bughz/3proxy
1
0
Fork 0
mirror of https://github.com/3proxy/3proxy.git synced 2025-02-23 18:45:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

"limit" support in authcache to bind sessions to ip

Browse Source
This commit is contained in:
z3APA3A 2019-08-21 15:20:43 +03:00
parent 336b411ea2
commit e7e7d2fddf
5 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/html/howtoe.html
View File

@ -461,7 +461,12 @@ proxy -n
</p> </p>
Please note, that caching affects security. Never use caching for access to Please note, that caching affects security. Never use caching for access to
critical resources, such as web administration. critical resources, such as web administration.
<p>authcache can be used to bind user's sessions to ip with 'limit' option, with
<pre>
autchcache ip,user,pass,limit 120
auth cache strong</pre>
user will not be able to use more than a single IP during cache time (120 sec).
</p>
<li><A NAME="USERS">How to create user list</A> <li><A NAME="USERS">How to create user list</A>
<p> <p>
Userslist is created with 'users' command. Userslist is created with 'users' command.

7
doc/html/howtor.html
View File

@ -469,6 +469,13 @@
использовать кэширование для доступа к критичным ресурсам, в частности к использовать кэширование для доступа к критичным ресурсам, в частности к
интерфейсу администрирования. интерфейсу администрирования.
</p> </p>
<p>authcache так же может использоваться для привязки сессий пользователя к ip с
с помощью опции limit
<pre>
autchcache ip,user,pass,limit 120
auth cache strong</pre>
запретит пользователю использовать более одного адреса в течении времени кеширования.
</p>
<li><a name="USERS"><i>Как создать список пользователей</i></a> <li><a name="USERS"><i>Как создать список пользователей</i></a>
<p> <p>
Список пользователей задается с помощью команды users. Список пользователей задается с помощью команды users.

2
man/3proxy.cfg.3
View File

@ -519,6 +519,8 @@ assigned to the same user without actual authentication.
user - same as above, but IP is not checked. user - same as above, but IP is not checked.
.br .br
user,password - both username and password are checked against cached ones. user,password - both username and password are checked against cached ones.
.br
limit - limit user to use only one ip, \'ip\' and \'user\' are required
.br .br
Use auth type \'cache\' for cached authentication Use auth type \'cache\' for cached authentication

14
src/auth.c
View File

@ -721,9 +721,13 @@ int cacheauth(struct clientparam * param){
continue; continue;
} }
if(((!(conf.authcachetype&2)) || (param->username && ac->username && !strcmp(ac->username, (char *)param->username))) && if((!(conf.authcachetype&2) || (param->username && ac->username && !strcmp(ac->username, (char *)param->username))) &&
((!(conf.authcachetype&1)) || (*SAFAMILY(&ac->sa) == *SAFAMILY(&param->sincr) && !memcmp(SAADDR(&ac->sa), SAADDR(&param->sincr), SAADDRLEN(&ac->sa)))) &&
(!(conf.authcachetype&4) || (ac->password && param->password && !strcmp(ac->password, (char *)param->password)))) { (!(conf.authcachetype&4) || (ac->password && param->password && !strcmp(ac->password, (char *)param->password)))) {
if(!(conf.authcachetype&1)
|| ((*SAFAMILY(&ac->sa) == *SAFAMILY(&param->sincr)
&& !memcmp(SAADDR(&ac->sa), SAADDR(&param->sincr), SAADDRLEN(&ac->sa))))){
if(param->username){ if(param->username){
myfree(param->username); myfree(param->username);
} }
@ -731,6 +735,11 @@ int cacheauth(struct clientparam * param){
pthread_mutex_unlock(&hash_mutex); pthread_mutex_unlock(&hash_mutex);
return 0; return 0;
} }
else if ((conf.authcachetype&1) && (conf.authcachetype&8)) {
pthread_mutex_unlock(&hash_mutex);
return 10;
}
}
last = ac; last = ac;
ac = ac->next; ac = ac->next;
} }
@ -790,6 +799,7 @@ int doauth(struct clientparam * param){
break; break;
} }
if(res > ret) ret = res; if(res > ret) ret = res;
if(ret > 9) return ret;
} }
if(!res){ if(!res){
return alwaysauth(param); return alwaysauth(param);

1
src/conf.c
View File

@ -1338,6 +1338,7 @@ static int h_authcache(int argc, unsigned char **argv){
if(strstr((char *) *(argv + 1), "ip")) conf.authcachetype |= 1; if(strstr((char *) *(argv + 1), "ip")) conf.authcachetype |= 1;
if(strstr((char *) *(argv + 1), "user")) conf.authcachetype |= 2; if(strstr((char *) *(argv + 1), "user")) conf.authcachetype |= 2;
if(strstr((char *) *(argv + 1), "pass")) conf.authcachetype |= 4; if(strstr((char *) *(argv + 1), "pass")) conf.authcachetype |= 4;
if(strstr((char *) *(argv + 1), "limit")) conf.authcachetype |= 8;
if(argc > 2) conf.authcachetime = (unsigned) atoi((char *) *(argv + 2)); if(argc > 2) conf.authcachetime = (unsigned) atoi((char *) *(argv + 2));
if(!conf.authcachetype) conf.authcachetype = 6; if(!conf.authcachetype) conf.authcachetype = 6;
if(!conf.authcachetime) conf.authcachetime = 600; if(!conf.authcachetime) conf.authcachetime = 600;