From: Blake M. <bl...@us...> - 2003-07-26 17:55:57
|
Update of /cvsroot/macs/macs/lib/MACS In directory sc8-pr-cvs1:/tmp/cvs-serv9321/lib/MACS Modified Files: Audit.pm DBI.pm Makefile.am Session.pm Log Message: MACS::Session is now configurable to use MM shared memor or the database Index: Audit.pm =================================================================== RCS file: /cvsroot/macs/macs/lib/MACS/Audit.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** Audit.pm 24 Jul 2003 09:43:14 -0000 1.3 --- Audit.pm 26 Jul 2003 17:55:54 -0000 1.4 *************** *** 92,96 **** unless(flock($lf, LOCK_EX)); seek($lf, 0, SEEK_END); ! print $lf time, $msg->as_string; flock($lf, LOCK_UN); } # sub msg --- 92,96 ---- unless(flock($lf, LOCK_EX)); seek($lf, 0, SEEK_END); ! print $lf time, ' ', $msg->as_string; flock($lf, LOCK_UN); } # sub msg Index: DBI.pm =================================================================== RCS file: /cvsroot/macs/macs/lib/MACS/DBI.pm,v retrieving revision 1.41 retrieving revision 1.42 diff -C2 -d -r1.41 -r1.42 *** DBI.pm 22 Jul 2003 13:31:35 -0000 1.41 --- DBI.pm 26 Jul 2003 17:55:54 -0000 1.42 *************** *** 1497,1500 **** --- 1497,1574 ---- } # sub get_perms + # set up an authentication session + sub _db_session_new_authc { + my($this, $skey, $uid, $time_out) = @_; + $this->_db_prepare(<<'EOQ'); + insert into macs_session_authc(skey, user_id, time_out, atime) + values(?, ?, ?, UNIX_TIMESTAMP()) + EOQ + $this->_db_execute($skey, $uid, $time_out); + } + + # remove an authentication session + sub _db_session_delete_authc { + my($this, $skey) = @_; + $this->_db_prepare(<<'EOQ'); + delete from macs_session_authc where skey = ? + EOQ + $this->_db_execute($skey); + } + + # check and authentication session key + # as it turns out this is always at least a two query operation, which stinks + # because it's used _ALL_THE_TIME_ + # *sigh* + # perhaps we should be cleaning up epired sessions here? + sub _db_session_check_authc { + my($this, $skey) = @_; + $this->_db_prepare(<<'EOQ'); + select user_id from macs_session_authc + where atime + time_out >= UNIX_TIMESTAMP() and skey = ? + EOQ + $this->_db_execute($skey); + my $uid; + $this->_db_bind_col(1, \$uid); + return undef unless $this->_db_fetch; + $this->_db_prepare(<<'EOQ'); + update macs_session_authc set atime = UNIX_TIMESTAMP() where skey = ? + EOQ + $this->_db_execute($skey); + return $uid; + } + + sub _db_session_new_authz { + my($this, $uid, $groups) = @_; + # for mysql these two satements could be optimized into a 'replace into' + $this->_db_prepare(<<'EOQ'); + delete from macs_session_authz where user_id = ? + EOQ + $this->_db_execute($uid); + $this->_db_prepare(<<'EOQ'); + insert into macs_session_authz (user_id, groups) values (?, ?) + EOQ + $this->_db_execute($uid, $groups); + } + + sub _db_session_delete_authz { + my($this, $uid) = @_; + $this->_db_prepare(<<'EOQ'); + delete from macs_session_authz where user_id = ? + EOQ + $this->_db_execute($uid); + } + + sub _db_session_check_authz { + my($this, $uid) = @_; + $this->_db_prepare(<<'EOQ'); + select groups from macs_session_authz where user_id = ? + EOQ + $this->_db_execute($uid); + my $groups; + $this->_db_bind_col(1, \$groups); + return undef unless $this->_db_fetch; + return $groups; + } + # return true 1; Index: Makefile.am =================================================================== RCS file: /cvsroot/macs/macs/lib/MACS/Makefile.am,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** Makefile.am 22 Jul 2003 13:31:36 -0000 1.4 --- Makefile.am 26 Jul 2003 17:55:54 -0000 1.5 *************** *** 1,4 **** ! SUBDIRS = AMC Comm Dispatch LMC Log Mason PMC Service modlibdir = $(pkglibdir)/MACS --- 1,4 ---- ! SUBDIRS = AMC Comm Dispatch LMC Log Mason PMC Service Session modlibdir = $(pkglibdir)/MACS Index: Session.pm =================================================================== RCS file: /cvsroot/macs/macs/lib/MACS/Session.pm,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** Session.pm 22 Jul 2003 13:31:36 -0000 1.17 --- Session.pm 26 Jul 2003 17:55:54 -0000 1.18 *************** *** 54,70 **** =cut use Class::MethodMaker ! get_set => [qw(mm authc authz)]; ! ! # import some constants ! use MACS::CClient; ! ! # share the session data ! use IPC::MM qw(mm_create mm_make_hash mm_maxsize ! mm_lock mm_unlock MM_LOCK_RW MM_LOCK_RD); use Exception qw(:try); ! # stupid shared memory implementation with no arrays ! use FreezeThaw qw(freeze thaw); # unique string generates session IDs --- 54,63 ---- =cut use Class::MethodMaker ! get_set => [qw(authc authz)]; use Exception qw(:try); ! # import some constants ! use MACS::CClient; # unique string generates session IDs *************** *** 87,93 **** --- 80,101 ---- sub init { my $this = shift; + # call the parent "constructor" $this->SUPER::init(@_); # embed in $this->macs->session($this); + # turn this into a proper session implementation + # find the session implementation in the config file + my $pkg = $this->macs->cfg(lc($this->macs->owner->service), 'session_impl'); + Exception->raise("No session implementation specified for: " . + lc($this->macs->owner->service)) + unless $pkg; + # load the session implementation package + eval "require $pkg"; + Exception->raise("Unable to load session package: $@") + if $@; + # bless $this into the implementation package + bless $this, $pkg; + Exception->raise("Invalid session class specified: $pkg") + unless($this->isa(__PACKAGE__)); # some defaults $this->session_init; *************** *** 98,172 **** =item session_init ! setup shared memory for the session hash ! ! =cut ! sub session_init { ! my $this = shift; ! my $mm_file = $this->macs->cfg('foreman', 'session_file'); ! my($varpath) = exists($ENV{MACS_VAR_PATH}) ?$ENV{MACS_VAR_PATH} :$MACS_VAR_PATH; ! $mm_file =~ s|^([^/])|$varpath/$1|; ! my $mm = mm_create(mm_maxsize, $mm_file); ! $this->mm($mm); ! $this->authc($this->session_hash); ! $this->authz($this->session_hash); ! } ! ! =pod ! ! =item session_hash ! ! create a shared session hash ! ! =cut ! sub session_hash { ! my $this = shift; ! my $hash = mm_make_hash($this->mm); ! my %hash = (); ! tie %hash, 'IPC::MM::Hash', $hash; ! # mm no likey hash assignment ! $hash{+shift} = shift while(@_); ! return \%hash; ! } ! ! =pod ! ! =item session_lock, session_lock_shared, session_lock_read ! ! get a shared lock on the session ! ! =cut ! sub session_lock { ! my $this = shift; ! mm_lock($this->mm, MM_LOCK_RD); ! } ! *session_lock_shared = \&session_lock; ! *session_lock_read = \&session_lock; ! ! =pod ! ! =item session_lock_ex, session_lock_exclusive, session_lock_write ! ! get an exclusive lock on the session =cut ! sub session_lock_ex { ! my $this = shift; ! mm_lock($this->mm, MM_LOCK_RW); ! } ! *session_lock_exclusive = \&session_lock_ex; ! *session_lock_write = \&session_lock_ex; =pod ! =item session_unlock ! unlock the session =cut - sub session_unlock { - my $this = shift; - mm_unlock($this->mm); - } - { # scope for the authc charset # we use this charset because the default charset of all printable characters --- 106,121 ---- =item session_init ! setup the session object =cut ! sub session_init {} =pod ! =item new_authc(<uid>, <time-out>) ! returns new skey =cut { # scope for the authc charset # we use this charset because the default charset of all printable characters *************** *** 175,200 **** my $authc_sepchart = '_'; - =pod - - =item new_authc(<uid>,<time-out>) - - create a shiney new authentication session. returns new skey - - =cut sub new_authc { my($this, $uid, $time_out) = @_; my $skey = unique_string($authc_charset, $authc_sepchart); log_debug { "logging in: $skey" }; - # we wouldn't want to lock the session and then have and exception that - # leaves it deadlocked - try { - $this->session_lock_ex; - $this->authc->{"$skey skey"} = $skey; - $this->authc->{"$skey uid"} = $uid; - $this->authc->{"$skey time_out"} = $time_out; - $this->authc->{"$skey atime"} = time; - } finally { - $this->session_unlock; - }; return $skey; } --- 124,131 ---- *************** *** 208,228 **** =cut ! sub delete_authc { ! my($this, $skey) = @_; ! my $authc = undef; ! try { ! $this->session_lock_ex; ! log_debug { "logging out: $skey" }; ! for ("skey","uid","time_out","atime") { ! if(exists($this->authc->{"$skey $_"})) { ! $authc->{"$skey $_"} = $this->authc->{"$skey $_"}; ! delete $this->authc->{"$skey $_"}; ! } ! } ! } finally { ! $this->session_unlock; ! }; ! return $authc; ! } =pod --- 139,143 ---- =cut ! sub delete_authc {} =pod *************** *** 234,260 **** =cut sub check_authc { ! my($this, $skey) = @_; ! my $reply = undef; ! try { ! $this->session_lock_ex; ! log_debug { "auth'ing: $skey" }; ! if(exists($this->authc->{"$skey skey"})) { ! my $authc = $this->authc; ! if($authc->{"$skey time_out"} <= 0 or ! $authc->{"$skey atime"} + $authc->{"$skey time_out"} >= time) { ! # if there are any session auth tricks, ! # here is the place to pull them out ! $authc->{"$skey atime"} = time; ! $reply = $authc->{"$skey uid"}; ! } else { ! $this->delete_authc($skey); # remove timed out session ! } ! } else { ! log_debug { "no skey $skey" }; ! } ! } finally { ! $this->session_unlock; ! }; ! return $reply; } --- 149,153 ---- =cut sub check_authc { ! return undef; } *************** *** 267,288 **** =cut ! sub new_authz { ! my($this, $uid, $groups) = @_; ! try { ! log_debug { "new $uid groups:$groups:".join(',',@$groups) }; ! $groups = freeze($groups); ! log_debug { "frozen $uid groups:$groups" }; ! $this->session_lock_ex; ! if(exists($this->authz->{"$uid ref_count"})) { ! $this->authz->{"$uid ref_count"}++; ! $this->authz->{"$uid groups"} = $groups; ! } else { ! $this->authz->{"$uid ref_count"} = 1; ! $this->authz->{"$uid groups"} = $groups; ! } ! } finally { ! $this->session_unlock; ! }; ! } =pod --- 160,164 ---- =cut ! sub new_authz {} =pod *************** *** 293,311 **** =cut ! sub delete_authz { ! my($this, $uid) = @_; ! try { ! $this->session_lock_ex; ! if(exists($this->authz->{"$uid ref_count"})) { ! $this->authz->{"$uid ref_count"}--; ! if($this->authz->{"$uid ref_count"} < 1) { ! delete $this->authz->{"$uid ref_count"}; ! delete $this->authz->{"$uid groups"}; ! } ! } ! } finally { ! $this->session_unlock; ! }; ! } =pod --- 169,173 ---- =cut ! sub delete_authz {} =pod *************** *** 317,336 **** =cut sub check_authz { ! my($this, $uid) = @_; ! my $reply = undef; ! if(exists($this->authz->{"$uid groups"})) { ! try { ! $this->session_lock; ! my $groups = $this->authz->{"$uid groups"}; ! log_debug { "$uid groups:$groups" }; ! ($reply) = thaw($groups); ! log_debug { "thawed $uid groups:$reply:".join(',',@$reply) }; ! } finally { ! $this->session_unlock; ! }; ! } else { ! log_debug { "no $uid groups" }; ! } ! return $reply; } --- 179,183 ---- =cut sub check_authz { ! return undef; } |