Author: dumindu
Date: Wed Jan 30 23:36:46 2008
New Revision: 13198
Log:
structures for operation modes added
Modified:
trunk/solutions/identity/modules/mod-cspace/Makefile.am
trunk/solutions/identity/modules/mod-cspace/configure.ac
trunk/solutions/identity/modules/mod-cspace/cspace_config.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
Modified: trunk/solutions/identity/modules/mod-cspace/Makefile.am
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/Makefile.am (original)
+++ trunk/solutions/identity/modules/mod-cspace/Makefile.am Wed Jan 30
23:36:46 2008
@@ -4,6 +4,7 @@
cspace_utils.c \
session_sdbm.c \
process_request.c \
+ cspace_validator.c \
mod_cspace.c
Modified: trunk/solutions/identity/modules/mod-cspace/configure.ac
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/configure.ac (original)
+++ trunk/solutions/identity/modules/mod-cspace/configure.ac Wed Jan 30
23:36:46 2008
@@ -49,7 +49,7 @@
CFLAGS="$CFLAGS -DCSPACE_DEBUG -DSHARED_MODULE"
if test "$GCC" = "yes"; then
- CFLAGS="-g -O0 $CFLAGS -ansi -Wall -Werror
-Wno-implicit-function-declaration"
+ CFLAGS="-g -O0 $CFLAGS -ansi -Wall -Wno-implicit-function-declaration"
fi
LDFLAGS="$LDFLAGS -lpthread"
LDFLAGS="$LDFLAGS"
Modified: trunk/solutions/identity/modules/mod-cspace/cspace_config.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/cspace_config.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/cspace_config.c Wed Jan 30
23:36:46 2008
@@ -34,6 +34,7 @@
#define OUTPUT_LEN 120
/*TODO: use strncpy where ever possible*/
+/*TODO: s/login_page/exempt_uri*/
void cfg_svr_printf_fn(const char* st, cspace_svr_cfg *cfg, const char* nl)
{
if (cfg)
@@ -90,7 +91,7 @@
return NULL;
}
-static const char *cmd_cspace_login_page(cmd_parms *cmd, void *mconfig,
+static const char *cmd_cspace_exempt_uri(cmd_parms *cmd, void *mconfig,
const char *arg)
{
cspace_dir_cfg *cfg = (cspace_dir_cfg *)mconfig;
@@ -157,18 +158,20 @@
return NULL;
}
-static const char *cmd_validator(cmd_parms *cmd, void *mconfig, const char
*arg)
-{
- return NULL;
-}
-
-static const char *cmd_ppid_val(cmd_parms *cmd, void *mconfig, const char *arg)
+static const char *cmd_validator_data(cmd_parms *cmd, void *mconfig,
+ const char *arg)
{
+ cspace_svr_cfg *cfg = ap_get_module_config(cmd->server->module_config,
+ &cspace_module);
+ cfg->validator_data = (char *)arg;
return NULL;
}
-static const char *cmd_cert_val(cmd_parms *cmd, void *mconfig, const char *arg)
+static const char *cmd_validator(cmd_parms *cmd, void *mconfig, const char
*arg)
{
+ cspace_svr_cfg *cfg = ap_get_module_config(cmd->server->module_config,
+ &cspace_module);
+ cfg->validator = (char *)arg;
return NULL;
}
@@ -180,7 +183,7 @@
NULL, OR_ALL, "whether to enable session management or not"),
AP_INIT_TAKE1("CardSpaceXmlToken", cmd_cspace_xml_token, NULL, OR_ALL,
"Name of the XML token sent"),
- AP_INIT_TAKE1("CardSpaceLoginURI", cmd_cspace_login_page, NULL, OR_ALL,
+ AP_INIT_TAKE1("CardSpaceExemptURI", cmd_cspace_exempt_uri, NULL, OR_ALL,
"URI of login page in session managed case"),
/* SSLCertificateKeyFile cannot be used in 2.0 because that will make
* mod_ssl not to read that configuration directive.*/
@@ -198,12 +201,10 @@
RSRC_CONF, "Time in seconds for a session to be expired"),
AP_INIT_FLAG("CardSpaceSingleSignOn", cmd_sso, NULL, OR_ALL,
"Enable Single Sign-On"),
- AP_INIT_TAKE1("CardSpacePPIDValidator", cmd_ppid_val, NULL, OR_ALL,
- "Path to PPID Validator DSO"),
- AP_INIT_TAKE1("CardSpaceCertValidator", cmd_cert_val, NULL, OR_ALL,
- "Path to Cert Validator DSO"),
- AP_INIT_TAKE1("CardSpaceValidatorType", cmd_validator, NULL, OR_ALL,
- "Type of validator being used"),
+ AP_INIT_TAKE1("CardSpaceCertValidator", cmd_validator, NULL, OR_ALL,
+ "Certificate Validator Type"),
+ AP_INIT_TAKE1("CardSpaceValidatorData", cmd_validator_data, NULL, OR_ALL,
+ "Data input for the validator"),
{NULL}
};
@@ -217,6 +218,10 @@
cfg->session_file = NULL;
cfg->session_expire = -1;
cfg->ca_file = NULL;
+
+ cfg->validator = NULL;
+ cfg->validator_data = NULL;
+
/*cfg->session_ctx = session_ctx_create(p, NULL, &(cfg->session_expire));*/
#ifdef CSPACE_DEBUG
cfg_svr_printf("CREATED svr cfg:\t", cfg, "\n\n");
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.c Wed Jan 30
23:36:46 2008
@@ -24,17 +24,16 @@
#include "apr_tables.h"
#include "apr_strings.h"
#include "ap_config.h"
-#include "httpd.h"
-#include "http_config.h"
+#include "mod_cspace.h"
#include "http_core.h"
#include "http_request.h"
#include "http_protocol.h"
#include "http_log.h"
#include "http_main.h"
-#include "mod_cspace.h"
#include "cspace_utils.h"
#include "session.h"
#include "process_request.h"
+#include "cspace_validator.h"
#define SESSION_ID_LEN 64
@@ -47,17 +46,19 @@
#define CARDSPACE_HEADER_PPID
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";
-static X509 *x509_create_with_buffer(unsigned char *input, int length);
+/*static X509 *x509_create_with_buffer(unsigned char *input, int length);
static int is_valid_cert(const char *cert, const char *uri, const char
*dso_filename,
apr_pool_t *p);
+*/
-
+/* moved to mod_cspace.h
static void cspace_log_error(const char *msg, pc_log_level_t level,
void *cb_ctx)
{
ap_log_error(APLOG_MARK, level, 0, (server_rec *)cb_ctx, msg);
}
+*/
/* TODO:This function should ideally redirect the browser to the url specified
* by url. This is only used to redirect the browser to the login page when an
@@ -434,6 +435,7 @@
return state;
}
+#if 0
static int is_valid_ppid(const char *ppid, const char *uri, const char
*dso_filename,
apr_pool_t *p)
{
@@ -541,14 +543,14 @@
return rv;
}
+#endif
-#define DUMMY_VALIDATOR_PATH "/home/dummy/software/httpd-2.2.4/deploy/bin/" \
- "dummy_ppid_validator.so"
+/*#define DUMMY_VALIDATOR_PATH "/home/dummy/software/httpd-2.2.4/deploy/bin/" \
+ "dummy_ppid_validator.so"*/
static int handle_session_nosso(request_rec *r, cspace_dir_cfg *dir_cfg,
cspace_svr_cfg *svr_cfg)
{
- int validate_using_ppid = 0;
char *session_id;
int valid_session;
int status;
@@ -604,8 +606,29 @@
if ((auth_state) &&
(strcmp(auth_state,
CARDSPACE_STATE_SUCCESS) == 0)) {
-
+ const char *ppid;
+ const char *cert;
+ int allowed_flag = FAIL;
+
+ ppid = apr_table_get(r->subprocess_env,
+ CARDSPACE_HEADER_PPID);
+
+ cert = apr_table_get(r->subprocess_env,
+ CARDSPACE_HEADER_CERTIFICATE);
+
+ allowed_flag = validate_with_op_mode(svr_cfg->validator,
+ r->uri,
+ "TODO:ISSUER",
+ ppid,
+ cert);
+ if (allowed_flag) {
+ return OK;
+ } else {
+ return UNAUTHORIZED_REDIRECT(r, NULL);
+ }
+
+#if 0
validate_using_ppid = 0; /*TODO: remove magic*/
if (validate_using_ppid) {
const char *ppid;
@@ -644,6 +667,7 @@
return OK;
}
}
+#endif
} else {
return UNAUTHORIZED_REDIRECT(r, NULL);
}
@@ -767,7 +791,7 @@
static int cspace_post_config(apr_pool_t *pconf, apr_pool_t *plog,
apr_pool_t *ptemp, server_rec *s)
{
- /**/
+ /*
if (is_valid_cert(data, "10",
"/home/dummy/software/httpd-2.2.4/deploy/bin/dummy_ppid_validator.so", plog))
printf("valid cert\n");
else
@@ -782,7 +806,7 @@
else
printf("invalid ppid\n");
}
- /**/
+ */
cspace_process_context_init();
return OK;
}
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.h (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.h Wed Jan 30
23:36:46 2008
@@ -3,8 +3,11 @@
#include <string.h>
#include <stdio.h>
+#include "httpd.h"
+#include "http_log.h"
#include "http_config.h"
#include "session.h"
+#include "process_request.h"
/*#define DONT_INCLUDE_CS_PFX_IN_HEADERS*/
@@ -13,8 +16,10 @@
#define ap_http_scheme(r) ap_http_method(r)
#endif
-#define SUCC 1
-#define FAIL !SUCC
+#ifndef FAIL
+ #define FAIL 0
+ #define SUCC !(FAIL)
+#endif
#define CSPACE_DEFAULT_LOGIN_ARG "__mod_cspace_login__"
#define CSPACE_DEFAULT_LOGIN_AMP_ARG "&__mod_cspace_login__"
@@ -54,6 +59,8 @@
char *session_file;
/*void *session_ctx;*/ /*of session_ctx_t type*/
long int session_expire; /*session expire time in seconds*/
+ char *validator;
+ char *validator_data;
} cspace_svr_cfg;
void cfg_svr_printf_fn(const char* st, cspace_svr_cfg *cfg, const char* nl);
@@ -67,7 +74,7 @@
#define cfg_dir_printf(st, cfg, nl)
#endif
-const command_rec cspace_cmds[14];
+const command_rec cspace_cmds[13];
void *cspace_svr_cfg_create(apr_pool_t *p, server_rec *s);
@@ -79,4 +86,11 @@
void *cspace_dir_cfg_merge(apr_pool_t *p, void *parent_cfg,
void *own_cfg);
+
+static void cspace_log_error(const char *msg, pc_log_level_t level,
+ void *cb_ctx)
+{
+ ap_log_error(APLOG_MARK, level, 0, (server_rec *)cb_ctx, msg);
+}
+
#endif /*_MOD_CSPACE_H_*/
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
