summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--module/mod_auth_singleid.c74
1 files changed, 70 insertions, 4 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index 9c38434..bdd8f6d 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -37,6 +37,7 @@
*/
#include <ap_config.h>
+#include <ap_regex.h>
#include <httpd.h>
#include <http_core.h>
@@ -64,17 +65,26 @@
#include "config.h"
#include "mod_auth_singleid.h"
+#include <assert.h>
#include <ctype.h>
#include <unistd.h>
extern module AP_MODULE_DECLARE_DATA auth_singleid_module;
+enum {
+ NONE = 0,
+ SUFFIX = 1,
+ REGEX = 2
+};
+
/*
* Per directory configuration.
*/
typedef struct sid_context {
const char *trust_root;
const char *identifier;
+ int user_match;
+ ap_regex_t *converter;
sid_storage_t *store;
} sid_context_t;
@@ -274,11 +284,36 @@ set_trust_root (cmd_parms* cmd, void* config, const char* val)
return NULL;
}
+static const char*
+set_user_match (cmd_parms *cmd, void *config, const char *val)
+{
+ sid_context_t *ctx = config;
+
+ /* Remove extraneous spaces */
+ while (isspace (*val))
+ ++val;
+
+ if (strcmp (val, "suffix") == 0 && !isalpha (val[6])) {
+ ctx->user_match = SUFFIX;
+ return NULL;
+ }
+
+ /* Try to compile as a regular expression */
+ ctx->converter = ap_pregcomp (cmd->pool, val, AP_REG_EXTENDED | AP_REG_ICASE | AP_REG_NEWLINE);
+ if (!ctx->converter)
+ return "Invalid regular expression in SingleUserMatch";
+
+ ctx->user_match = REGEX;
+ return NULL;
+}
+
static const command_rec command_table[] = {
- AP_INIT_TAKE1( "SingleIdentifier", set_identifier, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE1 ("SingleIdentifier", set_identifier, NULL, OR_AUTHCFG,
"The OpenID identifier we should perform ID selection on when authenticating" ),
- AP_INIT_TAKE1( "SingleTrustRoot", set_trust_root, NULL, OR_AUTHCFG,
- "The OpenID Trust Root of this site."),
+ AP_INIT_TAKE1 ("SingleTrustRoot", set_trust_root, NULL, OR_AUTHCFG,
+ "The OpenID trust root of this site."),
+ AP_INIT_RAW_ARGS ("SingleUserMatch", set_user_match, NULL, OR_AUTHCFG,
+ "How to convert an OpenID identifier into a user name" ),
{ NULL }
};
@@ -527,8 +562,39 @@ sid_request_respond (sid_request_t *req, int code, const char *reason,
static void
set_request_authenticated (request_rec *r, sid_session_t *sess)
{
- r->user = sess->identifier;
+ ap_regmatch_t matches[AP_MAX_REG_MATCH];
+ char *user = NULL;
+ sid_context_t *ctx;
+
+ ctx = ap_get_module_config (r->per_dir_config, &auth_singleid_module);
+ assert (ctx);
+
+ /* Try and calculate a user name */
+ switch (ctx->user_match) {
+ case SUFFIX:
+ if (ctx->identifier) {
+ user = (char*)ap_stripprefix (sess->identifier, ctx->identifier);
+ if (user != sess->identifier) {
+ /* Some delimiters that we strip from between value and identifier */
+ while (strchr ("?/#", *user))
+ ++user;
+ }
+ }
+ break;
+
+ case REGEX:
+ assert (ctx->converter);
+ if (ap_regexec (ctx->converter, sess->identifier, AP_MAX_REG_MATCH, matches, 0) == 0)
+ user = ap_pregsub (r->pool, "$1", sess->identifier, AP_MAX_REG_MATCH, matches);
+ break;
+ }
+
+ if (!user)
+ user = sess->identifier;
+
+ r->user = user;
r->ap_auth_type = SID_AUTHTYPE;
+ apr_table_set (r->subprocess_env, "OPENID_IDENTIFIER", sess->identifier);
ap_set_module_config (r->request_config, &auth_singleid_module, sess);
}