[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
[1117]
[1118]
[1119]
[1120]
[1121]
[1122]
[1123]
/*****************************************************************************/
/*
AuthCache.c
THE GNU GENERAL PUBLIC LICENSE APPLIES DOUBLY TO ANYTHING TO DO WITH
AUTHENTICATION AND AUTHORIZATION!
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License, or any later
version.
> This package is distributed in the hope that it will be useful,
> but WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
INSTANCE SUPPORT
----------------
Note that within the global section no self-relative addresses can be used
(i.e. a linked list cannot be used). All references into the section must be
made relative to the starting address. This is due to the starting address not
being fixed in per-process virtual memory.
With the advent of multiple integrated "instances" executing on a single system
and sharing incoming service requests it became highly desirable to provide a
single global instance of the especially significant authentication cache
resource.
This has been done by making it work within the confines of globally shared
memory (i.e. a global section and collection of global pages). This
necessarily puts some constraints on the design and operation. Most notably
normal memory allocation routines are impossible and the quantity of memory
available for the required structures becomes constrained. Hence a fixed (but
configurable) sized authentication cache, with records being reused as
required.
A typical message when there are too few cache entries for the concurrent
number of requests requiring authorization is SS$_ITEMNOTFOUND (or
"%SYSTEM-W-ITEMNOTFOUND, requested item cannot be returned"). This indicates
the authorization cache is "thrashing" for space (i.e. too many concurrent
requests attempting to use it). Increase the value of [AuthCacheEntriesMax],
shut down all servers (to cause the global section to be deleted) and then
restart.
Typical message for insufficient storage space for an authorization cache
entry id SS$_RESULTOVF or "%SYSTEM-F-RESULTOVF, resultant string overflow".
This might occur if /PROFILE was in use and an account generated a particularly
large one! Increase the value of [AuthCacheEntrySize], shut down all servers
(to cause the global section to be deleted) and then restart.
See AUTH.C for overall detail on the WASD authorization environment.
VERSION HISTORY
---------------
04-JAN-2015 MGD bugfix; AuthCacheNeedsReval() AlreadyLocked (per JPP)
07-NOV-2013 MGD AuthCacheNeedsReval() so multiple cache entries for the
same credentials do not trigger multiple revalidations
25-MAY-2013 MGD [AuthRevalidateLoginCookie] obsolete
09-SEP-2012 MGD TOKEN authentication
18-JUL-2010 MGD Uni Malaga pushes report items from !3ZL to !4ZL :-)
22-MAY-2007 JPP bugfix; AuthCacheGblSecInit()
16-MAY-2007 MGD AuthCacheReport() include authorization accounting
15-MAR-2007 MGD bugfix; agent mappings using VMS-USER: not being cached
08-SEP-2003 MGD allow for config-directory in cache
06-AUG-2003 MGD sanity checking for locked cache
bugfix; AuthCacheAddRecord()
04-FEB-2003 MGD AuthCacheReset() minor refinements
06-AUG-2002 MGD enhance global section creation,
bugfix; set AuthCacheRecordSize from HTTPD$CONFIG value
02-MAR-2002 MGD bugfix; read group cache offset assignment
20-OCT-2001 MGD significant cache rework (for instance sharing)
04-AUG-2001 MGD support module WATCHing
07-MAY-2000 MGD login cookie
08-APR-2000 MGD bugfix; AuthCacheFree()
04-MAR-2000 MGD use FaolToNet(), et.al.
24-DEC-1999 MGD break-in evasion period in report
28-AUG-1999 MGD unbundled from AUTH.C for v6.1
*/
/*****************************************************************************/
#ifdef WASD_VMS_V7
#undef _VMS__V6__SOURCE
#define _VMS__V6__SOURCE
#undef __VMS_VER
#define __VMS_VER 70000000
#undef __CRTL_VER
#define __CRTL_VER 70000000
#endif
/* standard C header files */
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
/* VMS related header files */
#include <descrip.h>
#include <libdef.h>
#include <ssdef.h>
#include <stsdef.h>
#include <secdef.h>
/* application related header files */
#include "wasd.h"
#define WASD_MODULE "AUTHCACHE"
#if WATCH_MOD
#define FI_NOLI WASD_MODULE, __LINE__
#else
/* in production let's keep the exact line to ourselves! */
#define FI_NOLI WASD_MODULE, 0
#endif
/******************/
/* global storage */
/******************/
int AuthCacheRecordMax,
AuthCacheRecordSize;
AUTH_GBLSEC *AuthGblSecPtr;
int AuthGblSecPages,
AuthGblSecSize;
/********************/
/* external storage */
/********************/
#ifdef DBUG
extern BOOL Debug;
#else
#define Debug 0
#endif
extern BOOL AuthVmsUserProfileEnabled,
InstanceNodeSupervisor;
extern BOOL InstanceMutexHeld[];
extern int AuthGblSecVersion,
GblPageCount,
GblSectionCount,
HttpdTickSecond,
InstanceNodeConfig,
InstanceEnvNumber;
extern unsigned long GblSecPrvMask [];
extern char ErrorSanityCheck[];
extern ACCOUNTING_STRUCT *AccountingPtr;
extern CONFIG_STRUCT Config;
extern HTTPD_GBLSEC *HttpdGblSecPtr;
extern MSG_STRUCT Msgs;
extern SYS_INFO SysInfo;
extern WATCH_STRUCT Watch;
/*****************************************************************************/
/*
Initialize the authentication cache.
*/
AuthCacheInit (META_CONFIG *mcptr)
{
static char ProblemRecordSize [] =
"Cache record size could be too small (adjusted upwards)";
int cnt, status;
AUTH_CREC *acrptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthCacheInit()");
if (AuthGblSecPtr)
{
/* cache has previously been initialized, just reset it */
AuthCachePurge (true);
return;
}
AuthCacheRecordMax = Config.cfAuth.CacheEntriesMax;
AuthCacheRecordSize = Config.cfAuth.CacheEntrySize;
if (AuthCacheRecordMax < AUTH_DEFAULT_CACHE_RECORD_MAX)
AuthCacheRecordMax = AUTH_DEFAULT_CACHE_RECORD_MAX;
if (!AuthCacheRecordSize)
if (AuthVmsUserProfileEnabled)
AuthCacheRecordSize = AUTH_DEFAULT_CACHE_RECORD_PROFILE_SIZE;
else
AuthCacheRecordSize = AUTH_DEFAULT_CACHE_RECORD_SIZE;
/* let's round it to a 64 byte chunk */
if (AuthCacheRecordSize % 64)
AuthCacheRecordSize = ((AuthCacheRecordSize / 64) + 1) * 64;
if (AuthVmsUserProfileEnabled &&
AuthCacheRecordSize < AUTH_DEFAULT_CACHE_RECORD_PROFILE_SIZE)
{
MetaConReport (mcptr, METACON_REPORT_ERROR, ProblemRecordSize);
AuthCacheRecordSize = AUTH_DEFAULT_CACHE_RECORD_PROFILE_SIZE;
}
else
if (AuthCacheRecordSize < AUTH_DEFAULT_CACHE_RECORD_SIZE)
{
MetaConReport (mcptr, METACON_REPORT_ERROR, ProblemRecordSize);
AuthCacheRecordSize = AUTH_DEFAULT_CACHE_RECORD_PROFILE_SIZE;
}
AuthCacheGblSecInit (mcptr);
}
/*****************************************************************************/
/*
If only one instance can execute (from configuration) then allocate a block of
process-local dynamic memory and point to that as the cache. If multiple
instances create and map a global section and point to that.
*/
int AuthCacheGblSecInit (META_CONFIG *mcptr)
{
static char ReportCacheRecords [] =
"Cache for !UL records of !UL bytes in !AZ of !UL page(let)s";
/* global, allocate space, system, in page file, writable */
static int CreFlags = SEC$M_GBL | SEC$M_EXPREG | SEC$M_SYSGBL |
SEC$M_PAGFIL | SEC$M_WRT;
static int DelFlags = SEC$M_SYSGBL;
/* system & owner full access, group and world no access */
static unsigned long ProtectionMask = 0xff00;
/* it is recommended to map into any virtual address in the region (P0) */
static unsigned long InAddr [2] = { 0x200, 0x200 };
int attempt, status,
BaseGblSecPages,
CacheRecordPoolSize,
PageCount,
SetPrvStatus;
short ShortLength;
unsigned long RetAddr [2];
char GblSecName [32];
$DESCRIPTOR (GblSecNameDsc, GblSecName);
AUTH_GBLSEC *gsptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthCacheGblSecInit()");
CacheRecordPoolSize = AuthCacheRecordSize * AuthCacheRecordMax;
AuthGblSecSize = sizeof(AUTH_GBLSEC) + CacheRecordPoolSize;
AuthGblSecPages = AuthGblSecSize / 512;
if (AuthGblSecSize & 0x1ff) AuthGblSecPages++;
if (InstanceNodeConfig <= 1)
{
/* no need for a global section, just use process-local storage */
AuthGblSecPtr = (AUTH_GBLSEC*)VmGet (AuthGblSecPages * 512);
sys$gettim (&AuthGblSecPtr->SinceTime64);
MetaConReport (mcptr, METACON_REPORT_INFORM, ReportCacheRecords,
AuthCacheRecordMax, AuthCacheRecordSize,
"local storage", AuthGblSecPages);
return (SS$_CREATED);
}
FaoToBuffer (GblSecName, sizeof(GblSecName), &ShortLength,
GBLSEC_NAME_FAO, HTTPD_NAME, AUTH_GBLSEC_VERSION_NUMBER,
InstanceEnvNumber, "AUTH");
GblSecNameDsc.dsc$w_length = ShortLength;
if VMSnok ((SetPrvStatus = sys$setprv (1, &GblSecPrvMask, 0, 0)))
ErrorExitVmsStatus (SetPrvStatus, "sys$setprv()", FI_LI);
for (attempt = 1; attempt <= 2; attempt++)
{
/* create and/or map the specified global section */
sys$setprv (1, &GblSecPrvMask, 0, 0);
status = sys$crmpsc (&InAddr, &RetAddr, 0, CreFlags,
&GblSecNameDsc, 0, 0, 0, AuthGblSecPages, 0,
ProtectionMask, AuthGblSecPages);
sys$setprv (0, &GblSecPrvMask, 0, 0);
if (WATCH_MODULE(WATCH_MOD__OTHER))
WatchThis (WATCHALL, WATCH_MOD__OTHER,
"sys$crmpsc() !&S begin:!UL end:!UL",
status, RetAddr[0], RetAddr[1]);
PageCount = (RetAddr[1]+1) - RetAddr[0] >> 9;
AuthGblSecPtr = gsptr = (AUTH_GBLSEC*)RetAddr[0];
AuthGblSecPages = PageCount;
if (VMSnok (status) || status == SS$_CREATED) break;
/* section already exists, break if 'same size' and version! */
if (gsptr->GblSecVersion &&
gsptr->GblSecVersion == AuthGblSecVersion &&
gsptr->GblSecLength == AuthGblSecSize)
break;
/* delete the current global section, have one more attempt */
sys$setprv (1, &GblSecPrvMask, 0, 0);
status = sys$dgblsc (DelFlags, &GblSecNameDsc, 0);
sys$setprv (0, &GblSecPrvMask, 0, 0);
status = SS$_IDMISMATCH;
}
if (VMSnok (status))
{
/* must have this global section! */
char String [256];
FaoToBuffer (String, sizeof(String), NULL,
"1 global section, !UL global pages", AuthGblSecPages);
ErrorExitVmsStatus (status, String, FI_LI);
}
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"GBLSEC \"!AZ\" page(let)s:!UL !&S",
GblSecName, PageCount, status);
MetaConReport (mcptr, METACON_REPORT_INFORM, ReportCacheRecords,
AuthCacheRecordMax, AuthCacheRecordSize,
status == SS$_CREATED ? "a new global section" :
"an existing global section",
AuthGblSecPages);
if (status == SS$_CREATED)
{
/* first time it's been mapped */
memset (gsptr, 0, PageCount * 512);
gsptr->GblSecVersion = AuthGblSecVersion;
gsptr->GblSecLength = AuthGblSecSize;
sys$gettim (&AuthGblSecPtr->SinceTime64);
}
GblSectionCount++;
GblPageCount += PageCount;
return (status);
}
/*****************************************************************************/
/*
Create a request-local record of authorization information.
*/
void AuthCacheRequestRecord
(
REQUEST_STRUCT *rqptr,
AUTH_CREC **RecordPtrPtr
)
{
char *cptr, *sptr;
AUTH_CREC *acrptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthCacheRequestRecord()");
acrptr = (AUTH_CREC*)VmGetHeap (rqptr, AuthCacheRecordSize);
*RecordPtrPtr = acrptr;
acrptr->LastAccessTime64 = rqptr->rqTime.BeginTime64;
acrptr->SourceRealm = rqptr->rqAuth.SourceRealm;
/* "fixed" record fields */
strcpy (acrptr->Realm, rqptr->rqAuth.RealmPtr);
acrptr->RealmLength = rqptr->rqAuth.RealmLength;
acrptr->UserNameLength = rqptr->RemoteUserLength;
strcpy (acrptr->UserName, rqptr->RemoteUser);
strcpy (acrptr->Password, rqptr->RemoteUserPassword);
/* "dynamic" record fields */
cptr = sptr = (char*)acrptr->Storage;
memcpy (acrptr->ConfigDirectory = cptr,
rqptr->ConfigDirectory,
rqptr->ConfigDirectoryLength + 1);
acrptr->ConfigDirectoryLength = rqptr->ConfigDirectoryLength;
acrptr->ConfigDirectoryOffset = cptr - sptr;
cptr += acrptr->ConfigDirectoryLength + 1;
memcpy (acrptr->PathParameter = cptr,
rqptr->rqAuth.PathParameterPtr,
rqptr->rqAuth.PathParameterLength + 1);
acrptr->PathParameterLength = rqptr->rqAuth.PathParameterLength;
acrptr->PathParameterOffset = cptr - sptr;
cptr += acrptr->PathParameterLength + 1;
acrptr->SourceGroupWrite = rqptr->rqAuth.SourceGroupWrite;
memcpy (acrptr->GroupWrite = cptr,
rqptr->rqAuth.GroupWritePtr,
rqptr->rqAuth.GroupWriteLength + 1);
acrptr->GroupWriteLength = rqptr->rqAuth.GroupWriteLength;
acrptr->GroupWriteOffset = cptr - sptr;
cptr += acrptr->GroupWriteLength + 1;
acrptr->SourceGroupRead = rqptr->rqAuth.SourceGroupRead;
memcpy (acrptr->GroupRead = cptr,
rqptr->rqAuth.GroupReadPtr,
rqptr->rqAuth.GroupReadLength + 1);
acrptr->GroupReadLength = rqptr->rqAuth.GroupReadLength;
acrptr->GroupReadOffset = cptr - sptr;
cptr += acrptr->GroupReadLength + 1;
/* note where we can start storing user details, VMS profile, etc. */
acrptr->StorageNextOffset = cptr - sptr;
/* small sanity check */
if (AuthCacheRecordSize - (cptr - (char*)acrptr) <= 0)
ErrorExitVmsStatus (SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
}
/*****************************************************************************/
/*
Add the supplied authorization information to the (global section) cache.
*/
int AuthCacheAddRecord
(
AUTH_CREC *aptr,
AUTH_CREC **RecordPtrPtr
)
{
int cnt,
OldestSecond,
RecordCount;
char *cptr;
unsigned char *RecordPoolPtr;
AUTH_CREC *acrptr,
*acr2ptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthCacheAddRecord() !UL", AuthGblSecPtr->CacheRecordCount);
if (InstanceNodeConfig > 1 && !InstanceMutexHeld[INSTANCE_MUTEX_AUTH_CACHE])
ErrorExitVmsStatus (SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
RecordCount = AuthGblSecPtr->CacheRecordCount;
RecordPoolPtr = AuthGblSecPtr->CacheRecordPool;
if (RecordCount < AuthCacheRecordMax)
{
/* fresh record */
acrptr = RecordPoolPtr + (AuthCacheRecordSize * RecordCount);
AuthGblSecPtr->CacheRecordCount++;
}
else
{
/* all entries in list in use, reuse the least recently accessed */
OldestSecond = HttpdTickSecond + 999999;
acrptr = acr2ptr = RecordPoolPtr;
for (cnt = 0; cnt < RecordCount; cnt++)
{
acrptr = RecordPoolPtr + (AuthCacheRecordSize * cnt);
if (acrptr->LastAccessTickSecond < OldestSecond)
{
acr2ptr = acrptr;
OldestSecond = acrptr->LastAccessTickSecond;
}
if (acrptr->SourceRealm) continue;
break;
}
AuthGblSecPtr->CacheReuseCount++;
acrptr = acr2ptr;
memset (acrptr, 0, AuthCacheRecordSize);
}
/* copy contents of source record */
memcpy (acrptr, aptr, AuthCacheRecordSize);
/* adjust variable length field pointers using the field offsets */
cptr = (char*)acrptr->Storage;
acrptr->ConfigDirectory = cptr + acrptr->ConfigDirectoryOffset;
acrptr->PathParameter = cptr + acrptr->PathParameterOffset;
acrptr->GroupWrite = cptr + acrptr->GroupWriteOffset;
acrptr->GroupRead = cptr + acrptr->GroupReadOffset;
sys$gettim (&acrptr->LastAccessTime64);
acrptr->LastAccessTickSecond = HttpdTickSecond;
acrptr->LastAccessMinutesAgo = acrptr->LastAccessSecondsAgo = 0;
*RecordPtrPtr = acrptr;
return (SS$_NORMAL);
}
/*****************************************************************************/
/*
Add additional details to the cached record.
*/
int AuthCacheAddRecordDetails
(
REQUEST_STRUCT *rqptr,
AUTH_CREC *acrptr
)
{
int StorageRemaining;
char *cptr, *sptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthCacheAddRecordDetails()");
if (InstanceNodeConfig > 1 && !InstanceMutexHeld[INSTANCE_MUTEX_AUTH_CACHE])
ErrorExitVmsStatus (SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
acrptr->DetailsUpdated = true;
sptr = (char*)acrptr->Storage;
cptr = sptr + acrptr->StorageNextOffset;
StorageRemaining = AuthCacheRecordSize - (cptr - (char*)acrptr);
StorageRemaining -= rqptr->rqAuth.UserDetailsLength + 1;
if (StorageRemaining <= 0)
{
ErrorNoticed (rqptr, SS$_RESULTOVF, NULL, FI_LI);
return (SS$_RESULTOVF);
}
memcpy (acrptr->UserDetails = cptr,
rqptr->rqAuth.UserDetailsPtr ? rqptr->rqAuth.UserDetailsPtr : "",
rqptr->rqAuth.UserDetailsLength + 1);
acrptr->UserDetailsLength = rqptr->rqAuth.UserDetailsLength;
acrptr->UserDetailsOffset = acrptr->UserDetails - sptr;
cptr += acrptr->UserDetailsLength + 1;
StorageRemaining -= rqptr->rqAuth.VmsUserProfileLength;
if (StorageRemaining <= 0)
{
ErrorNoticed (rqptr, SS$_RESULTOVF, NULL, FI_LI);
return (SS$_RESULTOVF);
}
if (acrptr->VmsUserProfileLength = rqptr->rqAuth.VmsUserProfileLength)
{
memcpy (acrptr->VmsUserProfilePtr = cptr,
rqptr->rqAuth.VmsUserProfilePtr,
rqptr->rqAuth.VmsUserProfileLength);
acrptr->VmsUserProfileLength = rqptr->rqAuth.VmsUserProfileLength;
acrptr->VmsUserProfileOffset = acrptr->VmsUserProfilePtr - sptr;
cptr += acrptr->VmsUserProfileLength;
}
/* note where we could if we needed to start storing more detail */
acrptr->StorageNextOffset = cptr - sptr;
return (SS$_NORMAL);
}
/*****************************************************************************/
/*
Search all records in the cache for those with the same realm and username.
Check any entries found for revalidation timeout. If one is found that does
*not* require revalidation (i.e. has recently enough been revalidated) then
return false. If none are found or all require revalidation return true.
*/
BOOL AuthCacheNeedsReval
(
REQUEST_STRUCT *rqptr,
AUTH_CREC *acr1ptr
)
{
BOOL AlreadyLocked;
int cnt,
HitCount,
RecordCount;
unsigned long LastAccessMinutesAgo;
unsigned char *RecordPoolPtr;
AUTH_CREC *acr2ptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_MOD_AUTH,
"AuthCacheNeedsReval() !AZ !AZ !UL",
acr1ptr->Realm, acr1ptr->UserName,
rqptr->rqAuth.RevalidateTimeout);
if (rqptr->AuthRevalidateCount) return (false);
if (!(AlreadyLocked = InstanceMutexHeld[INSTANCE_MUTEX_AUTH_CACHE]))
InstanceMutexLock (INSTANCE_MUTEX_AUTH_CACHE);
RecordCount = AuthGblSecPtr->CacheRecordCount;
RecordPoolPtr = AuthGblSecPtr->CacheRecordPool;
for (cnt = HitCount = 0; cnt < RecordCount; cnt++)
{
acr2ptr = RecordPoolPtr + (AuthCacheRecordSize * cnt);
if (!acr2ptr->SourceRealm) continue;
if (WATCH_MODULE(WATCH_MOD_AUTH) && WATCH_MODULE(WATCH_MOD__DETAIL))
WatchDataFormatted ("!UL !UL\n!&Z !&Z\n!&Z !&Z\n!&Z !&Z\n",
acr1ptr->SourceRealm, acr2ptr->SourceRealm,
acr1ptr->Realm, acr2ptr->Realm,
acr1ptr->ConfigDirectory, acr2ptr->ConfigDirectory,
acr1ptr->UserName, acr2ptr->UserName);
/* compare the records */
if (acr1ptr->SourceRealm != acr2ptr->SourceRealm) continue;
if (acr1ptr->UserNameLength != acr2ptr->UserNameLength) continue;
if (acr1ptr->RealmLength != acr2ptr->RealmLength) continue;
if (acr1ptr->ConfigDirectoryLength != acr2ptr->ConfigDirectoryLength)
continue;
if (strcmp (acr1ptr->Realm, acr2ptr->Realm)) continue;
if (strcmp (acr1ptr->UserName, acr2ptr->UserName)) continue;
if (acr1ptr->ConfigDirectoryLength &&
strcmp (acr1ptr->ConfigDirectory, acr2ptr->ConfigDirectory))
continue;
/* got this far, must have matched */
LastAccessMinutesAgo = (HttpdTickSecond -
acr2ptr->LastAccessTickSecond) / 60;
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchDataFormatted ("!UL < !UL !UL\n",
LastAccessMinutesAgo, rqptr->rqAuth.RevalidateTimeout,
LastAccessMinutesAgo < rqptr->rqAuth.RevalidateTimeout ?
HitCount+1 : HitCount);
/* there will always be one (itself) so we need a second */
if (LastAccessMinutesAgo < rqptr->rqAuth.RevalidateTimeout)
if (HitCount++) break;
}
if (!AlreadyLocked) InstanceMutexUnLock (INSTANCE_MUTEX_AUTH_CACHE);
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"!&?TRUE\rFALSE\r", HitCount <= 1);
return (HitCount <= 1);
}
/*****************************************************************************/
/*
*/
int AuthCacheFindRecord
(
AUTH_CREC *acr1ptr,
AUTH_CREC **RecordPtrPtr
)
{
int cnt,
MinutesAgo,
RecordCount;
unsigned char *RecordPoolPtr;
AUTH_CREC *acr2ptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthCacheFindRecord() !UL !UL",
AuthGblSecPtr->CacheRecordCount, acr1ptr->FindRecordCount);
if (InstanceNodeConfig > 1 && !InstanceMutexHeld[INSTANCE_MUTEX_AUTH_CACHE])
ErrorExitVmsStatus (SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
RecordCount = AuthGblSecPtr->CacheRecordCount;
RecordPoolPtr = AuthGblSecPtr->CacheRecordPool;
for (cnt = 0; cnt < RecordCount; cnt++)
{
acr2ptr = RecordPoolPtr + (AuthCacheRecordSize * cnt);
if (!acr2ptr->SourceRealm) continue;
if (WATCH_MODULE(WATCH_MOD_AUTH) && WATCH_MODULE(WATCH_MOD__DETAIL))
WatchDataFormatted (
"!UL !UL\n!UL !UL\n!UL !UL\n!&Z !&Z\n!&Z !&Z\n\
!&Z !&Z\n!&Z !&Z\n!&Z !&Z\n!&Z !&Z\n!UL !UL !&B\n",
acr1ptr->SourceRealm, acr2ptr->SourceRealm,
acr1ptr->SourceGroupWrite, acr2ptr->SourceGroupWrite,
acr1ptr->SourceGroupRead, acr2ptr->SourceGroupRead,
acr1ptr->Realm, acr2ptr->Realm,
acr1ptr->ConfigDirectory, acr2ptr->ConfigDirectory,
acr1ptr->PathParameter, acr2ptr->PathParameter,
acr1ptr->GroupWrite, acr2ptr->GroupWrite,
acr1ptr->GroupRead, acr2ptr->GroupRead,
acr1ptr->UserName, acr2ptr->UserName,
strlen(acr1ptr->Password), strlen(acr2ptr->Password),
!strcmp(acr1ptr->Password, acr2ptr->Password));
/* compare the records */
if (acr1ptr->SourceRealm != acr2ptr->SourceRealm) continue;
if (acr1ptr->UserNameLength != acr2ptr->UserNameLength) continue;
if (acr1ptr->RealmLength != acr2ptr->RealmLength) continue;
if (acr1ptr->ConfigDirectoryLength != acr2ptr->ConfigDirectoryLength)
continue;
if (acr1ptr->PathParameterLength != acr2ptr->PathParameterLength)
continue;
if (acr1ptr->SourceGroupWrite != acr2ptr->SourceGroupWrite) continue;
if (acr1ptr->GroupWriteLength != acr2ptr->GroupWriteLength) continue;
if (acr1ptr->SourceGroupRead != acr2ptr->SourceGroupRead) continue;
if (acr1ptr->GroupReadLength != acr2ptr->GroupReadLength) continue;
if (strcmp (acr1ptr->UserName, acr2ptr->UserName)) continue;
if (strcmp (acr1ptr->Realm, acr2ptr->Realm)) continue;
if (acr1ptr->ConfigDirectoryLength &&
strcmp (acr1ptr->ConfigDirectory, acr2ptr->ConfigDirectory)) continue;
if (acr1ptr->PathParameterLength &&
strcmp (acr1ptr->PathParameter, acr2ptr->PathParameter)) continue;
if (acr1ptr->GroupWriteLength &&
strcmp (acr1ptr->GroupWrite, acr2ptr->GroupWrite)) continue;
if (acr1ptr->GroupReadLength &&
strcmp (acr1ptr->GroupRead, acr2ptr->GroupRead)) continue;
/* got this far, must have matched */
*RecordPtrPtr = acr2ptr;
if (!acr1ptr->FindRecordCount++)
{
/* first time this request that the record has been searched for */
acr2ptr->LastAccessSecondsAgo = HttpdTickSecond -
acr2ptr->LastAccessTickSecond;
acr2ptr->LastAccessMinutesAgo = acr2ptr->LastAccessSecondsAgo / 60;
if (acr2ptr->LastAccessMinutesAgo < Config.cfAuth.CacheMinutes)
AuthGblSecPtr->CacheHitCount++;
else
AuthGblSecPtr->CacheTimeoutCount++;
sys$gettim (&acr2ptr->LastAccessTime64);
acr2ptr->LastAccessTickSecond = HttpdTickSecond;
}
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "FOUND");
return (SS$_NORMAL);
}
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "NOT-FOUND");
AuthGblSecPtr->CacheMissCount++;
return (SS$_ITEMNOTFOUND);
}
/*****************************************************************************/
/*
Clear all of the authentication records. Will result in all subsequent
requests being re-authenticated from their respective on-disk databases.
Called from the Admin.c and Control.c modules. 'ControlFlush' indicates its
was initiated through a /DO= command and has therefore been seen by all of
multiple instances.
*/
int AuthCachePurge (BOOL ControlFlush)
{
int cnt, status,
RecordCount;
unsigned char *RecordPoolPtr;
AUTH_CREC *acrptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthCachePurge() !&B !UL !&B",
ControlFlush, InstanceNodeConfig, InstanceNodeSupervisor);
/* in a multi-instance config, shared data only by the supervisor */
if (ControlFlush && InstanceNodeConfig > 1 && !InstanceNodeSupervisor)
return (SS$_NORMAL);
InstanceMutexLock (INSTANCE_MUTEX_AUTH_CACHE);
RecordCount = AuthGblSecPtr->CacheRecordCount;
RecordPoolPtr = AuthGblSecPtr->CacheRecordPool;
for (cnt = 0; cnt < RecordCount; cnt++)
{
acrptr = RecordPoolPtr + (AuthCacheRecordSize * cnt);
memset (acrptr, 0, AuthCacheRecordSize);
}
AuthGblSecPtr->CacheRecordCount = 0;
sys$gettim (&AuthGblSecPtr->SinceTime64);
InstanceMutexUnLock (INSTANCE_MUTEX_AUTH_CACHE);
return (SS$_NORMAL);
}
/*****************************************************************************/
/*
Reset the entry for all records with a matching realm and user name. This
effectively causes the username to be revalidated next authorized path access.
*/
int AuthCacheReset
(
REQUEST_STRUCT *rqptr,
char *Realm,
char *UserName
)
{
int cnt, status,
RecordCount;
unsigned char *RecordPoolPtr;
AUTH_CREC *acrptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthCacheReset() !&Z !&Z", Realm, UserName);
InstanceMutexLock (INSTANCE_MUTEX_AUTH_CACHE);
RecordCount = AuthGblSecPtr->CacheRecordCount;
RecordPoolPtr = AuthGblSecPtr->CacheRecordPool;
for (cnt = 0; cnt < RecordCount; cnt++)
{
acrptr = RecordPoolPtr + (AuthCacheRecordSize * cnt);
if (!acrptr->SourceRealm) continue;
if (Realm && Realm[0] && strcmp (Realm, acrptr->Realm)) continue;
if (UserName && UserName[0] && strcmp (UserName, acrptr->UserName)) continue;
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"!&Z !&Z", acrptr->Realm, acrptr->UserName);
memset (acrptr, 0, AuthCacheRecordSize);
}
InstanceMutexUnLock (INSTANCE_MUTEX_AUTH_CACHE);
return (SS$_NORMAL);
}
/*****************************************************************************/
/*
Display all records in the authentication cache.
*/
AuthCacheReport (REQUEST_STRUCT *rqptr)
{
static char BeginPageFao [] =
"<p><table class=\"ctgry\">\n\
<tr><td>\n\
<table class=\"rghtlft\">\n\
\
<tr><th class=\"sbttl\">Source</th>\n\
<tr><th>ACME:</th><td>!UL</td>\n\
<tr><th>Agent:</th><td>!UL</td>\n\
<tr><th>HTA:</th><td>!UL</td>\n\
<tr><th>List:</th><td>!UL</td>\n\
<tr><th>RFC1413:</th><td>!UL</td></tr>\n\
<tr><th>Skeleton-Key:</th><td>!UL</td><td>!AZ</td></tr>\n\
<tr><th>SYSUAF:</th><td>!UL</td></tr>\n\
<tr><th>Token:</th><td>!UL</td></tr>\n\
<tr><th>X509:</th><td>!UL</td></tr>\n\
</table>\n\
</td><td>\n\
\
<table class=\"rghtlft\" style=\"margin-left:-2em;\">\n\
<tr><th class=\"sbttl\">Scheme</th></tr>\n\
<tr><th>Basic:</th><td>!UL</td></tr>\n\
<tr><th>Digest:</th><td>!UL</td></tr>\n\
<tr><th>Other:</th><td>!UL</td></tr>\n\
</table>\n\
</td>\
<td>\n\
\
<table class=\"rghtlft\" style=\"margin-left:2em;\">\n\
<tr><th class=\"sbttl\">Cache</th></tr>\n\
<tr><th>Since:</th><td colspan=\"2\"><nobr>!20&W</nobr></td></tr>\n\
<tr><th>Maximum:</th><td colspan=\"2\">!UL x !UL bytes</td></tr>\n\
<tr><th>Current:</th><td>!UL</td>\
<td style=\"width:100%\"></td></tr>\n\
<tr><th>Reused:</th><td>!UL</td></tr>\n\
<tr><th>Hits:</th><td>!UL</td></tr>\n\
<tr><th>Misses:</th><td>!UL</td></tr>\n\
<tr><th>Timeouts:</th><td>!UL</td></tr>\n\
</table>\n\
\
</td></tr>\n\
</table>\n\
\
<p><table class=\"lftlft\">\n\\
<tr>\
<th></th>\
<th colspan=\"2\" class=\"sbttl\">Realm</th>\
<th colspan=\"2\">Group-R+W</th>\
<th>Group-R</u></th>\
<th colspan=\"4\">Config-Dir / Path-Param</th>\
</tr>\n<tr>\
<th></th>\
<th>User</th>\
<th>Access</th>\
<th class=\"targht\">Basic</th>\
<th>Digest</th>\
<th><nobr>Most Recent</th>\
<th class=\"targht\">Cache</th>\
<th class=\"targht\">Source</th>\
<th class=\"targht\">Fail</th>\
<th class=\"targht\">Break-in</th>\
</tr>\n";
static char RecordFao [] =
"<tr>\
<th>!4ZL</th>\
<td colspan=\"2\">!AZ!AZ</td>\
<td colspan=\"2\">!&@</td>\
<td>!&@</td>\
<td colspan=\"4\">!AZ !AZ</td>\
</tr>\n\
<tr class=\"hlght\">\
<th></th>\
<td>!AZ</td>\
<td>!AZ!AZ!AZ</td>\
<td class=\"targht\">!UL</td>\
<td class=\"targht\">!UL</td>\
<td>!20%D</td>\
<td class=\"targht\">!UL</td>\
<td class=\"targht\">!UL</td>\
<td class=\"targht\">!UL</td>\
<td class=\"targht\">!AZ!UL!AZ</td>\
</tr>\n";
static char EmptyCacheFao [] =
"<tr clas=\"hlght\"><th>0000</th>\
<td colspan=\"9\"><i>empty</i></td><tr>\n";
static char EndPageFao [] =
"</table>\n\
</div>\n\
</body>\n\
</html>\n";
int cnt, status,
RecordCount;
unsigned long FaoVector [48];
unsigned long *vecptr;
unsigned char *RecordPoolPtr;
char *cptr;
AUTH_CREC *acrptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_MOD_AUTH, "AuthCacheReport()");
AdminPageTitle (rqptr, "User Authentication");
vecptr = FaoVector;
InstanceMutexLock (INSTANCE_MUTEX_HTTPD);
*vecptr++ = AccountingPtr->AuthAcmeCount;
*vecptr++ = AccountingPtr->AuthAgentCount;
*vecptr++ = AccountingPtr->AuthHtDatabaseCount;
*vecptr++ = AccountingPtr->AuthSimpleListCount;
*vecptr++ = AccountingPtr->AuthRFC1413Count;
*vecptr++ = AccountingPtr->AuthSkelKeyCount;
if (HttpdGblSecPtr->AuthSkelKeyHttpdTickSecond)
*vecptr++ = "(<b>Active</b>)";
else
*vecptr++ = "(Inactive)";
*vecptr++ = AccountingPtr->AuthVmsCount;
*vecptr++ = AccountingPtr->AuthTokenCount;
*vecptr++ = AccountingPtr->AuthX509Count;
*vecptr++ = AccountingPtr->AuthBasicCount;
*vecptr++ = AccountingPtr->AuthDigestCount;
*vecptr++ = AccountingPtr->AuthOtherCount;
InstanceMutexUnLock (INSTANCE_MUTEX_HTTPD);
InstanceMutexLock (INSTANCE_MUTEX_AUTH_CACHE);
*vecptr++ = &AuthGblSecPtr->SinceTime64;
*vecptr++ = AuthCacheRecordMax;
*vecptr++ = AuthCacheRecordSize;
*vecptr++ = AuthGblSecPtr->CacheRecordCount;
*vecptr++ = AuthGblSecPtr->CacheReuseCount;
*vecptr++ = AuthGblSecPtr->CacheHitCount;
*vecptr++ = AuthGblSecPtr->CacheMissCount;
*vecptr++ = AuthGblSecPtr->CacheTimeoutCount;
status = FaolToNet (rqptr, BeginPageFao, &FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
RecordCount = AuthGblSecPtr->CacheRecordCount;
RecordPoolPtr = AuthGblSecPtr->CacheRecordPool;
for (cnt = 0; cnt < RecordCount; cnt++)
{
acrptr = RecordPoolPtr + (AuthCacheRecordSize * cnt);
if (!acrptr->SourceRealm) continue;
cptr = AuthCanString (acrptr->AuthUserCan, AUTH_CAN_FORMAT_HTML);
if (!cptr) cptr = "*ERROR*";
vecptr = FaoVector;
*vecptr++ = cnt+1;
*vecptr++ = acrptr->Realm;
*vecptr++ = AuthSourceString (acrptr->Realm, acrptr->SourceRealm);
if (acrptr->GroupWrite[0])
{
*vecptr++ = "!AZ!AZ";
*vecptr++ = acrptr->GroupWrite;
*vecptr++ = AuthSourceString (acrptr->GroupWrite,
acrptr->SourceGroupWrite);
}
else
*vecptr++ = "<i>none</i>";
if (acrptr->GroupRead[0])
{
*vecptr++ = "!AZ!AZ";
*vecptr++ = acrptr->GroupRead;
*vecptr++ = AuthSourceString (acrptr->GroupRead,
acrptr->SourceGroupRead);
}
else
*vecptr++ = "<i>none</i>";
if (acrptr->ConfigDirectory[0])
*vecptr++ = acrptr->ConfigDirectory;
else
if (!acrptr->PathParameter[0])
*vecptr++ = "<i>neither</i>";
else
*vecptr++ = "";
if (acrptr->PathParameter[0])
*vecptr++ = acrptr->PathParameter;
else
*vecptr++ = "";
*vecptr++ = acrptr->UserName;
*vecptr++ = cptr;
if (acrptr->VmsUserProfileLength)
*vecptr++ = " (profile)";
else
*vecptr++ = "";
if (acrptr->HttpsOnly)
*vecptr++ = " ("https:" only)";
else
*vecptr++ = "";
*vecptr++ = acrptr->BasicCount;
*vecptr++ = acrptr->DigestCount;
*vecptr++ = &acrptr->LastAccessTime64;
*vecptr++ = acrptr->AccessCount;
*vecptr++ = acrptr->DataBaseCount;
if (acrptr->FailureCount < Config.cfAuth.FailureLimit)
{
*vecptr++ = acrptr->FailureCount;
*vecptr++ = "";
*vecptr++ = 0;
*vecptr++ = "";
}
else
{
*vecptr++ = 0;
*vecptr++ = "<font color=\"#ff0000\">";
*vecptr++ = acrptr->FailureCount;
*vecptr++ = "</font>";
}
status = FaolToNet (rqptr, RecordFao, &FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
}
if (!RecordCount)
{
status = FaolToNet (rqptr, EmptyCacheFao, NULL);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
}
status = FaolToNet (rqptr, EndPageFao, NULL);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
InstanceMutexUnLock (INSTANCE_MUTEX_AUTH_CACHE);
rqptr->rqResponse.PreExpired = PRE_EXPIRE_ADMIN;
ResponseHeader200 (rqptr, "text/html", &rqptr->NetWriteBufferDsc);
AdminEnd (rqptr);
}
/*****************************************************************************/