|
From: <fir...@us...> - 2003-11-17 04:08:21
|
Update of /cvsroot/mod-auth/mod_authn_cache/src In directory sc8-pr-cvs1:/tmp/cvs-serv8208 Modified Files: mod_authn_cache.c Added Files: authn_scache.c authn_scache_shmht.c authn_util_table.c authn_util_table.h mod_authn_cache.h Removed Files: util_authn_cache.c util_authn_cache.h util_authn_cache_mgr.c Log Message: change to shmht type cache. still needs major work. --- NEW FILE: authn_scache.c --- /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact ap...@ap.... * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== */ /* WARNING: This code is directly taken from mod_ssl. If there is a bug in ssl_scache.c, there will likely be a bug here. */ /* ``Open-Source Software: generous programmers from around the world all join forces to help you shoot yourself in the foot for free.'' -- Unknown */ #include "mod_authn_cache.h" x /* _________________________________________________________________ ** ** Session Cache: Common Abstraction Layer ** _________________________________________________________________ */ void authn_scache_init(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); /* * Warn the user that he should use the session cache. * But we can operate without it, of course. */ if (mc->nSessionCacheMode == AUTHN_SCMODE_UNSET) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, "Init: AuthnCache is not configured " "[hint: AuthnCacheMode]"); mc->nSessionCacheMode = AUTHN_SCMODE_NONE; return; } if (mc->nSessionCacheMode == AUTHN_SCMODE_SHMHT) void *data; const char *userdata_key = "authn_scache_init"; apr_pool_userdata_get(&data, userdata_key, s->process->pool); if (!data) { apr_pool_userdata_set((const void *)1, userdata_key, apr_pool_cleanup_null, s->process->pool); return; } if(mc->nSessionCacheMode == AUTHN_SCMODE_SHMHT) authn_scache_shmht_init(s, p); } } void authn_scache_kill(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); if (mc->nSessionCacheMode == AUTHN_SCMODE_SHMHT) authn_scache_shmht_kill(s); return; } BOOL authn_scache_store(server_rec *s, authn_cache_node_t* node, time_t expiry) { SSLModConfigRec *mc = myModConfig(s); BOOL rv = FALSE; if (mc->nSessionCacheMode == AUTHN_SCMODE_SHMHT) rv = authn_scache_shmht_store(s, node, expiry); return rv; } SSL_SESSION *ssl_scache_retrieve(server_rec *s, authn_cache_node_t* node) { SSLModConfigRec *mc = myModConfig(s); SSL_SESSION *sess = NULL; if (mc->nSessionCacheMode == AUTHN_SCMODE_SHMHT) sess = authn_scache_shmht_retrieve(s, node); return sess; } void authn_scache_remove(server_rec *s, authn_cache_node_t* node) { SSLModConfigRec *mc = myModConfig(s); if (mc->nSessionCacheMode == AUTHN_SCMODE_SHMHT) authn_scache_shmht_remove(s, node); return; } void authn_scache_expire(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); if (mc->nSessionCacheMode == AUTHN_SCMODE_SHMHT) authn_scache_shmht_expire(s); return; } --- NEW FILE: authn_scache_shmht.c --- /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact ap...@ap.... * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== */ #include "mod_authn_cache.h" /* * Wrapper functions for table library which resemble malloc(3) & Co * but use the variants from the MM shared memory library. */ static void *authn_scache_shmht_malloc(void *opt_param, size_t size) { SSLModConfigRec *mc = myModConfig((server_rec *)opt_param); apr_rmm_off_t off = apr_rmm_calloc(mc->pSessionCacheDataRMM, size); return apr_rmm_addr_get(mc->pSessionCacheDataRMM, off); } static void *authn_scache_shmht_calloc(void *opt_param, size_t number, size_t size) { SSLModConfigRec *mc = myModConfig((server_rec *)opt_param); apr_rmm_off_t off = apr_rmm_calloc(mc->pSessionCacheDataRMM, (number*size)); return apr_rmm_addr_get(mc->pSessionCacheDataRMM, off); } static void *authn_scache_shmht_realloc(void *opt_param, void *ptr, size_t size) { SSLModConfigRec *mc = myModConfig((server_rec *)opt_param); apr_rmm_off_t off = apr_rmm_realloc(mc->pSessionCacheDataRMM, ptr, size); return apr_rmm_addr_get(mc->pSessionCacheDataRMM, off); } static void authn_scache_shmht_free(void *opt_param, void *ptr) { SSLModConfigRec *mc = myModConfig((server_rec *)opt_param); apr_rmm_off_t off = apr_rmm_offset_get(mc->pSessionCacheDataRMM, ptr); apr_rmm_free(mc->pSessionCacheDataRMM, off); return; } /* * Now the actual session cache implementation * based on a hash table inside a shared memory segment. */ void authn_scache_shmht_init(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); table_t *ta; int ta_errno; apr_size_t avail; int n; apr_status_t rv; /* * Create shared memory segment */ if (mc->szSessionCacheDataFile == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSLSessionCache required"); exit(1); } if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM), mc->nSessionCacheDataSize, mc->szSessionCacheDataFile, mc->pPool)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "Cannot allocate shared memory"); exit(1); } if ((rv = apr_rmm_init(&(mc->pSessionCacheDataRMM), NULL, apr_shm_baseaddr_get(mc->pSessionCacheDataMM), mc->nSessionCacheDataSize, mc->pPool)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "Cannot initialize rmm"); exit(1); } ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "initialize MM %pp RMM %pp", mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM); /* * Create hash table in shared memory segment */ avail = mc->nSessionCacheDataSize; n = (avail/2) / 1024; n = n < 10 ? 10 : n; /* * Passing server_rec as opt_param to table_alloc so that we can do * logging if required ssl_util_table. Otherwise, mc is sufficient. */ if ((ta = table_alloc(n, &ta_errno, authn_scache_shmht_malloc, authn_scache_shmht_calloc, authn_scache_shmht_realloc, authn_scache_shmht_free, s )) == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Cannot allocate hash table in shared memory: %s", table_strerror(ta_errno)); exit(1); } table_attr(ta, TABLE_FLAG_AUTO_ADJUST|TABLE_FLAG_ADJUST_DOWN); table_set_data_alignment(ta, sizeof(char *)); table_clear(ta); mc->tSessionCacheDataTable = ta; /* * Log the done work */ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Init: Created hash-table (%d buckets) " "in shared memory (%" APR_SIZE_T_FMT " bytes) for AuthnCache", n, avail); return; } void authn_scache_shmht_kill(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); if (mc->pSessionCacheDataRMM != NULL) { apr_rmm_destroy(mc->pSessionCacheDataRMM); mc->pSessionCacheDataRMM = NULL; } if (mc->pSessionCacheDataMM != NULL) { apr_shm_destroy(mc->pSessionCacheDataMM); mc->pSessionCacheDataMM = NULL; } return; } BOOL authn_scache_shmht_store(server_rec *s, time_t expiry, authn_cache_node_t* node) { SSLModConfigRec *mc = myModConfig(s); void *vp; UCHAR ucaData[SSL_SESSION_MAX_DER]; int nData; UCHAR *ucp; /* streamline session data */ if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData)) return FALSE; ucp = ucaData; i2d_SSL_SESSION(sess, &ucp); authn_mutex_on(s); if (table_insert_kd(mc->tSessionCacheDataTable, id, idlen, NULL, sizeof(time_t)+nData, NULL, &vp, 1) != TABLE_ERROR_NONE) { authn_mutex_off(s); return FALSE; } memcpy(vp, &expiry, sizeof(time_t)); memcpy((char *)vp+sizeof(time_t), ucaData, nData); autn_mutex_off(s); /* allow the regular expiring to occur */ authn_scache_shmht_expire(s); return TRUE; } SSL_SESSION *authn_scache_shmht_retrieve(server_rec *s, UCHAR *id, int idlen) { SSLModConfigRec *mc = myModConfig(s); void *vp; SSL_SESSION *sess = NULL; UCHAR *ucpData; int nData; time_t expiry; time_t now; int n; /* allow the regular expiring to occur */ authn_scache_shmht_expire(s); /* lookup key in table */ authn_mutex_on(s); if (table_retrieve(mc->tSessionCacheDataTable, id, idlen, &vp, &n) != TABLE_ERROR_NONE) { authn_mutex_off(s); return NULL; } /* copy over the information to the SCI */ nData = n-sizeof(time_t); ucpData = (UCHAR *)malloc(nData); if (ucpData == NULL) { authn_mutex_off(s); return NULL; } memcpy(&expiry, vp, sizeof(time_t)); memcpy(ucpData, (char *)vp+sizeof(time_t), nData); authn_mutex_off(s); /* make sure the stuff is still not expired */ now = time(NULL); if (expiry <= now) { authn_scache_shmht_remove(s, id, idlen); return NULL; } /* unstreamed SSL_SESSION */ sess = d2i_SSL_SESSION(NULL, &ucpData, nData); return sess; } void authn_scache_shmht_remove(server_rec *s, UCHAR *id, int idlen) { SSLModConfigRec *mc = myModConfig(s); /* remove value under key in table */ authn_mutex_on(s); table_delete(mc->tSessionCacheDataTable, id, idlen, NULL, NULL); authn_mutex_off(s); return; } void authn_scache_shmht_expire(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); SSLSrvConfigRec *sc = mySrvConfig(s); static time_t tLast = 0; table_linear_t iterator; time_t tExpiresAt; void *vpKey; void *vpKeyThis; void *vpData; int nKey; int nKeyThis; int nData; int nElements = 0; int nDeleted = 0; int bDelete; int rc; time_t tNow; /* * make sure the expiration for still not-accessed session * cache entries is done only from time to time */ tNow = time(NULL); if (tNow < tLast+sc->session_cache_timeout) return; tLast = tNow; authn_mutex_on(s); if (table_first_r(mc->tSessionCacheDataTable, &iterator, &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) { do { bDelete = FALSE; nElements++; if (nData < sizeof(time_t) || vpData == NULL) bDelete = TRUE; else { memcpy(&tExpiresAt, vpData, sizeof(time_t)); /* * XXX : Force the record to be cleaned up. TBD (Madhu) * tExpiresAt = tNow; */ if (tExpiresAt <= tNow) bDelete = TRUE; } vpKeyThis = vpKey; nKeyThis = nKey; rc = table_next_r(mc->tSessionCacheDataTable, &iterator, &vpKey, &nKey, &vpData, &nData); if (bDelete) { table_delete(mc->tSessionCacheDataTable, vpKeyThis, nKeyThis, NULL, NULL); nDeleted++; } } while (rc == TABLE_ERROR_NONE); /* (vpKeyThis != vpKey) && (nKeyThis != nKey) */ } authn_mutex_off(s); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Inter-Process Session Cache (SHMHT) Expiry: " "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted); return; } void authn_scache_shmht_status(server_rec *s, apr_pool_t *p, void (*func)(char *, void *), void *arg) { SSLModConfigRec *mc = myModConfig(s); void *vpKey; void *vpData; int nKey; int nData; int nElem; int nSize; int nAverage; nElem = 0; nSize = 0; authn_mutex_on(s); if (table_first(mc->tSessionCacheDataTable, &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) { do { if (vpKey == NULL || vpData == NULL) continue; nElem += 1; nSize += nData; } while (table_next(mc->tSessionCacheDataTable, &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE); } authn_mutex_off(s); if (nSize > 0 && nElem > 0) nAverage = nSize / nElem; else nAverage = 0; func(apr_psprintf(p, "cache type: <b>SHMHT</b>, maximum size: <b>%d</b> bytes<br>", mc->nSessionCacheDataSize), arg); func(apr_psprintf(p, "current sessions: <b>%d</b>, current size: <b>%d</b> bytes<br>", nElem, nSize), arg); func(apr_psprintf(p, "average session size: <b>%d</b> bytes<br>", nAverage), arg); return; } --- NEW FILE: authn_util_table.c --- /* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org ** |_____| ** ssl_util_table.c ** High Performance Hash Table Functions */ /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: [...2512 lines suppressed...] return TABLE_ERROR_ARG_NULL; if (key_buf_p != NULL) *key_buf_p = ENTRY_KEY_BUF(entry_p); if (key_size_p != NULL) *key_size_p = entry_p->te_key_size; if (data_buf_p != NULL) { if (entry_p->te_data_size == 0) *data_buf_p = NULL; else { if (table_p->ta_data_align == 0) *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p); else *data_buf_p = entry_data_buf(table_p, entry_p); } } if (data_size_p != NULL) *data_size_p = entry_p->te_data_size; return TABLE_ERROR_NONE; } --- NEW FILE: authn_util_table.h --- /* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org ** |_____| ** ssl_util_table.h ** High Performance Hash Table Header */ /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact ap...@ap.... * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== */ /* * Generic hash table defines * Table 4.1.0 July-28-1998 * * This library is a generic open hash table with buckets and * linked lists. It is pretty high performance. Each element * has a key and a data. The user indexes on the key to find the * data. * * Copyright 1998 by Gray Watson <gr...@le...> * * Permission to use, copy, modify, and distribute this software for any * purpose and without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, * and that the name of Gray Watson not be used in advertising or * publicity pertaining to distribution of the document or software * without specific, written prior permission. * * Gray Watson makes no representations about the suitability of the * software described herein for any purpose. It is provided "as is" * without express or implied warranty. */ #ifndef __SSL_UTIL_TABLE_H__ #define __SSL_UTIL_TABLE_H__ #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* * To build a "key" in any of the below routines, pass in a pointer to * the key and its size [i.e. sizeof(int), etc]. With any of the * "key" or "data" arguments, if their size is < 0, it will do an * internal strlen of the item and add 1 for the \0. * * If you are using firstkey() and nextkey() functions, be careful if, * after starting your firstkey loop, you use delete or insert, it * will not crash but may produce interesting results. If you are * deleting from firstkey to NULL it will work fine. */ /* return types for table functions */ #define TABLE_ERROR_NONE 1 /* no error from function */ #define TABLE_ERROR_PNT 2 /* bad table pointer */ #define TABLE_ERROR_ARG_NULL 3 /* buffer args were null */ #define TABLE_ERROR_SIZE 4 /* size of data was bad */ #define TABLE_ERROR_OVERWRITE 5 /* key exists and we cant overwrite */ #define TABLE_ERROR_NOT_FOUND 6 /* key does not exist */ #define TABLE_ERROR_ALLOC 7 /* memory allocation error */ #define TABLE_ERROR_LINEAR 8 /* no linear access started */ #define TABLE_ERROR_OPEN 9 /* could not open file */ #define TABLE_ERROR_SEEK 10 /* could not seek to pos in file */ #define TABLE_ERROR_READ 11 /* could not read from file */ #define TABLE_ERROR_WRITE 12 /* could not write to file */ #define TABLE_ERROR_EMPTY 13 /* table is empty */ #define TABLE_ERROR_NOT_EMPTY 14 /* table contains data */ #define TABLE_ERROR_ALIGNMENT 15 /* invalid alignment value */ /* * Table flags set with table_attr. */ /* * Automatically adjust the number of table buckets on the fly. * Whenever the number of entries gets above some threshold, the * number of buckets is realloced to a new size and each entry is * re-hashed. Although this may take some time when it re-hashes, the * table will perform better over time. */ #define TABLE_FLAG_AUTO_ADJUST (1<<0) /* * If the above auto-adjust flag is set, also adjust the number of * table buckets down as we delete entries. */ #define TABLE_FLAG_ADJUST_DOWN (1<<1) /* structure to walk through the fields in a linear order */ typedef struct { unsigned int tl_magic; /* magic structure to ensure correct init */ unsigned int tl_bucket_c; /* where in the table buck array we are */ unsigned int tl_entry_c; /* in the bucket, which entry we are on */ } table_linear_t; typedef int (*table_compare_t)(const void *key1, const int key1_size, const void *data1, const int data1_size, const void *key2, const int key2_size, const void *data2, const int data2_size); #ifndef TABLE_PRIVATE typedef void table_t; typedef void table_entry_t; #endif /* * Prototypes */ extern table_t *table_alloc(const unsigned int bucket_n, int *error_p, void *(*malloc_f)(void *opt_param, size_t size), void *(*calloc_f)(void *opt_param, size_t number, size_t size), void *(*realloc_f)(void *opt_param, void *ptr, size_t size), void (*free_f)(void *opt_param, void *ptr), void *opt_param); extern int table_attr(table_t *table_p, const int attr); extern int table_set_data_alignment(table_t *table_p, const int alignment); extern int table_clear(table_t *table_p); extern int table_free(table_t *table_p); extern int table_insert_kd(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **key_buf_p, void **data_buf_p, const char overwrite_b); extern int table_insert(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **data_buf_p, const char overwrite_b); extern int table_retrieve(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p); extern int table_delete(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p); extern int table_delete_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); extern int table_info(table_t *table_p, int *num_buckets_p, int *num_entries_p); extern int table_adjust(table_t *table_p, const int bucket_n); extern const char *table_strerror(const int error); extern int table_type_size(void); extern int table_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); extern int table_next(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); extern int table_this(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); extern int table_first_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); extern int table_next_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); extern int table_this_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); extern table_entry_t **table_order(table_t *table_p, table_compare_t compare, int *num_entries_p, int *error_p); extern int table_entry_info(table_t *table_p, table_entry_t *entry_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p); #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* __SSL_UTIL_TABLE_H__ */ --- NEW FILE: mod_authn_cache.h --- /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact ap...@ap.... * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. */ /* * mod_authn_cache.h * * Paul Querna * * ** heavily based on mod_ssl's session cache system. ** * */ /* * XXXX: Convert all of these to apr_* * XXXX: if you did it here, might as well do it in mod_ssl! */ #ifndef FALSE #define FALSE (0) #endif #ifndef TRUE #define TRUE (!FALSE) #endif #ifndef BOOL #define BOOL unsigned int #endif #ifndef UCHAR #define UCHAR unsigned char #endif #ifndef UNSET #define UNSET (-1) #endif /* * XXX: Add Other Backends besides shmht */ typedef enum { AUTHN_SCMODE_UNSET = UNSET, AUTHN_SCMODE_NONE = 0, AUTHN_SCMODE_SHMHT = 1 } authn_scmode_t; typedef stuct authn_cache_node_t { char* username; char* realm; char* digest_hash; } authn_cache_node_t; /* Session Cache Support */ void authn_scache_init(server_rec *, apr_pool_t *); void authn_scache_kill(server_rec *); BOOL authn_scache_store(server_rec *, authn_cache_node_t *); authn_cache_node_t *authn_scache_retrieve(server_rec *, authn_cache_node_t*); void authn_scache_remove(server_rec *, authn_cache_node_t*); void authn_scache_expire(server_rec *); int authn_mutex_on(server_rec *s); int authn_mutex_off(server_rec *s); Index: mod_authn_cache.c =================================================================== RCS file: /cvsroot/mod-auth/mod_authn_cache/src/mod_authn_cache.c,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** mod_authn_cache.c 12 Nov 2003 07:04:37 -0000 1.2 --- mod_authn_cache.c 17 Nov 2003 04:07:37 -0000 1.3 *************** *** 91,156 **** #include "util_authn_cache.h" ! #define DFLT_TIMEOUT 300 // 5 minutes ! ! enum ! { ! CONF_CACHE_HANDLER, ! CONF_CACHE_TIMEOUT, ! CONF_CACHE_TYPE, ! }; ! typedef struct { ! char *handler; ! char *type_path; ! int type; ! apr_interval_time_t timeout; authn_provider_list *providers; ! util_cache_state_t *cache; ! } cache_config_rec; ! ! ! enum ! { ! CT_SHMEM, ! CT_FILE, ! }; ! ! static void *create_authn_cache_config(apr_pool_t * p, char *d) { ! cache_config_rec *conf; ! conf = (cache_config_rec *) apr_pcalloc(p, sizeof(cache_config_rec)); ! if (conf == NULL) { return NULL; } ! ! conf->handler = NULL; ! conf->type = CT_FILE; ! conf->type_path = NULL; ! conf->timeout = apr_time_from_sec(DFLT_TIMEOUT); ! conf->cache = (util_cache_state_t *)apr_pcalloc(p, sizeof(util_cache_state_t)); ! conf->cache->pool = p; return conf; } - static const char *set_cache_switch_conf(cmd_parms * cmd, void *config, const char *value) - { - apr_ssize_t pos = (apr_ssize_t) cmd->info; - cache_config_rec *temp = (cache_config_rec*)config; - switch (pos) { - case CONF_CACHE_HANDLER: - temp->handler = (char *)value; - break; - case CONF_CACHE_TIMEOUT: - temp->timeout = apr_time_from_sec(atoi(value)); - break; - case CONF_CACHE_TYPE: ! break; ! default: ! // unknown config directive? ! break; } ! return NULL; } --- 91,126 ---- #include "util_authn_cache.h" ! module AP_MODULE_DECLARE_DATA authn_cache_module; ! typedef struct authn_cache_conf_t { authn_provider_list *providers; ! } authn_cache_conf_t; ! static void *create_authn_cache_dconfig(apr_pool_t * p, char *d) { ! authn_cache_conf_t *conf; ! if (d == NULL) { return NULL; } ! conf = (authn_cache_conf_t *) apr_pcalloc(p, sizeof(authn_cache_conf_t)); ! if (conf) { ! conf->providers = NULL; ! } return conf; } ! static void *create_authn_cache_config(apr_pool_t *p, server_rec *s) ! { ! util_cache_state_t *st; ! st = (util_cache_state_t *) apr_pcalloc(p, sizeof(util_cache_state_t)); ! if (st == NULL) { ! return NULL; } ! ! st->pool = p; ! st->cache_bytes = 100000; ! st->cache_size = 1000; ! return st; } *************** *** 158,162 **** const char *arg) { ! cache_config_rec *conf = (cache_config_rec*)config; authn_provider_list *newp; const char *provider_name; --- 128,132 ---- const char *arg) { ! authn_cache_conf_t *conf = (authn_cache_conf_t*)config; authn_provider_list *newp; const char *provider_name; *************** *** 208,219 **** } static const command_rec authn_cache_cmds[] = { /* per auth section */ ! AP_INIT_TAKE1("AuthnCacheProvider", add_authn_provider, (void *) CONF_CACHE_HANDLER, OR_AUTHCFG, "The name of the configuration to use for this section"), ! AP_INIT_TAKE1("AuthnCacheTimeout", set_cache_switch_conf, (void *) CONF_CACHE_TIMEOUT, OR_AUTHCFG, ! "Time for Auth Tokens to Timeout"), ! AP_INIT_TAKE1("AuthnCacheType", set_cache_switch_conf, (void *) CONF_CACHE_TYPE, OR_AUTHCFG, ! "Type of storage for authen tokens"), {NULL} }; --- 178,213 ---- } + static const char *util_authn_set_cache_file(cmd_parms *cmd, void *dummy, const char *file) + { + util_cache_state_t *st = + (util_cache_state_t *)ap_get_module_config(cmd->server->module_config, + &authn_cache_module); + + if (file) { + st->cache_file = ap_server_root_relative(st->pool, file); + } + else { + st->cache_file = NULL; + } + + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, + "AuthnCache: Setting shared memory cache file to '%s'", + st->cache_file); + + return NULL; + } + + + static const command_rec authn_cache_cmds[] = { /* per auth section */ ! AP_INIT_TAKE1("AuthnCacheProvider", add_authn_provider, NULL, OR_AUTHCFG, "The name of the configuration to use for this section"), ! /* global config */ ! AP_INIT_TAKE1("AuthnCacheSharedCacheFile", util_authn_set_cache_file, NULL, RSRC_CONF, ! "Sets the file of the shared memory cache." ! "Nothing means disable the shared memory cache."), ! ! {NULL} }; *************** *** 226,248 **** authn_status auth_result; util_authn_any_node_t newnode; ! util_authn_any_node_t *node; ! util_authn_vhost_node_t *curl; util_authn_vhost_node_t curnode; authn_provider_list *current_provider; ! cache_config_rec *conf = ap_get_module_config(r->per_dir_config, &authn_cache_module); ! AUTHN_CACHE_WRLOCK(); ! curnode.vhost = apr_pstrdup(conf->cache->pool, r->server->server_hostname); ! curl = util_authn_cache_fetch(util_authn_cache, &curnode); ! if (curl == NULL) { ! curl = util_authn_create_caches(conf->cache, curnode.vhost); } - AUTHN_CACHE_UNLOCK(); ! AUTHN_CACHE_WRLOCK(); newnode.username = user; newnode.realm = ap_auth_name(r); ! node = util_authn_cache_fetch(curl->auth_cache, &newnode); if (node != NULL) { AUTHN_CACHE_UNLOCK(); --- 220,259 ---- authn_status auth_result; util_authn_any_node_t newnode; ! util_authn_any_node_t *node = NULL; ! util_authn_vhost_node_t *curl = NULL; util_authn_vhost_node_t curnode; authn_provider_list *current_provider; ! authn_cache_conf_t *conf = ap_get_module_config(r->per_dir_config, &authn_cache_module); ! util_cache_state_t *st = ap_get_module_config(r->server->module_config, ! &authn_cache_module); ! ! AUTHN_CACHE_RDLOCK(); ! curnode.vhost = r->server->server_hostname; ! ! if(st->util_authn_cache_d == NULL) ! { ! util_authn_cache_init(st->pool, st); ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "creating a new util_authn_cache_d!"); } ! curl = (util_authn_vhost_node_t* )util_authn_fetch(st->util_authn_cache_d, &curnode); ! if (curl == NULL) { ! curl = util_authn_create_caches(st, curnode.vhost); ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "creating new cache on vhost: %s cache: 0x%08x", r->server->server_hostname,curl); ! } ! else ! { ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "existing cache on vhost: %s! cache: 0x%08x", r->server->server_hostname,curl); ! } newnode.username = user; newnode.realm = ap_auth_name(r); ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "checking cache for username: %s in realm: %s on vhost: %s cache: 0x%08x node: 0x%08x", newnode.username, newnode.realm, r->server->server_hostname, curl->auth_cache, node); ! node = util_authn_fetch(curl->auth_cache, &newnode); if (node != NULL) { AUTHN_CACHE_UNLOCK(); *************** *** 252,256 **** } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "NOT used cached auth!"); AUTHN_CACHE_UNLOCK(); --- 263,267 ---- } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "NOT used cached auth! node: 0x%08x newnode.user:%s newnode.realm:%s",node,newnode.username,newnode.realm); AUTHN_CACHE_UNLOCK(); *************** *** 280,292 **** /* Something occured. Stop checking. */ if (auth_result != AUTH_USER_NOT_FOUND) { - if(auth_result == AUTH_GRANTED) - { - // add to cache - AUTHN_CACHE_RDLOCK(); - newnode.username = user; - newnode.realm = ap_auth_name(r); - util_authn_cache_insert(curl->auth_cache, &newnode); - AUTHN_CACHE_UNLOCK(); - } break; } --- 291,294 ---- *************** *** 301,304 **** --- 303,322 ---- } while (current_provider); + if(auth_result == AUTH_GRANTED) + { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "adding user: %s to cache for realm: %s cache: 0x%08x auth cache: 0x%08x",user,ap_auth_name(r), curl, curl->auth_cache); + // add to cache + AUTHN_CACHE_WRLOCK(); + newnode.username = user; + newnode.realm = ap_auth_name(r); + util_authn_insert(curl->auth_cache, &newnode); + AUTHN_CACHE_UNLOCK(); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "NOT adding user(but auth good?): %s to cache for realm: %s!",user,ap_auth_name(r)); + } + return auth_result; } *************** *** 308,401 **** { ! authn_status auth_result; ! util_authn_any_node_t newnode; ! authn_provider_list *current_provider; ! cache_config_rec *conf = ap_get_module_config(r->per_dir_config, ! &authn_cache_module); ! ! current_provider = conf->providers; ! ! do { ! const authn_provider *provider; ! if (!current_provider) { ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "No Cache Authn provider configured"); ! auth_result = AUTH_GENERAL_ERROR; ! break; ! } ! else { ! provider = current_provider->provider; ! } ! ! if(!provider->check_password) { ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ! "The '%s' Cache Authn provider doesn't support Digest Authentication", current_provider->provider_name); ! auth_result = AUTH_GENERAL_ERROR; ! break; ! } ! ! /* We expect the password to be md5 hash of user:realm:password */ ! auth_result = provider->get_realm_hash(r, user, realm, ! rethash); ! ! /* Something occured. Stop checking. */ ! if (auth_result != AUTH_USER_NOT_FOUND) { ! if(auth_result == AUTH_GRANTED) ! { ! // add to cache ! AUTHN_CACHE_RDLOCK(); ! newnode.username = (char *)user; ! newnode.realm = (char *)ap_auth_name(r); ! util_authn_cache_insert(util_authn_cache, &newnode); ! AUTHN_CACHE_UNLOCK(); ! } ! break; ! } ! ! /* If we're not really configured for providers, stop now. */ ! if (!conf->providers) { ! break; ! } ! ! current_provider = current_provider->next; ! ! } while (current_provider); ! ! return auth_result; } ! ! static apr_status_t init_authn_cache_config(apr_pool_t * pconf, ! apr_pool_t * plog, ! apr_pool_t * ptemp) { - apr_status_t rv = APR_SUCCESS; ! return rv; ! } - static apr_status_t init_authn_cache(apr_pool_t * p, apr_pool_t * plog, - apr_pool_t * ptemp, server_rec * s) - { - apr_status_t rv = APR_SUCCESS; - void *data; - const char *userdata_key = "mod_authn_cache_init"; ! apr_pool_userdata_get(&data, userdata_key, s->process->pool); ! if (!data) { ! apr_pool_userdata_set((const void *) 1, userdata_key, ! apr_pool_cleanup_null, s->process->pool); ! return OK; ! } ! ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, p, ! "[mod_authn_cache.c] Running Cache init Code"); ! AUTHN_CACHE_LOCK_CREATE(p); ! apr_status_t result = util_authn_cache_init(p, 10000); ! return rv; } --- 326,377 ---- { ! return AUTH_USER_NOT_FOUND; } ! static int init_authn_cache(apr_pool_t *p, apr_pool_t *plog, ! apr_pool_t *ptemp, server_rec *s) { + char buf[MAX_STRING_LEN]; + apr_status_t result; ! util_cache_state_t *st = (util_cache_state_t *)ap_get_module_config(s->module_config, &authn_cache_module); ! st->pool = p; ! #if APR_HAS_SHARED_MEMORY ! server_rec *s_vhost; ! util_cache_state_t *st_vhost; ! /* initializing cache if file is here and we already don't have shm addr*/ ! if (st->cache_file && !st->cache_shm) { ! #endif ! AUTHN_CACHE_LOCK_CREATE(p); ! result = util_authn_cache_init(p, st); ! apr_strerror(result, buf, sizeof(buf)); ! ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, result, s, ! "AuthnCache init: %s", buf); ! #if APR_HAS_SHARED_MEMORY ! /* merge config in all vhost */ ! s_vhost = s->next; ! while (s_vhost) { ! ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, result, s, ! "Authn merging Shared Cache conf: shm=0x%x rmm=0x%x for VHOST: %s", ! st->cache_shm, st->cache_rmm, s_vhost->server_hostname); ! st_vhost = (util_cache_state_t *)ap_get_module_config(s_vhost->module_config, &authn_cache_module); ! st_vhost->cache_shm = st->cache_shm; ! st_vhost->cache_rmm = st->cache_rmm; ! st_vhost->cache_file = st->cache_file; ! s_vhost = s_vhost->next; ! } ! } ! else { ! ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0 , s, "AuthnCache: Unable to init Shared Cache: no file"); ! } ! #endif ! return 0; } *************** *** 408,412 **** static void register_hooks(apr_pool_t * p) { - ap_hook_pre_config(init_authn_cache_config, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_config(init_authn_cache, NULL, NULL, APR_HOOK_MIDDLE); ap_register_provider(p, AUTHN_PROVIDER_GROUP, "cache", "0", --- 384,387 ---- *************** *** 414,424 **** } module AP_MODULE_DECLARE_DATA authn_cache_module = { STANDARD20_MODULE_STUFF, ! create_authn_cache_config, /* dir config creater */ NULL, /* dir merger --- default is to override */ ! NULL, /* server config creator */ NULL, /* merge server config */ ! authn_cache_cmds, /* command apr_table_t */ register_hooks /* register hooks */ }; --- 389,429 ---- } + int authn_mutex_on(server_rec *s) + { + SSLModConfigRec *mc = myModConfig(s); + apr_status_t rv; + + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) + return TRUE; + if ((rv = apr_global_mutex_lock(mc->pMutex)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, + "Failed to acquire global mutex lock"); + return FALSE; + } + return TRUE; + } + + int authn_mutex_off(server_rec *s) + { + SSLModConfigRec *mc = myModConfig(s); + apr_status_t rv; + + if (mc->nMutexMode == SSL_MUTEXMODE_NONE) + return TRUE; + if ((rv = apr_global_mutex_unlock(mc->pMutex)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, + "Failed to release global mutex lock"); + return FALSE; + } + return TRUE; + } + module AP_MODULE_DECLARE_DATA authn_cache_module = { STANDARD20_MODULE_STUFF, ! create_authn_cache_dconfig, /* dir config creater */ NULL, /* dir merger --- default is to override */ ! create_authn_cache_config, /* server config creator */ NULL, /* merge server config */ ! authn_cache_cmds, /* command apr_table_t */ register_hooks /* register hooks */ }; --- util_authn_cache.c DELETED --- --- util_authn_cache.h DELETED --- --- util_authn_cache_mgr.c DELETED --- |
