Author: dumindu
Date: Mon Feb 25 22:17:06 2008
New Revision: 14197
Log:
Added the config directive "CardSpaceSessionManageOverride".
Modified:
trunk/solutions/identity/modules/mod-cspace/cspace_config.c
trunk/solutions/identity/modules/mod-cspace/cspace_validator.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
Modified: trunk/solutions/identity/modules/mod-cspace/cspace_config.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/cspace_config.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/cspace_config.c Mon Feb 25
22:17:06 2008
@@ -50,13 +50,14 @@
void cfg_dir_printf_fn(const char* st, cspace_dir_cfg *cfg, const char* nl)
{
if (cfg)
- printf("%s\t%p, cspace:%s, dir:%s, sess:%s, sso:%s"
- "sess_file:%s%s",
+ printf("%s\t%p, cspace:%s, dir:%s, sess:%s, sess_ovr:%s, sso:%s, "
+ "sess_file:%s, %s",
st,
(void*)cfg,
cfg->use_cspace_auth?"true":"false",
cfg->dirspec,
cfg->session?"true":"false",
+ cfg->session_overridden?"true":"false",
cfg->sso?"true":"false",
cfg->session_file,
nl);
@@ -83,6 +84,14 @@
return NULL;
}
+static const char *cmd_session_manage_override(cmd_parms *cmd, void *mconfig,
+ int arg)
+{
+ cspace_dir_cfg *cfg = (cspace_dir_cfg *)mconfig;
+ cfg->session_overridden = arg ? 1 : 0;
+ return NULL;
+}
+
static const char *cmd_cspace_xml_token(cmd_parms *cmd, void *mconfig,
const char *arg)
{
@@ -190,6 +199,9 @@
"directory"),
AP_INIT_FLAG("CardSpaceSessionManage", cmd_session_manage,
NULL, OR_ALL, "whether to enable session management or not"),
+ AP_INIT_FLAG("CardSpaceSessionManageOverride", cmd_session_manage_override,
+ NULL, OR_ALL, "enable this to override session management"
+ "enabled using CardSpaceSessionManage"),
AP_INIT_TAKE1("CardSpaceXmlToken", cmd_cspace_xml_token, NULL, OR_ALL,
"Name of the XML token sent"),
AP_INIT_TAKE1("CardSpaceExemptURI", cmd_cspace_exempt_uri, NULL, OR_ALL,
@@ -307,6 +319,7 @@
cfg->login_page = apr_array_make(p, DEF_IGNORE_LIST_SIZE,
sizeof(const char *));
cfg->session = 0;
+ cfg->session_overridden = 0;
cfg->sso = 0;
if (dirspec) {
@@ -342,8 +355,11 @@
merged_cfg->login_page = pcfg->login_page;
else
merged_cfg->login_page = ocfg->login_page;
-
+
merged_cfg->session = pcfg->session | ocfg->session;
+ merged_cfg->session_overridden = pcfg->session_overridden |
+ ocfg->session_overridden;
+
merged_cfg->sso = pcfg->sso | ocfg->sso;
temp_char = (ocfg->session_file) ? ocfg->session_file : pcfg->session_file;
Modified: trunk/solutions/identity/modules/mod-cspace/cspace_validator.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/cspace_validator.c
(original)
+++ trunk/solutions/identity/modules/mod-cspace/cspace_validator.c Mon Feb
25 22:17:06 2008
@@ -136,23 +136,37 @@
return FAIL;
}
+#define MAX_HOST_NAME_LEN 1024
+
static int black_list_validator(const char *uri, const char *issuer,
const char *ppid, const char *cert,
const char *b_list)
{
- char line[5];
+ char line[MAX_HOST_NAME_LEN];
FILE *fp = NULL;
+ X509 *crt= NULL;
+ char *cn = NULL;
+
+ if (cert) {
+ crt = x509_create_with_buffer((void *)cert, strlen(cert));
+ }
if ((fp = fopen(b_list, "r"))) {
- while (fgets(line, 5, fp) != NULL)
- {
- /*strcmp with the cert's CN*/
+ while (fgets(line, MAX_HOST_NAME_LEN, fp) != NULL) {
+
+ if (strstr(line, cn)) {
+ fclose(fp);
+ return FAIL;
+ }
+
}
} else {
return FAIL;
}
- /* if no fopen error and not it black list then allow em*/
+
+ fclose(fp);
+ /*if not found in black list allow it*/
return SUCC;
}
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.c (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.c Mon Feb 25
22:17:06 2008
@@ -76,12 +76,7 @@
}
-/* TODO:DONE This function should ideally redirect the browser to the url
specified
- * by url. This is only used to redirect the browser to the login page when an
- * HTTP_UNAUTHORIZED occurs.
- *
- * We can live with the plain HTTP_UNAUTHORIZED for the moment
- */
+#if 0
static int redirect_internal(request_rec *r, char* url)
{
remove_cspace_headers(r);
@@ -89,6 +84,7 @@
return OK;
/*return HTTP_UNAUTHORIZED;*/
}
+#endif
static int find_uri(const char *uri, apr_array_header_t *a)
{
@@ -121,22 +117,24 @@
/*This piece of code is used only for testing purposes*/
-/*
-static int cspace_access_check(request_rec *r) {
- printf("cspace_access_check:\n");
+#ifdef CSPACE_DEBUG
+static int cspace_access_check_testing(request_rec *r) {
+
cspace_dir_cfg *dir_cfg = (cspace_dir_cfg *)ap_get_module_config(
r->per_dir_config, &cspace_module);
cspace_svr_cfg *svr_cfg = (cspace_svr_cfg *)ap_get_module_config(
r->server->module_config, &cspace_module);
-
- cfg_svr_printf("\tchk_svr_cfg", svr_cfg, "\n");
- cfg_dir_printf("\tchk_dir_cfg", dir_cfg, "\n");
+ printf("\n\n\nCSPACE_ACCESS_CHECK\n");
+ cfg_svr_printf("\tsvr cfg:", svr_cfg, "\n");
+ cfg_dir_printf("\tdir cfg:", dir_cfg, "\n");
+ printf("\tURI: %s\n\n\n\n", r->uri);
+
return DECLINED;
}
-*/
+#endif
/* FROM http_filter.c:
*
@@ -821,10 +819,10 @@
&cspace_module);
#ifdef CSPACE_DEBUG
- printf("CSPACE_ACCESS_CHECK\n");
+ printf("\n\n\nCSPACE_ACCESS_CHECK\n");
cfg_svr_printf("\tsvr cfg:", svr_cfg, "\n");
cfg_dir_printf("\tdir cfg:", dir_cfg, "\n");
- printf("\turi: %s\n", r->uri);
+ printf("\tURI: %s\n\n\n\n", r->uri);
#endif
if (!(dir_cfg->use_cspace_auth))
@@ -843,7 +841,7 @@
return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri);
}
- if (dir_cfg->session) {
+ if (dir_cfg->session && !dir_cfg->session_overridden) {
if (dir_cfg->sso) {
return handle_session_sso(r, dir_cfg, svr_cfg);
} else {
@@ -862,8 +860,8 @@
/* return UNAUTHORIZED_REDIRECT(r, dir_cfg->redir_uri); */
}
-char data[] =
"MIIDRDCCAq2gAwIBAgIJAIhSvW2QQbDDMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYDVQQGEwJMSzEQMA4GA1UECBMHV2VzdGVybjEeMBwGA1UEChMVV1NPMiBMYW5rYSAoUHZ0KSBMdGQuMREwDwYDVQQLEwhTZWN1cml0eTEiMCAGA1UEAxMZV1NPMiBJZGVudGl0eSBTb2x1dGlvbiBDQTEkMCIGCSqGSIb3DQEJARYVaWRlbnRpdHktZGV2QHdzbzIub3JnMB4XDTA3MDkyODEyNTkzNloXDTI0MDMwMjEyNTkzNlowezELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDTALBgNVBAoTBFdTTzIxGjAYBgNVBAsTEUlkZW50aXR5IFNvbHV0aW9uMR0wGwYDVQQDExRpZGVudGl0eS5say53c28yLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUgh+jegaVAoCBbYg9gsUzxlpoD7UeX3R39rMpqQpAsTtCC7Jks1CCpF1jFttyPcXagRoOL6xXAbpjKyyzU08DoC8Gsnzlmj8nyPw1n8hr5e1g+5ZMxf7S+P5Op7QzASoQUQhMyEOlM24KtombTsg+0YZV4g7YndauDckNSIGlUCAwEAAaOBrTCBqjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOq/5DXiozYJeuwbT8VFH3rHjoVYwHwYDVR0jBBgwFoAU2NAfBYUWO847BEWZGDwwBtsmB2swLwYJYIZIAYb4QgEEBCIWIGh0dHA6Ly9jYS5pcy53c28yLm9yZy9jYS1jcmwucGVtMA0GCSqGSIb3DQEBBQUAA4GBAANDXhknYtcrXReWSkvkUJgUvfEWlBnB93SUC8G5JYjojDCjGYeb3kSVJGtUqO3U4M3iXNFJHdoVD7ytrNSoR9KlbSsk5OXeK/zSIZ9Dj18NMeAXk6nIu8Zj4sbN6MIDhHBCpR9T3lUe4JmkgNp78l/eibH9btEq/e+mp5UXVcQ/";
-
+/*char data[] =
"MIIDRDCCAq2gAwIBAgIJAIhSvW2QQbDDMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYDVQQGEwJMSzEQMA4GA1UECBMHV2VzdGVybjEeMBwGA1UEChMVV1NPMiBMYW5rYSAoUHZ0KSBMdGQuMREwDwYDVQQLEwhTZWN1cml0eTEiMCAGA1UEAxMZV1NPMiBJZGVudGl0eSBTb2x1dGlvbiBDQTEkMCIGCSqGSIb3DQEJARYVaWRlbnRpdHktZGV2QHdzbzIub3JnMB4XDTA3MDkyODEyNTkzNloXDTI0MDMwMjEyNTkzNlowezELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDTALBgNVBAoTBFdTTzIxGjAYBgNVBAsTEUlkZW50aXR5IFNvbHV0aW9uMR0wGwYDVQQDExRpZGVudGl0eS5say53c28yLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUgh+jegaVAoCBbYg9gsUzxlpoD7UeX3R39rMpqQpAsTtCC7Jks1CCpF1jFttyPcXagRoOL6xXAbpjKyyzU08DoC8Gsnzlmj8nyPw1n8hr5e1g+5ZMxf7S+P5Op7QzASoQUQhMyEOlM24KtombTsg+0YZV4g7YndauDckNSIGlUCAwEAAaOBrTCBqjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOq/5DXiozYJeuwbT8VFH3rHjoVYwHwYDVR0jBBgwFoAU2NAfBYUWO847BEWZGDwwBtsmB2swLwYJYIZIAYb4QgEEBCIWIGh0dHA6Ly9jYS5pcy53c28yLm9yZy9jYS1jcmwucGVtMA0GCSqGSIb3DQEBBQUAA4GBAANDXhknYtcrXReWSkvkUJgUvfEWlBnB93SUC8G5JYjojDCjGYeb3kSVJGtUqO3U4M3iXNFJHdoVD7ytrNSoR9KlbSsk5OXeK/zSIZ9Dj18NMeAXk6nIu8Zj4sbN6MIDhHBCpR9T3lUe4JmkgNp78l/eibH9btEq/e+mp5UXVcQ/";
+*/
static int cspace_post_config(apr_pool_t *pconf, apr_pool_t *plog,
apr_pool_t *ptemp, server_rec *s)
Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.h
==============================================================================
--- trunk/solutions/identity/modules/mod-cspace/mod_cspace.h (original)
+++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.h Mon Feb 25
22:17:06 2008
@@ -39,6 +39,7 @@
apr_pool_t *pool;
int use_cspace_auth; /*true|false flag*/
int session; /*true|false flag*/
+ int session_overridden; /*true|false flag*/
int sso; /*true|false flag*/
char dirspec[256]; /*TODO: remove MAGIC numbers*/
apr_array_header_t *login_page;
@@ -71,7 +72,7 @@
#define cfg_dir_printf(st, cfg, nl)
#endif
-const command_rec cspace_cmds[14];
+const command_rec cspace_cmds[15];
void *cspace_svr_cfg_create(apr_pool_t *p, server_rec *s);
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
