Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add UserDBPath and UserTimeout options

Browse Source
pull/13/head
Soner Tari 6 years ago
parent fd52ba0c56
commit c37bcc6de1
5 changed files with 45 additions and 6 deletions
Show Stats Download Patch File Download Diff File

11
main.c
Unescape Escape View File

@ -619,18 +619,21 @@ main(int argc, char *argv[])
} }
if (opts->user_auth) { if (opts->user_auth) {
if (!opts->userdb_path) {
fprintf(stderr, "User auth requires userdb path\n");
exit(EXIT_FAILURE);
}
// @todo Check if we can really pass the db var into the child process for privsep // @todo Check if we can really pass the db var into the child process for privsep
// https://www.sqlite.org/faq.html: // https://www.sqlite.org/faq.html:
// "Under Unix, you should not carry an open SQLite database across a fork() system call into the child process." // "Under Unix, you should not carry an open SQLite database across a fork() system call into the child process."
if (sqlite3_open("/var/db/duaf.db", &opts->userdb)) { if (sqlite3_open(opts->userdb_path, &opts->userdb)) {
fprintf(stderr, "Error opening user db file: %s\n", sqlite3_errmsg(opts->userdb)); fprintf(stderr, "Error opening user db file: %s\n", sqlite3_errmsg(opts->userdb));
sqlite3_close(opts->userdb); sqlite3_close(opts->userdb);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
// @todo Change mac column to ether // @todo Change mac column to ether
int rc = sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL); if (sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL)) {
if (rc) { fprintf(stderr, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
log_err_level_printf(LOG_CRIT, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
sqlite3_close(opts->userdb); sqlite3_close(opts->userdb);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }

28
opts.c
Unescape Escape View File

@ -70,6 +70,7 @@ opts_new(void)
opts->remove_http_accept_encoding = 1; opts->remove_http_accept_encoding = 1;
opts->remove_http_referer = 1; opts->remove_http_referer = 1;
opts->verify_peer = 1; opts->verify_peer = 1;
opts->user_timeout = 300;
return opts; return opts;
} }
@ -160,6 +161,9 @@ opts_free(opts_t *opts)
free(opts->mirrortarget); free(opts->mirrortarget);
} }
#endif /* !WITHOUT_MIRROR */ #endif /* !WITHOUT_MIRROR */
if (opts->userdb_path) {
free(opts->userdb_path);
}
if (opts->user_auth_url) { if (opts->user_auth_url) {
free(opts->user_auth_url); free(opts->user_auth_url);
} }
@ -1465,6 +1469,17 @@ opts_unset_user_auth(opts_t *opts)
opts->user_auth = 0; opts->user_auth = 0;
} }
static void
opts_set_userdb_path(opts_t *opts, const char *optarg)
{
if (opts->userdb_path)
free(opts->userdb_path);
opts->userdb_path = strdup(optarg);
#ifdef DEBUG_OPTS
log_dbg_printf("UserDBPath: %s\n", opts->userdb_path);
#endif /* DEBUG_OPTS */
}
static void static void
opts_set_user_auth_url(opts_t *opts, const char *optarg) opts_set_user_auth_url(opts_t *opts, const char *optarg)
{ {
@ -1645,8 +1660,21 @@ set_option(opts_t *opts, const char *argv0,
#ifdef DEBUG_OPTS #ifdef DEBUG_OPTS
log_dbg_printf("UserAuth: %u\n", opts->user_auth); log_dbg_printf("UserAuth: %u\n", opts->user_auth);
#endif /* DEBUG_OPTS */ #endif /* DEBUG_OPTS */
} else if (!strncmp(name, "UserDBPath", 11)) {
opts_set_userdb_path(opts, value);
} else if (!strncmp(name, "UserAuthURL", 12)) { } else if (!strncmp(name, "UserAuthURL", 12)) {
opts_set_user_auth_url(opts, value); opts_set_user_auth_url(opts, value);
} else if (!strncasecmp(name, "UserTimeout", 12)) {
unsigned int i = atoi(value);
if (i <= 86400) {
opts->user_timeout = i;
} else {
fprintf(stderr, "Invalid UserTimeout %s at line %d, use 0-86400\n", value, line_num);
goto leave;
}
#ifdef DEBUG_OPTS
log_dbg_printf("UserTimeout: %u\n", opts->user_timeout);
#endif /* DEBUG_OPTS */
} else if (!strncmp(name, "ProxySpec", 10)) { } else if (!strncmp(name, "ProxySpec", 10)) {
/* Use MAX_TOKEN instead of computing the actual number of tokens in value */ /* Use MAX_TOKEN instead of computing the actual number of tokens in value */
char **argv = malloc(sizeof(char *) * MAX_TOKEN); char **argv = malloc(sizeof(char *) * MAX_TOKEN);

4
opts.h
Unescape Escape View File

@ -144,9 +144,11 @@ typedef struct opts {
unsigned int verify_peer: 1; unsigned int verify_peer: 1;
unsigned int allow_wrong_host: 1; unsigned int allow_wrong_host: 1;
unsigned int user_auth: 1; unsigned int user_auth: 1;
char *user_auth_url; char *userdb_path;
sqlite3 *userdb; sqlite3 *userdb;
char *user_auth_url;
struct sqlite3_stmt *update_user_atime; struct sqlite3_stmt *update_user_atime;
unsigned int user_timeout;
} opts_t; } opts_t;
typedef struct userdbkeys { typedef struct userdbkeys {

2
pxyconn.c
Unescape Escape View File

@ -1563,7 +1563,7 @@ identify_user(UNUSED evutil_socket_t fd, UNUSED short what, void *arg)
int atime = sqlite3_column_int(ctx->thr->get_user, 2); int atime = sqlite3_column_int(ctx->thr->get_user, 2);
time_t now = time(NULL); time_t now = time(NULL);
if (now - atime > 300) { if (now - atime > ctx->opts->user_timeout) {
#ifdef DEBUG_PROXY #ifdef DEBUG_PROXY
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "identify_user: User entry timed out, now=%lld, atime=%u, ctx->fd=%d\n", (long long)now, atime, ctx->fd); log_dbg_level_printf(LOG_DBG_MODE_FINEST, "identify_user: User entry timed out, now=%lld, atime=%u, ctx->fd=%d\n", (long long)now, atime, ctx->fd);
#endif /* DEBUG_PROXY */ #endif /* DEBUG_PROXY */

6
sslproxy.conf
Unescape Escape View File

@ -205,6 +205,12 @@ AllowWrongHost no
# Require authentication for users to use SSLproxy # Require authentication for users to use SSLproxy
#UserAuth no #UserAuth no
# Path to user db file
#UserDBPath /var/db/users.db
# Time users out after this many seconds of idle time
#UserTimeout 300
# Redirect URL for users to log in to the system # Redirect URL for users to log in to the system
#UserAuthURL https://192.168.0.1/userdblogin.php #UserAuthURL https://192.168.0.1/userdblogin.php

Write Preview
Loading…
Cancel
Save