CVS: macs/lib/MACS Audit.pm,1.3,1.4 DBI.pm,1.41,1.42 Makefile.am,1.4,1.5 Session.pm,1.17,1.18

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/macs/macs/lib/MACS
In directory sc8-pr-cvs1:/tmp/cvs-serv9321/lib/MACS

Modified Files:
	Audit.pm DBI.pm Makefile.am Session.pm 
Log Message:
MACS::Session is now configurable to use MM shared memor or the database

Index: Audit.pm
===================================================================
RCS file: /cvsroot/macs/macs/lib/MACS/Audit.pm,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** Audit.pm	24 Jul 2003 09:43:14 -0000	1.3
--- Audit.pm	26 Jul 2003 17:55:54 -0000	1.4
***************
*** 92,96 ****
      unless(flock($lf, LOCK_EX));
    seek($lf, 0, SEEK_END);
!   print $lf time, $msg->as_string;
    flock($lf, LOCK_UN);
  } # sub msg
--- 92,96 ----
      unless(flock($lf, LOCK_EX));
    seek($lf, 0, SEEK_END);
!   print $lf time, ' ', $msg->as_string;
    flock($lf, LOCK_UN);
  } # sub msg

Index: DBI.pm
===================================================================
RCS file: /cvsroot/macs/macs/lib/MACS/DBI.pm,v
retrieving revision 1.41
retrieving revision 1.42
diff -C2 -d -r1.41 -r1.42
*** DBI.pm	22 Jul 2003 13:31:35 -0000	1.41
--- DBI.pm	26 Jul 2003 17:55:54 -0000	1.42
***************
*** 1497,1500 ****
--- 1497,1574 ----
  } # sub get_perms

+ # set up an authentication session
+ sub _db_session_new_authc {
+   my($this, $skey, $uid, $time_out) = @_;
+   $this->_db_prepare(<<'EOQ');
+ insert into macs_session_authc(skey, user_id, time_out, atime)
+   values(?, ?, ?, UNIX_TIMESTAMP())
+ EOQ
+   $this->_db_execute($skey, $uid, $time_out);
+ }
+ 
+ # remove an authentication session
+ sub _db_session_delete_authc {
+   my($this, $skey) = @_;
+   $this->_db_prepare(<<'EOQ');
+ delete from macs_session_authc where skey = ?
+ EOQ
+   $this->_db_execute($skey);
+ }
+ 
+ # check and authentication session key
+ # as it turns out this is always at least a two query operation, which stinks
+ # because it's used _ALL_THE_TIME_
+ #  *sigh*
+ # perhaps we should be cleaning up epired sessions here?
+ sub _db_session_check_authc {
+   my($this, $skey) = @_;
+   $this->_db_prepare(<<'EOQ');
+ select user_id from macs_session_authc
+   where atime + time_out >= UNIX_TIMESTAMP() and skey = ?
+ EOQ
+   $this->_db_execute($skey);
+   my $uid;
+   $this->_db_bind_col(1, \$uid);
+   return undef unless $this->_db_fetch;
+   $this->_db_prepare(<<'EOQ');
+ update macs_session_authc set atime = UNIX_TIMESTAMP() where skey = ?
+ EOQ
+   $this->_db_execute($skey);
+   return $uid;
+ }
+ 
+ sub _db_session_new_authz {
+   my($this, $uid, $groups) = @_;
+   # for mysql these two satements could be optimized into a 'replace into'
+   $this->_db_prepare(<<'EOQ');
+ delete from macs_session_authz where user_id = ?
+ EOQ
+   $this->_db_execute($uid);
+   $this->_db_prepare(<<'EOQ');
+ insert into macs_session_authz (user_id, groups) values (?, ?)
+ EOQ
+   $this->_db_execute($uid, $groups);
+ }
+ 
+ sub _db_session_delete_authz {
+   my($this, $uid) = @_;
+   $this->_db_prepare(<<'EOQ');
+ delete from macs_session_authz where user_id = ?
+ EOQ
+   $this->_db_execute($uid);
+ }
+ 
+ sub _db_session_check_authz {
+   my($this, $uid) = @_;
+   $this->_db_prepare(<<'EOQ');
+ select groups from macs_session_authz where user_id = ?
+ EOQ
+   $this->_db_execute($uid);
+   my $groups;
+   $this->_db_bind_col(1, \$groups);
+   return undef unless $this->_db_fetch;
+   return $groups;
+ }
+ 
  # return true
  1;

Index: Makefile.am
===================================================================
RCS file: /cvsroot/macs/macs/lib/MACS/Makefile.am,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** Makefile.am	22 Jul 2003 13:31:36 -0000	1.4
--- Makefile.am	26 Jul 2003 17:55:54 -0000	1.5
***************
*** 1,4 ****

! SUBDIRS = AMC Comm Dispatch LMC Log Mason PMC Service

  modlibdir = $(pkglibdir)/MACS
--- 1,4 ----

! SUBDIRS = AMC Comm Dispatch LMC Log Mason PMC Service Session

  modlibdir = $(pkglibdir)/MACS

Index: Session.pm
===================================================================
RCS file: /cvsroot/macs/macs/lib/MACS/Session.pm,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** Session.pm	22 Jul 2003 13:31:36 -0000	1.17
--- Session.pm	26 Jul 2003 17:55:54 -0000	1.18
***************
*** 54,70 ****
  =cut
  use Class::MethodMaker
!   get_set => [qw(mm authc authz)];
! 
! # import some constants
! use MACS::CClient;
! 
! # share the session data
! use IPC::MM qw(mm_create mm_make_hash mm_maxsize
! 	       mm_lock mm_unlock MM_LOCK_RW MM_LOCK_RD);

  use Exception qw(:try);

! # stupid shared memory implementation with no arrays
! use FreezeThaw qw(freeze thaw);

  # unique string generates session IDs
--- 54,63 ----
  =cut
  use Class::MethodMaker
!   get_set => [qw(authc authz)];

  use Exception qw(:try);

! # import some constants
! use MACS::CClient;

  # unique string generates session IDs
***************
*** 87,93 ****
--- 80,101 ----
  sub init {
    my $this = shift;
+   # call the parent "constructor"
    $this->SUPER::init(@_);
    # embed in
    $this->macs->session($this);
+   # turn this into a proper session implementation
+   # find the session implementation in the config file
+   my $pkg = $this->macs->cfg(lc($this->macs->owner->service), 'session_impl');
+   Exception->raise("No session implementation specified for: " .
+ 		   lc($this->macs->owner->service))
+     unless $pkg;
+   # load the session implementation package
+   eval "require $pkg";
+   Exception->raise("Unable to load session package: $@")
+     if $@;
+   # bless $this into the implementation package
+   bless $this, $pkg;
+   Exception->raise("Invalid session class specified: $pkg")
+     unless($this->isa(__PACKAGE__));
    # some defaults
    $this->session_init;
***************
*** 98,172 ****
  =item session_init

! setup shared memory for the session hash
! 
! =cut
! sub session_init {
!   my $this = shift;
!   my $mm_file = $this->macs->cfg('foreman', 'session_file');
!   my($varpath) = exists($ENV{MACS_VAR_PATH}) ?$ENV{MACS_VAR_PATH} :$MACS_VAR_PATH;
!   $mm_file =~ s|^([^/])|$varpath/$1|;
!   my $mm = mm_create(mm_maxsize, $mm_file);
!   $this->mm($mm);
!   $this->authc($this->session_hash);
!   $this->authz($this->session_hash);
! }
! 
! =pod
! 
! =item session_hash
! 
! create a shared session hash
! 
! =cut
! sub session_hash {
!   my $this = shift;
!   my $hash = mm_make_hash($this->mm);
!   my %hash = ();
!   tie %hash, 'IPC::MM::Hash', $hash;
!   # mm no likey hash assignment
!   $hash{+shift} = shift while(@_);
!   return \%hash;
! }
! 
! =pod
! 
! =item session_lock, session_lock_shared, session_lock_read
! 
! get a shared lock on the session
! 
! =cut
! sub session_lock {
!   my $this = shift;
!   mm_lock($this->mm, MM_LOCK_RD);
! }
! *session_lock_shared = \&session_lock;
! *session_lock_read   = \&session_lock;
! 
! =pod
! 
! =item session_lock_ex, session_lock_exclusive, session_lock_write
! 
! get an exclusive lock on the session

  =cut
! sub session_lock_ex {
!   my $this = shift;
!   mm_lock($this->mm, MM_LOCK_RW);
! }
! *session_lock_exclusive = \&session_lock_ex;
! *session_lock_write     = \&session_lock_ex;

  =pod

! =item session_unlock

! unlock the session

  =cut
- sub session_unlock {
-   my $this = shift;
-   mm_unlock($this->mm);
- }
- 
  { # scope for the authc charset
    # we use this charset because the default charset of all printable characters
--- 106,121 ----
  =item session_init

! setup the session object

  =cut
! sub session_init {}

  =pod

! =item new_authc(<uid>, <time-out>)

! returns new skey

  =cut
  { # scope for the authc charset
    # we use this charset because the default charset of all printable characters
***************
*** 175,200 ****
    my $authc_sepchart = '_';

- =pod
- 
- =item new_authc(<uid>,<time-out>)
- 
- create a shiney new authentication session. returns new skey
- 
- =cut
    sub new_authc {
      my($this, $uid, $time_out) = @_;
      my $skey = unique_string($authc_charset, $authc_sepchart);
      log_debug { "logging in: $skey" };
-     # we wouldn't want to lock the session and then have and exception that
-     # leaves it deadlocked
-     try {
-       $this->session_lock_ex;
-       $this->authc->{"$skey skey"} = $skey;
-       $this->authc->{"$skey uid"}  = $uid;
-       $this->authc->{"$skey time_out"} = $time_out;
-       $this->authc->{"$skey atime"} = time;
-     } finally {
-       $this->session_unlock;
-     };
      return $skey;
    }
--- 124,131 ----
***************
*** 208,228 ****

  =cut
! sub delete_authc {
!   my($this, $skey) = @_;
!   my $authc = undef;
!   try {
!     $this->session_lock_ex;
!     log_debug { "logging out: $skey" };
!     for ("skey","uid","time_out","atime") {
!       if(exists($this->authc->{"$skey $_"})) {
! 	$authc->{"$skey $_"} = $this->authc->{"$skey $_"};
! 	delete $this->authc->{"$skey $_"};
!       }
!     }
!   } finally {
!     $this->session_unlock;
!   };
!   return $authc;
! }

  =pod
--- 139,143 ----

  =cut
! sub delete_authc {}

  =pod
***************
*** 234,260 ****
  =cut
  sub check_authc {
!   my($this, $skey) = @_;
!   my $reply = undef;
!   try {
!     $this->session_lock_ex;
!     log_debug { "auth'ing: $skey" };
!     if(exists($this->authc->{"$skey skey"})) {
!       my $authc = $this->authc;
!       if($authc->{"$skey time_out"} <= 0 or
! 	 $authc->{"$skey atime"} + $authc->{"$skey time_out"} >= time) {
! 	# if there are any session auth tricks,
! 	# here is the place to pull them out
! 	$authc->{"$skey atime"} = time;
! 	$reply = $authc->{"$skey uid"};
!       } else {
! 	$this->delete_authc($skey); # remove timed out session
!       }
!     } else {
!       log_debug { "no skey $skey" };
!     }
!   } finally {
!     $this->session_unlock;
!   };
!   return $reply;
  }

--- 149,153 ----
  =cut
  sub check_authc {
!   return undef;
  }

***************
*** 267,288 ****

  =cut
! sub new_authz {
!   my($this, $uid, $groups) = @_;
!   try {
!     log_debug { "new $uid groups:$groups:".join(',',@$groups) };
!     $groups = freeze($groups);
!     log_debug { "frozen $uid groups:$groups" };
!     $this->session_lock_ex;
!     if(exists($this->authz->{"$uid ref_count"})) {
!       $this->authz->{"$uid ref_count"}++;
!       $this->authz->{"$uid groups"} = $groups;
!     } else {
!       $this->authz->{"$uid ref_count"} = 1;
!       $this->authz->{"$uid groups"} = $groups;
!     }
!   } finally {
!     $this->session_unlock;
!   };
! }

  =pod
--- 160,164 ----

  =cut
! sub new_authz {}

  =pod
***************
*** 293,311 ****

  =cut
! sub delete_authz {
!   my($this, $uid) = @_;
!   try {
!     $this->session_lock_ex;
!     if(exists($this->authz->{"$uid ref_count"})) {
!       $this->authz->{"$uid ref_count"}--;
!       if($this->authz->{"$uid ref_count"} < 1) {
! 	delete $this->authz->{"$uid ref_count"};
! 	delete $this->authz->{"$uid groups"};
!       }
!     }
!   } finally {
!     $this->session_unlock;
!   };
! }

  =pod
--- 169,173 ----

  =cut
! sub delete_authz {}

  =pod
***************
*** 317,336 ****
  =cut
  sub check_authz {
!   my($this, $uid) = @_;
!   my $reply = undef;
!   if(exists($this->authz->{"$uid groups"})) {
!     try {
!       $this->session_lock;
!       my $groups = $this->authz->{"$uid groups"};
!       log_debug { "$uid groups:$groups" };
!       ($reply) = thaw($groups);
!       log_debug { "thawed $uid groups:$reply:".join(',',@$reply) };
!     } finally {
!       $this->session_unlock;
!     };
!   } else {
!     log_debug { "no $uid groups" };
!   }
!   return $reply;
  }

--- 179,183 ----
  =cut
  sub check_authz {
!   return undef;
  }