diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | configure.in | 4 | ||||
-rw-r--r-- | module/Makefile.am | 2 | ||||
-rw-r--r-- | module/consumer.cc | 3 | ||||
-rw-r--r-- | module/consumer.h | 6 | ||||
-rw-r--r-- | module/mod_auth_singleid.c | 144 | ||||
-rw-r--r-- | module/request.h | 16 | ||||
-rw-r--r-- | module/storage.h | 20 |
8 files changed, 80 insertions, 116 deletions
@@ -15,4 +15,5 @@ stamp-* .cproject .settings .project +test diff --git a/configure.in b/configure.in index a18d5de..7f1c9e6 100644 --- a/configure.in +++ b/configure.in @@ -39,7 +39,7 @@ dnl Process this file with autoconf to produce a configure script. AC_INIT(mod_auth_singleid, 0.1, stef@memberwebs.com) AM_INIT_AUTOMAKE(mod_auth_singleid, 0.1) -AC_CONFIG_SRCDIR([module/mod_auth_singleid.cc]) +AC_CONFIG_SRCDIR([module/mod_auth_singleid.c]) AM_CONFIG_HEADER([config.h]) # Checks for programs. @@ -115,7 +115,7 @@ AC_ARG_ENABLE(debug, [Compile binaries in debug mode])) if test "$enable_debug" = "yes"; then - CFLAGS="$CFLAGS -g -O0 -Wall" + CFLAGS="$CFLAGS -g -O0 -Wall -Werror" AC_DEFINE_UNQUOTED(_DEBUG, 1, [In debug mode]) echo "enabling debug compile mode" fi diff --git a/module/Makefile.am b/module/Makefile.am index 7b05ad4..f2b92ca 100644 --- a/module/Makefile.am +++ b/module/Makefile.am @@ -10,7 +10,7 @@ libmodauthsingleid_la_SOURCES = \ storage.c storage.h install-exec-local: - @APXS@ -i -a -n 'authopenid' mod_auth_openid.la + @APXS@ -i -a -n 'auth_singleid' mod_auth_singleid.la mod_auth_singleid.la: libmodauthsingleid.la ${APXS} -c -o $@ $< ${APACHE_CFLAGS} ${OPKELE_CFLAGS} ${OPKELE_LIBS} diff --git a/module/consumer.cc b/module/consumer.cc index 8ade43a..15eadc8 100644 --- a/module/consumer.cc +++ b/module/consumer.cc @@ -219,7 +219,8 @@ cancelled_auth (sid_request_t *req, Consumer &consumer, params_t ¶ms) } void -sid_consumer_authenticate(sid_request_t *req, sid_storage_t *store, const char *identity) +sid_consumer_authenticate(sid_request_t *req, sid_storage_t *store, + const char *trust_root, const char *identity) { params_t params; diff --git a/module/consumer.h b/module/consumer.h index 18ddbe4..5cea9f8 100644 --- a/module/consumer.h +++ b/module/consumer.h @@ -1,11 +1,15 @@ #ifndef CONSUMER_H_ #define CONSUMER_H_ +#include "request.h" +#include "storage.h" + #ifdef __cplusplus extern "C" { #endif -singleid_consumer_authenticate (request_rec *r, ); +void sid_consumer_authenticate (sid_request_t *req, sid_storage_t *store, + const char *trust_root, const char *identity); #ifdef __cplusplus } /* extern "C" */ diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c index 5d8ddb4..6085fec 100644 --- a/module/mod_auth_singleid.c +++ b/module/mod_auth_singleid.c @@ -36,21 +36,28 @@ * */ + +#include "consumer.h" +#include "storage.h" + +#include <ap_config.h> + #include <httpd.h> #include <http_core.h> #include <http_config.h> #include <http_log.h> -#if 0 #include <http_protocol.h> #include <http_request.h> -#include <ap_config.h> -#include <apr_strings.h> +#include <mpm.h> + +#include <apr_base64.h> #include <apr_file_io.h> #include <apr_lib.h> -#endif +#include <apr_global_mutex.h> +#include <apr_sha1.h> +#include <apr_strings.h> -#include "consumer.h" -#include "storage.h" +#include <ctype.h> /* Apache defines these */ #undef PACKAGE_BUGREPORT @@ -62,67 +69,16 @@ #include "config.h" #include <unistd.h> -extern "C" module AP_MODULE_DECLARE_DATA auth_singleid_module; - -#if 0 - -/* Keep track of a unique identifier */ -static void* conn_current = NULL; - -/* And increment this when it goes out of scope */ -static unsigned int conn_seen = 0; +extern module AP_MODULE_DECLARE_DATA auth_singleid_module; /* * Per directory configuration. */ -typedef struct httpauth_context { - const char* socketname; - int socket; - - int types; - const char* handler; - const char* domain; - char* needed_groups; - int alloced_groups; - apr_pool_t* child_pool; - - int address_seed; - int retries; - - int shared_version; +typedef struct singleid_context { + const char *trust_root; + const char *identity; void *shared_block; -} httpauth_context_t; - -/* - * Tagged onto a request once authenticated, used for access - * groups and revalidating an already authenticated request. - */ -typedef struct httpauth_request { - const char *user; - const char *groups; -} httpauth_request_t; - -/* - * Shared between all instances of a httpauth_context in - * different processes on a server. - */ -typedef struct httpauth_shared { - int version; - struct sockaddr_any address; -} httpauth_shared_t; - -/* TODO: Support proxy authentication properly */ - -#define AUTH_PREFIX_BASIC "Basic" -#define AUTH_PREFIX_DIGEST "Digest" -#define AUTH_PREFIX_NTLM "NTLM" - -#define AUTH_TYPE_BASIC 1 << 1 -#define AUTH_TYPE_DIGEST 1 << 2 -#define AUTH_TYPE_NTLM 1 << 3 -#define AUTH_TYPE_ANY 0x0000FFFF - -#endif +} singleid_context_t; #define SINGLEID_AUTHTYPE "SINGLEID" @@ -207,6 +163,7 @@ shared_create (apr_pool_t* p, size_t size) char *filename; apr_file_t *file; apr_mmap_t *map; + apr_off_t offset; void *addr; int rc; @@ -226,11 +183,12 @@ shared_create (apr_pool_t* p, size_t size) "auth-singleid: couldn't create temporary file: %s", filename); } - /* Write a shared block to file */ + /* Extend file to required size */ if (rc == APR_SUCCESS) { - memset (&shared, 0, sizeof (shared)); - xxxxxx - rc = apr_file_write_full (file, &xxxx, size, NULL); + offset = size - 1; + rc = apr_file_seek (file, APR_SET, &offset); + if (rc == APR_SUCCESS) + rc = apr_file_write_full (file, "\0", 1, NULL); if (rc != APR_SUCCESS) ap_log_error (APLOG_MARK, APLOG_ERR, rc, NULL, "auth-singleid: couldn't write to temporary file: %s", filename); @@ -1187,7 +1145,7 @@ setup_request_hreq (request_rec *r, char *user, char *groups) #endif typedef struct session_info { - const char *identifier; + char *identifier; time_t expiry; } session_info_t; @@ -1212,12 +1170,12 @@ session_cookie_value (request_rec *r, const char *name) value = ap_stripprefix (pair, name); if (value == pair) continue; - while (isspace (value)) + while (isspace (*value)) ++value; - if (value != '=') + if (*value != '=') continue; - while (isspace (value)) + while (isspace (*value)) ++value; return value; @@ -1239,8 +1197,8 @@ session_create_sig (apr_pool_t *p, const char *value) apr_sha1_update (&ctx, value, strlen (value)); apr_sha1_final (digest, &ctx); - sig = apr_pcalloc (p, apr_base64_encode_len (digest)); - apr_base64_encode (sig, digest, sizeof (digest)); + sig = apr_pcalloc (p, apr_base64_encode_len (sizeof (digest))); + apr_base64_encode (sig, (const char*)digest, sizeof (digest)); return sig; } @@ -1256,8 +1214,8 @@ session_load_info (request_rec *r) { session_info_t *sess; const char *value; - char *token, *sig; - const char *t; + char *token, *sig, *end; + char *identifier; long expiry; value = session_cookie_value (r, "mod-auth-single-id"); @@ -1267,16 +1225,16 @@ session_load_info (request_rec *r) sig = ap_get_token (r->pool, &value, 1); /* The version of the session info, only 1 supported for now */ - version = ap_get_token (r->pool, &value, 1); - if (strcmp(version, "1") != 0) + token = ap_get_token (r->pool, &value, 1); + if (strcmp (token, "1") != 0) return NULL; if (!session_validate_sig (r->pool, sig, value)) return NULL; token = ap_get_token (r->pool, &value, 1); - expiry = strtol (token, &t, 10); - if (*t != '\0') + expiry = strtol (token, &end, 10); + if (*end != '\0') return NULL; /* Don't let expired sessions be valid */ @@ -1301,7 +1259,7 @@ session_send_info (request_rec *r, session_info_t *sess) char *cookie, *sig, *value; /* Create the cookie value and sign it */ - value = apr_psprintf (r->pool, "1 %d \"%s\"", sess->expiry, ap_escape_quotes (sess->identifier)); + value = apr_psprintf (r->pool, "1 %ld \"%s\"", sess->expiry, ap_escape_quotes (r->pool, sess->identifier)); sig = session_create_sig (r->pool, value); /* Build up the full cookie spec */ @@ -1312,9 +1270,9 @@ session_send_info (request_rec *r, session_info_t *sess) static session_info_t* session_copy_info (apr_pool_t *p, session_info_t *sess) { - session_info_t *copy = apr_pmalloc (p, sizeof (*sess)); + session_info_t *copy = apr_palloc (p, sizeof (*sess)); copy->expiry = sess->expiry; - copy->identifier = apr_pstrdup (sess->identifier); + copy->identifier = apr_pstrdup (p, sess->identifier); return copy; } @@ -1326,11 +1284,6 @@ set_request_authenticated (request_rec *r, session_info_t *sess) ap_set_module_config (r->request_config, &auth_singleid_module, sess); } -singleid_request_xxxx -{ - -} - static int hook_authenticate (request_rec* r) { @@ -1387,23 +1340,9 @@ hook_authenticate (request_rec* r) return OK; } - singleid_consumer (r) - Consumer consumer(uri, ) - opkele::params_t params; - parse_query_string(r, params); - - /* Is it an openid response? */ - if () - - query = openid_parse_response (r); - if (query != NULL) { - (r, ) - - - } /* Otherwise start a new openid authentication */ - + return DECLINED; #if 0 /* @@ -1487,9 +1426,10 @@ retry: } return ccode; +#endif } -#endif + #if 0 static const char* diff --git a/module/request.h b/module/request.h new file mode 100644 index 0000000..6c63a25 --- /dev/null +++ b/module/request.h @@ -0,0 +1,16 @@ +#ifndef REQUEST_H_ +#define REQUEST_H_ + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef void sid_request_t; + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* REQUEST_H_ */ diff --git a/module/storage.h b/module/storage.h index b3a2ad7..4c73da6 100644 --- a/module/storage.h +++ b/module/storage.h @@ -1,31 +1,33 @@ #ifndef BOARD_H_ #define BOARD_H_ +#include <stdlib.h> + /* Communications white-board between processes/threads */ -typedef struct singleid_board singleid_board_t; +typedef struct sid_storage sid_storage_t; -typedef struct singleid_assoc { +typedef struct sid_assoc { const char *server; const char *handle; const char *type; const unsigned char *secret; const size_t n_secret; time_t expires; -} singleid_assoc_t; +} sid_assoc_t; -int singleid_board_check_nonce (singleid_board_t *board, +int singleid_board_check_nonce (sid_storage_t *storage, const char *nonce); -int singleid_board_store_assoc (singleid_board_t *board, - const singleid_assoc_t *assoc); +int singleid_board_store_assoc (sid_storage_t *storage, + const sid_assoc_t *assoc); -int singleid_board_find_assoc (singleid_board_t *board, +int singleid_board_find_assoc (sid_storage_t *storage, const char *server, const char *handle, - singleid_assoc_t *assoc); + sid_assoc_t *assoc); -void singleid_board_invalidate_assoc (singleid_board_t *board, +void singleid_board_invalidate_assoc (sid_storage_t *storage, const char *server, const char *handle); |