static void
authenticateAuthUserRequestLinkIp(auth_user_request_t * auth_user_request, const struct in_addr ipaddr, request_t * request)
{
auth_user_request_ip_hash_t *hash_entry;
if (!Config.authenticateIpShortcircuitTTL)
return;
#ifdef CC_FRAMEWORK
acl_access * acl = cc_get_acl_access_by_token_and_host("authenticate_ip_shortcircuit_access",request->host);
if (acl && !aclCheckFastRequest(acl, request))
#else
if (Config.accessList.auth_ip_shortcircuit && !aclCheckFastRequest(Config.accessList.auth_ip_shortcircuit, request))
#endif
return;
if (!auth_user_request_ip_hash)
{
auth_user_request_ip_hash = hash_create((HASHCMP *) cmp_in_addr, 7921, hash_in_addr);
auth_user_request_ip_pool = memPoolCreate("auth_user_request_ip_hash_t", sizeof(auth_user_request_ip_hash_t));
}
authenticateAuthUserRequestUnlinkIp(ipaddr);
hash_entry = memPoolAlloc(auth_user_request_ip_pool);
hash_entry->ipaddr = ipaddr;
hash_entry->hash.key = &hash_entry->ipaddr;
hash_entry->auth_user_request = auth_user_request;
authenticateAuthUserRequestLock(hash_entry->auth_user_request);
hash_entry->last_seen = squid_curtime;
hash_join(auth_user_request_ip_hash, &hash_entry->hash);
}
/*
* Hash generic data.
*/
static hash_t hash_data(const char *data, size_t len, hash_t key)
{
hash_t hash = HASH(0x8E93668B31ACE316ull, 0xE9270DEF701B0ECFull);
size_t i;
for (i = 0; i + sizeof(hash_t) <= len; i += sizeof(hash_t))
{
hash_t chunk = *(hash_t *)(data + i);
hash = hash_join(i, hash, hash_hash(chunk, key));
}
char buf[sizeof(hash_t)] = {0};
memcpy(buf, data+i, len-i);
const char *buf1 = buf; // Suppress warning.
hash_t chunk = *(hash_t *)buf1;
hash = hash_join(i, hash, hash_hash(chunk, key));
return hash;
}
static void
netdbHashInsert(netdbEntry * n, struct in_addr addr)
{
xstrncpy(n->network, inet_ntoa(networkFromInaddr(addr)), 16);
n->hash.key = n->network;
assert(hash_lookup(addr_table, n->network) == NULL);
hash_join(addr_table, &n->hash);
}
/*
* Hash a func_t.
*/
extern hash_t hash_func(func_t f)
{
hash_t key = FUNC_KEY;
hash_t hash = hash_word((word_t)f->atom, key);
size_t aty = atom_arity(f->atom);
for (size_t i = 0; i < aty; i++)
hash = hash_join(i, hash, hash_term(f->args[i]));
return hash;
}
static ClientInfo *
clientdbAdd(struct in_addr addr)
{
ClientInfo *c;
c = memAllocate(MEM_CLIENT_INFO);
c->hash.key = xstrdup(inet_ntoa(addr));
c->addr = addr;
hash_join(client_table, &c->hash);
statCounter.client_http.clients++;
return c;
}
static struct _pconn *
pconnNew(const char *key)
{
struct _pconn *p = memPoolAlloc(pconn_data_pool);
p->hash.key = xstrdup(key);
p->nfds_alloc = PCONN_FDS_SZ;
p->fds = memPoolAlloc(pconn_fds_pool);
debug(48, 3) ("pconnNew: adding %s\n", hashKeyStr(&p->hash));
hash_join(table, &p->hash);
return p;
}
/*
* Calculate the hash value of a constraint w.r.t. a lookup.
*/
extern hash_t hash_lookup(hash_t hash, lookup_t lookup, cons_t c)
{
while (*lookup >= 0)
{
size_t idx = (size_t)*lookup;
term_t arg = c->args[idx];
hash = hash_join(idx, hash, hash_term(arg));
lookup++;
}
return hash;
}
/* UserNameCacheAdd: add a auth_user structure to the username cache */
void
authenticateUserNameCacheAdd(auth_user_t * auth_user)
{
auth_user_hash_pointer *usernamehash;
usernamehash = memAllocate(MEM_AUTH_USER_HASH);
usernamehash->key = authenticateUserUsername(auth_user);
usernamehash->auth_user = auth_user;
hash_join(proxy_auth_username_cache, (hash_link *) usernamehash);
auth_user->usernamehash = usernamehash;
/* lock for presence in the cache */
authenticateAuthUserLock(auth_user);
}
static void
netdbHostInsert(netdbEntry * n, const char *hostname)
{
net_db_name *x = memAllocate(MEM_NET_DB_NAME);
x->hash.key = xstrdup(hostname);
x->next = n->hosts;
n->hosts = x;
x->net_db_entry = n;
assert(hash_lookup(host_table, hostname) == NULL);
hash_join(host_table, &x->hash);
n->link_count++;
}
void
delayRegisterDelayIdPtr(delay_id * loc)
{
hash_link *lnk;
if (!delay_id_ptr_hash)
return;
if (*loc == 0)
return;
lnk = xmalloc(sizeof(hash_link));
memory_used += sizeof(hash_link);
lnk->key = (char *) loc;
hash_join(delay_id_ptr_hash, lnk);
}
/*
* start a TCP connection to the peer host on port 113
*/
void
identStart(struct sockaddr_in *me, struct sockaddr_in *my_peer, IDCB * callback, void *data)
{
IdentStateData *state;
int fd;
char key1[IDENT_KEY_SZ];
char key2[IDENT_KEY_SZ];
char key[IDENT_KEY_SZ];
snprintf(key1, IDENT_KEY_SZ, "%s:%d",
inet_ntoa(me->sin_addr),
ntohs(me->sin_port));
snprintf(key2, IDENT_KEY_SZ, "%s:%d",
inet_ntoa(my_peer->sin_addr),
ntohs(my_peer->sin_port));
snprintf(key, IDENT_KEY_SZ, "%s,%s", key1, key2);
if ((state = hash_lookup(ident_hash, key)) != NULL)
{
identClientAdd(state, callback, data);
return;
}
fd = comm_open(SOCK_STREAM,
IPPROTO_TCP,
me->sin_addr,
0,
COMM_NONBLOCKING,
"ident");
if (fd == COMM_ERROR)
{
/* Failed to get a local socket */
callback(NULL, data);
return;
}
CBDATA_INIT_TYPE(IdentStateData);
state = cbdataAlloc(IdentStateData);
state->hash.key = xstrdup(key);
state->fd = fd;
state->me = *me;
state->my_peer = *my_peer;
identClientAdd(state, callback, data);
hash_join(ident_hash, &state->hash);
comm_add_close_handler(fd,
identClose,
state);
commSetTimeout(fd, Config.Timeout.ident, identTimeout, state);
commConnectStart(fd,
inet_ntoa(state->my_peer.sin_addr),
IDENT_PORT,
identConnectDone,
state);
}
static void
cacheStore(Cache * cache, storeSwapLogData * s, int update_digest)
{
CacheEntry *olde = (CacheEntry *) hash_lookup(cache->hash, s->key);
if (olde) {
cache->bad_add_count++;
} else {
CacheEntry *e = cacheEntryCreate(s);
hash_join(cache->hash, &e->hash);
cache->count++;
if (update_digest)
cacheDigestAdd(cache->digest, e->key);
}
}
/*
* Similar to hash_update_lookup, but for entire constraint.
*/
extern hash_t hash_update_cons(hash_t hash, cons_t c, hash_t xkey_old,
hash_t xkey_new)
{
size_t aty = c->sym->arity;
for (size_t i = 0; i < aty; i++)
{
term_t arg = c->args[i];
hash_t arg_hash = hash_term(arg);
if (hash_iseq(arg_hash, xkey_old))
arg_hash = xkey_new;
hash = hash_join(i, hash, arg_hash);
}
return hash;
}
/*
* Similar to above but use new hash value for term x.
*/
extern hash_t hash_update_lookup(hash_t hash, lookup_t lookup, cons_t c,
hash_t xkey_old, hash_t xkey_new)
{
while (*lookup >= 0)
{
size_t idx = (size_t)*lookup;
term_t arg = c->args[idx];
hash_t arg_hash = hash_term(arg);
if (hash_iseq(arg_hash, xkey_old))
arg_hash = xkey_new;
hash = hash_join(idx, hash, arg_hash);
lookup++;
}
return hash;
}
static ClientInfo *
clientdbAdd(struct in_addr addr)
{
ClientInfo *c;
c = memAllocate(MEM_CLIENT_INFO);
c->hash.key = xstrdup(xinet_ntoa(addr));
c->addr = addr;
hash_join(client_table, &c->hash);
statCounter.client_http.clients++;
if ((statCounter.client_http.clients > max_clients) && !cleanup_running && cleanup_scheduled < 2) {
cleanup_scheduled++;
eventAdd("client_db garbage collector", clientdbScheduledGC, NULL, 90, 0);
}
return c;
}
void *
leakAddFL(void *p, const char *file, int line)
{
ptr *c;
assert(p);
assert(htable != NULL);
assert(hash_lookup(htable, p) == NULL);
c = xcalloc(1, sizeof(*c));
c->key = p;
c->file = file;
c->line = line;
c->when = squid_curtime;
hash_join(htable, &c->hash);
leakCount++;
return p;
}
/* We need to use both the URL and the client_addr for checking, if two
clients retrieve the same file, it would clash. However, this is pretty
inefficent - FIXME (i.e. make me deal with multiple downloads of the same
URL). */
const char * const update_file(hash_table *hash, const char *modname,const char * const tempdir,const char * const url,const char * const client_addr,const char * const buf,int len,long int **lastscannedsize) {
FILE* f;
char *key, *tmpfile;
tmpfile_hash_link* lp;
int keylen;
// first create the key
keylen=strnlen(url, 1024) + strnlen(client_addr, 1024);
if((key=(char*) xmalloc (sizeof(char) * (keylen + 1)))==NULL) return NULL;
strncpy(key, url, keylen);
strncat(key, client_addr, keylen);
// do we already know that combination?
if((lp=hash_lookup(hash, key))==NULL) {
// nope, create a new temp file
if(__is_dir(tempdir)==0) __mkdir(tempdir);
tmpfile=tempnam(tempdir, "file");
if(tmpfile==NULL) {
debug(93,3) ("%s: error: could not create temporary file name\n", modname);
xfree(key);
return NULL;
}
// insert into the hash
lp=xmalloc(sizeof(tmpfile_hash_link));
lp->hash.key=xstrdup(key);
lp->filename=xstrdup(tmpfile);
lp->lastscannedsize=0;
xfree(tmpfile);
hash_join(hash, &lp->hash);
}
xfree(key);
// here we are sure that the file name has been set (in lp->filename)
// care about file permissions!
umask(0077);
f=fopen(lp->filename, "ab");
if(f==NULL) return NULL;
if(buf[0]!=' ') fwrite(buf, 1, len, f);
fclose(f);
if(lastscannedsize !=NULL) *lastscannedsize=&lp->lastscannedsize;
return lp->filename;
}
cbdataAdd(const void *p, CBDUNL * unlock_func, int id)
#endif
{
cbdata *c;
assert(p);
debug(45, 3) ("cbdataAdd: %p\n", p);
assert(htable != NULL);
assert(hash_lookup(htable, p) == NULL);
c = xcalloc(1, sizeof(cbdata));
c->key = p;
c->valid = 1;
c->unlock_func = unlock_func;
c->id = id;
#if CBDATA_DEBUG
c->file = file;
c->line = line;
#endif
hash_join(htable, (hash_link *) c);
cbdataCount++;
}
static int
cacheIndexScan(CacheIndex * idx, const char *fname, FILE * file)
{
int count = 0;
storeSwapLogData s;
fprintf(stderr, "%s scanning\n", fname);
while (fread(&s, sizeof(s), 1, file) == 1) {
count++;
idx->scanned_count++;
/* if (s.op <= SWAP_LOG_NOP || s.op >= SWAP_LOG_MAX)
* continue; */
if (s.op == SWAP_LOG_ADD) {
CacheEntry *olde = (CacheEntry *) hash_lookup(idx->hash, s.key);
if (olde) {
idx->bad_add_count++;
} else {
CacheEntry *e = cacheEntryCreate(&s);
hash_join(idx->hash, (hash_link *) e);
idx->count++;
}
} else if (s.op == SWAP_LOG_DEL) {
CacheEntry *olde = (CacheEntry *) hash_lookup(idx->hash, s.key);
if (!olde)
idx->bad_del_count++;
else {
assert(idx->count);
hash_remove_link(idx->hash, (hash_link *) olde);
cacheEntryDestroy(olde);
idx->count--;
}
} else {
fprintf(stderr, "%s:%d: unknown swap log action\n", fname, count);
exit(-3);
}
}
fprintf(stderr, "%s:%d: scanned (size: %d bytes)\n",
fname, count, (int) (count * sizeof(CacheEntry)));
return count;
}
static void
read_passwd_file(const char *passwdfile)
{
FILE *f;
char buf[8192];
user_data *u;
char *user;
char *passwd;
if (hash != NULL) {
hashFreeItems(hash, my_free);
hashFreeMemory(hash);
}
/* initial setup */
hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
if (NULL == hash) {
fprintf(stderr, "ncsa_auth: cannot create hash table\n");
exit(1);
}
f = fopen(passwdfile, "r");
if (NULL == f) {
fprintf(stderr, "%s: %s\n", passwdfile, xstrerror());
exit(1);
}
while (fgets(buf, 8192, f) != NULL) {
if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
(buf[0] == '\n'))
continue;
user = strtok(buf, ":\n\r");
passwd = strtok(NULL, ":\n\r");
if ((strlen(user) > 0) && passwd) {
u = xmalloc(sizeof(*u));
u->user = xstrdup(user);
u->passwd = xstrdup(passwd);
hash_join(hash, (hash_link *) u);
}
}
fclose(f);
}
static external_acl_entry *
external_acl_cache_add(external_acl * def, const char *key, int result, char *user, char *error)
{
external_acl_entry *entry = hash_lookup(def->cache, key);
debug(82, 2) ("external_acl_cache_add: Adding '%s' = %d\n", key, result);
if (entry) {
debug(82, 3) ("external_acl_cache_add: updating existing entry\n");
entry->date = squid_curtime;
entry->result = result;
safe_free(entry->user);
safe_free(entry->error);
if (user)
entry->user = xstrdup(user);
if (error)
entry->error = xstrdup(error);
external_acl_cache_touch(def, entry);
return entry;
}
CBDATA_INIT_TYPE_FREECB(external_acl_entry, free_external_acl_entry);
/* Maintain cache size */
if (def->cache_size && def->cache_entries >= def->cache_size)
external_acl_cache_delete(def, def->lru_list.tail->data);
entry = cbdataAlloc(external_acl_entry);
entry->hash.key = xstrdup(key);
entry->date = squid_curtime;
entry->result = result;
if (user)
entry->user = xstrdup(user);
if (error)
entry->error = xstrdup(error);
entry->def = def;
hash_join(def->cache, &entry->hash);
dlinkAdd(entry, &entry->lru, &def->lru_list);
def->cache_entries += 1;
return entry;
}
static void
read_passwd_file(const char *passwdfile, int ha1mode)
{
FILE *f;
char buf[8192];
user_data *u;
char *user;
char *passwd;
char *ha1 = NULL;
char *realm;
if (hash != NULL) {
hashFreeItems(hash, my_free);
}
/* initial setup */
hash = hash_create((HASHCMP *) strcmp, 7921, hash_string);
if (NULL == hash) {
fprintf(stderr, "digest_pw_auth: cannot create hash table\n");
exit(1);
}
f = fopen(passwdfile, "r");
while (fgets(buf, 8192, f) != NULL) {
if ((buf[0] == '#') || (buf[0] == ' ') || (buf[0] == '\t') ||
(buf[0] == '\n'))
continue;
user = strtok(buf, ":\n");
realm = strtok(NULL, ":\n");
passwd = strtok(NULL, ":\n");
if (!passwd) {
passwd = realm;
realm = NULL;
}
if ((strlen(user) > 0) && passwd) {
if (strncmp(passwd, "{HHA1}", 6) == 0) {
ha1 = passwd + 6;
passwd = NULL;
} else if (ha1mode) {
ha1 = passwd;
passwd = NULL;
}
if (ha1 && strlen(ha1) != 32) {
/* We cannot accept plaintext passwords when using HA1 encoding,
* as the passwords may be output to cache.log if debugging is on.
*/
fprintf(stderr, "digest_pw_auth: ignoring invalid password for %s\n", user);
continue;
}
u = xcalloc(1, sizeof(*u));
if (realm) {
int len = strlen(user) + strlen(realm) + 2;
u->hash.key = malloc(len);
snprintf(u->hash.key, len, "%s:%s", user, realm);
} else {
u->hash.key = xstrdup(user);
}
if (ha1)
u->ha1 = xstrdup(ha1);
else
u->passwd = xstrdup(passwd);
hash_join(hash, &u->hash);
}
}
fclose(f);
}
static void
idnsCacheQuery(idns_query * q)
{
q->hash.key = q->query.name;
hash_join(idns_lookup_hash, &q->hash);
}
static digest_nonce_h *
authenticateDigestNonceNew(void)
{
digest_nonce_h *newnonce = memPoolAlloc(digest_nonce_pool);
digest_nonce_h *temp;
/* NONCE CREATION - NOTES AND REASONING. RBC 20010108
* === EXCERPT FROM RFC 2617 ===
* The contents of the nonce are implementation dependent. The quality
* of the implementation depends on a good choice. A nonce might, for
* example, be constructed as the base 64 encoding of
*
* time-stamp H(time-stamp ":" ETag ":" private-key)
*
* where time-stamp is a server-generated time or other non-repeating
* value, ETag is the value of the HTTP ETag header associated with
* the requested entity, and private-key is data known only to the
* server. With a nonce of this form a server would recalculate the
* hash portion after receiving the client authentication header and
* reject the request if it did not match the nonce from that header
* or if the time-stamp value is not recent enough. In this way the
* server can limit the time of the nonce's validity. The inclusion of
* the ETag prevents a replay request for an updated version of the
* resource. (Note: including the IP address of the client in the
* nonce would appear to offer the server the ability to limit the
* reuse of the nonce to the same client that originally got it.
* However, that would break proxy farms, where requests from a single
* user often go through different proxies in the farm. Also, IP
* address spoofing is not that hard.)
* ====
*
* Now for my reasoning:
* We will not accept a unrecognised nonce->we have all recognisable
* nonces stored If we send out unique base64 encodings we guarantee
* that a given nonce applies to only one user (barring attacks or
* really bad timing with expiry and creation). Using a random
* component in the nonce allows us to loop to find a unique nonce.
* We use H(nonce_data) so the nonce is meaningless to the reciever.
* So our nonce looks like base64(H(timestamp,pointertohash,randomdata))
* And even if our randomness is not very random (probably due to
* bad coding on my part) we don't really care - the timestamp and
* memory pointer should provide enough protection for the users
* authentication.
*/
/* create a new nonce */
newnonce->nc = 0;
newnonce->flags.valid = 1;
newnonce->noncedata.self = newnonce;
newnonce->noncedata.creationtime = current_time.tv_sec;
newnonce->noncedata.randomdata = squid_random();
authDigestNonceEncode(newnonce);
/*
* loop until we get a unique nonce. The nonce creation must
* have a random factor
*/
while ((temp = authenticateDigestNonceFindNonce(newnonce->hash.key))) {
/* create a new nonce */
newnonce->noncedata.randomdata = squid_random();
authDigestNonceEncode(newnonce);
}
hash_join(digest_nonce_cache, &newnonce->hash);
/* the cache's link */
authDigestNonceLink(newnonce);
newnonce->flags.incache = 1;
debug(29, 5) ("authenticateDigestNonceNew: created nonce %p at %ld\n", newnonce, (long int) newnonce->noncedata.creationtime);
return newnonce;
}
