diff options
| -rw-r--r-- | module/mod_auth_singleid.c | 51 | 
1 files changed, 36 insertions, 15 deletions
| diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c index 541ded1..4ee7421 100644 --- a/module/mod_auth_singleid.c +++ b/module/mod_auth_singleid.c @@ -67,10 +67,13 @@  #include <assert.h>  #include <ctype.h> +#include <string.h>  #include <unistd.h>  extern module AP_MODULE_DECLARE_DATA auth_singleid_module; +#define VALID_NAME "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-." +  enum {  	NONE = 0,  	SUFFIX = 1, @@ -83,6 +86,7 @@ enum {  typedef struct sid_context {  	const char *trust_root;  	const char *identifier; +	const char *cookie_name;  	int user_match;  	ap_regex_t *converter;  	sid_storage_t *store; @@ -250,6 +254,7 @@ dir_config_creator (apr_pool_t* p, char* dir)  {  	sid_context_t* ctx = apr_pcalloc (p, sizeof (*ctx));  	memset (ctx, 0, sizeof (*ctx)); +	ctx->cookie_name = "mod-auth-singleid";    	return ctx;  } @@ -325,6 +330,20 @@ set_cache_size (cmd_parms *cmd, void *config, const char *val)  	return NULL;  } +static const char* +set_cookie_name (cmd_parms *cmd, void *config, const char *val) +{ +	sid_context_t *ctx = config; +	const char *end; + +	end = val + strspn (val, VALID_NAME); +	if (*val == '\0' || *end != '\0') +		return "Not a valid cookie name in SingleCookieName"; + +	ctx->cookie_name = apr_pstrdup (cmd->pool, val); +	return NULL; +} +  static const command_rec command_table[] = {  	AP_INIT_TAKE1 ("SingleIdentifier", set_identifier, NULL, OR_AUTHCFG,  	               "The OpenID identifier we should perform ID selection on when authenticating" ), @@ -332,6 +351,8 @@ static const command_rec command_table[] = {  	               "The OpenID trust root of this site."),  	AP_INIT_TAKE1 ("SingleCache", set_cache_size, NULL, OR_AUTHCFG,  	               "Enable and optionally set the size of the OpenID association cache"), +	AP_INIT_TAKE1 ("SingleCookieName", set_cookie_name, NULL, OR_AUTHCFG, +	               "Set the cookie name used once user has logged in via OpenID"),  	AP_INIT_RAW_ARGS ("SingleUserMatch", set_user_match, NULL, OR_AUTHCFG,  	                 "How to convert an OpenID identifier into a user name" ),  	{ NULL } @@ -429,7 +450,7 @@ session_validate_sig (apr_pool_t *p, const char *sig, const char *value)  }  static sid_session_t* -session_load_info (request_rec *r) +session_load_info (sid_context_t *ctx, request_rec *r)  {  	sid_session_t *sess;  	const char *value; @@ -438,7 +459,7 @@ session_load_info (request_rec *r)  	long expiry;  	size_t len; -	value = session_cookie_value (r, "mod-auth-single-id"); +	value = session_cookie_value (r, ctx->cookie_name);  	if (!value)  		return NULL; @@ -479,7 +500,7 @@ session_load_info (request_rec *r)  }  static void -session_send_info (request_rec *r, sid_session_t *sess) +session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess)  {  	char *cookie, *sig, *value; @@ -488,8 +509,8 @@ session_send_info (request_rec *r, sid_session_t *sess)  	sig = session_create_sig (r->pool, value);  	/* Build up the full cookie spec */ -	cookie = apr_psprintf (r->pool, "mod-auth-single-id=%s %s; httponly; max-age=86400", sig, value); -	apr_table_addn (r->headers_out, "Set-Cookie", cookie); +	cookie = apr_psprintf (r->pool, "%s=%s %s; httponly; max-age=86400", ctx->cookie_name, sig, value); +	apr_table_addn (r->err_headers_out, "Set-Cookie", cookie);  }  static sid_session_t* @@ -580,14 +601,10 @@ sid_request_respond (sid_request_t *req, int code, const char *reason,  }  static void -set_request_authenticated (request_rec *r, sid_session_t *sess) +set_request_authenticated (sid_context_t *ctx, request_rec *r, sid_session_t *sess)  {  	ap_regmatch_t matches[AP_MAX_REG_MATCH];  	char *user = NULL; -	sid_context_t *ctx; - -	ctx = ap_get_module_config (r->per_dir_config, &auth_singleid_module); -	assert (ctx);  	/* Try and calculate a user name */  	switch (ctx->user_match) { @@ -621,14 +638,18 @@ set_request_authenticated (request_rec *r, sid_session_t *sess)  void  sid_request_authenticated (sid_request_t *req, const char *identifier)  { +	sid_context_t *ctx;  	sid_session_t *sess;  	sess = apr_pcalloc (req->rec->pool, sizeof (sid_session_t));  	sess->identifier = apr_pstrdup (req->rec->pool, identifier);  	sess->expiry = time (NULL) + 86400; -	set_request_authenticated (req->rec, sess); -	session_send_info (req->rec, sess); +	ctx = ap_get_module_config (req->rec->per_dir_config, &auth_singleid_module); +	assert (ctx); + +	set_request_authenticated (ctx, req->rec, sess); +	session_send_info (ctx, req->rec, sess);  }  /* --------------------------------------------------------------------------------------- @@ -683,15 +704,15 @@ hook_authenticate (request_rec* r)  	if (sess != NULL) {  	 	if (mainreq != r) {  	 		sess = session_copy_info (r->pool, sess); -	 		set_request_authenticated (r, sess); +	 		set_request_authenticated (ctx, r, sess);  	 	}  	 	return OK;  	}  	/* Load the session info from the request and see if we've authenticated */ -	sess = session_load_info (r); +	sess = session_load_info (ctx, r);  	if (sess != NULL) { -		set_request_authenticated (r, sess); +		set_request_authenticated (ctx, r, sess);  		return OK;  	} | 
