remove pwl_mutex

Use hashtables for password lists
cash the hash for auth cache
2026-06-13 11:00:11 +08:00 · 2026-04-26 20:43:13 +03:00 · 2026-04-26 20:38:58 +03:00 · 2026-04-26 19:56:38 +03:00
7 changed files with 159 additions and 126 deletions
--- a/src/3proxy.c
+++ b/src/3proxy.c
@ -513,7 +513,6 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int
  pthread_mutex_init(&connlim_mutex, NULL);
  pthread_mutex_init(&hash_mutex, NULL);
  pthread_mutex_init(&tc_mutex, NULL);
-  pthread_mutex_init(&pwl_mutex, NULL);
  pthread_mutex_init(&log_mutex, NULL);
 #ifndef NORADIUS
  pthread_mutex_init(&rad_mutex, NULL);
--- a/src/auth.c
+++ b/src/auth.c
@ -919,46 +919,24 @@ int dnsauth(struct clientparam * param){
 }

 int strongauth(struct clientparam * param){
-	struct passwords * pwl;
+	static char dummy;
 	unsigned char buf[256];
+	char cryptpw[65] = {0};

-
-	if(!param->username) return 4;
-	pthread_mutex_lock(&pwl_mutex);
-	for(pwl = conf.pwl; pwl; pwl=pwl->next){
-		if(!strcmp((char *)pwl->user, (char *)param->username)) switch(pwl->pwtype) {
-			case CL:
-				if(!pwl->password || !*pwl->password){
-					break;
-				}
-				else if (!param->pwtype && param->password && !strcmp((char *)param->password, (char *)pwl->password)){
-					break;
-				}
-				pthread_mutex_unlock(&pwl_mutex);
-				return 6;
+	if (!param->username) return 4;
+	if (!param->pwtype && param->password) {
+		if (pw_table.ihashtable && hashresolv(&pw_table, param, &dummy, NULL))
+			return 0;
+		if (pwnt_table.ihashtable && hashresolv(&pwnt_table, param, &dummy, NULL))
+			return 0;
 #ifndef NOCRYPT
-			case CR:
-				if(param->password && !param->pwtype && !strcmp((char *)pwl->password, (char *)mycrypt(param->password, pwl->password,buf))) {
-					break;
-				}
-				pthread_mutex_unlock(&pwl_mutex);
-				return 7;
-			case NT:
-				if(param->password && !param->pwtype && !memcmp(pwl->password, ntpwdhash(buf,param->password, 1), 32)) {
-					break;
-				}
-				pthread_mutex_unlock(&pwl_mutex);
-				return 8;
-#endif				
-			default:
-				pthread_mutex_unlock(&pwl_mutex);
-				return 999;
+		if (pwcr_table.ihashtable && hashresolv(&pwcr_table, param, cryptpw, NULL)) {
+			if (!strcmp(cryptpw, (char *)mycrypt(param->password, (unsigned char *)cryptpw, buf)))
+				return 0;
+			return 7;
 		}
-		else continue;
-		pthread_mutex_unlock(&pwl_mutex);
-		return 0;
+#endif
 	}
-	pthread_mutex_unlock(&pwl_mutex);
 	return 5;
 }

--- a/src/conf.c
+++ b/src/conf.c
@ -23,7 +23,6 @@
 pthread_mutex_t bandlim_mutex;
 pthread_mutex_t connlim_mutex;
 pthread_mutex_t tc_mutex;
-pthread_mutex_t pwl_mutex;
 pthread_mutex_t hash_mutex;
 pthread_mutex_t config_mutex;

@ -533,46 +532,45 @@ static int h_auth(int argc, unsigned char **argv){
 }

 static int h_users(int argc, unsigned char **argv){
-  int j;
-  unsigned char *arg;
-  struct passwords *pwl = NULL;
+    static char dummy;
+    int j;
+    unsigned char *arg;
+    char *pw[2];

-	for (j = 1; j<argc; j++) {
-		if(!(pwl = myalloc(sizeof(struct passwords)))) {
-			return(21);
-		}
-		memset(pwl, 0, sizeof(struct passwords));
+    for (j = 1; j < argc; j++) {
+        arg = (unsigned char *)strchr((char *)argv[j], ':');
+        if (!arg) continue;
+        *arg = 0;
+        pw[0] = (char *)argv[j];

-		arg = (unsigned char *)strchr((char *)argv[j], ':');
-		if(!arg||!arg[1]||!arg[2]||arg[3]!=':')	{
-			pwl->user = (unsigned char *)mystrdup((char *)argv[j]);
-			pwl->pwtype = SYS;
-		}
-		else {
-			*arg = 0;
-			pwl->user = (unsigned char *)mystrdup((char *)argv[j]);
+        if (arg[1] && arg[2] && arg[3] == ':') {
+            pw[1] = (char *)(arg + 4);
+            if (arg[1] == 'N' && arg[2] == 'T') {
+                if (!pwnt_table.ihashtable && inithashtable(&pwnt_table, 16, 32, 1048576))
+                    return 3;
+                hashadd(&pwnt_table, pw, &dummy, MAX_COUNTER_TIME);
+                continue;
+            }
+            if (arg[1] == 'C' && arg[2] == 'R') {
+                if (!pwcr_table.ihashtable && inithashtable(&pwcr_table, 16, 32, 1048576))
+                    return 3;
+                hashadd(&pwcr_table, pw[0], pw[1], MAX_COUNTER_TIME);
+                continue;
+            }
+            if (arg[1] == 'C' && arg[2] == 'L') {
+                /* fall through to CL handling below */
+            } else {
+                continue;
+            }
+        } else {
+            pw[1] = (char *)(arg + 1);
+        }

-			if((arg[1] == 'C' && arg[2] == 'L' && (pwl->pwtype = CL)) ||
-				(arg[1] == 'C' && arg[2] == 'R' && (pwl->pwtype = CR)) ||
-				(arg[1] == 'N' && arg[2] == 'T' && (pwl->pwtype = NT)) ||
-				(arg[1] == 'L' && arg[2] == 'M' && (pwl->pwtype = LM))){
-				pwl->password = (unsigned char *)mystrdup((char *)arg+4);
-			}
-			else {
-				pwl->password = (unsigned char *) mystrdup((char *)arg + 1);
-				pwl->pwtype = UN;
-			}
-			if(!pwl->password) return 3;
-		}
-		if(!pwl->user) return 21;
-		pthread_mutex_lock(&pwl_mutex);
-		pwl->next = conf.pwl;
-		conf.pwl = pwl;
-		pthread_mutex_unlock(&pwl_mutex);
-
-
-	}
-	return 0;
+        if (!pw_table.ihashtable && inithashtable(&pw_table, 16, 32, 1048576))
+            return 3;
+        hashadd(&pw_table, pw, &dummy, MAX_COUNTER_TIME);
+    }
+    return 0;
 }

 static int h_maxconn(int argc, unsigned char **argv){
@ -1852,7 +1850,6 @@ void freeconf(struct extparam *confp){
 struct bandlim * blout;
 struct connlim * cl;
 struct trafcount * tc;
- struct passwords *pw;
 struct ace *acl;
 struct filemon *fm;
 int counterd, archiverc;
@ -1886,11 +1883,9 @@ void freeconf(struct extparam *confp){
 confp->connlimiter = NULL;
 pthread_mutex_unlock(&connlim_mutex);

- pthread_mutex_lock(&pwl_mutex);
- pw = confp->pwl;
- confp->pwl = NULL;
- pthread_mutex_unlock(&pwl_mutex);
-
+ destroyhashtable(&pw_table);
+ destroyhashtable(&pwnt_table);
+ destroyhashtable(&pwcr_table);

 confp->logfunc = lognone;
 logformat = confp->logformat;
@ -1935,7 +1930,6 @@ void freeconf(struct extparam *confp){

 
 freeacl(acl);
- freepwl(pw);
 for(; bl; bl = (struct bandlim *) itfree(bl, bl->next)) freeacl(bl->ace);
 for(; blout; blout = (struct bandlim *) itfree(blout, blout->next))freeacl(blout->ace);
 for(; cl; cl = (struct connlim *) itfree(cl, cl->next)) freeacl(cl->ace);
--- a/src/hash.c
+++ b/src/hash.c
@ -24,11 +24,12 @@ void destroyhashtable(struct hashtable *ht){
 	ht->hashvalues = NULL;
    }
    if(ht->hashhashvalues){
-	myfree(ht->hashvalues);
-	ht->hashvalues = NULL;
+	myfree(ht->hashhashvalues);
+	ht->hashhashvalues = NULL;
    }
    ht->poolsize = 0;
    ht->tablesize = 0;
+    ht->ihashempty = 0;
    pthread_mutex_unlock(&hash_mutex);
 }

@ -62,8 +63,8 @@ int inithashtable(struct hashtable *ht, unsigned tablesize, unsigned poolsize, u
 	ht->hashvalues = NULL;
    }
    if(ht->hashhashvalues){
-	myfree(ht->hashvalues);
-	ht->hashvalues = NULL;
+	myfree(ht->hashhashvalues);
+	ht->hashhashvalues = NULL;
    }
    ht->poolsize = 0;
    ht->tablesize = 0;
@ -160,7 +161,7 @@ static void hashgrow(struct hashtable *ht){



-void hashadd(struct hashtable *ht, const void* name, const void* value, time_t expires){
+void hashadd(struct hashtable *ht, void* name, void* value, time_t expires){
    uint32_t hen, he;
    uint32_t *hep;
    int overwrite = 0;
@ -172,7 +173,7 @@ void hashadd(struct hashtable *ht, const void* name, const void* value, time_t e
 	return;
    }

-    ht->index2hash(ht, name, hash);
+    ht->index2hash_add(ht, name, hash);
    pthread_mutex_lock(&hash_mutex);
    index = hashindex(ht->tablesize, hash);

@ -211,7 +212,7 @@ void hashadd(struct hashtable *ht, const void* name, const void* value, time_t e
    pthread_mutex_unlock(&hash_mutex);
 }

-int hashresolv(struct hashtable *ht, const void* name, void* value, uint32_t *ttl){
+int hashresolv(struct hashtable *ht, void* name, void* value, uint32_t *ttl){
    uint8_t hash[MAX_HASH_SIZE];
    uint32_t *hep;
    uint32_t he;
@ -220,7 +221,7 @@ int hashresolv(struct hashtable *ht, const void* name, void* value, uint32_t *tt
    if(!ht || !ht->ihashtable || !name) {
 	return 0;
    }
-    ht->index2hash(ht,name, hash);
+    ht->index2hash_search(ht,name, hash);
    pthread_mutex_lock(&hash_mutex);
    index = hashindex(ht->tablesize, hash);
    for(hep = ht->ihashtable + index; (he = *hep)!=0; ){
@ -242,15 +243,15 @@ int hashresolv(struct hashtable *ht, const void* name, void* value, uint32_t *tt
    return 0;
 }

-void char_index2hash(const struct hashtable *ht, const void *index, uint8_t *hash){
-    const char* name = index;
+static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){
+    char* name = index;

    blake2b(hash, ht->hash_size, index, strlen((const char*)index), NULL, 0);
 }

-void param2hash(const struct hashtable *ht, const void *index, uint8_t *hash){
+static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *hash){
    blake2b_state S;
-    const struct clientparam *param = (struct clientparam *)index;
+    struct clientparam *param = (struct clientparam *)index;
    unsigned type = param->srv->authcachetype;

    blake2b_init(&S, ht->hash_size);
@ -265,8 +266,64 @@ void param2hash(const struct hashtable *ht, const void *index, uint8_t *hash){
    if((type & 1024))blake2b_update(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
    if((type & 2048))blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
    blake2b_final(&S, hash, ht->hash_size);
+    memcpy(param->hash, hash, ht->hash_size);
 }

-struct hashtable dns_table = {char_index2hash, 4, 16};
-struct hashtable dns6_table = {char_index2hash, 16, 16};
-struct hashtable auth_table = {param2hash, sizeof(struct authcache), 16};
+static void pw2hash_add(const struct hashtable *ht, void *index, uint8_t *hash){
+    char ** pw = (char **)index;
+    blake2b_state S;
+    
+    blake2b_init(&S, ht->hash_size);
+    if(pw[0])blake2b_update(&S, pw[0], strlen(pw[0]) + 1);
+    if(pw[1])blake2b_update(&S, pw[1], strlen(pw[1]) + 1);
+    blake2b_final(&S, hash, ht->hash_size);
+}
+
+
+static void pw2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
+    struct clientparam *param  = (struct clientparam *)index;
+
+    char *pw[2] = {(char *)param->username, (char *)param->password};
+    
+    pw2hash_add(ht, pw, hash);
+}
+
+static void pwnt2hash_add(const struct hashtable *ht, void *index, uint8_t *hash){
+    char ** pw = (char **)index;
+    blake2b_state S;
+    
+    blake2b_init(&S, ht->hash_size);
+    if(pw[0])blake2b_update(&S, pw[0], strlen(pw[0]) + 1);
+    if(pw[1])blake2b_update(&S, pw[1], strlen(pw[1]) + 1);
+    blake2b_final(&S, hash, ht->hash_size);
+}
+
+
+static void pwnt2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
+    struct clientparam *param  = (struct clientparam *)index;
+    unsigned char pass[40];    
+    char *pw[2] = {(char *)param->username, (char *)pass};
+
+    ntpwdhash(pass, param->password, 1);
+    pwnt2hash_add(ht, pw, hash);
+}
+
+void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
+    struct clientparam *param = (struct clientparam *)index;
+
+    memcpy(hash, param->hash, ht->hash_size);
+}
+
+
+
+static void user2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
+    struct clientparam *param = (struct clientparam *)index;
+    blake2b(hash, ht->hash_size, param->username, strlen((const char *)param->username), NULL, 0);
+}
+
+struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 12};
+struct hashtable dns6_table = {char_index2hash, char_index2hash, 16, 12};
+struct hashtable auth_table = {param2hash_add, param2hash_search, sizeof(struct authcache), 12};
+struct hashtable pw_table = {pw2hash_add, pw2hash_search, 0, 12};
+struct hashtable pwnt_table = {pwnt2hash_add, pwnt2hash_search, 0, 12};
+struct hashtable pwcr_table = {char_index2hash, user2hash_search, 64, 12};
--- a/src/plugins.c
+++ b/src/plugins.c
@ -48,31 +48,30 @@ struct symbol symbols[] = {
 	{symbols+23, "bandlim_mutex", (void *) &bandlim_mutex},
 	{symbols+24, "tc_mutex", (void *) &tc_mutex},
 	{symbols+25, "hash_mutex", (void *) &hash_mutex},
-	{symbols+26, "pwl_mutex", (void *) &pwl_mutex},
-	{symbols+27, "linenum", (void *) &linenum},
-	{symbols+28, "proxy_stringtable", (void *) proxy_stringtable},
-	{symbols+29, "en64", (void *) en64},
-	{symbols+30, "de64", (void *) de64},
-	{symbols+31, "tohex", (void *) tohex},
-	{symbols+32, "fromhex", (void *) fromhex},
-	{symbols+33, "dnspr", (void *) dnsprchild},
-	{symbols+34, "pop3p", (void *) pop3pchild},
-	{symbols+35, "proxy", (void *) proxychild},
-	{symbols+36, "socks", (void *) sockschild},
-	{symbols+37, "tcppm", (void *) tcppmchild},
-	{symbols+38, "udppm", (void *) udppmchild},
-	{symbols+39, "admin", (void *) adminchild},
-	{symbols+40, "ftppr", (void *) ftpprchild},
-	{symbols+41, "smtpp", (void *) smtppchild},
-	{symbols+42, "auto", (void *) smtppchild},
-	{symbols+43, "tlspr", (void *) smtppchild},
-	{symbols+44, "authfuncs", (void *) &authfuncs},
-	{symbols+45, "commandhandlers", (void *) &commandhandlers},
-	{symbols+46, "decodeurl", (void *) decodeurl},
-	{symbols+47, "parsestr", (void *) parsestr},
-	{symbols+48, "make_ace", (void *) make_ace},
-	{symbols+49, "freeacl", (void *) freeacl},
-	{symbols+50, "handleredirect", (void *) handleredirect},
+	{symbols+26, "linenum", (void *) &linenum},
+	{symbols+27, "proxy_stringtable", (void *) proxy_stringtable},
+	{symbols+28, "en64", (void *) en64},
+	{symbols+29, "de64", (void *) de64},
+	{symbols+30, "tohex", (void *) tohex},
+	{symbols+31, "fromhex", (void *) fromhex},
+	{symbols+32, "dnspr", (void *) dnsprchild},
+	{symbols+33, "pop3p", (void *) pop3pchild},
+	{symbols+34, "proxy", (void *) proxychild},
+	{symbols+35, "socks", (void *) sockschild},
+	{symbols+36, "tcppm", (void *) tcppmchild},
+	{symbols+37, "udppm", (void *) udppmchild},
+	{symbols+38, "admin", (void *) adminchild},
+	{symbols+39, "ftppr", (void *) ftpprchild},
+	{symbols+40, "smtpp", (void *) smtppchild},
+	{symbols+41, "auto", (void *) smtppchild},
+	{symbols+42, "tlspr", (void *) smtppchild},
+	{symbols+43, "authfuncs", (void *) &authfuncs},
+	{symbols+44, "commandhandlers", (void *) &commandhandlers},
+	{symbols+45, "decodeurl", (void *) decodeurl},
+	{symbols+46, "parsestr", (void *) parsestr},
+	{symbols+47, "make_ace", (void *) make_ace},
+	{symbols+48, "freeacl", (void *) freeacl},
+	{symbols+49, "handleredirect", (void *) handleredirect},
 	{NULL, "", NULL}
 };

--- a/src/proxy.h
+++ b/src/proxy.h
@ -245,8 +245,8 @@ void mschap(const unsigned char *win_password,

 void destroyhashtable(struct hashtable *ht);
 int inithashtable(struct hashtable *ht, unsigned tablesize, unsigned poolsize, unsigned growlimit);
-void hashadd(struct hashtable *ht, const void* name, const void* value, time_t expires);
-int hashresolv(struct hashtable *ht, const void* name, void* value, uint32_t *ttl);
+void hashadd(struct hashtable *ht, void* name, void* value, time_t expires);
+int hashresolv(struct hashtable *ht, void* name, void* value, uint32_t *ttl);

 int parsehost(int family, unsigned char *host, struct sockaddr *sa);
 int parsehostname(char *hostname, struct clientparam *param, uint16_t port);
@ -314,7 +314,6 @@ extern pthread_mutex_t bandlim_mutex;
 extern pthread_mutex_t connlim_mutex;
 extern pthread_mutex_t hash_mutex;
 extern pthread_mutex_t tc_mutex;
-extern pthread_mutex_t pwl_mutex;
 extern pthread_mutex_t log_mutex;
 extern pthread_mutex_t rad_mutex;
 extern struct datatype datatypes[64];
--- a/src/structures.h
+++ b/src/structures.h
@ -192,6 +192,9 @@ int
 #endif
 #endif

+#define MAX_HASH_SIZE (16)
+
+
 extern char* NULLADDR;
 typedef enum {
 	CLIENT,
@ -585,6 +588,7 @@ struct clientparam {
 			waitserver64,
 			cycles,
 			threadid;
+	uint8_t hash[MAX_HASH_SIZE];

 	int	redirected,
 		operation,
@ -755,10 +759,10 @@ struct child {
 	unsigned char **argv;
 };

-#define MAX_HASH_SIZE (16)

 struct hashtable {
-	void (*index2hash)(const struct hashtable *ht, const void *index, uint8_t *hash);
+	void (*index2hash_add)(const struct hashtable *ht, void *index, uint8_t *hash);
+	void (*index2hash_search)(const struct hashtable *ht, void *index, uint8_t *hash);
 	unsigned recsize;
 	unsigned hash_size;
 	unsigned poolsize;
@ -775,6 +779,9 @@ struct hashtable {
 extern struct hashtable dns_table;
 extern struct hashtable dns6_table;
 extern struct hashtable auth_table;
+extern struct hashtable pw_table;
+extern struct hashtable pwnt_table;
+extern struct hashtable pwcr_table;

 struct authcache {
        unsigned char username[64];
Author	SHA1	Message	Date
Vladimir Dubrovin	760a521df8	remove pwl_mutex Some checks are pending C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run Details C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run Details C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Waiting to run Details C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Waiting to run Details C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Waiting to run Details C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run Details C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run Details C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Waiting to run Details	2026-04-26 20:43:13 +03:00
Vladimir Dubrovin	62ceb36157	Use hashtables for password lists	2026-04-26 20:38:58 +03:00
Vladimir Dubrovin	62be3c7b5b	cash the hash for auth cache	2026-04-26 19:56:38 +03:00