summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2009-07-08 18:28:22 +0000
committerStef Walter <stef@memberwebs.com>2009-07-08 18:28:22 +0000
commit8404c16590fe901162bf4d05a21f2fb0de9448ce (patch)
tree78c54975a1f83f5c5d0344d5378589fa15278af9
parent9bd710f621039360411d02ba81121e0789d53978 (diff)
Find the right cookie if multiple are present. Also sign properly if no values.
-rw-r--r--module/mod_auth_singleid.c90
1 files changed, 45 insertions, 45 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index 65f3342..94a39da 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -533,42 +533,6 @@ session_initialize (apr_pool_t *p, server_rec *s)
return status;
}
-static const char*
-session_cookie_value (request_rec *r, const char *name)
-{
- const char *cookies;
- const char *value;
- char *pair;
-
- cookies = apr_table_get (r->headers_in, "Cookie");
- if (cookies == NULL)
- return NULL;
-
- while (*cookies) {
- pair = get_token (r->pool, &cookies, ";");
- if (!pair)
- break;
- if (pair[0] == '$')
- continue;
-
- value = ap_stripprefix (pair, name);
- if (value == pair)
- continue;
- while (isspace (*value))
- ++value;
-
- if (*value != '=')
- continue;
- ++value;
- while (isspace (*value))
- ++value;
-
- return value;
- }
-
- return NULL;
-}
-
static char*
session_create_sig (apr_pool_t *p, const char *value)
{
@@ -595,19 +559,14 @@ session_validate_sig (apr_pool_t *p, const char *sig, const char *value)
}
static sid_session_t*
-session_load_info (sid_context_t *ctx, request_rec *r)
+session_parse_info (sid_context_t *ctx, request_rec *r, const char *value)
{
sid_session_t *sess;
- const char *value;
char *token, *sig, *end;
char *identifier;
char **here;
long expiry;
- value = session_cookie_value (r, ctx->cookie_name);
- if (!value)
- return NULL;
-
sig = get_token (r->pool, &value, " ");
if (!sig || !session_validate_sig (r->pool, sig, value)) {
ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
@@ -615,7 +574,7 @@ session_load_info (sid_context_t *ctx, request_rec *r)
return NULL;
}
- /* The version of the session info, only 1 supported for now */
+ /* The version of the session info, only version 2 supported */
token = get_token (r->pool, &value, " ");
if (!token || strcmp (token, "2") != 0) {
ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
@@ -664,6 +623,46 @@ session_load_info (sid_context_t *ctx, request_rec *r)
return sess;
}
+static sid_session_t*
+session_load_info (sid_context_t *ctx, request_rec *r)
+{
+ sid_session_t *sess;
+ const char *cookies;
+ const char *value;
+ char *pair;
+
+ cookies = apr_table_get (r->headers_in, "Cookie");
+ if (cookies == NULL)
+ return NULL;
+
+ while (*cookies) {
+ pair = get_token (r->pool, &cookies, ";");
+ if (!pair)
+ break;
+ if (pair[0] == '$')
+ continue;
+
+ value = ap_stripprefix (pair, ctx->cookie_name);
+ if (value == pair)
+ continue;
+ while (isspace (*value))
+ ++value;
+
+ if (*value != '=')
+ continue;
+ ++value;
+ while (isspace (*value))
+ ++value;
+
+ /* Try to parse this cookie */
+ sess = session_parse_info (ctx, r, value);
+ if (sess != NULL)
+ return sess;
+ }
+
+ return NULL;
+}
+
static void
session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess)
{
@@ -676,8 +675,9 @@ session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess)
values = "";
/* Create the cookie value and sign it */
- payload = apr_psprintf (r->pool, "2 %ld \"%s\" %s", (long)sess->expiry,
- ap_escape_quotes (r->pool, sess->identifier), values);
+ payload = apr_psprintf (r->pool, "2 %ld \"%s\"%s%s", (long)sess->expiry,
+ ap_escape_quotes (r->pool, sess->identifier),
+ values && values[0] ? " " : "", values);
sig = session_create_sig (r->pool, payload);
/* Build up the full cookie spec */