/*
* load the session from the request context, create a new one if no luck
*/
static apr_status_t oidc_session_load_22(request_rec *r, session_rec **zz) {
oidc_cfg *c = ap_get_module_config(r->server->module_config,
&auth_openidc_module);
/* first see if this is a sub-request and it was set already in the main request */
if (((*zz) = (session_rec *) oidc_request_state_get(r, "session")) != NULL) {
oidc_debug(r, "loading session from request state");
return APR_SUCCESS;
}
/* allocate space for the session object and fill it */
session_rec *z = (*zz = apr_pcalloc(r->pool, sizeof(session_rec)));
z->pool = r->pool;
/* get a new uuid for this session */
z->uuid = (apr_uuid_t *) apr_pcalloc(z->pool, sizeof(apr_uuid_t));
apr_uuid_get(z->uuid);
z->remote_user = NULL;
z->encoded = NULL;
z->entries = apr_table_make(z->pool, 10);
apr_status_t rc = APR_SUCCESS;
if (c->session_type == OIDC_SESSION_TYPE_22_SERVER_CACHE) {
/* load the session from the cache */
rc = oidc_session_load_cache(r, z);
} else if (c->session_type == OIDC_SESSION_TYPE_22_CLIENT_COOKIE) {
/* load the session from a self-contained cookie */
rc = oidc_session_load_cookie(r, z);
} else {
oidc_error(r, "oidc_session_load_22: unknown session type: %d",
c->session_type);
rc = APR_EGENERAL;
}
/* see if it worked out */
if (rc != APR_SUCCESS)
return rc;
/* yup, now decode the info */
if (oidc_session_identity_decode(r, z) != APR_SUCCESS)
return APR_EGENERAL;
/* check whether it has expired */
if (apr_time_now() > z->expiry) {
oidc_warn(r, "session restored from cache has expired");
apr_table_clear(z->entries);
z->expiry = 0;
z->encoded = NULL;
return APR_EGENERAL;
}
/* store this session in the request context, so it is available to sub-requests */
oidc_request_state_set(r, "session", (const char *) z);
return APR_SUCCESS;
}
/*
* load a session from the cache/cookie
*/
apr_byte_t oidc_session_load(request_rec *r, oidc_session_t **zz) {
oidc_cfg *c = ap_get_module_config(r->server->module_config,
&auth_openidc_module);
apr_byte_t rc = FALSE;
const char *ses_p_tb_id = NULL, *env_p_tb_id = NULL;
/* allocate space for the session object and fill it */
oidc_session_t *z = (*zz = apr_pcalloc(r->pool, sizeof(oidc_session_t)));
oidc_session_clear(r, z);
if (c->session_type == OIDC_SESSION_TYPE_SERVER_CACHE)
/* load the session from the cache */
rc = oidc_session_load_cache(r, z);
/* if we get here we configured client-cookie or retrieving from the cache failed */
if ((c->session_type == OIDC_SESSION_TYPE_CLIENT_COOKIE)
|| ((rc == FALSE) && oidc_cfg_session_cache_fallback_to_cookie(r)))
/* load the session from a self-contained cookie */
rc = oidc_session_load_cookie(r, c, z);
if ((rc == TRUE) && (z->state != NULL)) {
json_t *j_expires = json_object_get(z->state, OIDC_SESSION_EXPIRY_KEY);
if (j_expires)
z->expiry = apr_time_from_sec(json_integer_value(j_expires));
/* check whether it has expired */
if (apr_time_now() > z->expiry) {
oidc_warn(r, "session restored from cache has expired");
oidc_session_clear(r, z);
} else {
oidc_session_get(r, z, OIDC_SESSION_PROVIDED_TOKEN_BINDING_KEY,
&ses_p_tb_id);
if (ses_p_tb_id != NULL) {
env_p_tb_id = oidc_util_get_provided_token_binding_id(r);
if ((env_p_tb_id == NULL)
|| (apr_strnatcmp(env_p_tb_id, ses_p_tb_id) != 0)) {
oidc_error(r,
"the Provided Token Binding ID stored in the session doesn't match the one presented by the user agent");
oidc_session_clear(r, z);
}
}
oidc_session_get(r, z, OIDC_SESSION_REMOTE_USER_KEY,
&z->remote_user);
}
}
return rc;
}
