summaryrefslogtreecommitdiff
path: root/module/mod_auth_singleid.c
diff options
context:
space:
mode:
Diffstat (limited to 'module/mod_auth_singleid.c')
-rw-r--r--module/mod_auth_singleid.c43
1 files changed, 34 insertions, 9 deletions
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index 94a39da..203b40f 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -95,9 +95,12 @@ typedef struct sid_session {
* Per directory configuration.
*/
typedef struct sid_context {
- const char *trust_root;
+ const char *realm_uri;
const char *identifier;
const char *cookie_name;
+ const char *cookie_domain;
+ const char *cookie_path;
+ int cookie_secure;
int user_match;
ap_regex_t *converter;
sid_storage_t *store;
@@ -349,17 +352,33 @@ static const char*
set_identifier (cmd_parms* cmd, void* config, const char* val)
{
sid_context_t *ctx = config;
+ if (!ap_is_url (val))
+ return "Not a valid URL in SingleIdentifier";
ctx->identifier = apr_pstrdup (cmd->pool, val);
return NULL;
}
static const char*
-set_trust_root (cmd_parms* cmd, void* config, const char* val)
+set_realm (cmd_parms* cmd, void* config, const char* val)
{
sid_context_t *ctx = config;
- if (!ap_is_url (val))
- return "Not a valid URL in SingleTrustRoot";
- ctx->trust_root = apr_pstrdup (cmd->pool, val);
+ apr_uri_t uri;
+
+ if (apr_uri_parse (cmd->pool, val, &uri) != APR_SUCCESS)
+ return "Not a valid URL for SingleRealm";
+
+ if (uri.hostname && strchr (uri.hostname, '.'))
+ ctx->cookie_domain = uri.hostname;
+
+ if (uri.path && uri.path[0])
+ ctx->cookie_path = uri.path;
+ else
+ ctx->cookie_path = "/";
+
+ if (uri.scheme && strcasecmp (uri.scheme, "https") == 0)
+ ctx->cookie_secure = 1;
+
+ ctx->realm_uri = apr_pstrdup (cmd->pool, val);
return NULL;
}
@@ -495,8 +514,8 @@ set_attribute (cmd_parms *cmd, void *config, const char *val)
static const command_rec command_table[] = {
AP_INIT_TAKE1 ("SingleIdentifier", set_identifier, NULL, OR_AUTHCFG,
"The OpenID identifier we should perform ID selection on when authenticating" ),
- AP_INIT_TAKE1 ("SingleTrustRoot", set_trust_root, NULL, OR_AUTHCFG,
- "The OpenID trust root of this site."),
+ AP_INIT_TAKE1 ("SingleRealm", set_realm, NULL, OR_AUTHCFG,
+ "The OpenID realm (ie: trust root) of this site."),
AP_INIT_TAKE1 ("SingleCache", set_cache_size, NULL, OR_AUTHCFG,
"Enable and optionally set the size of the OpenID association cache"),
AP_INIT_TAKE1 ("SingleCookieName", set_cookie_name, NULL, OR_AUTHCFG,
@@ -681,7 +700,13 @@ session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess)
sig = session_create_sig (r->pool, payload);
/* Build up the full cookie spec */
- cookie = apr_psprintf (r->pool, "%s=%s %s; httponly", ctx->cookie_name, sig, payload);
+ cookie = apr_psprintf (r->pool, "%s=%s %s; httponly%s%s%s%s%s",
+ ctx->cookie_name, sig, payload,
+ ctx->cookie_domain ? "; domain=" : "",
+ ctx->cookie_domain ? ctx->cookie_domain : "",
+ ctx->cookie_path ? "; path=" : "",
+ ctx->cookie_path ? ctx->cookie_path : "",
+ ctx->cookie_secure ? "; secure" : "");
apr_table_addn (r->err_headers_out, "Set-Cookie", cookie);
}
@@ -969,7 +994,7 @@ hook_authenticate (request_rec* r)
/* Allocate a new empty session info */
if (sess == NULL) {
/* Do the OpenID magic */
- sid_consumer_authenticate (&req, ctx->store, ctx->trust_root,
+ sid_consumer_authenticate (&req, ctx->store, ctx->realm_uri,
ctx->identifier, ctx->attributes);
authenticated = 1;
sess = req.sess;