[Identity-dev] svn commit r10637 - trunk/solutions/identity/modules/mod-cspace

Thu, 06 Dec 2007 04:10:52 -0800 

Author: dumindu
Date: Thu Dec  6 04:10:41 2007
New Revision: 10637

Log:

Check for invalid headers


Modified:
   trunk/solutions/identity/modules/mod-cspace/mod_cspace.c

Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.c    (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.c    Thu Dec  6 
04:10:41 2007
@@ -185,6 +185,8 @@
     printf("Header %s/%s:%s\n", uri, key, val);
 #endif
 
+    /*process_context_extract info dups for us*/
+
 #ifndef DONT_INCLUDE_CS_PFX_IN_HEADERS
     if (uri) {
         apr_table_set(t, apr_pstrcat(pool, CARDSPACE_HEADER_PFX, uri, "/",
@@ -201,32 +203,22 @@
     }
 #endif /* DONT_INCLUDE_CS_PFX_IN_HEADERS */
 
-    /*process_context_extract info dups for us*/
-
-    /*apr_pstrdup((apr_pool_t *)pool, key),
-                  apr_pstrdup((apr_pool_t *)pool, val));*/
-    /*apr_table_set(t, strdup(key), 
-                     strdup(val));*/
-
 }
 
-#if 0
 static int iterate_headers(void *rec, const char *key, const char *val)
 {
-    if (ap_strstr_c(key, "cardspace"))
+    if (ap_strstr_c(key, CARDSPACE_HEADER_PFX))
         return FAIL;
     else
         return SUCC;
 }
 
-/*with the use of subprocess_env, this function is useless now*/
 /* may be we need a config option to specify where the claims should be
  * added. is processing at the proxy a real use case?*/
 static int check_valid_headers(request_rec *r)
 {
     return apr_table_do(iterate_headers, NULL, r->subprocess_env, NULL);
 }
-#endif
 
 static int set_cookie(request_rec *r, const char* session_id)
 {
@@ -559,13 +551,9 @@
     if (strcmp(ap_http_scheme(r), "https") != 0)
         return UNAUTHORIZED_REDIRECT(r, NULL);
 
-    /* We no longer use the headers_in table,
-     * hence this check is unnecessary
-     */
     /*Don't send us CARDSPACE headers*/
-    /*if (!check_valid_headers(r))
-        return UNAUTHORIZED_REDIRECT(r, NULL); */
-
+    if (!check_valid_headers(r))
+        return UNAUTHORIZED_REDIRECT(r, NULL);
  
     if (dir_cfg->session) {
         if (dir_cfg->sso) {

_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev

Reply via email to