mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-19 21:25:28 +00:00
Add UserDBPath and UserTimeout options
This commit is contained in:
Soner Tari
parent
fd52ba0c56
commit
c37bcc6de1
11
main.c
11
main.c
@ -619,18 +619,21 @@ main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (opts->user_auth) {
|
if (opts->user_auth) {
|
||||||
|
if (!opts->userdb_path) {
|
||||||
|
fprintf(stderr, "User auth requires userdb path\n");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
// @todo Check if we can really pass the db var into the child process for privsep
|
// @todo Check if we can really pass the db var into the child process for privsep
|
||||||
// https://www.sqlite.org/faq.html:
|
// https://www.sqlite.org/faq.html:
|
||||||
// "Under Unix, you should not carry an open SQLite database across a fork() system call into the child process."
|
// "Under Unix, you should not carry an open SQLite database across a fork() system call into the child process."
|
||||||
if (sqlite3_open("/var/db/duaf.db", &opts->userdb)) {
|
if (sqlite3_open(opts->userdb_path, &opts->userdb)) {
|
||||||
fprintf(stderr, "Error opening user db file: %s\n", sqlite3_errmsg(opts->userdb));
|
fprintf(stderr, "Error opening user db file: %s\n", sqlite3_errmsg(opts->userdb));
|
||||||
sqlite3_close(opts->userdb);
|
sqlite3_close(opts->userdb);
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
// @todo Change mac column to ether
|
// @todo Change mac column to ether
|
||||||
int rc = sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL);
|
if (sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL)) {
|
||||||
if (rc) {
|
fprintf(stderr, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
|
||||||
log_err_level_printf(LOG_CRIT, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
|
|
||||||
sqlite3_close(opts->userdb);
|
sqlite3_close(opts->userdb);
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|||||||
28
opts.c
28
opts.c
@ -70,6 +70,7 @@ opts_new(void)
|
|||||||
opts->remove_http_accept_encoding = 1;
|
opts->remove_http_accept_encoding = 1;
|
||||||
opts->remove_http_referer = 1;
|
opts->remove_http_referer = 1;
|
||||||
opts->verify_peer = 1;
|
opts->verify_peer = 1;
|
||||||
|
opts->user_timeout = 300;
|
||||||
return opts;
|
return opts;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -160,6 +161,9 @@ opts_free(opts_t *opts)
|
|||||||
free(opts->mirrortarget);
|
free(opts->mirrortarget);
|
||||||
}
|
}
|
||||||
#endif /* !WITHOUT_MIRROR */
|
#endif /* !WITHOUT_MIRROR */
|
||||||
|
if (opts->userdb_path) {
|
||||||
|
free(opts->userdb_path);
|
||||||
|
}
|
||||||
if (opts->user_auth_url) {
|
if (opts->user_auth_url) {
|
||||||
free(opts->user_auth_url);
|
free(opts->user_auth_url);
|
||||||
}
|
}
|
||||||
@ -1465,6 +1469,17 @@ opts_unset_user_auth(opts_t *opts)
|
|||||||
opts->user_auth = 0;
|
opts->user_auth = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
opts_set_userdb_path(opts_t *opts, const char *optarg)
|
||||||
|
{
|
||||||
|
if (opts->userdb_path)
|
||||||
|
free(opts->userdb_path);
|
||||||
|
opts->userdb_path = strdup(optarg);
|
||||||
|
#ifdef DEBUG_OPTS
|
||||||
|
log_dbg_printf("UserDBPath: %s\n", opts->userdb_path);
|
||||||
|
#endif /* DEBUG_OPTS */
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
opts_set_user_auth_url(opts_t *opts, const char *optarg)
|
opts_set_user_auth_url(opts_t *opts, const char *optarg)
|
||||||
{
|
{
|
||||||
@ -1645,8 +1660,21 @@ set_option(opts_t *opts, const char *argv0,
|
|||||||
#ifdef DEBUG_OPTS
|
#ifdef DEBUG_OPTS
|
||||||
log_dbg_printf("UserAuth: %u\n", opts->user_auth);
|
log_dbg_printf("UserAuth: %u\n", opts->user_auth);
|
||||||
#endif /* DEBUG_OPTS */
|
#endif /* DEBUG_OPTS */
|
||||||
|
} else if (!strncmp(name, "UserDBPath", 11)) {
|
||||||
|
opts_set_userdb_path(opts, value);
|
||||||
} else if (!strncmp(name, "UserAuthURL", 12)) {
|
} else if (!strncmp(name, "UserAuthURL", 12)) {
|
||||||
opts_set_user_auth_url(opts, value);
|
opts_set_user_auth_url(opts, value);
|
||||||
|
} else if (!strncasecmp(name, "UserTimeout", 12)) {
|
||||||
|
unsigned int i = atoi(value);
|
||||||
|
if (i <= 86400) {
|
||||||
|
opts->user_timeout = i;
|
||||||
|
} else {
|
||||||
|
fprintf(stderr, "Invalid UserTimeout %s at line %d, use 0-86400\n", value, line_num);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
#ifdef DEBUG_OPTS
|
||||||
|
log_dbg_printf("UserTimeout: %u\n", opts->user_timeout);
|
||||||
|
#endif /* DEBUG_OPTS */
|
||||||
} else if (!strncmp(name, "ProxySpec", 10)) {
|
} else if (!strncmp(name, "ProxySpec", 10)) {
|
||||||
/* Use MAX_TOKEN instead of computing the actual number of tokens in value */
|
/* Use MAX_TOKEN instead of computing the actual number of tokens in value */
|
||||||
char **argv = malloc(sizeof(char *) * MAX_TOKEN);
|
char **argv = malloc(sizeof(char *) * MAX_TOKEN);
|
||||||
|
|||||||
4
opts.h
4
opts.h
@ -144,9 +144,11 @@ typedef struct opts {
|
|||||||
unsigned int verify_peer: 1;
|
unsigned int verify_peer: 1;
|
||||||
unsigned int allow_wrong_host: 1;
|
unsigned int allow_wrong_host: 1;
|
||||||
unsigned int user_auth: 1;
|
unsigned int user_auth: 1;
|
||||||
char *user_auth_url;
|
char *userdb_path;
|
||||||
sqlite3 *userdb;
|
sqlite3 *userdb;
|
||||||
|
char *user_auth_url;
|
||||||
struct sqlite3_stmt *update_user_atime;
|
struct sqlite3_stmt *update_user_atime;
|
||||||
|
unsigned int user_timeout;
|
||||||
} opts_t;
|
} opts_t;
|
||||||
|
|
||||||
typedef struct userdbkeys {
|
typedef struct userdbkeys {
|
||||||
|
|||||||
@ -1563,7 +1563,7 @@ identify_user(UNUSED evutil_socket_t fd, UNUSED short what, void *arg)
|
|||||||
|
|
||||||
int atime = sqlite3_column_int(ctx->thr->get_user, 2);
|
int atime = sqlite3_column_int(ctx->thr->get_user, 2);
|
||||||
time_t now = time(NULL);
|
time_t now = time(NULL);
|
||||||
if (now - atime > 300) {
|
if (now - atime > ctx->opts->user_timeout) {
|
||||||
#ifdef DEBUG_PROXY
|
#ifdef DEBUG_PROXY
|
||||||
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "identify_user: User entry timed out, now=%lld, atime=%u, ctx->fd=%d\n", (long long)now, atime, ctx->fd);
|
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "identify_user: User entry timed out, now=%lld, atime=%u, ctx->fd=%d\n", (long long)now, atime, ctx->fd);
|
||||||
#endif /* DEBUG_PROXY */
|
#endif /* DEBUG_PROXY */
|
||||||
|
|||||||
@ -205,6 +205,12 @@ AllowWrongHost no
|
|||||||
# Require authentication for users to use SSLproxy
|
# Require authentication for users to use SSLproxy
|
||||||
#UserAuth no
|
#UserAuth no
|
||||||
|
|
||||||
|
# Path to user db file
|
||||||
|
#UserDBPath /var/db/users.db
|
||||||
|
|
||||||
|
# Time users out after this many seconds of idle time
|
||||||
|
#UserTimeout 300
|
||||||
|
|
||||||
# Redirect URL for users to log in to the system
|
# Redirect URL for users to log in to the system
|
||||||
#UserAuthURL https://192.168.0.1/userdblogin.php
|
#UserAuthURL https://192.168.0.1/userdblogin.php
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user