Beispiel #1
0
static void
authenticateAuthUserRequestLinkIp(auth_user_request_t * auth_user_request, const struct in_addr ipaddr, request_t * request)
{
	auth_user_request_ip_hash_t *hash_entry;

	if (!Config.authenticateIpShortcircuitTTL)
		return;

#ifdef CC_FRAMEWORK
	acl_access * acl = cc_get_acl_access_by_token_and_host("authenticate_ip_shortcircuit_access",request->host);
	if (acl && !aclCheckFastRequest(acl, request))
#else
	if (Config.accessList.auth_ip_shortcircuit && !aclCheckFastRequest(Config.accessList.auth_ip_shortcircuit, request))
#endif
		return;

	if (!auth_user_request_ip_hash)
	{
		auth_user_request_ip_hash = hash_create((HASHCMP *) cmp_in_addr, 7921, hash_in_addr);
		auth_user_request_ip_pool = memPoolCreate("auth_user_request_ip_hash_t", sizeof(auth_user_request_ip_hash_t));
	}
	authenticateAuthUserRequestUnlinkIp(ipaddr);

	hash_entry = memPoolAlloc(auth_user_request_ip_pool);
	hash_entry->ipaddr = ipaddr;
	hash_entry->hash.key = &hash_entry->ipaddr;
	hash_entry->auth_user_request = auth_user_request;
	authenticateAuthUserRequestLock(hash_entry->auth_user_request);
	hash_entry->last_seen = squid_curtime;
	hash_join(auth_user_request_ip_hash, &hash_entry->hash);
}
Beispiel #2
0
/*
 * Hash generic data.
 */
static hash_t hash_data(const char *data, size_t len, hash_t key)
{
    hash_t hash = HASH(0x8E93668B31ACE316ull, 0xE9270DEF701B0ECFull);
    size_t i;
    for (i = 0; i + sizeof(hash_t) <= len; i += sizeof(hash_t))
    {
        hash_t chunk = *(hash_t *)(data + i);
        hash = hash_join(i, hash, hash_hash(chunk, key));
    }
    char buf[sizeof(hash_t)] = {0};
    memcpy(buf, data+i, len-i);
    const char *buf1 = buf;         // Suppress warning.
    hash_t chunk = *(hash_t *)buf1;
    hash = hash_join(i, hash, hash_hash(chunk, key));
    return hash;
}
Beispiel #3
0
static void
netdbHashInsert(netdbEntry * n, struct in_addr addr)
{
    xstrncpy(n->network, inet_ntoa(networkFromInaddr(addr)), 16);
    n->hash.key = n->network;
    assert(hash_lookup(addr_table, n->network) == NULL);
    hash_join(addr_table, &n->hash);
}
Beispiel #4
0
/*
 * Hash a func_t.
 */
extern hash_t hash_func(func_t f)
{
    hash_t key = FUNC_KEY;
    hash_t hash = hash_word((word_t)f->atom, key);
    size_t aty = atom_arity(f->atom);
    for (size_t i = 0; i < aty; i++)
        hash = hash_join(i, hash, hash_term(f->args[i]));
    return hash;
}
static ClientInfo *
clientdbAdd(struct in_addr addr)
{
    ClientInfo *c;
    c = memAllocate(MEM_CLIENT_INFO);
    c->hash.key = xstrdup(inet_ntoa(addr));
    c->addr = addr;
    hash_join(client_table, &c->hash);
    statCounter.client_http.clients++;
    return c;
}
Beispiel #6
0
static struct _pconn *
pconnNew(const char *key)
{
    struct _pconn *p = memPoolAlloc(pconn_data_pool);
    p->hash.key = xstrdup(key);
    p->nfds_alloc = PCONN_FDS_SZ;
    p->fds = memPoolAlloc(pconn_fds_pool);
    debug(48, 3) ("pconnNew: adding %s\n", hashKeyStr(&p->hash));
    hash_join(table, &p->hash);
    return p;
}
Beispiel #7
0
/*
 * Calculate the hash value of a constraint w.r.t. a lookup.
 */
extern hash_t hash_lookup(hash_t hash, lookup_t lookup, cons_t c)
{
    while (*lookup >= 0)
    {
        size_t idx = (size_t)*lookup;
        term_t arg = c->args[idx];
        hash = hash_join(idx, hash, hash_term(arg));
        lookup++;
    }
    return hash;
}
Beispiel #8
0
/* UserNameCacheAdd: add a auth_user structure to the username cache */
void
authenticateUserNameCacheAdd(auth_user_t * auth_user)
{
    auth_user_hash_pointer *usernamehash;
    usernamehash = memAllocate(MEM_AUTH_USER_HASH);
    usernamehash->key = authenticateUserUsername(auth_user);
    usernamehash->auth_user = auth_user;
    hash_join(proxy_auth_username_cache, (hash_link *) usernamehash);
    auth_user->usernamehash = usernamehash;
    /* lock for presence in the cache */
    authenticateAuthUserLock(auth_user);
}
Beispiel #9
0
static void
netdbHostInsert(netdbEntry * n, const char *hostname)
{
    net_db_name *x = memAllocate(MEM_NET_DB_NAME);
    x->hash.key = xstrdup(hostname);
    x->next = n->hosts;
    n->hosts = x;
    x->net_db_entry = n;
    assert(hash_lookup(host_table, hostname) == NULL);
    hash_join(host_table, &x->hash);
    n->link_count++;
}
Beispiel #10
0
void
delayRegisterDelayIdPtr(delay_id * loc)
{
    hash_link *lnk;
    if (!delay_id_ptr_hash)
	return;
    if (*loc == 0)
	return;
    lnk = xmalloc(sizeof(hash_link));
    memory_used += sizeof(hash_link);
    lnk->key = (char *) loc;
    hash_join(delay_id_ptr_hash, lnk);
}
Beispiel #11
0
/*
 * start a TCP connection to the peer host on port 113
 */
void
identStart(struct sockaddr_in *me, struct sockaddr_in *my_peer, IDCB * callback, void *data)
{
	IdentStateData *state;
	int fd;
	char key1[IDENT_KEY_SZ];
	char key2[IDENT_KEY_SZ];
	char key[IDENT_KEY_SZ];
	snprintf(key1, IDENT_KEY_SZ, "%s:%d",
			 inet_ntoa(me->sin_addr),
			 ntohs(me->sin_port));
	snprintf(key2, IDENT_KEY_SZ, "%s:%d",
			 inet_ntoa(my_peer->sin_addr),
			 ntohs(my_peer->sin_port));
	snprintf(key, IDENT_KEY_SZ, "%s,%s", key1, key2);
	if ((state = hash_lookup(ident_hash, key)) != NULL)
	{
		identClientAdd(state, callback, data);
		return;
	}
	fd = comm_open(SOCK_STREAM,
				   IPPROTO_TCP,
				   me->sin_addr,
				   0,
				   COMM_NONBLOCKING,
				   "ident");
	if (fd == COMM_ERROR)
	{
		/* Failed to get a local socket */
		callback(NULL, data);
		return;
	}
	CBDATA_INIT_TYPE(IdentStateData);
	state = cbdataAlloc(IdentStateData);
	state->hash.key = xstrdup(key);
	state->fd = fd;
	state->me = *me;
	state->my_peer = *my_peer;
	identClientAdd(state, callback, data);
	hash_join(ident_hash, &state->hash);
	comm_add_close_handler(fd,
						   identClose,
						   state);
	commSetTimeout(fd, Config.Timeout.ident, identTimeout, state);
	commConnectStart(fd,
					 inet_ntoa(state->my_peer.sin_addr),
					 IDENT_PORT,
					 identConnectDone,
					 state);
}
Beispiel #12
0
static void
cacheStore(Cache * cache, storeSwapLogData * s, int update_digest)
{
    CacheEntry *olde = (CacheEntry *) hash_lookup(cache->hash, s->key);
    if (olde) {
	cache->bad_add_count++;
    } else {
	CacheEntry *e = cacheEntryCreate(s);
	hash_join(cache->hash, &e->hash);
	cache->count++;
	if (update_digest)
	    cacheDigestAdd(cache->digest, e->key);
    }
}
Beispiel #13
0
/*
 * Similar to hash_update_lookup, but for entire constraint.
 */
extern hash_t hash_update_cons(hash_t hash, cons_t c, hash_t xkey_old,
    hash_t xkey_new)
{
    size_t aty = c->sym->arity;
    for (size_t i = 0; i < aty; i++)
    {
        term_t arg = c->args[i];
        hash_t arg_hash = hash_term(arg);
        if (hash_iseq(arg_hash, xkey_old))
            arg_hash = xkey_new;
        hash = hash_join(i, hash, arg_hash);
    }
    return hash;
}
Beispiel #14
0
/*
 * Similar to above but use new hash value for term x.
 */
extern hash_t hash_update_lookup(hash_t hash, lookup_t lookup, cons_t c,
    hash_t xkey_old, hash_t xkey_new)
{
    while (*lookup >= 0)
    {
        size_t idx = (size_t)*lookup;
        term_t arg = c->args[idx];
        hash_t arg_hash = hash_term(arg);
        if (hash_iseq(arg_hash, xkey_old))
            arg_hash = xkey_new;
        hash = hash_join(idx, hash, arg_hash);
        lookup++;
    }
    return hash;
}
Beispiel #15
0
static ClientInfo *
clientdbAdd(struct in_addr addr)
{
    ClientInfo *c;
    c = memAllocate(MEM_CLIENT_INFO);
    c->hash.key = xstrdup(xinet_ntoa(addr));
    c->addr = addr;
    hash_join(client_table, &c->hash);
    statCounter.client_http.clients++;
    if ((statCounter.client_http.clients > max_clients) && !cleanup_running && cleanup_scheduled < 2) {
	cleanup_scheduled++;
	eventAdd("client_db garbage collector", clientdbScheduledGC, NULL, 90, 0);
    }
    return c;
}
Beispiel #16
0
void *
leakAddFL(void *p, const char *file, int line)
{
    ptr *c;
    assert(p);
    assert(htable != NULL);
    assert(hash_lookup(htable, p) == NULL);
    c = xcalloc(1, sizeof(*c));
    c->key = p;
    c->file = file;
    c->line = line;
    c->when = squid_curtime;
    hash_join(htable, &c->hash);
    leakCount++;
    return p;
}
Beispiel #17
0
/* We need to use both the URL and the client_addr for checking, if two
 clients retrieve the same file, it would clash. However, this is pretty
 inefficent - FIXME (i.e. make me deal with multiple downloads of the same
 URL). */
const char * const update_file(hash_table *hash, const char *modname,const char * const tempdir,const char * const url,const char * const client_addr,const char * const buf,int len,long int **lastscannedsize) {
	FILE* f;
 	char *key, *tmpfile;
	tmpfile_hash_link* lp;
	int keylen;

	// first create the key
	keylen=strnlen(url, 1024) + strnlen(client_addr, 1024);
	if((key=(char*) xmalloc (sizeof(char) * (keylen + 1)))==NULL) return NULL;
	strncpy(key, url, keylen);
	strncat(key, client_addr, keylen);

	// do we already know that combination?
	if((lp=hash_lookup(hash, key))==NULL) {
		// nope, create a new temp file
		if(__is_dir(tempdir)==0) __mkdir(tempdir);
		tmpfile=tempnam(tempdir, "file");
		if(tmpfile==NULL) {
			debug(93,3) ("%s: error: could not create temporary file name\n", modname);
			xfree(key);
			return NULL;
		}
		// insert into the hash
		lp=xmalloc(sizeof(tmpfile_hash_link));
		lp->hash.key=xstrdup(key);
		lp->filename=xstrdup(tmpfile);
		lp->lastscannedsize=0;
		xfree(tmpfile);
		hash_join(hash, &lp->hash);
	}
	xfree(key);

 	// here we are sure that the file name has been set (in lp->filename)
	// care about file permissions!
 	umask(0077);
 	f=fopen(lp->filename, "ab");
	if(f==NULL) return NULL;
	if(buf[0]!=' ') fwrite(buf, 1, len, f);
	fclose(f);
 	if(lastscannedsize !=NULL) *lastscannedsize=&lp->lastscannedsize;
	return lp->filename;
}
Beispiel #18
0
cbdataAdd(const void *p, CBDUNL * unlock_func, int id)
#endif
{
    cbdata *c;
    assert(p);
    debug(45, 3) ("cbdataAdd: %p\n", p);
    assert(htable != NULL);
    assert(hash_lookup(htable, p) == NULL);
    c = xcalloc(1, sizeof(cbdata));
    c->key = p;
    c->valid = 1;
    c->unlock_func = unlock_func;
    c->id = id;
#if CBDATA_DEBUG
    c->file = file;
    c->line = line;
#endif
    hash_join(htable, (hash_link *) c);
    cbdataCount++;
}
Beispiel #19
0
static int
cacheIndexScan(CacheIndex * idx, const char *fname, FILE * file)
{
    int count = 0;
    storeSwapLogData s;
    fprintf(stderr, "%s scanning\n", fname);
    while (fread(&s, sizeof(s), 1, file) == 1) {
	count++;
	idx->scanned_count++;
	/* if (s.op <= SWAP_LOG_NOP || s.op >= SWAP_LOG_MAX)
	 * continue; */
	if (s.op == SWAP_LOG_ADD) {
	    CacheEntry *olde = (CacheEntry *) hash_lookup(idx->hash, s.key);
	    if (olde) {
		idx->bad_add_count++;
	    } else {
		CacheEntry *e = cacheEntryCreate(&s);
		hash_join(idx->hash, (hash_link *) e);
		idx->count++;
	    }
	} else if (s.op == SWAP_LOG_DEL) {
	    CacheEntry *olde = (CacheEntry *) hash_lookup(idx->hash, s.key);
	    if (!olde)
		idx->bad_del_count++;
	    else {
		assert(idx->count);
		hash_remove_link(idx->hash, (hash_link *) olde);
		cacheEntryDestroy(olde);
		idx->count--;
	    }
	} else {
	    fprintf(stderr, "%s:%d: unknown swap log action\n", fname, count);
	    exit(-3);
	}
    }
    fprintf(stderr, "%s:%d: scanned (size: %d bytes)\n",
	fname, count, (int) (count * sizeof(CacheEntry)));
    return count;
}
static void
read_passwd_file(const char *passwdfile)
{
    FILE *f;
    char buf[8192];
    user_data *u;
    char *user;
    char *passwd;
    if (hash != NULL) {
	hashFreeItems(hash, my_free);
	hashFreeMemory(hash);
    }
    /* initial setup */
    hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
    if (NULL == hash) {
	fprintf(stderr, "ncsa_auth: cannot create hash table\n");
	exit(1);
    }
    f = fopen(passwdfile, "r");
    if (NULL == f) {
	fprintf(stderr, "%s: %s\n", passwdfile, xstrerror());
	exit(1);
    }
    while (fgets(buf, 8192, f) != NULL) {
	if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
	    (buf[0] == '\n'))
	    continue;
	user = strtok(buf, ":\n\r");
	passwd = strtok(NULL, ":\n\r");
	if ((strlen(user) > 0) && passwd) {
	    u = xmalloc(sizeof(*u));
	    u->user = xstrdup(user);
	    u->passwd = xstrdup(passwd);
	    hash_join(hash, (hash_link *) u);
	}
    }
    fclose(f);
}
static external_acl_entry *
external_acl_cache_add(external_acl * def, const char *key, int result, char *user, char *error)
{
    external_acl_entry *entry = hash_lookup(def->cache, key);
    debug(82, 2) ("external_acl_cache_add: Adding '%s' = %d\n", key, result);
    if (entry) {
	debug(82, 3) ("external_acl_cache_add: updating existing entry\n");
	entry->date = squid_curtime;
	entry->result = result;
	safe_free(entry->user);
	safe_free(entry->error);
	if (user)
	    entry->user = xstrdup(user);
	if (error)
	    entry->error = xstrdup(error);
	external_acl_cache_touch(def, entry);
	return entry;
    }
    CBDATA_INIT_TYPE_FREECB(external_acl_entry, free_external_acl_entry);
    /* Maintain cache size */
    if (def->cache_size && def->cache_entries >= def->cache_size)
	external_acl_cache_delete(def, def->lru_list.tail->data);
    entry = cbdataAlloc(external_acl_entry);
    entry->hash.key = xstrdup(key);
    entry->date = squid_curtime;
    entry->result = result;
    if (user)
	entry->user = xstrdup(user);
    if (error)
	entry->error = xstrdup(error);
    entry->def = def;
    hash_join(def->cache, &entry->hash);
    dlinkAdd(entry, &entry->lru, &def->lru_list);
    def->cache_entries += 1;
    return entry;
}
Beispiel #22
0
static void
read_passwd_file(const char *passwdfile, int ha1mode)
{
    FILE *f;
    char buf[8192];
    user_data *u;
    char *user;
    char *passwd;
    char *ha1 = NULL;
    char *realm;

    if (hash != NULL) {
	hashFreeItems(hash, my_free);
    }
    /* initial setup */
    hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
    if (NULL == hash) {
	fprintf(stderr, "digest_pw_auth: cannot create hash table\n");
	exit(1);
    }
    f = fopen(passwdfile, "r");
    while (fgets(buf, 8192, f) != NULL) {
	if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
	    (buf[0] == '\n'))
	    continue;
	user = strtok(buf, ":\n");
	realm = strtok(NULL, ":\n");
	passwd = strtok(NULL, ":\n");
	if (!passwd) {
	    passwd = realm;
	    realm = NULL;
	}
	if ((strlen(user) > 0) && passwd) {
	    if (strncmp(passwd, "{HHA1}", 6) == 0) {
		ha1 = passwd + 6;
		passwd = NULL;
	    } else if (ha1mode) {
		ha1 = passwd;
		passwd = NULL;
	    }
	    if (ha1 && strlen(ha1) != 32) {
		/* We cannot accept plaintext passwords when using HA1 encoding,
		 * as the passwords may be output to cache.log if debugging is on.
		 */
		fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user);
		continue;
	    }
	    u = xcalloc(1, sizeof(*u));
	    if (realm) {
		int len = strlen(user) + strlen(realm) + 2;
		u->hash.key = malloc(len);
		snprintf(u->hash.key, len, "%s:%s", user, realm);
	    } else {
		u->hash.key = xstrdup(user);
	    }
	    if (ha1)
		u->ha1 = xstrdup(ha1);
	    else
		u->passwd = xstrdup(passwd);
	    hash_join(hash, &u->hash);
	}
    }
    fclose(f);
}
Beispiel #23
0
static void
idnsCacheQuery(idns_query * q)
{
    q->hash.key = q->query.name;
    hash_join(idns_lookup_hash, &q->hash);
}
Beispiel #24
0
static digest_nonce_h *
authenticateDigestNonceNew(void)
{
    digest_nonce_h *newnonce = memPoolAlloc(digest_nonce_pool);
    digest_nonce_h *temp;

/* NONCE CREATION - NOTES AND REASONING. RBC 20010108
 * === EXCERPT FROM RFC 2617 ===
 * The contents of the nonce are implementation dependent. The quality
 * of the implementation depends on a good choice. A nonce might, for
 * example, be constructed as the base 64 encoding of
 * 
 * time-stamp H(time-stamp ":" ETag ":" private-key)
 * 
 * where time-stamp is a server-generated time or other non-repeating
 * value, ETag is the value of the HTTP ETag header associated with
 * the requested entity, and private-key is data known only to the
 * server.  With a nonce of this form a server would recalculate the
 * hash portion after receiving the client authentication header and
 * reject the request if it did not match the nonce from that header
 * or if the time-stamp value is not recent enough. In this way the
 * server can limit the time of the nonce's validity. The inclusion of
 * the ETag prevents a replay request for an updated version of the
 * resource.  (Note: including the IP address of the client in the
 * nonce would appear to offer the server the ability to limit the
 * reuse of the nonce to the same client that originally got it.
 * However, that would break proxy farms, where requests from a single
 * user often go through different proxies in the farm. Also, IP
 * address spoofing is not that hard.)
 * ====
 * 
 * Now for my reasoning:
 * We will not accept a unrecognised nonce->we have all recognisable
 * nonces stored If we send out unique base64 encodings we guarantee
 * that a given nonce applies to only one user (barring attacks or
 * really bad timing with expiry and creation).  Using a random
 * component in the nonce allows us to loop to find a unique nonce.
 * We use H(nonce_data) so the nonce is meaningless to the reciever.
 * So our nonce looks like base64(H(timestamp,pointertohash,randomdata))
 * And even if our randomness is not very random (probably due to
 * bad coding on my part) we don't really care - the timestamp and
 * memory pointer should provide enough protection for the users
 * authentication.
 */

    /* create a new nonce */
    newnonce->nc = 0;
    newnonce->flags.valid = 1;
    newnonce->noncedata.self = newnonce;
    newnonce->noncedata.creationtime = current_time.tv_sec;
    newnonce->noncedata.randomdata = squid_random();

    authDigestNonceEncode(newnonce);
    /*
     * loop until we get a unique nonce. The nonce creation must
     * have a random factor
     */
    while ((temp = authenticateDigestNonceFindNonce(newnonce->hash.key))) {
	/* create a new nonce */
	newnonce->noncedata.randomdata = squid_random();
	authDigestNonceEncode(newnonce);
    }
    hash_join(digest_nonce_cache, &newnonce->hash);
    /* the cache's link */
    authDigestNonceLink(newnonce);
    newnonce->flags.incache = 1;
    debug(29, 5) ("authenticateDigestNonceNew: created nonce %p at %ld\n", newnonce, (long int) newnonce->noncedata.creationtime);
    return newnonce;
}