6 files changed, 44 insertions, 30 deletions

diff --git a/daemon/defaults.h b/daemon/defaults.h
index 755d12c..a72e51a 100644
--- a/daemon/defaults.h
+++ b/daemon/defaults.h
@@ -5,5 +5,6 @@
 #define DEFAULT_PENDING_MAX           16
 #define DEFAULT_PENDING_TIMEOUT       60
 #define DEFAULT_TIMEOUT              900
+#define DEFAULT_CACHEMAX            1024
 
 #endif /* __DEFAULTS_H__ */
diff --git a/daemon/httpauthd.c b/daemon/httpauthd.c
index f640b5d..a2985a3 100644
--- a/daemon/httpauthd.c
+++ b/daemon/httpauthd.c
@@ -904,7 +904,8 @@ int config_parse(const char* file, ha_buffer_t* buf)
   /* These are the default options for the contexts */
   memset(&defaults, 0, sizeof(defaults));
   defaults.types = 0xFFFFFFFF;          /* All types by default */
-  defaults.timeout = DEFAULT_TIMEOUT;   /* Timeout for cache */
+  defaults.cache_timeout = DEFAULT_TIMEOUT;   /* Timeout for cache */
+  defaults.cache_max = DEFAULT_CACHEMAX;
 
   ha_bufreset(buf);
 
@@ -1032,7 +1033,17 @@ int config_parse(const char* file, ha_buffer_t* buf)
         if(ha_confint(name, value, 0, 86400, &v) == HA_ERROR)
           exit(1); /* Message already printed */
 
-        (ctx ? ctx : &defaults)->timeout = v;
+        (ctx ? ctx : &defaults)->cache_timeout = v;
+        recog = 1;
+      }
+
+      else if(strcmp(name, "cachemax") == 0)
+      {
+        int v;
+        if(ha_confint(name, value, 0, 0x7FFFFFFF, &v) == HA_ERROR)
+          exit(1); /* Message already printed */
+
+        (ctx ? ctx : &defaults)->cache_max = v;
         recog = 1;
       }
 
diff --git a/daemon/httpauthd.h b/daemon/httpauthd.h
index b710444..55a4d90 100644
--- a/daemon/httpauthd.h
+++ b/daemon/httpauthd.h
@@ -174,7 +174,8 @@ typedef struct ha_context
   const char* name;       /* A name assigned by the configuration file */
   ha_handler_t* handler;  /* The original handler structure */
   unsigned int types;     /* The types of authentication allowed */
-  int timeout;            /* Timeout for cached connections */
+  int cache_timeout;      /* Timeout for cached connections */
+  int cache_max;          /* Maximum amount of cached connections */
   void* data;             /* Handler specific data */
 }
 ha_context_t;
diff --git a/daemon/ldap.c b/daemon/ldap.c
index 3ed7199..2474d09 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -74,6 +74,7 @@ typedef struct ldap_context
 
   int dobind;               /* Bind to do simple authentication */
   int cache_max;            /* Maximum number of connections at once */
+  int cache_timeout;
   int ldap_max;             /* Number of open connections allowed */
   int ldap_timeout;         /* Maximum amount of time to dedicate to an ldap query */
 
@@ -103,6 +104,7 @@ static const ldap_context_t ldap_defaults =
   NULL,               /* domains */
   1,                  /* dobind */
   1000,               /* cache_max */
+  30,                 /* cache_timeout */
   10,                 /* ldap_max */
   30,                 /* ldap_timeout */
   NULL,               /* cache */
@@ -939,7 +941,7 @@ static int digest_ldap_challenge(ldap_context_t* ctx, ha_response_t* resp,
 }
 
 static int digest_ldap_response(ldap_context_t* ctx, const char* header,
-                                const char* method, const char* uri, int timeout,
+                                const char* method, const char* uri,
                                ha_response_t* resp, ha_buffer_t* buf)
 {
   unsigned char nonce[DIGEST_NONCE_LEN];
@@ -972,7 +974,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,
   rec = get_cached_digest(ctx, nonce);
 
   /* Check to see if we're stale */
-  if((expiry + timeout) <= time(NULL))
+  if((expiry + ctx->cache_timeout) <= time(NULL))
   {
     stale = 1;
     goto finally;
@@ -1011,7 +1013,7 @@ static int digest_ldap_response(ldap_context_t* ctx, const char* header,
     resp->detail = dg.username;
 
     /* Figure out if we need a new nonce */
-    if((expiry + (timeout - (timeout / 8))) < time(NULL))
+    if((expiry + (ctx->cache_timeout - (ctx->cache_timeout / 8))) < time(NULL))
     {
       digest_makenonce(nonce, g_ldap_secret, NULL);
       stale = 1;
@@ -1151,11 +1153,6 @@ int ldap_config(ha_context_t* context, const char* name, const char* value)
     return ha_confint(name, value, 0, 86400, &(ctx->ldap_timeout));
   }
 
-  else if(strcmp(name, "cachemax") == 0)
-  {
-    return ha_confint(name, value, 0, 0x7FFFFFFF, &(ctx->cache_max));
-  }
-
   return HA_FALSE;
 }
 
@@ -1216,6 +1213,10 @@ int ldap_inithand(ha_context_t* context)
     }
 
     memset(ctx->pool, 0, sizeof(LDAP*) * ctx->ldap_max);
+
+    /* Copy some settings over for easy access */
+    ctx->cache_max = context->cache_max;
+    ctx->cache_timeout = context->cache_timeout;
   }
 
   return HA_OK;
@@ -1231,7 +1232,7 @@ void ldap_destroy(ha_context_t* context)
   /* Note: We don't need to be thread safe here anymore */
   ldap_context_t* ctx = (ldap_context_t*)(context->data);
 
-  ASSERT(data);
+  ASSERT(ctx);
 
   if(ctx->cache)
     hash_free(ctx->cache);
@@ -1265,7 +1266,7 @@ int ldap_process(ha_context_t* context, ha_request_t* req,
   ha_lock(NULL);
 
     /* Purge out stale connection stuff. */
-    hash_purge(ctx->cache, t - context->timeout);
+    hash_purge(ctx->cache, t - ctx->cache_timeout);
 
   ha_unlock(NULL);
 
@@ -1281,8 +1282,7 @@ int ldap_process(ha_context_t* context, ha_request_t* req,
     if(header)
     {
       ret = digest_ldap_response(ctx, header, req->args[AUTH_ARG_METHOD],
-                                 req->args[AUTH_ARG_URI], context->timeout,
-                                 resp, buf);
+                                 req->args[AUTH_ARG_URI], resp, buf);
       if(ret == HA_ERROR)
         return ret;
     }
diff --git a/daemon/ntlm.c b/daemon/ntlm.c
index d567fe2..28284b9 100644
--- a/daemon/ntlm.c
+++ b/daemon/ntlm.c
@@ -654,7 +654,7 @@ int ntlm_process(ha_context_t* context, ha_request_t* req,
      * well as half open connections which expire.
      */
     hash_purge(ctx->pending, t - ctx->pending_timeout);
-    hash_purge(ctx->established, t - context->timeout);
+    hash_purge(ctx->established, t - context->cache_timeout);
 
   ha_unlock(NULL);
 
diff --git a/daemon/simple.c b/daemon/simple.c
index fdaa0e0..d51e9d9 100644
--- a/daemon/simple.c
+++ b/daemon/simple.c
@@ -25,10 +25,11 @@ unsigned char g_simple_secret[DIGEST_SECRET_LEN];
 
 typedef struct simple_context
 {
-  const char* filename;       /* The file name with the user names */
-  const char* realm;          /* The realm for basic authentication */
+  const char* filename;     /* The file name with the user names */
+  const char* realm;        /* The realm for basic authentication */
   const char* domains;      /* Domains for which digest auth is valid */
   int cache_max;            /* Maximum number of connections at once */
+  int cache_timeout;
 
   /* Context ----------------------------------------------------------- */
   hash_t* cache;            /* Some cached records or basic */
@@ -41,7 +42,8 @@ static const simple_context_t simple_defaults =
   NULL,               /* filename */
   NULL,               /* realm */
   NULL,               /* domains */
-  1000,               /* cache_max */
+  0,                  /* cache_max */
+  0,                  /* cache_timeout */
   NULL                /* cache */
 };
 
@@ -381,7 +383,7 @@ static int simple_digest_challenge(simple_context_t* ctx, ha_response_t* resp,
 }
 
 static int simple_digest_response(simple_context_t* ctx, const char* header,
-                           const char* method, const char* uri, int timeout,
+                           const char* method, const char* uri,
                            ha_response_t* resp, ha_buffer_t* buf)
 {
   unsigned char nonce[DIGEST_NONCE_LEN];
@@ -414,7 +416,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header,
   rec = get_cached_digest(ctx, nonce);
 
   /* Check to see if we're stale */
-  if((expiry + timeout) <= time(NULL))
+  if((expiry + ctx->cache_timeout) <= time(NULL))
   {
     stale = 1;
     goto finally;
@@ -453,7 +455,7 @@ static int simple_digest_response(simple_context_t* ctx, const char* header,
     resp->detail = dg.username;
 
     /* Figure out if we need a new nonce */
-    if((expiry + (timeout - (timeout / 8))) < time(NULL))
+    if((expiry + (ctx->cache_timeout - (ctx->cache_timeout / 8))) < time(NULL))
     {
       digest_makenonce(nonce, g_simple_secret, NULL);
       stale = 1;
@@ -518,11 +520,6 @@ int simple_config(ha_context_t* context, const char* name, const char* value)
     return HA_OK;
   }
 
-  else if(strcmp(name, "cachemax") == 0)
-  {
-    return ha_confint(name, value, 0, 0x7FFFFFFF, &(ctx->cache_max));
-  }
-
   return HA_FALSE;
 }
 
@@ -576,6 +573,11 @@ int simple_init(ha_context_t* context)
       ha_messagex(LOG_CRIT, "out of memory");
       return HA_ERROR;
     }
+
+    /* Copy some settings over for easy access */
+    ctx->cache_max = context->cache_max;
+    ctx->cache_timeout = context->cache_timeout;
+
   }
 
   return HA_OK;
@@ -610,7 +612,7 @@ int simple_process(ha_context_t* context, ha_request_t* req,
   ha_lock(NULL);
 
     /* Purge the cache */
-    hash_purge(ctx->cache, time(NULL) - context->timeout);
+    hash_purge(ctx->cache, time(NULL) - ctx->cache_timeout);
 
   ha_unlock(NULL);
 
@@ -626,8 +628,7 @@ int simple_process(ha_context_t* context, ha_request_t* req,
     if(header)
     {
       ret = simple_digest_response(ctx, header, req->args[AUTH_ARG_METHOD],
-                            req->args[AUTH_ARG_URI], context->timeout,
-                            resp, buf);
+                            req->args[AUTH_ARG_URI], resp, buf);
       if(ret == HA_ERROR)
         return ret;
     }