|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* auth_mellon_config.c: an authentication apache module
|
|
Packit Service |
d6b4c9 |
* Copyright © 2003-2007 UNINETT (http://www.uninett.no/)
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
d6b4c9 |
* it under the terms of the GNU General Public License as published by
|
|
Packit Service |
d6b4c9 |
* the Free Software Foundation; either version 2 of the License, or
|
|
Packit Service |
d6b4c9 |
* (at your option) any later version.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* This program is distributed in the hope that it will be useful,
|
|
Packit Service |
d6b4c9 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
d6b4c9 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
d6b4c9 |
* GNU General Public License for more details.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* You should have received a copy of the GNU General Public License
|
|
Packit Service |
d6b4c9 |
* along with this program; if not, write to the Free Software
|
|
Packit Service |
d6b4c9 |
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#include "auth_mellon.h"
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#ifdef APLOG_USE_MODULE
|
|
Packit Service |
d6b4c9 |
APLOG_USE_MODULE(auth_mellon);
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This is the default endpoint path. Remember to update the description of
|
|
Packit Service |
d6b4c9 |
* the MellonEndpointPath configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *default_endpoint_path = "/mellon/";
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This is the default name of the attribute we use as a username. Remember
|
|
Packit Service |
d6b4c9 |
* to update the description of the MellonUser configuration directive if
|
|
Packit Service |
d6b4c9 |
* you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *default_user_attribute = "NAME_ID";
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
a2b39c |
/* This is the default prefix to use for attributes received from the
|
|
Packit Service |
a2b39c |
* server. Customizable using the MellonEnvPrefix option
|
|
Packit Service |
a2b39c |
*/
|
|
Packit Service |
a2b39c |
static const char *default_env_prefix = "MELLON_";
|
|
Packit Service |
a2b39c |
|
|
Packit Service |
d6b4c9 |
/* This is the default name of the cookie which mod_auth_mellon will set.
|
|
Packit Service |
d6b4c9 |
* If you change this, then you should also update the description of the
|
|
Packit Service |
d6b4c9 |
* MellonVar configuration directive.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *default_cookie_name = "cookie";
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* The default setting for cookie is to not enforce secure flag
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const int default_secure_cookie = 0;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* The default setting for cookie is to not enforce HttpOnly flag
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const int default_http_only_cookie = 0;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* The default setting for setting MELLON_SESSION
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const int default_dump_session = 0;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* The default setting for setting MELLON_SAML_RESPONSE
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const int default_dump_saml_response = 0;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This is the default IdP initiated login location
|
|
Packit Service |
d6b4c9 |
* the MellonDefaultLoginPath configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *default_login_path = "/";
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* saved POST session time to live
|
|
Packit Service |
d6b4c9 |
* the MellonPostTTL configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const apr_time_t post_ttl = 15 * 60;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* saved POST session maximum size
|
|
Packit Service |
d6b4c9 |
* the MellonPostSize configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const apr_size_t post_size = 1024 * 1024;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* maximum saved POST sessions
|
|
Packit Service |
d6b4c9 |
* the MellonPostCount configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const int post_count = 100;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#ifdef ENABLE_DIAGNOSTICS
|
|
Packit Service |
d6b4c9 |
/* Default filename for mellon diagnostics log file.
|
|
Packit Service |
d6b4c9 |
* Relative pathname is relative to server root. */
|
|
Packit Service |
d6b4c9 |
static const char *default_diag_filename = "logs/mellon_diagnostics";
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Default state for diagnostics is off */
|
|
Packit Service |
d6b4c9 |
static am_diag_flags_t default_diag_flags = AM_DIAG_FLAG_DISABLE;
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* whether to merge env. vars or not
|
|
Packit Service |
d6b4c9 |
* the MellonMergeEnvVars configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *default_merge_env_vars = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* for env. vars with multiple values, the index start
|
|
Packit Service |
d6b4c9 |
* the MellonEnvVarsIndexStart configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const int default_env_vars_index_start = -1;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* whether to also populate env. var _N with number of values
|
|
Packit Service |
d6b4c9 |
* the MellonEnvVarsSetCount configuration directive if you change this.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const int default_env_vars_count_in_n = -1;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* The default list of trusted redirect domains. */
|
|
Packit Service |
d6b4c9 |
static const char * const default_redirect_domains[] = { "[self]", NULL };
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set a
|
|
Packit Service |
d6b4c9 |
* multivalued string slot in the module configuration (the destination
|
|
Packit Service |
d6b4c9 |
* strucure is a hash).
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *key The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
* const char *value Optional value to be stored in the hash.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_hash_string_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *key,
|
|
Packit Service |
d6b4c9 |
const char *value)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
server_rec *s = cmd->server;
|
|
Packit Service |
d6b4c9 |
apr_pool_t *pconf = s->process->pconf;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
int offset;
|
|
Packit Service |
d6b4c9 |
apr_hash_t **hash;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* If no value is given, we just store the key in the hash.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
if (value == NULL || *value == '\0')
|
|
Packit Service |
d6b4c9 |
value = key;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
offset = (int)(long)cmd->info;
|
|
Packit Service |
d6b4c9 |
hash = (apr_hash_t **)((char *)cfg + offset);
|
|
Packit Service |
d6b4c9 |
apr_hash_set(*hash, apr_pstrdup(pconf, key), APR_HASH_KEY_STRING, value);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set a
|
|
Packit Service |
d6b4c9 |
* multivalued string slot in the module configuration (the destination
|
|
Packit Service |
d6b4c9 |
* strucure is a table).
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *key The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
* const char *value Optional value to be stored in the hash.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_table_string_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *key,
|
|
Packit Service |
d6b4c9 |
const char *value)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
server_rec *s = cmd->server;
|
|
Packit Service |
d6b4c9 |
apr_pool_t *pconf = s->process->pconf;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
int offset;
|
|
Packit Service |
d6b4c9 |
apr_table_t **table;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* If no value is given, we just store the key in the hash.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
if (value == NULL || *value == '\0')
|
|
Packit Service |
d6b4c9 |
value = key;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
offset = (int)(long)cmd->info;
|
|
Packit Service |
d6b4c9 |
table = (apr_table_t **)((char *)cfg + offset);
|
|
Packit Service |
d6b4c9 |
apr_table_set(*table, apr_pstrdup(pconf, key), value);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set a file slot
|
|
Packit Service |
d6b4c9 |
* in the module configuration. The file contents are immediately read.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* This value isn't used by this function.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_file_contents_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
const char *path;
|
|
Packit Service |
d6b4c9 |
apr_status_t rv;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
int offset;
|
|
Packit Service |
d6b4c9 |
am_file_data_t **p_file_data, *file_data;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
path = ap_server_root_relative(cmd->pool, arg);
|
|
Packit Service |
d6b4c9 |
if (!path) {
|
|
Packit Service |
d6b4c9 |
return apr_pstrcat(cmd->pool, cmd->cmd->name,
|
|
Packit Service |
d6b4c9 |
": Invalid file path ", arg, NULL);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
offset = (int)(long)cmd->info;
|
|
Packit Service |
d6b4c9 |
p_file_data = (am_file_data_t **)((char *)cfg + offset);
|
|
Packit Service |
d6b4c9 |
*p_file_data = am_file_data_new(cmd->pool, path);
|
|
Packit Service |
d6b4c9 |
file_data = *p_file_data;
|
|
Packit Service |
d6b4c9 |
rv = am_file_read(file_data);
|
|
Packit Service |
d6b4c9 |
if (rv != APR_SUCCESS) {
|
|
Packit Service |
d6b4c9 |
return file_data->strerror;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set a file
|
|
Packit Service |
d6b4c9 |
* pathname in the module configuration. The file is checked for
|
|
Packit Service |
d6b4c9 |
* existence.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* This value isn't used by this function.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_file_pathname_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
const char *path;
|
|
Packit Service |
d6b4c9 |
apr_status_t rv;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
int offset;
|
|
Packit Service |
d6b4c9 |
am_file_data_t **p_file_data, *file_data;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
path = ap_server_root_relative(cmd->pool, arg);
|
|
Packit Service |
d6b4c9 |
if (!path) {
|
|
Packit Service |
d6b4c9 |
return apr_pstrcat(cmd->pool, cmd->cmd->name,
|
|
Packit Service |
d6b4c9 |
": Invalid file_data path ", arg, NULL);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
offset = (int)(long)cmd->info;
|
|
Packit Service |
d6b4c9 |
p_file_data = (am_file_data_t **)((char *)cfg + offset);
|
|
Packit Service |
d6b4c9 |
*p_file_data = am_file_data_new(cmd->pool, path);
|
|
Packit Service |
d6b4c9 |
file_data = *p_file_data;
|
|
Packit Service |
d6b4c9 |
rv = am_file_stat(file_data);
|
|
Packit Service |
d6b4c9 |
if (rv != APR_SUCCESS) {
|
|
Packit Service |
d6b4c9 |
return file_data->strerror;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
if (file_data->finfo.filetype != APR_REG) {
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "file \"%s\" is not a regular file",
|
|
Packit Service |
d6b4c9 |
file_data->path);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which use
|
|
Packit Service |
d6b4c9 |
* a glob pattern, with a second optional argument
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *glob_pat glob(3) pattern
|
|
Packit Service |
d6b4c9 |
* const char *option Optional argument
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_glob_fn12(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *glob_pat,
|
|
Packit Service |
d6b4c9 |
const char *option)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
const char *(*take_argv)(cmd_parms *, void *, const char *, const char *);
|
|
Packit Service |
d6b4c9 |
apr_array_header_t *files;
|
|
Packit Service |
d6b4c9 |
const char *error;
|
|
Packit Service |
d6b4c9 |
const char *directory;
|
|
Packit Service |
d6b4c9 |
int i;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
take_argv = cmd->info;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
directory = am_filepath_dirname(cmd->pool, glob_pat);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (glob_pat == NULL || *glob_pat == '\0')
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool,
|
|
Packit Service |
d6b4c9 |
"%s takes one or two arguments",
|
|
Packit Service |
d6b4c9 |
cmd->cmd->name);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (apr_match_glob(glob_pat, &files, cmd->pool) != 0)
|
|
Packit Service |
d6b4c9 |
return take_argv(cmd, struct_ptr, glob_pat, option);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
for (i = 0; i < files->nelts; i++) {
|
|
Packit Service |
d6b4c9 |
const char *path;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
path = apr_pstrcat(cmd->pool, directory, "/",
|
|
Packit Service |
d6b4c9 |
((const char **)(files->elts))[i], NULL);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
error = take_argv(cmd, struct_ptr, path, option);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (error != NULL)
|
|
Packit Service |
d6b4c9 |
return error;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set an
|
|
Packit Service |
d6b4c9 |
* idp related slot in the module configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *metadata Path to metadata file for one or multiple IdP
|
|
Packit Service |
d6b4c9 |
* const char *chain Optional path to validating chain
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_idp_string_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *metadata,
|
|
Packit Service |
d6b4c9 |
const char *chain)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
server_rec *s = cmd->server;
|
|
Packit Service |
d6b4c9 |
apr_pool_t *pconf = s->process->pconf;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
am_file_data_t *idp_file_data = NULL;
|
|
Packit Service |
d6b4c9 |
am_file_data_t *chain_file_data = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#ifndef HAVE_lasso_server_load_metadata
|
|
Packit Service |
d6b4c9 |
if (chain != NULL)
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "Cannot specify validating chain "
|
|
Packit Service |
d6b4c9 |
"for %s since lasso library lacks "
|
|
Packit Service |
d6b4c9 |
"lasso_server_load_metadata()", cmd->cmd->name);
|
|
Packit Service |
d6b4c9 |
#endif /* HAVE_lasso_server_load_metadata */
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
idp_file_data = am_file_data_new(pconf, metadata);
|
|
Packit Service |
d6b4c9 |
if (am_file_stat(idp_file_data) != APR_SUCCESS) {
|
|
Packit Service |
d6b4c9 |
return idp_file_data->strerror;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (chain) {
|
|
Packit Service |
d6b4c9 |
chain_file_data = am_file_data_new(pconf, chain);
|
|
Packit Service |
d6b4c9 |
if (am_file_stat(chain_file_data) != APR_SUCCESS) {
|
|
Packit Service |
d6b4c9 |
return chain_file_data->strerror;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
chain_file_data = NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
am_metadata_t *idp_metadata = apr_array_push(cfg->idp_metadata);
|
|
Packit Service |
d6b4c9 |
idp_metadata->metadata = idp_file_data;
|
|
Packit Service |
d6b4c9 |
idp_metadata->chain = chain_file_data;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set an
|
|
Packit Service |
d6b4c9 |
* idp federation blacklist slot in the module configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* int argc Number of blacklisted providerId.
|
|
Packit Service |
d6b4c9 |
* char *const argv[] List of blacklisted providerId.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success, or errror string
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_idp_ignore_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
int argc,
|
|
Packit Service |
d6b4c9 |
char *const argv[])
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
#ifdef HAVE_lasso_server_load_metadata
|
|
Packit Service |
d6b4c9 |
server_rec *s = cmd->server;
|
|
Packit Service |
d6b4c9 |
apr_pool_t *pconf = s->process->pconf;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
GList *new_idp_ignore;
|
|
Packit Service |
d6b4c9 |
int i;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (argc < 1)
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "%s takes at least one arguments",
|
|
Packit Service |
d6b4c9 |
cmd->cmd->name);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
for (i = 0; i < argc; i++) {
|
|
Packit Service |
d6b4c9 |
new_idp_ignore = apr_palloc(pconf, sizeof(GList));
|
|
Packit Service |
d6b4c9 |
new_idp_ignore->data = apr_pstrdup(pconf, argv[i]);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Prepend it to the list. */
|
|
Packit Service |
d6b4c9 |
new_idp_ignore->next = cfg->idp_ignore;
|
|
Packit Service |
d6b4c9 |
if (cfg->idp_ignore != NULL)
|
|
Packit Service |
d6b4c9 |
cfg->idp_ignore->prev = new_idp_ignore;
|
|
Packit Service |
d6b4c9 |
cfg->idp_ignore = new_idp_ignore;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#else /* HAVE_lasso_server_load_metadata */
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "Cannot use %s since lasso library lacks "
|
|
Packit Service |
d6b4c9 |
"lasso_server_load_metadata()", cmd->cmd->name);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#endif /* HAVE_lasso_server_load_metadata */
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set a file path
|
|
Packit Service |
d6b4c9 |
* slot in the module configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* This value isn't used by this function.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_module_config_file_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
return ap_set_file_slot(cmd, am_get_mod_cfg(cmd->server), arg);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which set an int
|
|
Packit Service |
d6b4c9 |
* slot in the module configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* This value isn't used by this function.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_module_config_int_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
return ap_set_int_slot(cmd, am_get_mod_cfg(cmd->server), arg);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonDiagnosticsFile configuration directive.
|
|
Packit Service |
d6b4c9 |
* It emits as warning in the log file if Mellon is not built with
|
|
Packit Service |
d6b4c9 |
* diagnostics enabled.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_module_diag_file_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
#ifdef ENABLE_DIAGNOSTICS
|
|
Packit Service |
d6b4c9 |
return ap_set_file_slot(cmd, am_get_diag_cfg(cmd->server), arg);
|
|
Packit Service |
d6b4c9 |
#else
|
|
Packit Service |
d6b4c9 |
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server,
|
|
Packit Service |
d6b4c9 |
"%s has no effect because Mellon was not compiled with"
|
|
Packit Service |
d6b4c9 |
" diagnostics enabled, use ./configure --enable-diagnostics"
|
|
Packit Service |
d6b4c9 |
" at build time to turn this feature on.",
|
|
Packit Service |
d6b4c9 |
cmd->directive->directive);
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles configuration directives which sets the
|
|
Packit Service |
d6b4c9 |
* diagnostics flags in the module configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_module_diag_flags_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
#ifdef ENABLE_DIAGNOSTICS
|
|
Packit Service |
d6b4c9 |
am_diag_cfg_rec *diag_cfg = am_get_diag_cfg(cmd->server);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (strcasecmp(arg, "on") == 0) {
|
|
Packit Service |
d6b4c9 |
diag_cfg->flags = AM_DIAG_FLAG_ENABLE_ALL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
else if (strcasecmp(arg, "off") == 0) {
|
|
Packit Service |
d6b4c9 |
diag_cfg->flags = AM_DIAG_FLAG_DISABLE;
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "%s: must be one of: 'on', 'off'",
|
|
Packit Service |
d6b4c9 |
cmd->cmd->name);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
#else
|
|
Packit Service |
d6b4c9 |
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server,
|
|
Packit Service |
d6b4c9 |
"%s has no effect because Mellon was not compiled with"
|
|
Packit Service |
d6b4c9 |
" diagnostics enabled, use ./configure --enable-diagnostics"
|
|
Packit Service |
d6b4c9 |
" at build time to turn this feature on.",
|
|
Packit Service |
d6b4c9 |
cmd->directive->directive);
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonCookieSameSite configuration directive.
|
|
Packit Service |
d6b4c9 |
* This directive can be set to "lax" or "strict"
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string if the argument is wrong.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_samesite_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if(!strcasecmp(arg, "lax")) {
|
|
Packit Service |
d6b4c9 |
d->cookie_samesite = am_samesite_lax;
|
|
Packit Service |
d6b4c9 |
} else if(!strcasecmp(arg, "strict")) {
|
|
Packit Service |
d6b4c9 |
d->cookie_samesite = am_samesite_strict;
|
|
Packit Service |
4d483e |
} else if(!strcasecmp(arg, "none")) {
|
|
Packit Service |
4d483e |
d->cookie_samesite = am_samesite_none;
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
return "The MellonCookieSameSite parameter must be 'lax' or 'strict'";
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonEnable configuration directive.
|
|
Packit Service |
d6b4c9 |
* This directive can be set to "off", "info" or "auth".
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string if the argument is wrong.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_enable_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if(!strcasecmp(arg, "auth")) {
|
|
Packit Service |
d6b4c9 |
d->enable_mellon = am_enable_auth;
|
|
Packit Service |
d6b4c9 |
} else if(!strcasecmp(arg, "info")) {
|
|
Packit Service |
d6b4c9 |
d->enable_mellon = am_enable_info;
|
|
Packit Service |
d6b4c9 |
} else if(!strcasecmp(arg, "off")) {
|
|
Packit Service |
d6b4c9 |
d->enable_mellon = am_enable_off;
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
return "parameter must be 'off', 'info' or 'auth'";
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonSecureCookie configuration directive.
|
|
Packit Service |
d6b4c9 |
* This directive can be set to "on", "off", "secure" or "httponly".
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string if the argument is wrong.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_secure_slots(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if(!strcasecmp(arg, "on")) {
|
|
Packit Service |
d6b4c9 |
d->secure = 1;
|
|
Packit Service |
d6b4c9 |
d->http_only = 1;
|
|
Packit Service |
d6b4c9 |
} else if(!strcasecmp(arg, "secure")) {
|
|
Packit Service |
d6b4c9 |
d->secure = 1;
|
|
Packit Service |
d6b4c9 |
} else if(!strcasecmp(arg, "httponly")) {
|
|
Packit Service |
d6b4c9 |
d->http_only = 1;
|
|
Packit Service |
d6b4c9 |
} else if(strcasecmp(arg, "off")) {
|
|
Packit Service |
d6b4c9 |
return "parameter must be 'on', 'off', 'secure' or 'httponly'";
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the obsolete MellonDecoder configuration directive.
|
|
Packit Service |
d6b4c9 |
* It is a no-op.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_decoder_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonEndpointPath configuration directive.
|
|
Packit Service |
d6b4c9 |
* If the path doesn't end with a '/', then we will append one.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for the MellonEndpointPath
|
|
Packit Service |
d6b4c9 |
* configuration directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument containing the path of the
|
|
Packit Service |
d6b4c9 |
* endpoint directory.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* This function will always return NULL.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_endpoint_path(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Make sure that the path ends with '/'. */
|
|
Packit Service |
d6b4c9 |
if(strlen(arg) == 0 || arg[strlen(arg) - 1] != '/') {
|
|
Packit Service |
d6b4c9 |
d->endpoint_path = apr_pstrcat(cmd->pool, arg, "/", NULL);
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
d->endpoint_path = arg;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonSetEnv configuration directive.
|
|
Packit Service |
d6b4c9 |
* This directive allows the user to change the name of attributes.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for the MellonSetEnv
|
|
Packit Service |
d6b4c9 |
* configuration directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *newName The new name of the attribute.
|
|
Packit Service |
d6b4c9 |
* const char *oldName The old name of the attribute.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* This function will always return NULL.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_setenv_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *newName,
|
|
Packit Service |
d6b4c9 |
const char *oldName)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
/* Configure as prefixed attribute name */
|
|
Packit Service |
d6b4c9 |
am_envattr_conf_t *envattr_conf = (am_envattr_conf_t *)apr_palloc(cmd->pool, sizeof(am_envattr_conf_t));
|
|
Packit Service |
d6b4c9 |
envattr_conf->name = newName;
|
|
Packit Service |
d6b4c9 |
envattr_conf->prefixed = 1;
|
|
Packit Service |
d6b4c9 |
apr_hash_set(d->envattr, oldName, APR_HASH_KEY_STRING, envattr_conf);
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonSetEnvNoPrefix configuration directive.
|
|
Packit Service |
d6b4c9 |
* This directive allows the user to change the name of attributes without prefixing them with MELLON_.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for the MellonSetEnv
|
|
Packit Service |
d6b4c9 |
* configuration directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *newName The new name of the attribute.
|
|
Packit Service |
d6b4c9 |
* const char *oldName The old name of the attribute.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* This function will always return NULL.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_setenv_no_prefix_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *newName,
|
|
Packit Service |
d6b4c9 |
const char *oldName)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
/* Configure as not prefixed attribute name */
|
|
Packit Service |
d6b4c9 |
am_envattr_conf_t *envattr_conf = (am_envattr_conf_t *)apr_palloc(cmd->pool, sizeof(am_envattr_conf_t));
|
|
Packit Service |
d6b4c9 |
envattr_conf->name = newName;
|
|
Packit Service |
d6b4c9 |
envattr_conf->prefixed = 0;
|
|
Packit Service |
d6b4c9 |
apr_hash_set(d->envattr, oldName, APR_HASH_KEY_STRING, envattr_conf);
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function decodes MellonCond flags, such as [NOT,REG]
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* const char *arg Pointer to the flags string
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* flags, or -1 on error
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static int am_cond_flags(const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
int flags = AM_COND_FLAG_NULL;
|
|
Packit Service |
d6b4c9 |
static const char * const options[] = {
|
|
Packit Service |
d6b4c9 |
"OR", /* AM_EXPIRE_FLAG_OR */
|
|
Packit Service |
d6b4c9 |
"NOT", /* AM_EXPIRE_FLAG_NOT */
|
|
Packit Service |
d6b4c9 |
"REG", /* AM_EXPIRE_FLAG_REG */
|
|
Packit Service |
d6b4c9 |
"NC", /* AM_EXPIRE_FLAG_NC */
|
|
Packit Service |
d6b4c9 |
"MAP", /* AM_EXPIRE_FLAG_MAP */
|
|
Packit Service |
d6b4c9 |
"REF", /* AM_EXPIRE_FLAG_REF */
|
|
Packit Service |
d6b4c9 |
"SUB", /* AM_EXPIRE_FLAG_SUB */
|
|
Packit Service |
d6b4c9 |
/* The other options (IGN, REQ, FSTR, ...) are only internally used */
|
|
Packit Service |
d6b4c9 |
};
|
|
Packit Service |
d6b4c9 |
apr_size_t options_count = sizeof(options) / sizeof(*options);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Skip inital [ */
|
|
Packit Service |
d6b4c9 |
if (arg[0] == '[')
|
|
Packit Service |
d6b4c9 |
arg++;
|
|
Packit Service |
d6b4c9 |
else
|
|
Packit Service |
d6b4c9 |
return -1;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
do {
|
|
Packit Service |
d6b4c9 |
apr_size_t i;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
for (i = 0; i < options_count; i++) {
|
|
Packit Service |
d6b4c9 |
apr_size_t optlen = strlen(options[i]);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (strncmp(arg, options[i], optlen) == 0) {
|
|
Packit Service |
d6b4c9 |
/* Make sure we have a separator next */
|
|
Packit Service |
d6b4c9 |
if (arg[optlen] && !strchr("]\t ,", (int)arg[optlen]))
|
|
Packit Service |
d6b4c9 |
return -1;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
flags |= (1 << i);
|
|
Packit Service |
d6b4c9 |
arg += optlen;
|
|
Packit Service |
d6b4c9 |
break;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* no match */
|
|
Packit Service |
d6b4c9 |
if (i == options_count)
|
|
Packit Service |
d6b4c9 |
return -1;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* skip spaces, tabs and commas */
|
|
Packit Service |
d6b4c9 |
arg += strspn(arg, " \t,");
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* End of option, but we fire an error if
|
|
Packit Service |
d6b4c9 |
* there is trailing garbage
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
if (*arg == ']') {
|
|
Packit Service |
d6b4c9 |
arg++;
|
|
Packit Service |
d6b4c9 |
return (*arg == '\0') ? flags : -1;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
} while (*arg);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Missing trailing ] */
|
|
Packit Service |
d6b4c9 |
return -1;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonCond configuration directive, which
|
|
Packit Service |
d6b4c9 |
* allows the user to restrict access based on attributes received from
|
|
Packit Service |
d6b4c9 |
* the IdP.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for the MellonCond
|
|
Packit Service |
d6b4c9 |
* configuration directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *attribute Pointer to the attribute name
|
|
Packit Service |
d6b4c9 |
* const char *value Pointer to the attribute value or regex
|
|
Packit Service |
d6b4c9 |
* const char *options Pointer to options
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_cond_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *attribute,
|
|
Packit Service |
d6b4c9 |
const char *value,
|
|
Packit Service |
d6b4c9 |
const char *options)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = struct_ptr;
|
|
Packit Service |
d6b4c9 |
int flags = AM_COND_FLAG_NULL;
|
|
Packit Service |
d6b4c9 |
am_cond_t *element;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (attribute == NULL || *attribute == '\0' ||
|
|
Packit Service |
d6b4c9 |
value == NULL || *value == '\0')
|
|
Packit Service |
d6b4c9 |
return apr_pstrcat(cmd->pool, cmd->cmd->name,
|
|
Packit Service |
d6b4c9 |
" takes at least two arguments", NULL);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (options != NULL && *options != '\0')
|
|
Packit Service |
d6b4c9 |
flags = am_cond_flags(options);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (flags == -1)
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "%s - invalid flags %s",
|
|
Packit Service |
d6b4c9 |
cmd->cmd->name, options);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
element = (am_cond_t *)apr_array_push(d->cond);
|
|
Packit Service |
d6b4c9 |
element->varname = attribute;
|
|
Packit Service |
d6b4c9 |
element->flags = flags;
|
|
Packit Service |
d6b4c9 |
element->str = NULL;
|
|
Packit Service |
d6b4c9 |
element->regex = NULL;
|
|
Packit Service |
d6b4c9 |
element->directive = apr_pstrcat(cmd->pool, cmd->directive->directive,
|
|
Packit Service |
d6b4c9 |
" ", cmd->directive->args, NULL);
|
|
Packit Service |
d6b4c9 |
if (element->flags & AM_COND_FLAG_REG) {
|
|
Packit Service |
d6b4c9 |
int regex_flags = AP_REG_EXTENDED|AP_REG_NOSUB;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (element->flags & AM_COND_FLAG_NC)
|
|
Packit Service |
d6b4c9 |
regex_flags |= AP_REG_ICASE;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
element->regex = ap_pregcomp(cmd->pool, value, regex_flags);
|
|
Packit Service |
d6b4c9 |
if (element->regex == NULL)
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "%s - invalid regex %s",
|
|
Packit Service |
d6b4c9 |
cmd->cmd->name, value);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* Flag values containing format strings to that we do
|
|
Packit Service |
d6b4c9 |
* not have to process the others at runtime.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
if (strchr(value, '%') != NULL)
|
|
Packit Service |
d6b4c9 |
element->flags |= AM_COND_FLAG_FSTR;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* We keep the string also for regex, so that we can
|
|
Packit Service |
d6b4c9 |
* print it for debug purpose and perform substitutions on it.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
element->str = value;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonRequire configuration directive, which
|
|
Packit Service |
d6b4c9 |
* allows the user to restrict access based on attributes received from
|
|
Packit Service |
d6b4c9 |
* the IdP.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for the MellonRequire
|
|
Packit Service |
d6b4c9 |
* configuration directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg Pointer to the configuration string.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_require_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = struct_ptr;
|
|
Packit Service |
d6b4c9 |
char *attribute, *value;
|
|
Packit Service |
d6b4c9 |
int i;
|
|
Packit Service |
d6b4c9 |
am_cond_t *element;
|
|
Packit Service |
d6b4c9 |
am_cond_t *first_element;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
attribute = ap_getword_conf(cmd->pool, &arg;;
|
|
Packit Service |
d6b4c9 |
value = ap_getword_conf(cmd->pool, &arg;;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (*attribute == '\0' || *value == '\0') {
|
|
Packit Service |
d6b4c9 |
return apr_pstrcat(cmd->pool, cmd->cmd->name,
|
|
Packit Service |
d6b4c9 |
" takes at least two arguments", NULL);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* MellonRequire overwrites previous conditions on this attribute
|
|
Packit Service |
d6b4c9 |
* We just tag the am_cond_t with the ignore flag, as it is
|
|
Packit Service |
d6b4c9 |
* easier (and probably faster) than to really remove it.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
for (i = 0; i < d->cond->nelts; i++) {
|
|
Packit Service |
d6b4c9 |
am_cond_t *ce = &((am_cond_t *)(d->cond->elts))[i];
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if ((strcmp(ce->varname, attribute) == 0) &&
|
|
Packit Service |
d6b4c9 |
(ce->flags & AM_COND_FLAG_REQ))
|
|
Packit Service |
d6b4c9 |
ce->flags |= AM_COND_FLAG_IGN;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
first_element = NULL;
|
|
Packit Service |
d6b4c9 |
do {
|
|
Packit Service |
d6b4c9 |
element = (am_cond_t *)apr_array_push(d->cond);
|
|
Packit Service |
d6b4c9 |
element->varname = attribute;
|
|
Packit Service |
d6b4c9 |
element->flags = AM_COND_FLAG_OR|AM_COND_FLAG_REQ;
|
|
Packit Service |
d6b4c9 |
element->str = value;
|
|
Packit Service |
d6b4c9 |
element->regex = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* When multiple values are given, we track the first one
|
|
Packit Service |
d6b4c9 |
* in order to retreive the directive
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
if (first_element == NULL) {
|
|
Packit Service |
d6b4c9 |
element->directive = apr_pstrcat(cmd->pool,
|
|
Packit Service |
d6b4c9 |
cmd->directive->directive, " ",
|
|
Packit Service |
d6b4c9 |
cmd->directive->args, NULL);
|
|
Packit Service |
d6b4c9 |
first_element = element;
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
element->directive = first_element->directive;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
} while (*(value = ap_getword_conf(cmd->pool, &arg)) != '\0');
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* Remove OR flag on last element
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
element->flags &= ~AM_COND_FLAG_OR;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonOrganization* directives, which
|
|
Packit Service |
d6b4c9 |
* which specify language-qualified strings
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for the MellonOrganization*
|
|
Packit Service |
d6b4c9 |
* configuration directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *lang Pointer to the language string (optional)
|
|
Packit Service |
d6b4c9 |
* const char *value Pointer to the data
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_langstring_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *lang,
|
|
Packit Service |
d6b4c9 |
const char *value)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
apr_hash_t *h = *(apr_hash_t **)(struct_ptr + (apr_size_t)cmd->info);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (value == NULL || *value == '\0') {
|
|
Packit Service |
d6b4c9 |
value = lang;
|
|
Packit Service |
d6b4c9 |
lang = "";
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
apr_hash_set(h, lang, APR_HASH_KEY_STRING,
|
|
Packit Service |
d6b4c9 |
apr_pstrdup(cmd->server->process->pconf, value));
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonAuthnContextClassRef directive.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for the MellonAuthnContextClassRef
|
|
Packit Service |
d6b4c9 |
* configuration directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg An URI for an SAMLv2 AuthnContextClassRef
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* This function will always return NULL.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_authn_context_class_ref(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
apr_pool_t *p= cmd->pool;
|
|
Packit Service |
d6b4c9 |
char **context_class_ref_p;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if(strlen(arg) == 0) {
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
context_class_ref_p = apr_array_push(d->authn_context_class_ref);
|
|
Packit Service |
d6b4c9 |
*context_class_ref_p = apr_pstrdup(p, arg);
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonDoNotVerifyLogoutSignature configuration directive,
|
|
Packit Service |
d6b4c9 |
* it is identical to the am_set_hash_string_slot function. You can refer to it.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *key The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_do_not_verify_logout_signature(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *key)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
#ifdef HAVE_lasso_profile_set_signature_verify_hint
|
|
Packit Service |
d6b4c9 |
return am_set_hash_string_slot(cmd, struct_ptr, key, NULL);
|
|
Packit Service |
d6b4c9 |
#else
|
|
Packit Service |
d6b4c9 |
return apr_pstrcat(cmd->pool, cmd->cmd->name,
|
|
Packit Service |
d6b4c9 |
" is not usable as modmellon was compiled against "
|
|
Packit Service |
d6b4c9 |
"a version of the lasso library which miss the "
|
|
Packit Service |
d6b4c9 |
"function lasso_profile_set_signature_verify_hint.",
|
|
Packit Service |
d6b4c9 |
NULL);
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonMergeEnvVars configuration directive,
|
|
Packit Service |
d6b4c9 |
* it sets merge_env_vars to nonempty separator (default semicolon),
|
|
Packit Service |
d6b4c9 |
* or empty string to denote no merging.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *flag On/Off flag
|
|
Packit Service |
d6b4c9 |
* const char *sep Optional separator, should be only present with On
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_merge_env_vars(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *flag,
|
|
Packit Service |
d6b4c9 |
const char *sep)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
apr_pool_t *p= cmd->pool;
|
|
Packit Service |
d6b4c9 |
if (strcasecmp(flag, "on") == 0) {
|
|
Packit Service |
d6b4c9 |
if (sep && *sep) {
|
|
Packit Service |
d6b4c9 |
/*
|
|
Packit Service |
d6b4c9 |
* TAKE12 will not give us the second argument if it is
|
|
Packit Service |
d6b4c9 |
* empty string so we cannot complain about it, we will just
|
|
Packit Service |
d6b4c9 |
* silently use semicolon
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
d->merge_env_vars = apr_pstrdup(p, sep);
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
d->merge_env_vars = ";";
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
} else if (strcasecmp(flag, "off") == 0) {
|
|
Packit Service |
d6b4c9 |
if (sep) {
|
|
Packit Service |
d6b4c9 |
return apr_pstrcat(cmd->pool, cmd->cmd->name,
|
|
Packit Service |
d6b4c9 |
" separator should not be used with Off", NULL);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
d->merge_env_vars = "";
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
return apr_pstrcat(cmd->pool, cmd->cmd->name,
|
|
Packit Service |
d6b4c9 |
" first parameer must be On or Off", NULL);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Handle MellonRedirectDomains option.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* NULL if we are not in a directory configuration.
|
|
Packit Service |
d6b4c9 |
* int argc Number of redirect domains.
|
|
Packit Service |
d6b4c9 |
* char *const argv[] List of redirect domains.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success, or errror string on failure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_redirect_domains(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
int argc,
|
|
Packit Service |
d6b4c9 |
char *const argv[])
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
const char **redirect_domains;
|
|
Packit Service |
d6b4c9 |
int i;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (argc < 1)
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool, "%s takes at least one arguments",
|
|
Packit Service |
d6b4c9 |
cmd->cmd->name);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
redirect_domains = apr_palloc(cmd->pool, sizeof(const char *) * (argc + 1));
|
|
Packit Service |
d6b4c9 |
for (i = 0; i < argc; i++) {
|
|
Packit Service |
d6b4c9 |
redirect_domains[i] = argv[i];
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
redirect_domains[argc] = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
cfg->redirect_domains = redirect_domains;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function handles the MellonSignatureMethod configuration directive.
|
|
Packit Service |
d6b4c9 |
* This directive can be set to one of:
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* cmd_parms *cmd The command structure for this configuration
|
|
Packit Service |
d6b4c9 |
* directive.
|
|
Packit Service |
d6b4c9 |
* void *struct_ptr Pointer to the current directory configuration.
|
|
Packit Service |
d6b4c9 |
* const char *arg The string argument following this configuration
|
|
Packit Service |
d6b4c9 |
* directive in the configuraion file.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* NULL on success or an error string if the argument is wrong.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static const char *am_set_signature_method_slot(cmd_parms *cmd,
|
|
Packit Service |
d6b4c9 |
void *struct_ptr,
|
|
Packit Service |
d6b4c9 |
const char *arg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
|
|
Packit Service |
d6b4c9 |
char *valid_methods = "rsa-sha1"
|
|
Packit Service |
d6b4c9 |
#if HAVE_DECL_LASSO_SIGNATURE_METHOD_RSA_SHA256
|
|
Packit Service |
d6b4c9 |
" rsa-sha256"
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
#if HAVE_DECL_LASSO_SIGNATURE_METHOD_RSA_SHA384
|
|
Packit Service |
d6b4c9 |
" rsa-sha384"
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
#if HAVE_DECL_LASSO_SIGNATURE_METHOD_RSA_SHA512
|
|
Packit Service |
d6b4c9 |
" rsa-sha512"
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (!strcasecmp(arg, "rsa-sha1")) {
|
|
Packit Service |
d6b4c9 |
d->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
#if HAVE_DECL_LASSO_SIGNATURE_METHOD_RSA_SHA256
|
|
Packit Service |
d6b4c9 |
else if (!strcasecmp(arg, "rsa-sha256")) {
|
|
Packit Service |
d6b4c9 |
d->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA256;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
#if HAVE_DECL_LASSO_SIGNATURE_METHOD_RSA_SHA384
|
|
Packit Service |
d6b4c9 |
else if (!strcasecmp(arg, "rsa-sha384")) {
|
|
Packit Service |
d6b4c9 |
d->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA384;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
#if HAVE_DECL_LASSO_SIGNATURE_METHOD_RSA_SHA512
|
|
Packit Service |
d6b4c9 |
else if (!strcasecmp(arg, "rsa-sha512")) {
|
|
Packit Service |
d6b4c9 |
d->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA512;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
else {
|
|
Packit Service |
d6b4c9 |
return apr_psprintf(cmd->pool,
|
|
Packit Service |
d6b4c9 |
"%s: Invalid method \"%s\", must be one of: %s",
|
|
Packit Service |
d6b4c9 |
cmd->cmd->name, arg, valid_methods);
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This array contains all the configuration directive which are handled
|
|
Packit Service |
d6b4c9 |
* by auth_mellon.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
const command_rec auth_mellon_commands[] = {
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Global configuration directives. */
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonCacheSize",
|
|
Packit Service |
d6b4c9 |
am_set_module_config_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_mod_cfg_rec, cache_size),
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"The number of sessions we can keep track of at once. You must"
|
|
Packit Service |
d6b4c9 |
" restart the server before any changes to this directive will"
|
|
Packit Service |
d6b4c9 |
" take effect. The default value is 100."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonCacheEntrySize",
|
|
Packit Service |
d6b4c9 |
am_set_module_config_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_mod_cfg_rec, entry_size),
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"The maximum size for a single session entry. You must"
|
|
Packit Service |
d6b4c9 |
" restart the server before any changes to this directive will"
|
|
Packit Service |
d6b4c9 |
" take effect. The default value is 192KiB."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonLockFile",
|
|
Packit Service |
d6b4c9 |
am_set_module_config_file_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_mod_cfg_rec, lock_file),
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"The lock file for session synchronization."
|
|
Packit Service |
d6b4c9 |
" Default value is \"/var/run/mod_auth_mellon.lock\"."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonPostDirectory",
|
|
Packit Service |
d6b4c9 |
am_set_module_config_file_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_dir),
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"The directory for saving POST requests."
|
|
Packit Service |
d6b4c9 |
" Not set by default."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonPostTTL",
|
|
Packit Service |
d6b4c9 |
am_set_module_config_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_ttl),
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"The time to live for saved POST requests in seconds."
|
|
Packit Service |
d6b4c9 |
" Default value is 900 (15 minutes)."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonPostCount",
|
|
Packit Service |
d6b4c9 |
am_set_module_config_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_count),
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"The maximum saved POST sessions at once."
|
|
Packit Service |
d6b4c9 |
" Default value is 100."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonPostSize",
|
|
Packit Service |
d6b4c9 |
am_set_module_config_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_size),
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"The maximum size of a saved POST, in bytes."
|
|
Packit Service |
d6b4c9 |
" Default value is 1048576 (1 MB)."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonDiagnosticsFile",
|
|
Packit Service |
d6b4c9 |
am_set_module_diag_file_slot,
|
|
Packit Service |
d6b4c9 |
#ifdef ENABLE_DIAGNOSTICS
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_diag_cfg_rec, filename),
|
|
Packit Service |
d6b4c9 |
#else
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"Diagnostics log file. [file|pipe] "
|
|
Packit Service |
d6b4c9 |
"If file then file is a filename, relative to the ServerRoot."
|
|
Packit Service |
d6b4c9 |
"If pipe then the filename is a pipe character \"|\", "
|
|
Packit Service |
d6b4c9 |
"followed by the path to a program to receive the log information "
|
|
Packit Service |
d6b4c9 |
"on its standard input. "
|
|
Packit Service |
d6b4c9 |
" Default value is \"logs/mellon_diagnostics\"."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_ITERATE(
|
|
Packit Service |
d6b4c9 |
"MellonDiagnosticsEnable",
|
|
Packit Service |
d6b4c9 |
am_set_module_diag_flags_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
RSRC_CONF,
|
|
Packit Service |
d6b4c9 |
"Diagnostics flags. [on|off] "
|
|
Packit Service |
d6b4c9 |
" Default value is \"off\"."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Per-location configuration directives. */
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonEnable",
|
|
Packit Service |
d6b4c9 |
am_set_enable_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Enable auth_mellon on a location. This can be set to 'off', 'info'"
|
|
Packit Service |
d6b4c9 |
" and 'auth'. 'off' disables auth_mellon for a location, 'info'"
|
|
Packit Service |
d6b4c9 |
" will only populate the environment with attributes if the user"
|
|
Packit Service |
d6b4c9 |
" has logged in already. 'auth' will redirect the user to the IdP"
|
|
Packit Service |
d6b4c9 |
" if he hasn't logged in yet, but otherwise behaves like 'info'."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonDecoder",
|
|
Packit Service |
d6b4c9 |
am_set_decoder_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Obsolete option, now a no-op for backwards compatibility."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonVariable",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, varname),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The name of the cookie which auth_mellon will set. Defaults to"
|
|
Packit Service |
d6b4c9 |
" 'cookie'. This string is appended to 'mellon-' to create the"
|
|
Packit Service |
d6b4c9 |
" cookie name, and the default name of the cookie will therefore"
|
|
Packit Service |
d6b4c9 |
" be 'mellon-cookie'."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonSecureCookie",
|
|
Packit Service |
d6b4c9 |
am_set_secure_slots,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Whether the cookie set by auth_mellon should have HttpOnly and"
|
|
Packit Service |
d6b4c9 |
" secure flags set. Default is 'off'. Once 'on' - both flags will"
|
|
Packit Service |
d6b4c9 |
" be set. Values 'httponly' or 'secure' will respectively set only"
|
|
Packit Service |
d6b4c9 |
" one flag."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonCookieDomain",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, cookie_domain),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The domain of the cookie which auth_mellon will set. Defaults to"
|
|
Packit Service |
d6b4c9 |
" the domain of the current request."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonCookiePath",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, cookie_path),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The path of the cookie which auth_mellon will set. Defaults to"
|
|
Packit Service |
d6b4c9 |
" '/'."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonCookieSameSite",
|
|
Packit Service |
d6b4c9 |
am_set_samesite_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The SameSite value for the auth_mellon cookie. Defaults to"
|
|
Packit Service |
d6b4c9 |
" having no SameSite value. Accepts values of Lax or Strict."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonUser",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, userattr),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Attribute to set as r->user. Defaults to NAME_ID, which is the"
|
|
Packit Service |
d6b4c9 |
" attribute we set to the identifier we receive from the IdP."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonIdP",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, idpattr),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Attribute we set to the IdP ProviderId."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE2(
|
|
Packit Service |
d6b4c9 |
"MellonSetEnv",
|
|
Packit Service |
d6b4c9 |
am_set_setenv_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
a2b39c |
"Renames attributes received from the server while retaining the"
|
|
Packit Service |
a2b39c |
" prefix. The prefix defaults to MELLON_ but can be changed with"
|
|
Packit Service |
a2b39c |
" MellonEnvPrefix."
|
|
Packit Service |
a2b39c |
" The format is MellonSetEnv <old name> <new name>."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE2(
|
|
Packit Service |
d6b4c9 |
"MellonSetEnvNoPrefix",
|
|
Packit Service |
d6b4c9 |
am_set_setenv_no_prefix_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Renames attributes received from the server without adding prefix. The format is"
|
|
Packit Service |
d6b4c9 |
" MellonSetEnvNoPrefix <old name> <new name>."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
a2b39c |
AP_INIT_TAKE1(
|
|
Packit Service |
a2b39c |
"MellonEnvPrefix",
|
|
Packit Service |
a2b39c |
ap_set_string_slot,
|
|
Packit Service |
a2b39c |
(void *)APR_OFFSETOF(am_dir_cfg_rec, env_prefix),
|
|
Packit Service |
a2b39c |
OR_AUTHCFG,
|
|
Packit Service |
a2b39c |
"The prefix to use for attributes received from the server."
|
|
Packit Service |
a2b39c |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_FLAG(
|
|
Packit Service |
d6b4c9 |
"MellonSessionDump",
|
|
Packit Service |
d6b4c9 |
ap_set_flag_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, dump_session),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Dump session in environment. Default is off"
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_FLAG(
|
|
Packit Service |
d6b4c9 |
"MellonSamlResponseDump",
|
|
Packit Service |
d6b4c9 |
ap_set_flag_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, dump_saml_response),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Dump SAML authentication response in environment. Default is off"
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_RAW_ARGS(
|
|
Packit Service |
d6b4c9 |
"MellonRequire",
|
|
Packit Service |
d6b4c9 |
am_set_require_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Attribute requirements for authorization. Allows you to restrict"
|
|
Packit Service |
d6b4c9 |
" access based on attributes received from the IdP. If you list"
|
|
Packit Service |
d6b4c9 |
" several MellonRequire configuration directives, then all of them"
|
|
Packit Service |
d6b4c9 |
" must match. Every MellonRequire can list several allowed values"
|
|
Packit Service |
d6b4c9 |
" for the attribute. The syntax is:"
|
|
Packit Service |
d6b4c9 |
" MellonRequire <attribute> <value1> [value2....]."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE23(
|
|
Packit Service |
d6b4c9 |
"MellonCond",
|
|
Packit Service |
d6b4c9 |
am_set_cond_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Attribute requirements for authorization. Allows you to restrict"
|
|
Packit Service |
d6b4c9 |
" access based on attributes received from the IdP. The syntax is:"
|
|
Packit Service |
d6b4c9 |
" MellonRequire <attribute> <value> [<options>]."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonSessionLength",
|
|
Packit Service |
d6b4c9 |
ap_set_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, session_length),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Maximum number of seconds a session will be valid for. Defaults"
|
|
Packit Service |
d6b4c9 |
" to 86400 seconds (1 day)."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonNoCookieErrorPage",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, no_cookie_error_page),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Web page to display if the user has disabled cookies. We will"
|
|
Packit Service |
d6b4c9 |
" return a 400 Bad Request error if this is unset and the user"
|
|
Packit Service |
d6b4c9 |
" ha disabled cookies."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonNoSuccessErrorPage",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, no_success_error_page),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Web page to display if the idp posts with a failed"
|
|
Packit Service |
d6b4c9 |
" authentication error. We will return a 401 Unauthorized error"
|
|
Packit Service |
d6b4c9 |
" if this is unset and the idp posts such assertion."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonSPMetadataFile",
|
|
Packit Service |
d6b4c9 |
am_set_file_contents_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_metadata_file),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Full path to xml file with metadata for the SP."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonSPPrivateKeyFile",
|
|
Packit Service |
d6b4c9 |
am_set_file_contents_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_private_key_file),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Full path to pem file with the private key for the SP."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonSPCertFile",
|
|
Packit Service |
d6b4c9 |
am_set_file_contents_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_cert_file),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Full path to pem file with certificate for the SP."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE12(
|
|
Packit Service |
d6b4c9 |
"MellonIdPMetadataFile",
|
|
Packit Service |
d6b4c9 |
am_set_idp_string_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Full path to xml metadata file for IdP, "
|
|
Packit Service |
d6b4c9 |
"with optional validating chain."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE12(
|
|
Packit Service |
d6b4c9 |
"MellonIdPMetadataGlob",
|
|
Packit Service |
d6b4c9 |
am_set_glob_fn12,
|
|
Packit Service |
d6b4c9 |
am_set_idp_string_slot,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Full path to xml metadata files for IdP, with glob(3) patterns. "
|
|
Packit Service |
d6b4c9 |
"An optional validating chain can be supplied."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonIdPPublicKeyFile",
|
|
Packit Service |
d6b4c9 |
am_set_file_pathname_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, idp_public_key_file),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Full path to pem file with the public key for the IdP."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonIdPCAFile",
|
|
Packit Service |
d6b4c9 |
am_set_file_pathname_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, idp_ca_file),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Full path to pem file with CA chain for the IdP."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE_ARGV(
|
|
Packit Service |
d6b4c9 |
"MellonIdPIgnore",
|
|
Packit Service |
d6b4c9 |
am_set_idp_ignore_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"List of IdP entityId to ignore."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonSPentityId",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_entity_id),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"SP entity Id to be used for metadata auto generation."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE12(
|
|
Packit Service |
d6b4c9 |
"MellonOrganizationName",
|
|
Packit Service |
d6b4c9 |
am_set_langstring_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_name),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Language-qualified oranization name."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE12(
|
|
Packit Service |
d6b4c9 |
"MellonOrganizationDisplayName",
|
|
Packit Service |
d6b4c9 |
am_set_langstring_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_display_name),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Language-qualified oranization name, human redable."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE12(
|
|
Packit Service |
d6b4c9 |
"MellonOrganizationURL",
|
|
Packit Service |
d6b4c9 |
am_set_langstring_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_url),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Language-qualified oranization URL."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonDefaultLoginPath",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, login_path),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The location where to redirect after IdP initiated login."
|
|
Packit Service |
d6b4c9 |
" Default value is \"/\"."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonDiscoveryURL",
|
|
Packit Service |
d6b4c9 |
ap_set_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, discovery_url),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The URL of IdP discovery service. Default is unset."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonProbeDiscoveryTimeout",
|
|
Packit Service |
d6b4c9 |
ap_set_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, probe_discovery_timeout),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The timeout in seconds of IdP probe discovery service. "
|
|
Packit Service |
d6b4c9 |
"The default is unset, which means that this feature is disabled."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE12(
|
|
Packit Service |
d6b4c9 |
"MellonProbeDiscoveryIdP",
|
|
Packit Service |
d6b4c9 |
am_set_table_string_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, probe_discovery_idp),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"An IdP that can be used for IdP probe discovery."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonEndpointPath",
|
|
Packit Service |
d6b4c9 |
am_set_endpoint_path,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"The root directory of the SAML2 endpoints, relative to the root"
|
|
Packit Service |
d6b4c9 |
" of the web server. Default value is \"/mellon/\", which will"
|
|
Packit Service |
d6b4c9 |
" make mod_mellon to the handler for every request to"
|
|
Packit Service |
d6b4c9 |
" \"http://<servername>/mellon/*\". The path you specify must"
|
|
Packit Service |
d6b4c9 |
" be contained within the current Location directive."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonAuthnContextClassRef",
|
|
Packit Service |
d6b4c9 |
am_set_authn_context_class_ref,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"A list of AuthnContextClassRef to request in the AuthnRequest and "
|
|
Packit Service |
d6b4c9 |
"to validate upon reception of an Assertion"
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_FLAG(
|
|
Packit Service |
d6b4c9 |
"MellonSubjectConfirmationDataAddressCheck",
|
|
Packit Service |
d6b4c9 |
ap_set_flag_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, subject_confirmation_data_address_check),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Check address given in SubjectConfirmationData Address attribute. Default is on."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_FLAG(
|
|
Packit Service |
d6b4c9 |
"MellonSendCacheControlHeader",
|
|
Packit Service |
d6b4c9 |
ap_set_flag_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, send_cache_control_header),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Send the cache-control header on responses. Default is on."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonDoNotVerifyLogoutSignature",
|
|
Packit Service |
d6b4c9 |
am_set_do_not_verify_logout_signature,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, do_not_verify_logout_signature),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"A list of entity of IdP whose logout requests signatures will not "
|
|
Packit Service |
d6b4c9 |
"be valided"
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_FLAG(
|
|
Packit Service |
d6b4c9 |
"MellonPostReplay",
|
|
Packit Service |
d6b4c9 |
ap_set_flag_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, post_replay),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Whether we should replay POST requests that trigger authentication. Default is off."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE12(
|
|
Packit Service |
d6b4c9 |
"MellonMergeEnvVars",
|
|
Packit Service |
d6b4c9 |
am_set_merge_env_vars,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Whether to merge environment variables multi-values or not. Default is off."
|
|
Packit Service |
d6b4c9 |
"When first parameter is on, optional second parameter is the separator, "
|
|
Packit Service |
d6b4c9 |
"defaulting to semicolon."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonEnvVarsIndexStart",
|
|
Packit Service |
d6b4c9 |
ap_set_int_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, env_vars_index_start),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Start indexing environment variables for multivalues with 0 or 1. Default is 0."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_FLAG(
|
|
Packit Service |
d6b4c9 |
"MellonEnvVarsSetCount",
|
|
Packit Service |
d6b4c9 |
ap_set_flag_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, env_vars_count_in_n),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Whether to also populate environment variable suffixed _N with number of values. Default is off."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_FLAG(
|
|
Packit Service |
d6b4c9 |
"MellonECPSendIDPList",
|
|
Packit Service |
d6b4c9 |
ap_set_flag_slot,
|
|
Packit Service |
d6b4c9 |
(void *)APR_OFFSETOF(am_dir_cfg_rec, ecp_send_idplist),
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Whether to send an ECP client a list of IdP's. Default is off."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE_ARGV(
|
|
Packit Service |
d6b4c9 |
"MellonRedirectDomains",
|
|
Packit Service |
d6b4c9 |
am_set_redirect_domains,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"List of domains we can redirect to."
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
AP_INIT_TAKE1(
|
|
Packit Service |
d6b4c9 |
"MellonSignatureMethod",
|
|
Packit Service |
d6b4c9 |
am_set_signature_method_slot,
|
|
Packit Service |
d6b4c9 |
NULL,
|
|
Packit Service |
d6b4c9 |
OR_AUTHCFG,
|
|
Packit Service |
d6b4c9 |
"Signature method used to sign SAML messages sent by Mellon"
|
|
Packit Service |
d6b4c9 |
),
|
|
Packit Service |
d6b4c9 |
{NULL}
|
|
Packit Service |
d6b4c9 |
};
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
const am_error_map_t auth_mellon_errormap[] = {
|
|
Packit Service |
d6b4c9 |
{ LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS, HTTP_UNAUTHORIZED },
|
|
Packit Service |
d6b4c9 |
#ifdef LASSO_PROFILE_ERROR_REQUEST_DENIED
|
|
Packit Service |
d6b4c9 |
{ LASSO_PROFILE_ERROR_REQUEST_DENIED, HTTP_UNAUTHORIZED },
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
{ 0, 0 }
|
|
Packit Service |
d6b4c9 |
};
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Release a lasso_server object associated with this configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* void *data The pointer to the configuration data.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* Always APR_SUCCESS.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static apr_status_t auth_mellon_free_server(void *data)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *dir = data;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (dir->server != NULL) {
|
|
Packit Service |
d6b4c9 |
lasso_server_destroy(dir->server);
|
|
Packit Service |
d6b4c9 |
dir->server = NULL;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return APR_SUCCESS;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function creates and initializes a directory configuration
|
|
Packit Service |
d6b4c9 |
* object for auth_mellon.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* apr_pool_t *p The pool we should allocate memory from.
|
|
Packit Service |
d6b4c9 |
* char *d Unused, always NULL.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* The new directory configuration object.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
void *auth_mellon_dir_config(apr_pool_t *p, char *d)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *dir = apr_palloc(p, sizeof(*dir));
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
apr_pool_cleanup_register(p, dir, auth_mellon_free_server,
|
|
Packit Service |
d6b4c9 |
auth_mellon_free_server);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->enable_mellon = am_enable_default;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->varname = default_cookie_name;
|
|
Packit Service |
d6b4c9 |
dir->secure = default_secure_cookie;
|
|
Packit Service |
d6b4c9 |
dir->http_only = default_http_only_cookie;
|
|
Packit Service |
d6b4c9 |
dir->merge_env_vars = default_merge_env_vars;
|
|
Packit Service |
d6b4c9 |
dir->env_vars_index_start = default_env_vars_index_start;
|
|
Packit Service |
d6b4c9 |
dir->env_vars_count_in_n = default_env_vars_count_in_n;
|
|
Packit Service |
d6b4c9 |
dir->cond = apr_array_make(p, 0, sizeof(am_cond_t));
|
|
Packit Service |
d6b4c9 |
dir->cookie_domain = NULL;
|
|
Packit Service |
d6b4c9 |
dir->cookie_path = NULL;
|
|
Packit Service |
d6b4c9 |
dir->cookie_samesite = am_samesite_default;
|
|
Packit Service |
d6b4c9 |
dir->envattr = apr_hash_make(p);
|
|
Packit Service |
a2b39c |
dir->env_prefix = default_env_prefix;
|
|
Packit Service |
d6b4c9 |
dir->userattr = default_user_attribute;
|
|
Packit Service |
d6b4c9 |
dir->idpattr = NULL;
|
|
Packit Service |
d6b4c9 |
dir->signature_method = inherit_signature_method;
|
|
Packit Service |
d6b4c9 |
dir->dump_session = default_dump_session;
|
|
Packit Service |
d6b4c9 |
dir->dump_saml_response = default_dump_saml_response;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->endpoint_path = default_endpoint_path;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->session_length = -1; /* -1 means use default. */
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->no_cookie_error_page = NULL;
|
|
Packit Service |
d6b4c9 |
dir->no_success_error_page = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->sp_metadata_file = NULL;
|
|
Packit Service |
d6b4c9 |
dir->sp_private_key_file = NULL;
|
|
Packit Service |
d6b4c9 |
dir->sp_cert_file = NULL;
|
|
Packit Service |
d6b4c9 |
dir->idp_metadata = apr_array_make(p, 0, sizeof(am_metadata_t));
|
|
Packit Service |
d6b4c9 |
dir->idp_public_key_file = NULL;
|
|
Packit Service |
d6b4c9 |
dir->idp_ca_file = NULL;
|
|
Packit Service |
d6b4c9 |
dir->idp_ignore = NULL;
|
|
Packit Service |
d6b4c9 |
dir->login_path = default_login_path;
|
|
Packit Service |
d6b4c9 |
dir->discovery_url = NULL;
|
|
Packit Service |
d6b4c9 |
dir->probe_discovery_timeout = -1; /* -1 means no probe discovery */
|
|
Packit Service |
d6b4c9 |
dir->probe_discovery_idp = apr_table_make(p, 0);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->sp_entity_id = NULL;
|
|
Packit Service |
d6b4c9 |
dir->sp_org_name = apr_hash_make(p);
|
|
Packit Service |
d6b4c9 |
dir->sp_org_display_name = apr_hash_make(p);
|
|
Packit Service |
d6b4c9 |
dir->sp_org_url = apr_hash_make(p);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p);
|
|
Packit Service |
d6b4c9 |
dir->inherit_server_from = dir;
|
|
Packit Service |
d6b4c9 |
dir->server = NULL;
|
|
Packit Service |
d6b4c9 |
dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *));
|
|
Packit Service |
d6b4c9 |
dir->subject_confirmation_data_address_check = inherit_subject_confirmation_data_address_check;
|
|
Packit Service |
d6b4c9 |
dir->send_cache_control_header = inherit_send_cache_control_header;
|
|
Packit Service |
d6b4c9 |
dir->do_not_verify_logout_signature = apr_hash_make(p);
|
|
Packit Service |
d6b4c9 |
dir->post_replay = inherit_post_replay;
|
|
Packit Service |
d6b4c9 |
dir->redirect_domains = default_redirect_domains;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
dir->ecp_send_idplist = inherit_ecp_send_idplist;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return dir;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* Determine whether this configuration changes anything relevant to the
|
|
Packit Service |
d6b4c9 |
* lasso_server configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* am_dir_cfg_rec *add_cfg The new configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* true if we can inherit the lasso_server object, false if not.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
static bool cfg_can_inherit_lasso_server(const am_dir_cfg_rec *add_cfg)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
if (add_cfg->endpoint_path != default_endpoint_path)
|
|
Packit Service |
d6b4c9 |
return false;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (add_cfg->sp_metadata_file != NULL
|
|
Packit Service |
d6b4c9 |
|| add_cfg->sp_private_key_file != NULL
|
|
Packit Service |
d6b4c9 |
|| add_cfg->sp_cert_file != NULL)
|
|
Packit Service |
d6b4c9 |
return false;
|
|
Packit Service |
d6b4c9 |
if (add_cfg->idp_metadata->nelts > 0
|
|
Packit Service |
d6b4c9 |
|| add_cfg->idp_public_key_file != NULL
|
|
Packit Service |
d6b4c9 |
|| add_cfg->idp_ca_file != NULL
|
|
Packit Service |
d6b4c9 |
|| add_cfg->idp_ignore != NULL)
|
|
Packit Service |
d6b4c9 |
return false;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (apr_hash_count(add_cfg->sp_org_name) > 0
|
|
Packit Service |
d6b4c9 |
|| apr_hash_count(add_cfg->sp_org_display_name) > 0
|
|
Packit Service |
d6b4c9 |
|| apr_hash_count(add_cfg->sp_org_url) > 0)
|
|
Packit Service |
d6b4c9 |
return false;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return true;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function merges two am_dir_cfg_rec structures.
|
|
Packit Service |
d6b4c9 |
* It will try to inherit from the base where possible.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* apr_pool_t *p The pool we should allocate memory from.
|
|
Packit Service |
d6b4c9 |
* void *base The original structure.
|
|
Packit Service |
d6b4c9 |
* void *add The structure we should add to base.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* The merged structure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *base_cfg = (am_dir_cfg_rec *)base;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *add_cfg = (am_dir_cfg_rec *)add;
|
|
Packit Service |
d6b4c9 |
am_dir_cfg_rec *new_cfg;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg = (am_dir_cfg_rec *)apr_palloc(p, sizeof(*new_cfg));
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
apr_pool_cleanup_register(p, new_cfg, auth_mellon_free_server,
|
|
Packit Service |
d6b4c9 |
auth_mellon_free_server);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->enable_mellon = (add_cfg->enable_mellon != am_enable_default ?
|
|
Packit Service |
d6b4c9 |
add_cfg->enable_mellon :
|
|
Packit Service |
d6b4c9 |
base_cfg->enable_mellon);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->varname = (add_cfg->varname != default_cookie_name ?
|
|
Packit Service |
d6b4c9 |
add_cfg->varname :
|
|
Packit Service |
d6b4c9 |
base_cfg->varname);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->secure = (add_cfg->secure != default_secure_cookie ?
|
|
Packit Service |
d6b4c9 |
add_cfg->secure :
|
|
Packit Service |
d6b4c9 |
base_cfg->secure);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->http_only = (add_cfg->http_only != default_http_only_cookie ?
|
|
Packit Service |
d6b4c9 |
add_cfg->http_only :
|
|
Packit Service |
d6b4c9 |
base_cfg->http_only);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->merge_env_vars = (add_cfg->merge_env_vars != default_merge_env_vars ?
|
|
Packit Service |
d6b4c9 |
add_cfg->merge_env_vars :
|
|
Packit Service |
d6b4c9 |
base_cfg->merge_env_vars);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->env_vars_index_start = (add_cfg->env_vars_index_start != default_env_vars_index_start ?
|
|
Packit Service |
d6b4c9 |
add_cfg->env_vars_index_start :
|
|
Packit Service |
d6b4c9 |
base_cfg->env_vars_index_start);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->env_vars_count_in_n = (add_cfg->env_vars_count_in_n != default_env_vars_count_in_n ?
|
|
Packit Service |
d6b4c9 |
add_cfg->env_vars_count_in_n :
|
|
Packit Service |
d6b4c9 |
base_cfg->env_vars_count_in_n);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->cookie_domain = (add_cfg->cookie_domain != NULL ?
|
|
Packit Service |
d6b4c9 |
add_cfg->cookie_domain :
|
|
Packit Service |
d6b4c9 |
base_cfg->cookie_domain);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->cookie_path = (add_cfg->cookie_path != NULL ?
|
|
Packit Service |
d6b4c9 |
add_cfg->cookie_path :
|
|
Packit Service |
d6b4c9 |
base_cfg->cookie_path);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->cookie_samesite = (add_cfg->cookie_samesite != am_samesite_default ?
|
|
Packit Service |
d6b4c9 |
add_cfg->cookie_samesite :
|
|
Packit Service |
d6b4c9 |
base_cfg->cookie_samesite);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->cond = apr_array_copy(p,
|
|
Packit Service |
d6b4c9 |
(!apr_is_empty_array(add_cfg->cond)) ?
|
|
Packit Service |
d6b4c9 |
add_cfg->cond :
|
|
Packit Service |
d6b4c9 |
base_cfg->cond);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->envattr = apr_hash_copy(p,
|
|
Packit Service |
d6b4c9 |
(apr_hash_count(add_cfg->envattr) > 0) ?
|
|
Packit Service |
d6b4c9 |
add_cfg->envattr :
|
|
Packit Service |
d6b4c9 |
base_cfg->envattr);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
a2b39c |
new_cfg->env_prefix = (add_cfg->env_prefix != default_env_prefix ?
|
|
Packit Service |
a2b39c |
add_cfg->env_prefix :
|
|
Packit Service |
a2b39c |
base_cfg->env_prefix);
|
|
Packit Service |
a2b39c |
|
|
Packit Service |
d6b4c9 |
new_cfg->userattr = (add_cfg->userattr != default_user_attribute ?
|
|
Packit Service |
d6b4c9 |
add_cfg->userattr :
|
|
Packit Service |
d6b4c9 |
base_cfg->userattr);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->idpattr = (add_cfg->idpattr != NULL ?
|
|
Packit Service |
d6b4c9 |
add_cfg->idpattr :
|
|
Packit Service |
d6b4c9 |
base_cfg->idpattr);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->signature_method = CFG_MERGE(add_cfg, base_cfg, signature_method);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->dump_session = (add_cfg->dump_session != default_dump_session ?
|
|
Packit Service |
d6b4c9 |
add_cfg->dump_session :
|
|
Packit Service |
d6b4c9 |
base_cfg->dump_session);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->dump_saml_response =
|
|
Packit Service |
d6b4c9 |
(add_cfg->dump_saml_response != default_dump_saml_response ?
|
|
Packit Service |
d6b4c9 |
add_cfg->dump_saml_response :
|
|
Packit Service |
d6b4c9 |
base_cfg->dump_saml_response);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->endpoint_path = (
|
|
Packit Service |
d6b4c9 |
add_cfg->endpoint_path != default_endpoint_path ?
|
|
Packit Service |
d6b4c9 |
add_cfg->endpoint_path :
|
|
Packit Service |
d6b4c9 |
base_cfg->endpoint_path
|
|
Packit Service |
d6b4c9 |
);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->session_length = (add_cfg->session_length != -1 ?
|
|
Packit Service |
d6b4c9 |
add_cfg->session_length :
|
|
Packit Service |
d6b4c9 |
base_cfg->session_length);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->no_cookie_error_page = (add_cfg->no_cookie_error_page != NULL ?
|
|
Packit Service |
d6b4c9 |
add_cfg->no_cookie_error_page :
|
|
Packit Service |
d6b4c9 |
base_cfg->no_cookie_error_page);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->no_success_error_page = (add_cfg->no_success_error_page != NULL ?
|
|
Packit Service |
d6b4c9 |
add_cfg->no_success_error_page :
|
|
Packit Service |
d6b4c9 |
base_cfg->no_success_error_page);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->sp_metadata_file = (add_cfg->sp_metadata_file ?
|
|
Packit Service |
d6b4c9 |
add_cfg->sp_metadata_file :
|
|
Packit Service |
d6b4c9 |
base_cfg->sp_metadata_file);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->sp_private_key_file = (add_cfg->sp_private_key_file ?
|
|
Packit Service |
d6b4c9 |
add_cfg->sp_private_key_file :
|
|
Packit Service |
d6b4c9 |
base_cfg->sp_private_key_file);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->sp_cert_file = (add_cfg->sp_cert_file ?
|
|
Packit Service |
d6b4c9 |
add_cfg->sp_cert_file :
|
|
Packit Service |
d6b4c9 |
base_cfg->sp_cert_file);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->idp_metadata = (add_cfg->idp_metadata->nelts ?
|
|
Packit Service |
d6b4c9 |
add_cfg->idp_metadata :
|
|
Packit Service |
d6b4c9 |
base_cfg->idp_metadata);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->idp_public_key_file = (add_cfg->idp_public_key_file ?
|
|
Packit Service |
d6b4c9 |
add_cfg->idp_public_key_file :
|
|
Packit Service |
d6b4c9 |
base_cfg->idp_public_key_file);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->idp_ca_file = (add_cfg->idp_ca_file ?
|
|
Packit Service |
d6b4c9 |
add_cfg->idp_ca_file :
|
|
Packit Service |
d6b4c9 |
base_cfg->idp_ca_file);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->idp_ignore = add_cfg->idp_ignore != NULL ?
|
|
Packit Service |
d6b4c9 |
add_cfg->idp_ignore :
|
|
Packit Service |
d6b4c9 |
base_cfg->idp_ignore;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->sp_entity_id = (add_cfg->sp_entity_id ?
|
|
Packit Service |
d6b4c9 |
add_cfg->sp_entity_id :
|
|
Packit Service |
d6b4c9 |
base_cfg->sp_entity_id);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->sp_org_name = apr_hash_copy(p,
|
|
Packit Service |
d6b4c9 |
(apr_hash_count(add_cfg->sp_org_name) > 0) ?
|
|
Packit Service |
d6b4c9 |
add_cfg->sp_org_name :
|
|
Packit Service |
d6b4c9 |
base_cfg->sp_org_name);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->sp_org_display_name = apr_hash_copy(p,
|
|
Packit Service |
d6b4c9 |
(apr_hash_count(add_cfg->sp_org_display_name) > 0) ?
|
|
Packit Service |
d6b4c9 |
add_cfg->sp_org_display_name :
|
|
Packit Service |
d6b4c9 |
base_cfg->sp_org_display_name);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->sp_org_url = apr_hash_copy(p,
|
|
Packit Service |
d6b4c9 |
(apr_hash_count(add_cfg->sp_org_url) > 0) ?
|
|
Packit Service |
d6b4c9 |
add_cfg->sp_org_url :
|
|
Packit Service |
d6b4c9 |
base_cfg->sp_org_url);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->login_path = (add_cfg->login_path != default_login_path ?
|
|
Packit Service |
d6b4c9 |
add_cfg->login_path :
|
|
Packit Service |
d6b4c9 |
base_cfg->login_path);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->discovery_url = (add_cfg->discovery_url ?
|
|
Packit Service |
d6b4c9 |
add_cfg->discovery_url :
|
|
Packit Service |
d6b4c9 |
base_cfg->discovery_url);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->probe_discovery_timeout =
|
|
Packit Service |
d6b4c9 |
(add_cfg->probe_discovery_timeout != -1 ?
|
|
Packit Service |
d6b4c9 |
add_cfg->probe_discovery_timeout :
|
|
Packit Service |
d6b4c9 |
base_cfg->probe_discovery_timeout);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->probe_discovery_idp = apr_table_copy(p,
|
|
Packit Service |
d6b4c9 |
(!apr_is_empty_table(add_cfg->probe_discovery_idp)) ?
|
|
Packit Service |
d6b4c9 |
add_cfg->probe_discovery_idp :
|
|
Packit Service |
d6b4c9 |
base_cfg->probe_discovery_idp);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
if (cfg_can_inherit_lasso_server(add_cfg)) {
|
|
Packit Service |
d6b4c9 |
new_cfg->inherit_server_from = base_cfg->inherit_server_from;
|
|
Packit Service |
d6b4c9 |
} else {
|
|
Packit Service |
d6b4c9 |
apr_thread_mutex_create(&new_cfg->server_mutex,
|
|
Packit Service |
d6b4c9 |
APR_THREAD_MUTEX_DEFAULT, p);
|
|
Packit Service |
d6b4c9 |
new_cfg->inherit_server_from = new_cfg;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->server = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->authn_context_class_ref = (add_cfg->authn_context_class_ref->nelts ?
|
|
Packit Service |
d6b4c9 |
add_cfg->authn_context_class_ref :
|
|
Packit Service |
d6b4c9 |
base_cfg->authn_context_class_ref);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->do_not_verify_logout_signature = apr_hash_copy(p,
|
|
Packit Service |
d6b4c9 |
(apr_hash_count(add_cfg->do_not_verify_logout_signature) > 0) ?
|
|
Packit Service |
d6b4c9 |
add_cfg->do_not_verify_logout_signature :
|
|
Packit Service |
d6b4c9 |
base_cfg->do_not_verify_logout_signature);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->subject_confirmation_data_address_check =
|
|
Packit Service |
d6b4c9 |
CFG_MERGE(add_cfg, base_cfg, subject_confirmation_data_address_check);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->send_cache_control_header =
|
|
Packit Service |
d6b4c9 |
CFG_MERGE(add_cfg, base_cfg, send_cache_control_header);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->post_replay = CFG_MERGE(add_cfg, base_cfg, post_replay);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->ecp_send_idplist = CFG_MERGE(add_cfg, base_cfg, ecp_send_idplist);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->redirect_domains =
|
|
Packit Service |
d6b4c9 |
(add_cfg->redirect_domains != default_redirect_domains ?
|
|
Packit Service |
d6b4c9 |
add_cfg->redirect_domains :
|
|
Packit Service |
d6b4c9 |
base_cfg->redirect_domains);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return new_cfg;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function creates a new per-server configuration.
|
|
Packit Service |
d6b4c9 |
* auth_mellon uses the server configuration to store a pointer
|
|
Packit Service |
d6b4c9 |
* to the global module configuration.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* apr_pool_t *p The pool we should allocate memory from.
|
|
Packit Service |
d6b4c9 |
* server_rec *s The server we should add our configuration to.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* The new per-server configuration.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
void *auth_mellon_server_config(apr_pool_t *p, server_rec *s)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_srv_cfg_rec *srv;
|
|
Packit Service |
d6b4c9 |
am_mod_cfg_rec *mod;
|
|
Packit Service |
d6b4c9 |
const char key[] = "auth_mellon_server_config";
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
srv = apr_palloc(p, sizeof(*srv));
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#ifdef ENABLE_DIAGNOSTICS
|
|
Packit Service |
d6b4c9 |
srv->diag_cfg.filename = default_diag_filename;
|
|
Packit Service |
d6b4c9 |
srv->diag_cfg.fd = NULL;
|
|
Packit Service |
d6b4c9 |
srv->diag_cfg.flags = default_diag_flags;
|
|
Packit Service |
d6b4c9 |
srv->diag_cfg.dir_cfg_emitted = apr_table_make(p, 0);
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* we want to keeep our global configuration of shared memory and
|
|
Packit Service |
d6b4c9 |
* mutexes, so we try to find it in the userdata before doing anything
|
|
Packit Service |
d6b4c9 |
* else */
|
|
Packit Service |
d6b4c9 |
apr_pool_userdata_get((void **)&mod, key, p);
|
|
Packit Service |
d6b4c9 |
if (mod) {
|
|
Packit Service |
d6b4c9 |
srv->mc = mod;
|
|
Packit Service |
d6b4c9 |
return srv;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* the module has not been initiated at all */
|
|
Packit Service |
d6b4c9 |
mod = apr_palloc(p, sizeof(*mod));
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
mod->cache_size = 100; /* ought to be enough for everybody */
|
|
Packit Service |
d6b4c9 |
mod->lock_file = "/var/run/mod_auth_mellon.lock";
|
|
Packit Service |
d6b4c9 |
mod->post_dir = NULL;
|
|
Packit Service |
d6b4c9 |
mod->post_ttl = post_ttl;
|
|
Packit Service |
d6b4c9 |
mod->post_count = post_count;
|
|
Packit Service |
d6b4c9 |
mod->post_size = post_size;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
mod->entry_size = AM_CACHE_DEFAULT_ENTRY_SIZE;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
mod->init_cache_size = 0;
|
|
Packit Service |
d6b4c9 |
mod->init_lock_file = NULL;
|
|
Packit Service |
d6b4c9 |
mod->init_entry_size = 0;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
mod->cache = NULL;
|
|
Packit Service |
d6b4c9 |
mod->lock = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
apr_pool_userdata_set(mod, key, apr_pool_cleanup_null, p);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
srv->mc = mod;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return srv;
|
|
Packit Service |
d6b4c9 |
}
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
/* This function merges two am_srv_cfg_rec structures.
|
|
Packit Service |
d6b4c9 |
* It will try to inherit from the base where possible.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Parameters:
|
|
Packit Service |
d6b4c9 |
* apr_pool_t *p The pool we should allocate memory from.
|
|
Packit Service |
d6b4c9 |
* void *base The original structure.
|
|
Packit Service |
d6b4c9 |
* void *add The structure we should add to base.
|
|
Packit Service |
d6b4c9 |
*
|
|
Packit Service |
d6b4c9 |
* Returns:
|
|
Packit Service |
d6b4c9 |
* The merged structure.
|
|
Packit Service |
d6b4c9 |
*/
|
|
Packit Service |
d6b4c9 |
void *auth_mellon_srv_merge(apr_pool_t *p, void *base, void *add)
|
|
Packit Service |
d6b4c9 |
{
|
|
Packit Service |
d6b4c9 |
am_srv_cfg_rec *base_cfg = (am_srv_cfg_rec *)base;
|
|
Packit Service |
d6b4c9 |
am_srv_cfg_rec *new_cfg;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg = (am_srv_cfg_rec *)apr_palloc(p, sizeof(*new_cfg));
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->mc = base_cfg->mc;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#ifdef ENABLE_DIAGNOSTICS
|
|
Packit Service |
d6b4c9 |
am_srv_cfg_rec *add_cfg = (am_srv_cfg_rec *)add;
|
|
Packit Service |
d6b4c9 |
new_cfg->diag_cfg.filename = (add_cfg->diag_cfg.filename !=
|
|
Packit Service |
d6b4c9 |
default_diag_filename ?
|
|
Packit Service |
d6b4c9 |
add_cfg->diag_cfg.filename :
|
|
Packit Service |
d6b4c9 |
base_cfg->diag_cfg.filename);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->diag_cfg.fd = NULL;
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->diag_cfg.flags = (add_cfg->diag_cfg.flags !=
|
|
Packit Service |
d6b4c9 |
default_diag_flags ?
|
|
Packit Service |
d6b4c9 |
add_cfg->diag_cfg.flags :
|
|
Packit Service |
d6b4c9 |
base_cfg->diag_cfg.flags);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
new_cfg->diag_cfg.dir_cfg_emitted = apr_table_make(p, 0);
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
#endif
|
|
Packit Service |
d6b4c9 |
|
|
Packit Service |
d6b4c9 |
return new_cfg;
|
|
Packit Service |
d6b4c9 |
}
|