diff options
Diffstat (limited to 'module/mod_auth_singleid.c')
-rw-r--r-- | module/mod_auth_singleid.c | 51 |
1 files changed, 36 insertions, 15 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c index 541ded1..4ee7421 100644 --- a/module/mod_auth_singleid.c +++ b/module/mod_auth_singleid.c @@ -67,10 +67,13 @@ #include <assert.h> #include <ctype.h> +#include <string.h> #include <unistd.h> extern module AP_MODULE_DECLARE_DATA auth_singleid_module; +#define VALID_NAME "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-." + enum { NONE = 0, SUFFIX = 1, @@ -83,6 +86,7 @@ enum { typedef struct sid_context { const char *trust_root; const char *identifier; + const char *cookie_name; int user_match; ap_regex_t *converter; sid_storage_t *store; @@ -250,6 +254,7 @@ dir_config_creator (apr_pool_t* p, char* dir) { sid_context_t* ctx = apr_pcalloc (p, sizeof (*ctx)); memset (ctx, 0, sizeof (*ctx)); + ctx->cookie_name = "mod-auth-singleid"; return ctx; } @@ -325,6 +330,20 @@ set_cache_size (cmd_parms *cmd, void *config, const char *val) return NULL; } +static const char* +set_cookie_name (cmd_parms *cmd, void *config, const char *val) +{ + sid_context_t *ctx = config; + const char *end; + + end = val + strspn (val, VALID_NAME); + if (*val == '\0' || *end != '\0') + return "Not a valid cookie name in SingleCookieName"; + + ctx->cookie_name = apr_pstrdup (cmd->pool, val); + return NULL; +} + static const command_rec command_table[] = { AP_INIT_TAKE1 ("SingleIdentifier", set_identifier, NULL, OR_AUTHCFG, "The OpenID identifier we should perform ID selection on when authenticating" ), @@ -332,6 +351,8 @@ static const command_rec command_table[] = { "The OpenID trust root of this site."), AP_INIT_TAKE1 ("SingleCache", set_cache_size, NULL, OR_AUTHCFG, "Enable and optionally set the size of the OpenID association cache"), + AP_INIT_TAKE1 ("SingleCookieName", set_cookie_name, NULL, OR_AUTHCFG, + "Set the cookie name used once user has logged in via OpenID"), AP_INIT_RAW_ARGS ("SingleUserMatch", set_user_match, NULL, OR_AUTHCFG, "How to convert an OpenID identifier into a user name" ), { NULL } @@ -429,7 +450,7 @@ session_validate_sig (apr_pool_t *p, const char *sig, const char *value) } static sid_session_t* -session_load_info (request_rec *r) +session_load_info (sid_context_t *ctx, request_rec *r) { sid_session_t *sess; const char *value; @@ -438,7 +459,7 @@ session_load_info (request_rec *r) long expiry; size_t len; - value = session_cookie_value (r, "mod-auth-single-id"); + value = session_cookie_value (r, ctx->cookie_name); if (!value) return NULL; @@ -479,7 +500,7 @@ session_load_info (request_rec *r) } static void -session_send_info (request_rec *r, sid_session_t *sess) +session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess) { char *cookie, *sig, *value; @@ -488,8 +509,8 @@ session_send_info (request_rec *r, sid_session_t *sess) sig = session_create_sig (r->pool, value); /* Build up the full cookie spec */ - cookie = apr_psprintf (r->pool, "mod-auth-single-id=%s %s; httponly; max-age=86400", sig, value); - apr_table_addn (r->headers_out, "Set-Cookie", cookie); + cookie = apr_psprintf (r->pool, "%s=%s %s; httponly; max-age=86400", ctx->cookie_name, sig, value); + apr_table_addn (r->err_headers_out, "Set-Cookie", cookie); } static sid_session_t* @@ -580,14 +601,10 @@ sid_request_respond (sid_request_t *req, int code, const char *reason, } static void -set_request_authenticated (request_rec *r, sid_session_t *sess) +set_request_authenticated (sid_context_t *ctx, request_rec *r, sid_session_t *sess) { ap_regmatch_t matches[AP_MAX_REG_MATCH]; char *user = NULL; - sid_context_t *ctx; - - ctx = ap_get_module_config (r->per_dir_config, &auth_singleid_module); - assert (ctx); /* Try and calculate a user name */ switch (ctx->user_match) { @@ -621,14 +638,18 @@ set_request_authenticated (request_rec *r, sid_session_t *sess) void sid_request_authenticated (sid_request_t *req, const char *identifier) { + sid_context_t *ctx; sid_session_t *sess; sess = apr_pcalloc (req->rec->pool, sizeof (sid_session_t)); sess->identifier = apr_pstrdup (req->rec->pool, identifier); sess->expiry = time (NULL) + 86400; - set_request_authenticated (req->rec, sess); - session_send_info (req->rec, sess); + ctx = ap_get_module_config (req->rec->per_dir_config, &auth_singleid_module); + assert (ctx); + + set_request_authenticated (ctx, req->rec, sess); + session_send_info (ctx, req->rec, sess); } /* --------------------------------------------------------------------------------------- @@ -683,15 +704,15 @@ hook_authenticate (request_rec* r) if (sess != NULL) { if (mainreq != r) { sess = session_copy_info (r->pool, sess); - set_request_authenticated (r, sess); + set_request_authenticated (ctx, r, sess); } return OK; } /* Load the session info from the request and see if we've authenticated */ - sess = session_load_info (r); + sess = session_load_info (ctx, r); if (sess != NULL) { - set_request_authenticated (r, sess); + set_request_authenticated (ctx, r, sess); return OK; } |