Author: dumindu
Date: Tue Feb 19 09:39:10 2008
New Revision: 13896
Log:
fixed redirect mechanism (UNAUTHORIZED_REDIRECT).
Modified:
trunk/solutions/identity/modules/mod-cspace/cspace_config.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
trunk/solutions/identity/modules/mod-cspace/process_request.c
Modified: trunk/solutions/identity/modules/mod-cspace/cspace_config.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/cspace_config.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/cspace_config.c Tue Feb 19
09:39:10 2008
@@ -105,6 +105,15 @@
return NULL;
}
+static const char *cmd_cspace_redir_uri(cmd_parms *cmd, void *mconfig,
+ const char *arg)
+{
+ cspace_dir_cfg *cfg = (cspace_dir_cfg *)mconfig;
+ strcpy(cfg->redir_uri, arg);
+ return NULL;
+
+}
+
static const char *cmd_key_file(cmd_parms *cmd, void *mconfig,
const char *arg)
{
@@ -185,6 +194,8 @@
"Name of the XML token sent"),
AP_INIT_TAKE1("CardSpaceExemptURI", cmd_cspace_exempt_uri, NULL, OR_ALL,
"URI of login page in session managed case"),
+ AP_INIT_TAKE1("CardSpaceRedirectURI", cmd_cspace_redir_uri, NULL, OR_ALL,
+ "URI of login page in session managed case"),
/* SSLCertificateKeyFile cannot be used in 2.0 because that will make
* mod_ssl not to read that configuration directive.*/
/*AP_INIT_TAKE1("CardSpaceSSLKeyFile", cmd_key_file, NULL, RSRC_CONF,
@@ -283,6 +294,8 @@
(cspace_dir_cfg *)apr_palloc(p, sizeof(cspace_dir_cfg));
cfg->pool = p;
+
+ cfg->redir_uri[0] = '\0';
cfg->dirspec[0] = '\0';
cfg->use_cspace_auth = 0;
@@ -338,6 +351,10 @@
strcpy(merged_cfg->session_file, temp_char);
temp_char = NULL;
+ temp_char = (ocfg->redir_uri) ? ocfg->redir_uri : pcfg->redir_uri;
+ strcpy(merged_cfg->redir_uri, temp_char);
+ temp_char = NULL;
+
/*merged_cfg->session_ctx = ((ocfg->session_ctx) ? ocfg->session_ctx :
pcfg->session_ctx);*/
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.c Tue Feb 19
09:39:10 2008
@@ -45,6 +45,8 @@
#define CARDSPACE_HEADER_PPID
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier";
+static void remove_cspace_headers(request_rec *r);
+
void cspace_log_error(const char *msg, pc_log_level_t level, void *cb_ctx)
{
ap_log_error(APLOG_MARK, level, 0, (server_rec *)cb_ctx, msg);
@@ -72,7 +74,10 @@
*/
static int redirect(request_rec *r, char* url)
{
- return HTTP_UNAUTHORIZED;
+ /*remove_cspace_headers(r);
+ ap_internal_redirect(url, r);*/
+ return OK;
+ /*return HTTP_UNAUTHORIZED;*/
}
static int find_uri(const char *uri, apr_array_header_t *a)
@@ -231,7 +236,37 @@
}
-static int iterate_headers(void *rec, const char *key, const char *val)
+/*
+static int iterate_headers_remove(void *rec, const char *key, const char *val)
+{
+ if (ap_strstr_c(key, CARDSPACE_HEADER_PFX))
+ apr_table_unset(((request_rec *)rec)->subprocess_env, key);
+
+ return SUCC;
+}*/
+
+static void remove_cspace_headers(request_rec *r)
+{
+ const apr_array_header_t *hdr = apr_table_elts(r->subprocess_env);
+ apr_table_entry_t *elts = (apr_table_entry_t *)hdr->elts;
+
+ /*apr_table_entry_t *elts = (apr_table_entry_t *)
r->subprocess_env->a.elts;*/
+
+ int j = hdr->nelts;
+ int i;
+
+ for (i = 0; i < j; ++i) {
+ if (elts[i].key) {
+ if (ap_strstr_c(elts[i].key, CARDSPACE_HEADER_PFX)) {
+ apr_table_unset(r->subprocess_env, elts[i].key);
+ --i; --j; /* HACK: this was done according to the
+ impl of apr_table_unset */
+ }
+ }
+ }
+}
+
+static int iterate_headers_check(void *rec, const char *key, const char *val)
{
if (ap_strstr_c(key, CARDSPACE_HEADER_PFX))
return FAIL;
@@ -243,7 +278,7 @@
* added. is processing at the proxy a real use case?*/
static int check_valid_headers(request_rec *r)
{
- return apr_table_do(iterate_headers, NULL, r->subprocess_env, NULL);
+ return apr_table_do(iterate_headers_check, NULL, r->subprocess_env, NULL);
}
static int set_cookie(request_rec *r, const char* session_id)
@@ -362,7 +397,7 @@
cspace_svr_cfg *svr_cfg)
{
/*TODO*/
- return UNAUTHORIZED_REDIRECT(r, NULL);
+ return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
static int handle_nosession_sso(request_rec *r, cspace_dir_cfg *dir_cfg,
@@ -392,7 +427,7 @@
if ((cspace_login_arg_avail(r)) && (r->method_number == M_POST)) {
/*TODO*/
}
- return UNAUTHORIZED_REDIRECT(r, NULL);
+ return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
static int process_token(const char *buf, request_rec *r,
@@ -639,7 +674,7 @@
if (allowed_flag) {
return OK;
} else {
- return UNAUTHORIZED_REDIRECT(r, NULL);
+ return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
#if 0
@@ -683,7 +718,7 @@
}
#endif
} else {
- return UNAUTHORIZED_REDIRECT(r, NULL);
+ return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
}
} else {
@@ -696,7 +731,7 @@
return ret;
}
}
- return UNAUTHORIZED_REDIRECT(r, NULL);
+ return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
static int handle_nosession_nosso(request_rec *r, cspace_dir_cfg *dir_cfg,
@@ -737,7 +772,7 @@
cspace_log_error("could not extract the token from the request",
APLOG_NOTICE, r->server);
- /*Should it be UNAUTHORIZED_REDIRECT(r, NULL) that should go here*/
+ /*Should it be UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri) that
should go here*/
if (ret != OK)
return ret;
}
@@ -770,14 +805,14 @@
if (strcmp(ap_http_scheme(r), "https") != 0) {
cspace_log_error("https scheme expected for cardspace requests",
APLOG_NOTICE, r->server);
- return UNAUTHORIZED_REDIRECT(r, NULL);
+ return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
/*Don't send us CARDSPACE headers*/
if (!check_valid_headers(r)) {
cspace_log_error("client sent cardspace headers. denied access",
APLOG_NOTICE, r->server);
- return UNAUTHORIZED_REDIRECT(r, NULL);
+ return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
if (dir_cfg->session) {
@@ -796,7 +831,7 @@
}
/* unreachable code*/
- /* return UNAUTHORIZED_REDIRECT(r, NULL); */
+ /* return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri); */
}
char data[] =
"MIIDRDCCAq2gAwIBAgIJAIhSvW2QQbDDMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYDVQQGEwJMSzEQMA4GA1UECBMHV2VzdGVybjEeMBwGA1UEChMVV1NPMiBMYW5rYSAoUHZ0KSBMdGQuMREwDwYDVQQLEwhTZWN1cml0eTEiMCAGA1UEAxMZV1NPMiBJZGVudGl0eSBTb2x1dGlvbiBDQTEkMCIGCSqGSIb3DQEJARYVaWRlbnRpdHktZGV2QHdzbzIub3JnMB4XDTA3MDkyODEyNTkzNloXDTI0MDMwMjEyNTkzNlowezELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDTALBgNVBAoTBFdTTzIxGjAYBgNVBAsTEUlkZW50aXR5IFNvbHV0aW9uMR0wGwYDVQQDExRpZGVudGl0eS5say53c28yLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUgh+jegaVAoCBbYg9gsUzxlpoD7UeX3R39rMpqQpAsTtCC7Jks1CCpF1jFttyPcXagRoOL6xXAbpjKyyzU08DoC8Gsnzlmj8nyPw1n8hr5e1g+5ZMxf7S+P5Op7QzASoQUQhMyEOlM24KtombTsg+0YZV4g7YndauDckNSIGlUCAwEAAaOBrTCBqjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOq/5DXiozYJeuwbT8VFH3rHjoVYwHwYDVR0jBBgwFoAU2NAfBYUWO847BEWZGDwwBtsmB2swLwYJYIZIAYb4QgEEBCIWIGh0dHA6Ly9jYS5pcy53c28yLm9yZy9jYS1jcmwucGVtMA0GCSqGSIb3DQEBBQUAA4GBAANDXhknYtcrXReWSkvkUJgUvfEWlBnB93SUC8G5JYjojDCjGYeb3kSVJGtUqO3U4M3iXNFJHdoVD7ytrNSoR9KlbSsk5OXeK/zSIZ9Dj18NMeAXk6nIu8Zj4sbN6MIDhHBCpR9T3lUe4JmkgNp78l/eibH9btEq/e+mp5UXVcQ/";
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.h (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.h Tue Feb 19
09:39:10 2008
@@ -43,6 +43,7 @@
char dirspec[256]; /*TODO: remove MAGIC numbers*/
apr_array_header_t *login_page;
char session_file[1024]; /*TODO: remove MAGIC numbers*/
+ char redir_uri[1024]; /*TODO: remove MAGIC numbers*/
char xml_token[CSPACE_XML_TOKEN_LEN_MAX];
/*void *session_ctx;*/ /*of session_ctx_t type*/
} cspace_dir_cfg;
@@ -70,7 +71,7 @@
#define cfg_dir_printf(st, cfg, nl)
#endif
-const command_rec cspace_cmds[13];
+const command_rec cspace_cmds[14];
void *cspace_svr_cfg_create(apr_pool_t *p, server_rec *s);
Modified: trunk/solutions/identity/modules/mod-cspace/process_request.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/process_request.c
(original)
+++ trunk/solutions/identity/modules/mod-cspace/process_request.c Tue Feb
19 09:39:10 2008
@@ -62,7 +62,7 @@
/* "/saml:Assertion/dsig:Signature/dsig:KeyInfo/dsig:X509Data/
* dsig:X509Certificate" */
-#define XPATH_X509_CERT XPATH_X509_DATA ":" X509_CERT
+#define XPATH_X509_CERT XPATH_X509_DATA "/" DSIG_PFX ":" X509_CERT
/* "/enc:EncryptedData" */
#define XPATH_ENC_DATA "/" ENC_PFX ":" ENCRYPTED_DATA
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
