From 8404c16590fe901162bf4d05a21f2fb0de9448ce Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 8 Jul 2009 18:28:22 +0000 Subject: Find the right cookie if multiple are present. Also sign properly if no values. --- module/mod_auth_singleid.c | 90 +++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) (limited to 'module/mod_auth_singleid.c') diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c index 65f3342..94a39da 100644 --- a/module/mod_auth_singleid.c +++ b/module/mod_auth_singleid.c @@ -533,42 +533,6 @@ session_initialize (apr_pool_t *p, server_rec *s) return status; } -static const char* -session_cookie_value (request_rec *r, const char *name) -{ - const char *cookies; - const char *value; - char *pair; - - cookies = apr_table_get (r->headers_in, "Cookie"); - if (cookies == NULL) - return NULL; - - while (*cookies) { - pair = get_token (r->pool, &cookies, ";"); - if (!pair) - break; - if (pair[0] == '$') - continue; - - value = ap_stripprefix (pair, name); - if (value == pair) - continue; - while (isspace (*value)) - ++value; - - if (*value != '=') - continue; - ++value; - while (isspace (*value)) - ++value; - - return value; - } - - return NULL; -} - static char* session_create_sig (apr_pool_t *p, const char *value) { @@ -595,19 +559,14 @@ session_validate_sig (apr_pool_t *p, const char *sig, const char *value) } static sid_session_t* -session_load_info (sid_context_t *ctx, request_rec *r) +session_parse_info (sid_context_t *ctx, request_rec *r, const char *value) { sid_session_t *sess; - const char *value; char *token, *sig, *end; char *identifier; char **here; long expiry; - value = session_cookie_value (r, ctx->cookie_name); - if (!value) - return NULL; - sig = get_token (r->pool, &value, " "); if (!sig || !session_validate_sig (r->pool, sig, value)) { ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, @@ -615,7 +574,7 @@ session_load_info (sid_context_t *ctx, request_rec *r) return NULL; } - /* The version of the session info, only 1 supported for now */ + /* The version of the session info, only version 2 supported */ token = get_token (r->pool, &value, " "); if (!token || strcmp (token, "2") != 0) { ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r, @@ -664,6 +623,46 @@ session_load_info (sid_context_t *ctx, request_rec *r) return sess; } +static sid_session_t* +session_load_info (sid_context_t *ctx, request_rec *r) +{ + sid_session_t *sess; + const char *cookies; + const char *value; + char *pair; + + cookies = apr_table_get (r->headers_in, "Cookie"); + if (cookies == NULL) + return NULL; + + while (*cookies) { + pair = get_token (r->pool, &cookies, ";"); + if (!pair) + break; + if (pair[0] == '$') + continue; + + value = ap_stripprefix (pair, ctx->cookie_name); + if (value == pair) + continue; + while (isspace (*value)) + ++value; + + if (*value != '=') + continue; + ++value; + while (isspace (*value)) + ++value; + + /* Try to parse this cookie */ + sess = session_parse_info (ctx, r, value); + if (sess != NULL) + return sess; + } + + return NULL; +} + static void session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess) { @@ -676,8 +675,9 @@ session_send_info (sid_context_t *ctx, request_rec *r, sid_session_t *sess) values = ""; /* Create the cookie value and sign it */ - payload = apr_psprintf (r->pool, "2 %ld \"%s\" %s", (long)sess->expiry, - ap_escape_quotes (r->pool, sess->identifier), values); + payload = apr_psprintf (r->pool, "2 %ld \"%s\"%s%s", (long)sess->expiry, + ap_escape_quotes (r->pool, sess->identifier), + values && values[0] ? " " : "", values); sig = session_create_sig (r->pool, payload); /* Build up the full cookie spec */ -- cgit v1.2.3