Author: dumindu
Date: Mon Feb 18 02:04:45 2008
New Revision: 13852
Log:
Added check for issuer (managed/self).
Modified:
trunk/solutions/identity/modules/mod-cspace/cspace_config.c
trunk/solutions/identity/modules/mod-cspace/cspace_validator.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
trunk/solutions/identity/modules/mod-cspace/process_request.c
trunk/solutions/identity/modules/mod-cspace/process_request.h
Modified: trunk/solutions/identity/modules/mod-cspace/cspace_config.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/cspace_config.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/cspace_config.c Mon Feb 18
02:04:45 2008
@@ -201,7 +201,7 @@
RSRC_CONF, "Time in seconds for a session to be expired"),
AP_INIT_FLAG("CardSpaceSingleSignOn", cmd_sso, NULL, OR_ALL,
"Enable Single Sign-On"),
- AP_INIT_TAKE1("CardSpaceCertValidator", cmd_validator, NULL, OR_ALL,
+ AP_INIT_TAKE1("CardSpaceValidator", cmd_validator, NULL, OR_ALL,
"Certificate Validator Type"),
AP_INIT_TAKE1("CardSpaceValidatorData", cmd_validator_data, NULL, OR_ALL,
"Data input for the validator"),
@@ -254,8 +254,16 @@
/*would a shallow copy be fine?*/
merged_cfg->session_file = temp_char;
temp_char = NULL;
-
- temp_int = (ocfg->session_expire > 0) ? ocfg->session_expire :
+
+ temp_char = (ocfg->validator_data) ? ocfg->validator_data :
pcfg->validator_data;
+ /*would a shallow copy be fine?*/
+ merged_cfg->validator_data = temp_char;
+ temp_char = NULL;
+
+ temp_char = (ocfg->validator) ? ocfg->validator : pcfg->validator;
+ /*would a shallow copy be fine?*/
+ merged_cfg->validator = temp_char;
+ temp_char = NULL; temp_int = (ocfg->session_expire > 0) ?
ocfg->session_expire :
pcfg->session_expire;
merged_cfg->session_expire = temp_int;
Modified: trunk/solutions/identity/modules/mod-cspace/cspace_validator.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/cspace_validator.c
(original)
+++ trunk/solutions/identity/modules/mod-cspace/cspace_validator.c Mon Feb
18 02:04:45 2008
@@ -58,6 +58,7 @@
#define MAXARR 1024
+#define ISSUER_SELF
"http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self";
static int white_list_validator(const char *uri, const char *issuer,
const char *ppid, const char *cert,
@@ -68,9 +69,15 @@
X509 *(haystack[MAXARR]); /* TODO: this list should be made static */
int i = 0, j = 0;
- needle = x509_create_with_buffer((void *)cert, strlen(cert));
-
- /*ideally we would do this file read only once per server init*/
+ if (issuer && strcmp(issuer, ISSUER_SELF) == 0) {
+ return FAIL;
+ }
+
+ if (cert) {
+ needle = x509_create_with_buffer((void *)cert, strlen(cert));
+ }
+
+ /*ideally we would read this file only once per server init*/
i=0;
if ((fp = fopen (w_list, "r"))) {
while (!feof(fp)) {
@@ -181,7 +188,7 @@
switch (v_type) {
case VAL_TYPE_WHITE:
- flag = white_list_validator(uri, NULL, NULL, cert, data);
+ flag = white_list_validator(uri, issuer, NULL, cert, data);
break;
case VAL_TYPE_BLACK:
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.c Mon Feb 18
02:04:45 2008
@@ -604,31 +604,34 @@
/*check the return state*/
auth_state = apr_table_get(r->subprocess_env,
- CARDSPACE_HEADER_STATE);
+ CARDSPACE_HEADER_PFX
CARDSPACE_HEADER_STATE);
if ((auth_state) &&
(strcmp(auth_state,
CARDSPACE_STATE_SUCCESS) == 0)) {
-
- const char *ppid;
- const char *cert;
+ const char *issuer = NULL;
+ const char *ppid = NULL;
+ const char *cert = NULL;
int allowed_flag = FAIL;
ppid = apr_table_get(r->subprocess_env,
- CARDSPACE_HEADER_PPID);
+ CARDSPACE_HEADER_PFX
CARDSPACE_HEADER_PPID);
cert = apr_table_get(r->subprocess_env,
- CARDSPACE_HEADER_CERTIFICATE);
+ CARDSPACE_HEADER_PFX
CARDSPACE_HEADER_CERTIFICATE);
+
+ issuer = apr_table_get(r->subprocess_env,
+ CARDSPACE_HEADER_PFX
CARDSPACE_HEADER_ISSUER);
if (!svr_cfg->validator) {
/* if the validator is not present assume cert by
default*/
svr_cfg->validator = "cert";
}
-
+
allowed_flag =
validate_with_op_mode(svr_cfg->validator,
r->uri,
- "TODO:ISSUER",
+ issuer,
ppid,
cert,
svr_cfg->validator_data);
@@ -712,14 +715,14 @@
int state = FAIL;
char *tmp = buf;
-
- /*remove any trailing params*/
- while (*tmp && *tmp != '&') {
- tmp++;
- }
- *tmp = '\0';
+
+ /*remove any trailing params*/
+ while (*tmp && *tmp != '&') {
+ tmp++;
+ }
+ *tmp = '\0';
- cspace_decode_url((char *)buf);
+ cspace_decode_url((char *)buf);
state = process_token(buf, r, svr_cfg);
Modified: trunk/solutions/identity/modules/mod-cspace/process_request.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/process_request.c
(original)
+++ trunk/solutions/identity/modules/mod-cspace/process_request.c Mon Feb
18 02:04:45 2008
@@ -303,6 +303,10 @@
}
+ (*ctx->set_header_fn)(NULL, CARDSPACE_HEADER_ISSUER, issuer,
+ ctx->header_container, ctx->set_header_cb_ctx);
+
+
attrs_obj = cspace_xpath_evaluate(doc, BAD_CAST XPATH_ATTRIBUTE);
if (!attrs_obj) {
goto done;
@@ -558,8 +562,8 @@
}
#ifdef CSPACE_DEBUG
- /*should log properly*/
- xmlDocDump(stderr, doc);
+ /*should log properly*/
+ xmlDocDump(stdout, doc);
#endif
res = SUCC;
Modified: trunk/solutions/identity/modules/mod-cspace/process_request.h
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/process_request.h
(original)
+++ trunk/solutions/identity/modules/mod-cspace/process_request.h Mon Feb
18 02:04:45 2008
@@ -11,6 +11,7 @@
#endif
#define CARDSPACE_HEADER_CERTIFICATE "certificate"
+#define CARDSPACE_HEADER_ISSUER "issuer"
#define CARDSPACE_HEADER_STATE "auth_state"
#define CARDSPACE_STATE_SUCCESS "success"
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
