diff options
| author | Stef Walter <stef@memberwebs.com> | 2009-06-18 19:52:59 +0000 |
|---|---|---|
| committer | Stef Walter <stef@memberwebs.com> | 2009-06-18 19:52:59 +0000 |
| commit | 8f6924e190a7ed0d424fbe2e2a2a681366fe79bc (patch) | |
| tree | 434876c7e859f370b747bfb6c860468f4d5c9a67 | |
| parent | 8d5aadc77ea8b00558101f0258d7494ebe65c292 (diff) | |
Add ability to parse out user name from identifier, and add environment variable for identifier.
| -rw-r--r-- | module/mod_auth_singleid.c | 74 |
1 files changed, 70 insertions, 4 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c index 9c38434..bdd8f6d 100644 --- a/module/mod_auth_singleid.c +++ b/module/mod_auth_singleid.c @@ -37,6 +37,7 @@ */ #include <ap_config.h> +#include <ap_regex.h> #include <httpd.h> #include <http_core.h> @@ -64,17 +65,26 @@ #include "config.h" #include "mod_auth_singleid.h" +#include <assert.h> #include <ctype.h> #include <unistd.h> extern module AP_MODULE_DECLARE_DATA auth_singleid_module; +enum { + NONE = 0, + SUFFIX = 1, + REGEX = 2 +}; + /* * Per directory configuration. */ typedef struct sid_context { const char *trust_root; const char *identifier; + int user_match; + ap_regex_t *converter; sid_storage_t *store; } sid_context_t; @@ -274,11 +284,36 @@ set_trust_root (cmd_parms* cmd, void* config, const char* val) return NULL; } +static const char* +set_user_match (cmd_parms *cmd, void *config, const char *val) +{ + sid_context_t *ctx = config; + + /* Remove extraneous spaces */ + while (isspace (*val)) + ++val; + + if (strcmp (val, "suffix") == 0 && !isalpha (val[6])) { + ctx->user_match = SUFFIX; + return NULL; + } + + /* Try to compile as a regular expression */ + ctx->converter = ap_pregcomp (cmd->pool, val, AP_REG_EXTENDED | AP_REG_ICASE | AP_REG_NEWLINE); + if (!ctx->converter) + return "Invalid regular expression in SingleUserMatch"; + + ctx->user_match = REGEX; + return NULL; +} + static const command_rec command_table[] = { - AP_INIT_TAKE1( "SingleIdentifier", set_identifier, NULL, OR_AUTHCFG, + AP_INIT_TAKE1 ("SingleIdentifier", set_identifier, NULL, OR_AUTHCFG, "The OpenID identifier we should perform ID selection on when authenticating" ), - AP_INIT_TAKE1( "SingleTrustRoot", set_trust_root, NULL, OR_AUTHCFG, - "The OpenID Trust Root of this site."), + AP_INIT_TAKE1 ("SingleTrustRoot", set_trust_root, NULL, OR_AUTHCFG, + "The OpenID trust root of this site."), + AP_INIT_RAW_ARGS ("SingleUserMatch", set_user_match, NULL, OR_AUTHCFG, + "How to convert an OpenID identifier into a user name" ), { NULL } }; @@ -527,8 +562,39 @@ sid_request_respond (sid_request_t *req, int code, const char *reason, static void set_request_authenticated (request_rec *r, sid_session_t *sess) { - r->user = sess->identifier; + ap_regmatch_t matches[AP_MAX_REG_MATCH]; + char *user = NULL; + sid_context_t *ctx; + + ctx = ap_get_module_config (r->per_dir_config, &auth_singleid_module); + assert (ctx); + + /* Try and calculate a user name */ + switch (ctx->user_match) { + case SUFFIX: + if (ctx->identifier) { + user = (char*)ap_stripprefix (sess->identifier, ctx->identifier); + if (user != sess->identifier) { + /* Some delimiters that we strip from between value and identifier */ + while (strchr ("?/#", *user)) + ++user; + } + } + break; + + case REGEX: + assert (ctx->converter); + if (ap_regexec (ctx->converter, sess->identifier, AP_MAX_REG_MATCH, matches, 0) == 0) + user = ap_pregsub (r->pool, "$1", sess->identifier, AP_MAX_REG_MATCH, matches); + break; + } + + if (!user) + user = sess->identifier; + + r->user = user; r->ap_auth_type = SID_AUTHTYPE; + apr_table_set (r->subprocess_env, "OPENID_IDENTIFIER", sess->identifier); ap_set_module_config (r->request_config, &auth_singleid_module, sess); } |