/* * load the session from the request context, create a new one if no luck */ static apr_status_t oidc_session_load_22(request_rec *r, session_rec **zz) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); /* first see if this is a sub-request and it was set already in the main request */ if (((*zz) = (session_rec *) oidc_request_state_get(r, "session")) != NULL) { oidc_debug(r, "loading session from request state"); return APR_SUCCESS; } /* allocate space for the session object and fill it */ session_rec *z = (*zz = apr_pcalloc(r->pool, sizeof(session_rec))); z->pool = r->pool; /* get a new uuid for this session */ z->uuid = (apr_uuid_t *) apr_pcalloc(z->pool, sizeof(apr_uuid_t)); apr_uuid_get(z->uuid); z->remote_user = NULL; z->encoded = NULL; z->entries = apr_table_make(z->pool, 10); apr_status_t rc = APR_SUCCESS; if (c->session_type == OIDC_SESSION_TYPE_22_SERVER_CACHE) { /* load the session from the cache */ rc = oidc_session_load_cache(r, z); } else if (c->session_type == OIDC_SESSION_TYPE_22_CLIENT_COOKIE) { /* load the session from a self-contained cookie */ rc = oidc_session_load_cookie(r, z); } else { oidc_error(r, "oidc_session_load_22: unknown session type: %d", c->session_type); rc = APR_EGENERAL; } /* see if it worked out */ if (rc != APR_SUCCESS) return rc; /* yup, now decode the info */ if (oidc_session_identity_decode(r, z) != APR_SUCCESS) return APR_EGENERAL; /* check whether it has expired */ if (apr_time_now() > z->expiry) { oidc_warn(r, "session restored from cache has expired"); apr_table_clear(z->entries); z->expiry = 0; z->encoded = NULL; return APR_EGENERAL; } /* store this session in the request context, so it is available to sub-requests */ oidc_request_state_set(r, "session", (const char *) z); return APR_SUCCESS; }
/* * load a session from the cache/cookie */ apr_byte_t oidc_session_load(request_rec *r, oidc_session_t **zz) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); apr_byte_t rc = FALSE; const char *ses_p_tb_id = NULL, *env_p_tb_id = NULL; /* allocate space for the session object and fill it */ oidc_session_t *z = (*zz = apr_pcalloc(r->pool, sizeof(oidc_session_t))); oidc_session_clear(r, z); if (c->session_type == OIDC_SESSION_TYPE_SERVER_CACHE) /* load the session from the cache */ rc = oidc_session_load_cache(r, z); /* if we get here we configured client-cookie or retrieving from the cache failed */ if ((c->session_type == OIDC_SESSION_TYPE_CLIENT_COOKIE) || ((rc == FALSE) && oidc_cfg_session_cache_fallback_to_cookie(r))) /* load the session from a self-contained cookie */ rc = oidc_session_load_cookie(r, c, z); if ((rc == TRUE) && (z->state != NULL)) { json_t *j_expires = json_object_get(z->state, OIDC_SESSION_EXPIRY_KEY); if (j_expires) z->expiry = apr_time_from_sec(json_integer_value(j_expires)); /* check whether it has expired */ if (apr_time_now() > z->expiry) { oidc_warn(r, "session restored from cache has expired"); oidc_session_clear(r, z); } else { oidc_session_get(r, z, OIDC_SESSION_PROVIDED_TOKEN_BINDING_KEY, &ses_p_tb_id); if (ses_p_tb_id != NULL) { env_p_tb_id = oidc_util_get_provided_token_binding_id(r); if ((env_p_tb_id == NULL) || (apr_strnatcmp(env_p_tb_id, ses_p_tb_id) != 0)) { oidc_error(r, "the Provided Token Binding ID stored in the session doesn't match the one presented by the user agent"); oidc_session_clear(r, z); } } oidc_session_get(r, z, OIDC_SESSION_REMOTE_USER_KEY, &z->remote_user); } } return rc; }