diff options
| -rw-r--r-- | daemon/defaults.h | 1 | ||||
| -rw-r--r-- | daemon/httpauthd.c | 15 | ||||
| -rw-r--r-- | daemon/httpauthd.h | 3 | ||||
| -rw-r--r-- | daemon/ldap.c | 24 | ||||
| -rw-r--r-- | daemon/ntlm.c | 2 | ||||
| -rw-r--r-- | daemon/simple.c | 29 | ||||
| -rw-r--r-- | sample/httpauthd.conf | 7 | 
7 files changed, 49 insertions, 32 deletions
| diff --git a/daemon/defaults.h b/daemon/defaults.h index 755d12c..a72e51a 100644 --- a/daemon/defaults.h +++ b/daemon/defaults.h @@ -5,5 +5,6 @@  #define DEFAULT_PENDING_MAX           16  #define DEFAULT_PENDING_TIMEOUT       60  #define DEFAULT_TIMEOUT              900 +#define DEFAULT_CACHEMAX            1024  #endif /* __DEFAULTS_H__ */ diff --git a/daemon/httpauthd.c b/daemon/httpauthd.c index f640b5d..a2985a3 100644 --- a/daemon/httpauthd.c +++ b/daemon/httpauthd.c @@ -904,7 +904,8 @@ int config_parse(const char* file, ha_buffer_t* buf)    /* These are the default options for the contexts */    memset(&defaults, 0, sizeof(defaults));    defaults.types = 0xFFFFFFFF;          /* All types by default */ -  defaults.timeout = DEFAULT_TIMEOUT;   /* Timeout for cache */ +  defaults.cache_timeout = DEFAULT_TIMEOUT;   /* Timeout for cache */ +  defaults.cache_max = DEFAULT_CACHEMAX;    ha_bufreset(buf); @@ -1032,7 +1033,17 @@ int config_parse(const char* file, ha_buffer_t* buf)          if(ha_confint(name, value, 0, 86400, &v) == HA_ERROR)            exit(1); /* Message already printed */ -        (ctx ? ctx : &defaults)->timeout = v; +        (ctx ? ctx : &defaults)->cache_timeout = v; +        recog = 1; +      } + +      else if(strcmp(name, "cachemax") == 0) +      { +        int v; +        if(ha_confint(name, value, 0, 0x7FFFFFFF, &v) == HA_ERROR) +          exit(1); /* Message already printed */ + +        (ctx ? ctx : &defaults)->cache_max = v;          recog = 1;        } diff --git a/daemon/httpauthd.h b/daemon/httpauthd.h index b710444..55a4d90 100644 --- a/daemon/httpauthd.h +++ b/daemon/httpauthd.h @@ -174,7 +174,8 @@ typedef struct ha_context    const char* name;       /* A name assigned by the configuration file */    ha_handler_t* handler;  /* The original handler structure */    unsigned int types;     /* The types of authentication allowed */ -  int timeout;            /* Timeout for cached connections */ +  int cache_timeout;      /* Timeout for cached connections */ +  int cache_max;          /* Maximum amount of cached connections */    void* data;             /* Handler specific data */  }  ha_context_t; diff --git a/daemon/ldap.c b/daemon/ldap.c index 3ed7199..2474d09 100644 --- a/daemon/ldap.c +++ b/daemon/ldap.c @@ -74,6 +74,7 @@ typedef struct ldap_context    int dobind;               /* Bind to do simple authentication */    int cache_max;            /* Maximum number of connections at once */ +  int cache_timeout;    int ldap_max;             /* Number of open connections allowed */    int ldap_timeout;         /* Maximum amount of time to dedicate to an ldap query */ @@ -103,6 +104,7 @@ static const ldap_context_t ldap_defaults =    NULL,               /* domains */    1,                  /* dobind */    1000,               /* cache_max */ +  30,                 /* cache_timeout */    10,                 /* ldap_max */    30,                 /* ldap_timeout */    NULL,               /* cache */ @@ -939,7 +941,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,  }  static int digest_ldap_response(ldap_context_t* ctx, const char* header, -                                const char* method, const char* uri, int timeout, +                                const char* method, const char* uri,                                 ha_response_t* resp, ha_buffer_t* buf)  {    unsigned char nonce[DIGEST_NONCE_LEN]; @@ -972,7 +974,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,    rec = get_cached_digest(ctx, nonce);    /* Check to see if we're stale */ -  if((expiry + timeout) <= time(NULL)) +  if((expiry + ctx->cache_timeout) <= time(NULL))    {      stale = 1;      goto finally; @@ -1011,7 +1013,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,      resp->detail = dg.username;      /* Figure out if we need a new nonce */ -    if((expiry + (timeout - (timeout / 8))) < time(NULL)) +    if((expiry + (ctx->cache_timeout - (ctx->cache_timeout / 8))) < time(NULL))      {        digest_makenonce(nonce, g_ldap_secret, NULL);        stale = 1; @@ -1151,11 +1153,6 @@ int ldap_config(ha_context_t* context, const char* name, const char* value)      return ha_confint(name, value, 0, 86400, &(ctx->ldap_timeout));    } -  else if(strcmp(name, "cachemax") == 0) -  { -    return ha_confint(name, value, 0, 0x7FFFFFFF, &(ctx->cache_max)); -  } -    return HA_FALSE;  } @@ -1216,6 +1213,10 @@ int ldap_inithand(ha_context_t* context)      }      memset(ctx->pool, 0, sizeof(LDAP*) * ctx->ldap_max); + +    /* Copy some settings over for easy access */ +    ctx->cache_max = context->cache_max; +    ctx->cache_timeout = context->cache_timeout;    }    return HA_OK; @@ -1231,7 +1232,7 @@ void ldap_destroy(ha_context_t* context)    /* Note: We don't need to be thread safe here anymore */    ldap_context_t* ctx = (ldap_context_t*)(context->data); -  ASSERT(data); +  ASSERT(ctx);    if(ctx->cache)      hash_free(ctx->cache); @@ -1265,7 +1266,7 @@ int ldap_process(ha_context_t* context, ha_request_t* req,    ha_lock(NULL);      /* Purge out stale connection stuff. */ -    hash_purge(ctx->cache, t - context->timeout); +    hash_purge(ctx->cache, t - ctx->cache_timeout);    ha_unlock(NULL); @@ -1281,8 +1282,7 @@ int ldap_process(ha_context_t* context, ha_request_t* req,      if(header)      {        ret = digest_ldap_response(ctx, header, req->args[AUTH_ARG_METHOD], -                                 req->args[AUTH_ARG_URI], context->timeout, -                                 resp, buf); +                                 req->args[AUTH_ARG_URI], resp, buf);        if(ret == HA_ERROR)          return ret;      } diff --git a/daemon/ntlm.c b/daemon/ntlm.c index d567fe2..28284b9 100644 --- a/daemon/ntlm.c +++ b/daemon/ntlm.c @@ -654,7 +654,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,       * well as half open connections which expire.       */      hash_purge(ctx->pending, t - ctx->pending_timeout); -    hash_purge(ctx->established, t - context->timeout); +    hash_purge(ctx->established, t - context->cache_timeout);    ha_unlock(NULL); diff --git a/daemon/simple.c b/daemon/simple.c index fdaa0e0..d51e9d9 100644 --- a/daemon/simple.c +++ b/daemon/simple.c @@ -25,10 +25,11 @@ unsigned char g_simple_secret[DIGEST_SECRET_LEN];  typedef struct simple_context  { -  const char* filename;       /* The file name with the user names */ -  const char* realm;          /* The realm for basic authentication */ +  const char* filename;     /* The file name with the user names */ +  const char* realm;        /* The realm for basic authentication */    const char* domains;      /* Domains for which digest auth is valid */    int cache_max;            /* Maximum number of connections at once */ +  int cache_timeout;    /* Context ----------------------------------------------------------- */    hash_t* cache;            /* Some cached records or basic */ @@ -41,7 +42,8 @@ static const simple_context_t simple_defaults =    NULL,               /* filename */    NULL,               /* realm */    NULL,               /* domains */ -  1000,               /* cache_max */ +  0,                  /* cache_max */ +  0,                  /* cache_timeout */    NULL                /* cache */  }; @@ -381,7 +383,7 @@ static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp,  }  static int simple_digest_response(simple_context_t* ctx, const char* header, -                           const char* method, const char* uri, int timeout, +                           const char* method, const char* uri,                             ha_response_t* resp, ha_buffer_t* buf)  {    unsigned char nonce[DIGEST_NONCE_LEN]; @@ -414,7 +416,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header,    rec = get_cached_digest(ctx, nonce);    /* Check to see if we're stale */ -  if((expiry + timeout) <= time(NULL)) +  if((expiry + ctx->cache_timeout) <= time(NULL))    {      stale = 1;      goto finally; @@ -453,7 +455,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header,      resp->detail = dg.username;      /* Figure out if we need a new nonce */ -    if((expiry + (timeout - (timeout / 8))) < time(NULL)) +    if((expiry + (ctx->cache_timeout - (ctx->cache_timeout / 8))) < time(NULL))      {        digest_makenonce(nonce, g_simple_secret, NULL);        stale = 1; @@ -518,11 +520,6 @@ int simple_config(ha_context_t* context, const char* name, const char* value)      return HA_OK;    } -  else if(strcmp(name, "cachemax") == 0) -  { -    return ha_confint(name, value, 0, 0x7FFFFFFF, &(ctx->cache_max)); -  } -    return HA_FALSE;  } @@ -576,6 +573,11 @@ int simple_init(ha_context_t* context)        ha_messagex(LOG_CRIT, "out of memory");        return HA_ERROR;      } + +    /* Copy some settings over for easy access */ +    ctx->cache_max = context->cache_max; +    ctx->cache_timeout = context->cache_timeout; +    }    return HA_OK; @@ -610,7 +612,7 @@ int simple_process(ha_context_t* context, ha_request_t* req,    ha_lock(NULL);      /* Purge the cache */ -    hash_purge(ctx->cache, time(NULL) - context->timeout); +    hash_purge(ctx->cache, time(NULL) - ctx->cache_timeout);    ha_unlock(NULL); @@ -626,8 +628,7 @@ int simple_process(ha_context_t* context, ha_request_t* req,      if(header)      {        ret = simple_digest_response(ctx, header, req->args[AUTH_ARG_METHOD], -                            req->args[AUTH_ARG_URI], context->timeout, -                            resp, buf); +                            req->args[AUTH_ARG_URI], resp, buf);        if(ret == HA_ERROR)          return ret;      } diff --git a/sample/httpauthd.conf b/sample/httpauthd.conf index 142f766..a296c36 100644 --- a/sample/httpauthd.conf +++ b/sample/httpauthd.conf @@ -1,8 +1,11 @@  # Some comments  # and blank lines -Socket: /var/run/blah.sock  MaxThreads: 18 +CacheTimeout: 300 +AuthTypes: NTLM -Realm: My test realm +[Simple] +Realm: blah +PasswordFile: /data/projects/httpauth/sample/passwd.file | 
