mode)) {
106#if USE_BERKLEYDB
107 /* If directory then open database environment. This prevents sync problems
108 between different processes. Otherwise fallback to single file */
109 db_env_create(&db_env, 0);
110 if (db_env->open(db_env, db_path, DB_CREATE | DB_INIT_MPOOL | DB_INIT_LOCK, 0666)) {
111 fprintf(stderr, "FATAL: %s: Failed to open database environment in '%s'\n", program_name, db_path);
112 db_env->close(db_env, 0);
113 exit(EXIT_FAILURE);
114 }
115 db_create(&db, db_env, 0);
116#elif USE_TRIVIALDB
117 std::string newPath(db_path);
118 newPath.append("session", 7);
119 db_path = xstrdup(newPath.c_str());
120#endif
121 }
122 }
123 }
124
125#if USE_BERKLEYDB
126 if (db_env) {
127 if (db->open(db, nullptr, "session", nullptr, DB_BTREE, DB_CREATE, 0666)) {
128 fprintf(stderr, "FATAL: %s: Failed to open db file '%s' in dir '%s'\n",
129 program_name, "session", db_path);
130 db_env->close(db_env, 0);
131 exit(EXIT_FAILURE);
132 }
133 } else {
134 db_create(&db, nullptr, 0);
135 if (db->open(db, nullptr, db_path, nullptr, DB_BTREE, DB_CREATE, 0666)) {
136 db = nullptr;
137 }
138 }
139#elif USE_TRIVIALDB
140#if _SQUID_FREEBSD_ && !defined(O_DSYNC)
141 // FreeBSD lacks O_DSYNC, O_SYNC is closest to correct behaviour
142#define O_DSYNC O_SYNC
143#endif
144 db = tdb_open(db_path, 0, TDB_CLEAR_IF_FIRST, O_CREAT|O_DSYNC, 0666);
145#endif
146 if (!db) {
147 fprintf(stderr, "FATAL: %s: Failed to open session db '%s'\n", program_name, db_path);
148 shutdown_db();
149 exit(EXIT_FAILURE);
150 }
151}
152
153int session_is_active = 0;
154
155static size_t
156dataSize(DB_ENTRY *data)
157{
158#if USE_BERKLEYDB
159 return data->size;
160#elif USE_TRIVIALDB
161 return data->dsize;
162#endif
163}
164
165static bool
166fetchKey(/*const*/ DB_ENTRY &key, DB_ENTRY *data)
167{
168#if USE_BERKLEYDB
169 return (db->get(db, nullptr, &key, data, 0) == 0);
170#elif USE_TRIVIALDB
171 // NP: API says returns NULL on errors, but return is a struct type WTF??
172 *data = tdb_fetch(db, key);
173 return (data->dptr != nullptr);
174#endif
175}
176
177static void
178deleteEntry(/*const*/ DB_ENTRY &key)
179{
180#if USE_BERKLEYDB
181 db->del(db, nullptr, &key, 0);
182#elif USE_TRIVIALDB
183 tdb_delete(db, key);
184#endif
185}
186
187static void
188copyValue(void *dst, const DB_ENTRY *src, size_t sz)
189{
190#if USE_BERKLEYDB
191 memcpy(dst, src->data, sz);
192#elif USE_TRIVIALDB
193 memcpy(dst, src->dptr, sz);
194#endif
195}
196
197static int session_active(const char *details, size_t len)
198{
199#if USE_BERKLEYDB
200 DBT key = {};
201 key.data = const_cast<char*>(details);
202 key.size = len;
203
204 DBT data = {};
205#elif USE_TRIVIALDB
206 TDB_DATA key = {};
207 key.dptr = reinterpret_cast<decltype(key.dptr)>(const_cast<char*>(details));
208 key.dsize = len;
209
210 TDB_DATA data = {};
211#else
212 (void)len;
213#endif
214 if (fetchKey(key, &data)) {
215 time_t timestamp;
216 if (dataSize(&data) != sizeof(timestamp)) {
217 fprintf(stderr, "ERROR: %s: CORRUPTED DATABASE (%s)\n", program_name, details);
218 deleteEntry(key);
219 return 0;
220 }
221 copyValue(&timestamp, &data, sizeof(timestamp));
222 if (timestamp + session_ttl >= time(nullptr))
223 return 1;
224 }
225 return 0;
226}
227
228static void
229session_login(/*const*/ char *details, size_t len)
230{
231 DB_ENTRY key = {};
232 DB_ENTRY data = {};
233 time_t now = time(nullptr);
234#if USE_BERKLEYDB
235 key.data = static_cast<decltype(key.data)>(details);
236 key.size = len;
237 data.data = &now;
238 data.size = sizeof(now);
239 db->put(db, nullptr, &key, &data, 0);
240#elif USE_TRIVIALDB
241 key.dptr = reinterpret_cast<decltype(key.dptr)>(details);
242 key.dsize = len;
243 data.dptr = reinterpret_cast<decltype(data.dptr)>(&now);
244 data.dsize = sizeof(now);
245 tdb_store(db, key, data, 0);
246#endif
247}
248
249static void
250session_logout(/*const*/ char *details, size_t len)
251{
252 DB_ENTRY key = {};
253#if USE_BERKLEYDB
254 key.data = static_cast<decltype(key.data)>(details);
255 key.size = len;
256#elif USE_TRIVIALDB
257 key.dptr = reinterpret_cast<decltype(key.dptr)>(details);
258 key.dsize = len;
259#endif
260 deleteEntry(key);
261}
262
263static void usage(void)
264{
265 fprintf(stderr, "Usage: %s [-t|-T session_timeout] [-b dbpath] [-a]\n", program_name);
266 fprintf(stderr, " -t sessiontimeout Idle timeout after which sessions will be forgotten (user activity will reset)\n");
267 fprintf(stderr, " -T sessiontimeout Fixed timeout after which sessions will be forgotten (regardless of user activity)\n");
268 fprintf(stderr, " -b dbpath Path where persistent session database will be kept\n");
269 fprintf(stderr, " -a Active mode requiring LOGIN argument to start a session\n");
270}
271int main(int argc, char **argv)
272{
273 char request[HELPER_INPUT_BUFFER];
274 int opt;
275 int default_action = 1;
276
277 program_name = argv[0];
278
279 while ((opt = getopt(argc, argv, "t:T:b:a?")) != -1) {
280 switch (opt) {
281 case 'T':
282 fixed_timeout = 1;
283 [[fallthrough]];
284 case 't':
285 session_ttl = strtol(optarg, nullptr, 0);
286 break;
287 case 'b':
288 db_path = xstrdup(optarg);
289 break;
290 case 'a':
291 default_action = 0;
292 break;
293 case '?':
294 usage();
295 exit(EXIT_SUCCESS);
296 break;
297 }
298 }
299
300 setbuf(stdout, nullptr);
301
302 init_db();
303
304 while (fgets(request, HELPER_INPUT_BUFFER, stdin)) {
305 int action = 0;
306 const char *channel_id = strtok(request, " ");
307 char *detail = strtok(nullptr, "\n");
308 if (detail == nullptr) {
309 // Only 1 parameter supplied. We are expecting at least 2 (including the channel ID)
310 fprintf(stderr, "FATAL: %s is concurrent and requires the concurrency option to be specified.\n", program_name);
311 shutdown_db();
312 exit(EXIT_FAILURE);
313 }
314 char *lastdetail = strrchr(detail, ' ');
315 size_t detail_len = strlen(detail);
316 if (lastdetail) {
317 if (strcmp(lastdetail, " LOGIN") == 0) {
318 action = 1;
319 detail_len = (size_t)(lastdetail-detail);
320 *lastdetail = '\0';
321 } else if (strcmp(lastdetail, " LOGOUT") == 0) {
322 action = -1;
323 detail_len = (size_t)(lastdetail-detail);
324 *lastdetail = '\0';
325 } else if (!default_action && strcmp(lastdetail, " -") == 0) {
326 // no action; LOGIN/LOGOUT not supplied
327 // but truncate the '-' %DATA value given by Squid-4 and later
328 detail_len = (size_t)(lastdetail-detail);
329 *lastdetail = '\0';
330 }
331 }
332 if (action == -1) {
333 session_logout(detail, detail_len);
334 printf("%s OK message=\"Bye\"\n", channel_id);
335 } else if (action == 1) {
336 session_login(detail, detail_len);
337 printf("%s OK message=\"Welcome\"\n", channel_id);
338 } else if (session_active(detail, detail_len)) {
339 if (fixed_timeout == 0) {
340 session_login(detail, detail_len);
341 }
342 printf("%s OK\n", channel_id);
343 } else if (default_action == 1) {
344 session_login(detail, detail_len);
345 printf("%s ERR message=\"Welcome\"\n", channel_id);
346 } else {
347 printf("%s ERR message=\"No session available\"\n", channel_id);
348 }
349 }
350 shutdown_db();
351 return EXIT_SUCCESS;
352}
353
HELPER_INPUT_BUFFER
#define HELPER_INPUT_BUFFER
Definition: UserRequest.cc:24
now
static time_t now
Definition: cachemgr.cc:109
fetchKey
static bool fetchKey(DB_ENTRY &key, DB_ENTRY *data)
Definition: ext_session_acl.cc:166
shutdown_db
static void shutdown_db()
Definition: ext_session_acl.cc:80
main
int main(int argc, char **argv)
Definition: ext_session_acl.cc:271
session_login
static void session_login(char *details, size_t len)
Definition: ext_session_acl.cc:229
init_db
static void init_db(void)
Definition: ext_session_acl.cc:99
db_path
char * db_path
Definition: ext_session_acl.cc:63
fixed_timeout
static int fixed_timeout
Definition: ext_session_acl.cc:62
session_ttl
static int session_ttl
Definition: ext_session_acl.cc:61
session_is_active
int session_is_active
Definition: ext_session_acl.cc:153
session_logout
static void session_logout(char *details, size_t len)
Definition: ext_session_acl.cc:250
copyValue
static void copyValue(void *dst, const DB_ENTRY *src, size_t sz)
Definition: ext_session_acl.cc:188
session_active
static int session_active(const char *details, size_t len)
Definition: ext_session_acl.cc:197
dataSize
static size_t dataSize(DB_ENTRY *data)
Definition: ext_session_acl.cc:156
deleteEntry
static void deleteEntry(DB_ENTRY &key)
Definition: ext_session_acl.cc:178
usage
static void usage(void)
Definition: ext_session_acl.cc:263
program_name
const char * program_name
Definition: ext_session_acl.cc:64
db
TDB_CONTEXT * db
Definition: ext_time_quota_acl.cc:55
getopt
int getopt(int nargc, char *const *nargv, const char *ostr)
Definition: getopt.c:62
optarg
char * optarg
Definition: getopt.c:51
xfree
#define xfree
Definition: negotiate_wrapper.cc:54
xstrdup
#define xstrdup
Definition: negotiate_wrapper.cc:51
protocol_defines.h
action
static bool action(int fd, size_t metasize, const char *fn, const char *url, const SquidMetaList &meta)
Definition: purge.cc:315
size_t
int const char size_t
Definition: stub_liblog.cc:86

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors