mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-19 21:25:28 +00:00
Add UserDBPath and UserTimeout options
This commit is contained in:
Soner Tari
parent
fd52ba0c56
commit
c37bcc6de1
11
main.c
11
main.c
@ -619,18 +619,21 @@ main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
if (opts->user_auth) {
|
||||
if (!opts->userdb_path) {
|
||||
fprintf(stderr, "User auth requires userdb path\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
// @todo Check if we can really pass the db var into the child process for privsep
|
||||
// https://www.sqlite.org/faq.html:
|
||||
// "Under Unix, you should not carry an open SQLite database across a fork() system call into the child process."
|
||||
if (sqlite3_open("/var/db/duaf.db", &opts->userdb)) {
|
||||
if (sqlite3_open(opts->userdb_path, &opts->userdb)) {
|
||||
fprintf(stderr, "Error opening user db file: %s\n", sqlite3_errmsg(opts->userdb));
|
||||
sqlite3_close(opts->userdb);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
// @todo Change mac column to ether
|
||||
int rc = sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL);
|
||||
if (rc) {
|
||||
log_err_level_printf(LOG_CRIT, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
|
||||
if (sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL)) {
|
||||
fprintf(stderr, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
|
||||
sqlite3_close(opts->userdb);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
28
opts.c
28
opts.c
@ -70,6 +70,7 @@ opts_new(void)
|
||||
opts->remove_http_accept_encoding = 1;
|
||||
opts->remove_http_referer = 1;
|
||||
opts->verify_peer = 1;
|
||||
opts->user_timeout = 300;
|
||||
return opts;
|
||||
}
|
||||
|
||||
@ -160,6 +161,9 @@ opts_free(opts_t *opts)
|
||||
free(opts->mirrortarget);
|
||||
}
|
||||
#endif /* !WITHOUT_MIRROR */
|
||||
if (opts->userdb_path) {
|
||||
free(opts->userdb_path);
|
||||
}
|
||||
if (opts->user_auth_url) {
|
||||
free(opts->user_auth_url);
|
||||
}
|
||||
@ -1465,6 +1469,17 @@ opts_unset_user_auth(opts_t *opts)
|
||||
opts->user_auth = 0;
|
||||
}
|
||||
|
||||
static void
|
||||
opts_set_userdb_path(opts_t *opts, const char *optarg)
|
||||
{
|
||||
if (opts->userdb_path)
|
||||
free(opts->userdb_path);
|
||||
opts->userdb_path = strdup(optarg);
|
||||
#ifdef DEBUG_OPTS
|
||||
log_dbg_printf("UserDBPath: %s\n", opts->userdb_path);
|
||||
#endif /* DEBUG_OPTS */
|
||||
}
|
||||
|
||||
static void
|
||||
opts_set_user_auth_url(opts_t *opts, const char *optarg)
|
||||
{
|
||||
@ -1645,8 +1660,21 @@ set_option(opts_t *opts, const char *argv0,
|
||||
#ifdef DEBUG_OPTS
|
||||
log_dbg_printf("UserAuth: %u\n", opts->user_auth);
|
||||
#endif /* DEBUG_OPTS */
|
||||
} else if (!strncmp(name, "UserDBPath", 11)) {
|
||||
opts_set_userdb_path(opts, value);
|
||||
} else if (!strncmp(name, "UserAuthURL", 12)) {
|
||||
opts_set_user_auth_url(opts, value);
|
||||
} else if (!strncasecmp(name, "UserTimeout", 12)) {
|
||||
unsigned int i = atoi(value);
|
||||
if (i <= 86400) {
|
||||
opts->user_timeout = i;
|
||||
} else {
|
||||
fprintf(stderr, "Invalid UserTimeout %s at line %d, use 0-86400\n", value, line_num);
|
||||
goto leave;
|
||||
}
|
||||
#ifdef DEBUG_OPTS
|
||||
log_dbg_printf("UserTimeout: %u\n", opts->user_timeout);
|
||||
#endif /* DEBUG_OPTS */
|
||||
} else if (!strncmp(name, "ProxySpec", 10)) {
|
||||
/* Use MAX_TOKEN instead of computing the actual number of tokens in value */
|
||||
char **argv = malloc(sizeof(char *) * MAX_TOKEN);
|
||||
|
||||
4
opts.h
4
opts.h
@ -144,9 +144,11 @@ typedef struct opts {
|
||||
unsigned int verify_peer: 1;
|
||||
unsigned int allow_wrong_host: 1;
|
||||
unsigned int user_auth: 1;
|
||||
char *user_auth_url;
|
||||
char *userdb_path;
|
||||
sqlite3 *userdb;
|
||||
char *user_auth_url;
|
||||
struct sqlite3_stmt *update_user_atime;
|
||||
unsigned int user_timeout;
|
||||
} opts_t;
|
||||
|
||||
typedef struct userdbkeys {
|
||||
|
||||
@ -1563,7 +1563,7 @@ identify_user(UNUSED evutil_socket_t fd, UNUSED short what, void *arg)
|
||||
|
||||
int atime = sqlite3_column_int(ctx->thr->get_user, 2);
|
||||
time_t now = time(NULL);
|
||||
if (now - atime > 300) {
|
||||
if (now - atime > ctx->opts->user_timeout) {
|
||||
#ifdef DEBUG_PROXY
|
||||
log_dbg_level_printf(LOG_DBG_MODE_FINEST, "identify_user: User entry timed out, now=%lld, atime=%u, ctx->fd=%d\n", (long long)now, atime, ctx->fd);
|
||||
#endif /* DEBUG_PROXY */
|
||||
|
||||
@ -205,6 +205,12 @@ AllowWrongHost no
|
||||
# Require authentication for users to use SSLproxy
|
||||
#UserAuth no
|
||||
|
||||
# Path to user db file
|
||||
#UserDBPath /var/db/users.db
|
||||
|
||||
# Time users out after this many seconds of idle time
|
||||
#UserTimeout 300
|
||||
|
||||
# Redirect URL for users to log in to the system
|
||||
#UserAuthURL https://192.168.0.1/userdblogin.php
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user