summaryrefslogtreecommitdiff
path: root/module
diff options
context:
space:
mode:
Diffstat (limited to 'module')
-rw-r--r--module/Makefile.am2
-rw-r--r--module/consumer.cc3
-rw-r--r--module/consumer.h6
-rw-r--r--module/mod_auth_singleid.c144
-rw-r--r--module/request.h16
-rw-r--r--module/storage.h20
6 files changed, 77 insertions, 114 deletions
diff --git a/module/Makefile.am b/module/Makefile.am
index 7b05ad4..f2b92ca 100644
--- a/module/Makefile.am
+++ b/module/Makefile.am
@@ -10,7 +10,7 @@ libmodauthsingleid_la_SOURCES = \
storage.c storage.h
install-exec-local:
- @APXS@ -i -a -n 'authopenid' mod_auth_openid.la
+ @APXS@ -i -a -n 'auth_singleid' mod_auth_singleid.la
mod_auth_singleid.la: libmodauthsingleid.la
${APXS} -c -o $@ $< ${APACHE_CFLAGS} ${OPKELE_CFLAGS} ${OPKELE_LIBS}
diff --git a/module/consumer.cc b/module/consumer.cc
index 8ade43a..15eadc8 100644
--- a/module/consumer.cc
+++ b/module/consumer.cc
@@ -219,7 +219,8 @@ cancelled_auth (sid_request_t *req, Consumer &consumer, params_t &params)
}
void
-sid_consumer_authenticate(sid_request_t *req, sid_storage_t *store, const char *identity)
+sid_consumer_authenticate(sid_request_t *req, sid_storage_t *store,
+ const char *trust_root, const char *identity)
{
params_t params;
diff --git a/module/consumer.h b/module/consumer.h
index 18ddbe4..5cea9f8 100644
--- a/module/consumer.h
+++ b/module/consumer.h
@@ -1,11 +1,15 @@
#ifndef CONSUMER_H_
#define CONSUMER_H_
+#include "request.h"
+#include "storage.h"
+
#ifdef __cplusplus
extern "C" {
#endif
-singleid_consumer_authenticate (request_rec *r, );
+void sid_consumer_authenticate (sid_request_t *req, sid_storage_t *store,
+ const char *trust_root, const char *identity);
#ifdef __cplusplus
} /* extern "C" */
diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index 5d8ddb4..6085fec 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -36,21 +36,28 @@
*
*/
+
+#include "consumer.h"
+#include "storage.h"
+
+#include <ap_config.h>
+
#include <httpd.h>
#include <http_core.h>
#include <http_config.h>
#include <http_log.h>
-#if 0
#include <http_protocol.h>
#include <http_request.h>
-#include <ap_config.h>
-#include <apr_strings.h>
+#include <mpm.h>
+
+#include <apr_base64.h>
#include <apr_file_io.h>
#include <apr_lib.h>
-#endif
+#include <apr_global_mutex.h>
+#include <apr_sha1.h>
+#include <apr_strings.h>
-#include "consumer.h"
-#include "storage.h"
+#include <ctype.h>
/* Apache defines these */
#undef PACKAGE_BUGREPORT
@@ -62,67 +69,16 @@
#include "config.h"
#include <unistd.h>
-extern "C" module AP_MODULE_DECLARE_DATA auth_singleid_module;
-
-#if 0
-
-/* Keep track of a unique identifier */
-static void* conn_current = NULL;
-
-/* And increment this when it goes out of scope */
-static unsigned int conn_seen = 0;
+extern module AP_MODULE_DECLARE_DATA auth_singleid_module;
/*
* Per directory configuration.
*/
-typedef struct httpauth_context {
- const char* socketname;
- int socket;
-
- int types;
- const char* handler;
- const char* domain;
- char* needed_groups;
- int alloced_groups;
- apr_pool_t* child_pool;
-
- int address_seed;
- int retries;
-
- int shared_version;
+typedef struct singleid_context {
+ const char *trust_root;
+ const char *identity;
void *shared_block;
-} httpauth_context_t;
-
-/*
- * Tagged onto a request once authenticated, used for access
- * groups and revalidating an already authenticated request.
- */
-typedef struct httpauth_request {
- const char *user;
- const char *groups;
-} httpauth_request_t;
-
-/*
- * Shared between all instances of a httpauth_context in
- * different processes on a server.
- */
-typedef struct httpauth_shared {
- int version;
- struct sockaddr_any address;
-} httpauth_shared_t;
-
-/* TODO: Support proxy authentication properly */
-
-#define AUTH_PREFIX_BASIC "Basic"
-#define AUTH_PREFIX_DIGEST "Digest"
-#define AUTH_PREFIX_NTLM "NTLM"
-
-#define AUTH_TYPE_BASIC 1 << 1
-#define AUTH_TYPE_DIGEST 1 << 2
-#define AUTH_TYPE_NTLM 1 << 3
-#define AUTH_TYPE_ANY 0x0000FFFF
-
-#endif
+} singleid_context_t;
#define SINGLEID_AUTHTYPE "SINGLEID"
@@ -207,6 +163,7 @@ shared_create (apr_pool_t* p, size_t size)
char *filename;
apr_file_t *file;
apr_mmap_t *map;
+ apr_off_t offset;
void *addr;
int rc;
@@ -226,11 +183,12 @@ shared_create (apr_pool_t* p, size_t size)
"auth-singleid: couldn't create temporary file: %s", filename);
}
- /* Write a shared block to file */
+ /* Extend file to required size */
if (rc == APR_SUCCESS) {
- memset (&shared, 0, sizeof (shared));
- xxxxxx
- rc = apr_file_write_full (file, &xxxx, size, NULL);
+ offset = size - 1;
+ rc = apr_file_seek (file, APR_SET, &offset);
+ if (rc == APR_SUCCESS)
+ rc = apr_file_write_full (file, "\0", 1, NULL);
if (rc != APR_SUCCESS)
ap_log_error (APLOG_MARK, APLOG_ERR, rc, NULL,
"auth-singleid: couldn't write to temporary file: %s", filename);
@@ -1187,7 +1145,7 @@ setup_request_hreq (request_rec *r, char *user, char *groups)
#endif
typedef struct session_info {
- const char *identifier;
+ char *identifier;
time_t expiry;
} session_info_t;
@@ -1212,12 +1170,12 @@ session_cookie_value (request_rec *r, const char *name)
value = ap_stripprefix (pair, name);
if (value == pair)
continue;
- while (isspace (value))
+ while (isspace (*value))
++value;
- if (value != '=')
+ if (*value != '=')
continue;
- while (isspace (value))
+ while (isspace (*value))
++value;
return value;
@@ -1239,8 +1197,8 @@ session_create_sig (apr_pool_t *p, const char *value)
apr_sha1_update (&ctx, value, strlen (value));
apr_sha1_final (digest, &ctx);
- sig = apr_pcalloc (p, apr_base64_encode_len (digest));
- apr_base64_encode (sig, digest, sizeof (digest));
+ sig = apr_pcalloc (p, apr_base64_encode_len (sizeof (digest)));
+ apr_base64_encode (sig, (const char*)digest, sizeof (digest));
return sig;
}
@@ -1256,8 +1214,8 @@ session_load_info (request_rec *r)
{
session_info_t *sess;
const char *value;
- char *token, *sig;
- const char *t;
+ char *token, *sig, *end;
+ char *identifier;
long expiry;
value = session_cookie_value (r, "mod-auth-single-id");
@@ -1267,16 +1225,16 @@ session_load_info (request_rec *r)
sig = ap_get_token (r->pool, &value, 1);
/* The version of the session info, only 1 supported for now */
- version = ap_get_token (r->pool, &value, 1);
- if (strcmp(version, "1") != 0)
+ token = ap_get_token (r->pool, &value, 1);
+ if (strcmp (token, "1") != 0)
return NULL;
if (!session_validate_sig (r->pool, sig, value))
return NULL;
token = ap_get_token (r->pool, &value, 1);
- expiry = strtol (token, &t, 10);
- if (*t != '\0')
+ expiry = strtol (token, &end, 10);
+ if (*end != '\0')
return NULL;
/* Don't let expired sessions be valid */
@@ -1301,7 +1259,7 @@ session_send_info (request_rec *r, session_info_t *sess)
char *cookie, *sig, *value;
/* Create the cookie value and sign it */
- value = apr_psprintf (r->pool, "1 %d \"%s\"", sess->expiry, ap_escape_quotes (sess->identifier));
+ value = apr_psprintf (r->pool, "1 %ld \"%s\"", sess->expiry, ap_escape_quotes (r->pool, sess->identifier));
sig = session_create_sig (r->pool, value);
/* Build up the full cookie spec */
@@ -1312,9 +1270,9 @@ session_send_info (request_rec *r, session_info_t *sess)
static session_info_t*
session_copy_info (apr_pool_t *p, session_info_t *sess)
{
- session_info_t *copy = apr_pmalloc (p, sizeof (*sess));
+ session_info_t *copy = apr_palloc (p, sizeof (*sess));
copy->expiry = sess->expiry;
- copy->identifier = apr_pstrdup (sess->identifier);
+ copy->identifier = apr_pstrdup (p, sess->identifier);
return copy;
}
@@ -1326,11 +1284,6 @@ set_request_authenticated (request_rec *r, session_info_t *sess)
ap_set_module_config (r->request_config, &auth_singleid_module, sess);
}
-singleid_request_xxxx
-{
-
-}
-
static int
hook_authenticate (request_rec* r)
{
@@ -1387,23 +1340,9 @@ hook_authenticate (request_rec* r)
return OK;
}
- singleid_consumer (r)
- Consumer consumer(uri, )
- opkele::params_t params;
- parse_query_string(r, params);
-
- /* Is it an openid response? */
- if ()
-
- query = openid_parse_response (r);
- if (query != NULL) {
- (r, )
-
-
- }
/* Otherwise start a new openid authentication */
-
+ return DECLINED;
#if 0
/*
@@ -1487,9 +1426,10 @@ retry:
}
return ccode;
+#endif
}
-#endif
+
#if 0
static const char*
diff --git a/module/request.h b/module/request.h
new file mode 100644
index 0000000..6c63a25
--- /dev/null
+++ b/module/request.h
@@ -0,0 +1,16 @@
+#ifndef REQUEST_H_
+#define REQUEST_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+typedef void sid_request_t;
+
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* REQUEST_H_ */
diff --git a/module/storage.h b/module/storage.h
index b3a2ad7..4c73da6 100644
--- a/module/storage.h
+++ b/module/storage.h
@@ -1,31 +1,33 @@
#ifndef BOARD_H_
#define BOARD_H_
+#include <stdlib.h>
+
/* Communications white-board between processes/threads */
-typedef struct singleid_board singleid_board_t;
+typedef struct sid_storage sid_storage_t;
-typedef struct singleid_assoc {
+typedef struct sid_assoc {
const char *server;
const char *handle;
const char *type;
const unsigned char *secret;
const size_t n_secret;
time_t expires;
-} singleid_assoc_t;
+} sid_assoc_t;
-int singleid_board_check_nonce (singleid_board_t *board,
+int singleid_board_check_nonce (sid_storage_t *storage,
const char *nonce);
-int singleid_board_store_assoc (singleid_board_t *board,
- const singleid_assoc_t *assoc);
+int singleid_board_store_assoc (sid_storage_t *storage,
+ const sid_assoc_t *assoc);
-int singleid_board_find_assoc (singleid_board_t *board,
+int singleid_board_find_assoc (sid_storage_t *storage,
const char *server,
const char *handle,
- singleid_assoc_t *assoc);
+ sid_assoc_t *assoc);
-void singleid_board_invalidate_assoc (singleid_board_t *board,
+void singleid_board_invalidate_assoc (sid_storage_t *storage,
const char *server,
const char *handle);