/** * cache_nfs_fh -- Places the nfs file handle in the underlying dict as we are * using as our cache. The key is "exportid:gfid:host_addr", the * value is an entry struct containing the export item that * was authorized for the operation and the file handle that was * authorized. * * @cache: The cache to place fh's in * @fh : The fh to cache * @host_addr: The address of the host * @export_item: The export item that was authorized * */ int cache_nfs_fh (struct auth_cache *cache, struct nfs3_fh *fh, const char *host_addr, struct export_item *export_item) { int ret = -EINVAL; char *hashkey = NULL; data_t *entry_data = NULL; time_t timestamp = 0; gf_boolean_t can_write = _gf_false; struct auth_cache_entry *entry = NULL; GF_VALIDATE_OR_GOTO (GF_NFS, host_addr, out); GF_VALIDATE_OR_GOTO (GF_NFS, cache, out); GF_VALIDATE_OR_GOTO (GF_NFS, fh, out); /* If we could already find it in the cache, just return */ ret = auth_cache_lookup (cache, fh, host_addr, ×tamp, &can_write); if (ret == 0) { gf_msg_trace (GF_NFS, 0, "found cached auth/fh for host " "%s", host_addr); goto out; } hashkey = make_hashkey (fh, host_addr); if (!hashkey) { ret = -ENOMEM; goto out; } entry = auth_cache_entry_init (); if (!entry) { ret = -ENOMEM; goto out; } entry->timestamp = time (NULL); entry->item = export_item; /* The cache entry will simply be the time that the entry * was cached. */ entry_data = bin_to_data (entry, sizeof (*entry)); if (!entry_data) { GF_FREE (entry); goto out; } ret = dict_set (cache->cache_dict, hashkey, entry_data); if (ret == -1) { GF_FREE (entry); goto out; } gf_msg_trace (GF_NFS, 0, "Caching file-handle (%s)", host_addr); ret = 0; out: GF_FREE (hashkey); return ret; }
/** * is_nfs_fh_cached_and_writeable -- Checks if an NFS FH is cached for the given * host and writable * @cache: The fh cache * @host_addr: Address to use in lookup * @fh: The fh to use in lookup * * * @return: TRUE if cached & writable, FALSE otherwise * */ gf_boolean_t is_nfs_fh_cached_and_writeable (struct auth_cache *cache, struct nfs3_fh *fh, const char *host_addr) { int ret = 0; time_t timestamp = 0; gf_boolean_t cached = _gf_false; gf_boolean_t writable = _gf_false; if (!fh) goto out; ret = auth_cache_lookup (cache, fh, host_addr, ×tamp, &writable); cached = ((ret == ENTRY_FOUND) && writable); out: return cached; }
bool passdb_cache_lookup_credentials(struct auth_request *request, const char *key, const char **password_r, const char **scheme_r, enum passdb_result *result_r, bool use_expired) { const char *value, *const *list; struct auth_cache_node *node; bool expired, neg_expired; if (passdb_cache == NULL) return FALSE; value = auth_cache_lookup(passdb_cache, request, key, &node, &expired, &neg_expired); if (value == NULL || (expired && !use_expired)) { auth_request_log_debug(request, AUTH_SUBSYS_DB, value == NULL ? "cache miss" : "cache expired"); return FALSE; } passdb_cache_log_hit(request, value); if (*value == '\0') { /* negative cache entry */ *result_r = PASSDB_RESULT_USER_UNKNOWN; *password_r = NULL; *scheme_r = NULL; return TRUE; } list = t_strsplit_tab(value); auth_request_set_fields(request, list + 1, NULL); *result_r = PASSDB_RESULT_OK; *password_r = *list[0] == '\0' ? NULL : list[0]; *scheme_r = password_get_scheme(password_r); i_assert(*scheme_r != NULL || *password_r == NULL); return TRUE; }
static bool passdb_cache_lookup(struct auth_request *request, const char *key, bool use_expired, struct auth_cache_node **node_r, const char **value_r, bool *neg_expired_r) { const char *value; bool expired; /* value = password \t ... */ value = auth_cache_lookup(passdb_cache, request, key, node_r, &expired, neg_expired_r); if (value == NULL || (expired && !use_expired)) { auth_request_log_debug(request, AUTH_SUBSYS_DB, value == NULL ? "cache miss" : "cache expired"); return FALSE; } passdb_cache_log_hit(request, value); *value_r = value; return TRUE; }
bool passdb_cache_verify_plain(struct auth_request *request, const char *key, const char *password, enum passdb_result *result_r, int use_expired) { const char *value, *cached_pw, *scheme, *const *list; struct auth_cache_node *node; int ret; bool expired, neg_expired; if (passdb_cache == NULL || key == NULL) return FALSE; /* value = password \t ... */ value = auth_cache_lookup(passdb_cache, request, key, &node, &expired, &neg_expired); if (value == NULL || (expired && !use_expired)) { auth_request_log_debug(request, AUTH_SUBSYS_DB, value == NULL ? "cache miss" : "cache expired"); return FALSE; } passdb_cache_log_hit(request, value); if (*value == '\0') { /* negative cache entry */ auth_request_log_unknown_user(request, AUTH_SUBSYS_DB); *result_r = PASSDB_RESULT_USER_UNKNOWN; return TRUE; } list = t_strsplit_tab(value); cached_pw = list[0]; if (*cached_pw == '\0') { /* NULL password */ auth_request_log_info(request, AUTH_SUBSYS_DB, "Cached NULL password access"); ret = 1; } else { scheme = password_get_scheme(&cached_pw); i_assert(scheme != NULL); ret = auth_request_password_verify(request, password, cached_pw, scheme, AUTH_SUBSYS_DB); if (ret == 0 && (node->last_success || neg_expired)) { /* a) the last authentication was successful. assume that the password was changed and cache is expired. b) negative TTL reached, use it for password mismatches too. */ node->last_success = FALSE; return FALSE; } } node->last_success = ret > 0; /* save the extra_fields only after we know we're using the cached data */ auth_request_set_fields(request, list + 1, NULL); *result_r = ret > 0 ? PASSDB_RESULT_OK : PASSDB_RESULT_PASSWORD_MISMATCH; return TRUE; }