authcache can be used to bind user's sessions to ip with 'limit' option, with +
+ autchcache ip,user,pass,limit 120 + auth cache strong+ user will not be able to use more than a single IP during cache time (120 sec). +
Userslist is created with 'users' command. diff --git a/doc/html/howtor.html b/doc/html/howtor.html index de084ca..a97ecad 100644 --- a/doc/html/howtor.html +++ b/doc/html/howtor.html @@ -469,6 +469,13 @@ использовать кэширование для доступа к критичным ресурсам, в частности к интерфейсу администрирования.
+authcache так же может использоваться для привязки сессий пользователя к ip с + с помощью опции limit +
+ autchcache ip,user,pass,limit 120 + auth cache strong+ запретит пользователю использовать более одного адреса в течении времени кеширования. +
Список пользователей задается с помощью команды users. diff --git a/man/3proxy.cfg.3 b/man/3proxy.cfg.3 index e9699db..661d330 100644 --- a/man/3proxy.cfg.3 +++ b/man/3proxy.cfg.3 @@ -519,6 +519,8 @@ assigned to the same user without actual authentication. user - same as above, but IP is not checked. .br user,password - both username and password are checked against cached ones. +.br + limit - limit user to use only one ip, \'ip\' and \'user\' are required .br Use auth type \'cache\' for cached authentication diff --git a/src/auth.c b/src/auth.c index 5e7c430..f34b20b 100644 --- a/src/auth.c +++ b/src/auth.c @@ -721,15 +721,24 @@ int cacheauth(struct clientparam * param){ continue; } - if(((!(conf.authcachetype&2)) || (param->username && ac->username && !strcmp(ac->username, (char *)param->username))) && - ((!(conf.authcachetype&1)) || (*SAFAMILY(&ac->sa) == *SAFAMILY(¶m->sincr) && !memcmp(SAADDR(&ac->sa), SAADDR(¶m->sincr), SAADDRLEN(&ac->sa)))) && + if((!(conf.authcachetype&2) || (param->username && ac->username && !strcmp(ac->username, (char *)param->username))) && (!(conf.authcachetype&4) || (ac->password && param->password && !strcmp(ac->password, (char *)param->password)))) { - if(param->username){ - myfree(param->username); + + if(!(conf.authcachetype&1) + || ((*SAFAMILY(&ac->sa) == *SAFAMILY(¶m->sincr) + && !memcmp(SAADDR(&ac->sa), SAADDR(¶m->sincr), SAADDRLEN(&ac->sa))))){ + + if(param->username){ + myfree(param->username); + } + param->username = (unsigned char *)mystrdup(ac->username); + pthread_mutex_unlock(&hash_mutex); + return 0; + } + else if ((conf.authcachetype&1) && (conf.authcachetype&8)) { + pthread_mutex_unlock(&hash_mutex); + return 10; } - param->username = (unsigned char *)mystrdup(ac->username); - pthread_mutex_unlock(&hash_mutex); - return 0; } last = ac; ac = ac->next; @@ -790,6 +799,7 @@ int doauth(struct clientparam * param){ break; } if(res > ret) ret = res; + if(ret > 9) return ret; } if(!res){ return alwaysauth(param); diff --git a/src/conf.c b/src/conf.c index aef48af..4c9ea02 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1338,6 +1338,7 @@ static int h_authcache(int argc, unsigned char **argv){ if(strstr((char *) *(argv + 1), "ip")) conf.authcachetype |= 1; if(strstr((char *) *(argv + 1), "user")) conf.authcachetype |= 2; if(strstr((char *) *(argv + 1), "pass")) conf.authcachetype |= 4; + if(strstr((char *) *(argv + 1), "limit")) conf.authcachetype |= 8; if(argc > 2) conf.authcachetime = (unsigned) atoi((char *) *(argv + 2)); if(!conf.authcachetype) conf.authcachetype = 6; if(!conf.authcachetime) conf.authcachetime = 600;