static apr_status_t oidc_session_load_cookie(request_rec *r, session_rec *z) { oidc_dir_cfg *d = ap_get_module_config(r->per_dir_config, &auth_openidc_module); char *cookieValue = oidc_util_get_cookie(r, d->cookie); if (cookieValue != NULL) { if (oidc_base64url_decode_decrypt_string(r, (char **) &z->encoded, cookieValue) <= 0) { //oidc_util_set_cookie(r, d->cookie, ""); oidc_warn(r, "cookie value possibly corrupted"); return APR_EGENERAL; } } return APR_SUCCESS; }
/* load the session from the cache using the cookie as the index */ static apr_status_t oidc_session_load_cache(request_rec *r, session_rec *z) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); oidc_dir_cfg *d = ap_get_module_config(r->per_dir_config, &auth_openidc_module); /* get the cookie that should be our uuid/key */ char *uuid = oidc_util_get_cookie(r, d->cookie); /* get the string-encoded session from the cache based on the key */ if (uuid != NULL) { c->cache->get(r, OIDC_CACHE_SECTION_SESSION, uuid, &z->encoded); //oidc_util_set_cookie(r, d->cookie, ""); } return (z->encoded != NULL) ? APR_SUCCESS : APR_EGENERAL; }
/* * load the session from the cache using the cookie as the index */ static apr_byte_t oidc_session_load_cache(request_rec *r, oidc_session_t *z) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); const char *stored_uuid = NULL; apr_byte_t rc = FALSE; /* get the cookie that should be our uuid/key */ char *uuid = oidc_util_get_cookie(r, oidc_cfg_dir_cookie(r)); /* get the string-encoded session from the cache based on the key; decryption is based on the cache backend config */ if (uuid != NULL) { char *s_json = NULL; rc = oidc_cache_get_session(r, uuid, &s_json); if ((rc == TRUE) && (s_json != NULL)) { rc = oidc_session_decode(r, c, z, s_json, FALSE); if (rc == TRUE) { strncpy(z->uuid, uuid, strlen(uuid)); /* compare the session id in the cache value so it allows us to detect cache corruption */ oidc_session_get(r, z, OIDC_SESSION_SESSION_ID, &stored_uuid); if ((stored_uuid == NULL) || (apr_strnatcmp(stored_uuid, uuid) != 0)) { oidc_error(r, "cache corruption detected: stored session id (%s) is not equal to requested session id (%s)", stored_uuid, uuid); /* delete the session cookie */ oidc_util_set_cookie(r, oidc_cfg_dir_cookie(r), "", 0, NULL); /* delete the cache entry */ rc = oidc_cache_set_session(r, z->uuid, NULL, 0); /* clear the session */ oidc_session_clear(r, z); rc = FALSE; } } } } return rc; }
/* * get the authorization header that should contain a bearer token */ static apr_byte_t oidc_oauth_get_bearer_token(request_rec *r, const char **access_token) { /* get a handle to the directory config */ oidc_dir_cfg *dir_cfg = ap_get_module_config(r->per_dir_config, &auth_openidc_module); *access_token = NULL; if ((dir_cfg->oauth_accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_HEADER) || (dir_cfg->oauth_accept_token_in == OIDC_OAUTH_ACCEPT_TOKEN_IN_DEFAULT)) { /* get the authorization header */ const char *auth_line; auth_line = apr_table_get(r->headers_in, "Authorization"); if (auth_line) { oidc_debug(r, "authorization header found"); /* look for the Bearer keyword */ if (apr_strnatcasecmp(ap_getword(r->pool, &auth_line, ' '), "Bearer") == 0) { /* skip any spaces after the Bearer keyword */ while (apr_isspace(*auth_line)) { auth_line++; } /* copy the result in to the access_token */ *access_token = apr_pstrdup(r->pool, auth_line); } else { oidc_warn(r, "client used unsupported authentication scheme: %s", r->uri); } } } if ((*access_token == NULL) && (r->method_number == M_POST) && (dir_cfg->oauth_accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_POST)) { apr_table_t *params = apr_table_make(r->pool, 8); if (oidc_util_read_post_params(r, params) == TRUE) { *access_token = apr_table_get(params, "access_token"); } } if ((*access_token == NULL) && (dir_cfg->oauth_accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_QUERY)) { apr_table_t *params = apr_table_make(r->pool, 8); oidc_util_read_form_encoded_params(r, params, r->args); *access_token = apr_table_get(params, "access_token"); } if ((*access_token == NULL) && (dir_cfg->oauth_accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_COOKIE)) { const char *cookie_name = apr_hash_get( dir_cfg->oauth_accept_token_options, "cookie-name", APR_HASH_KEY_STRING); const char *auth_line = oidc_util_get_cookie(r, cookie_name); if (auth_line != NULL) { /* copy the result in to the access_token */ *access_token = apr_pstrdup(r->pool, auth_line); } else { oidc_warn(r, "no cookie found with name: %s", cookie_name); } } if (*access_token == NULL) { oidc_debug(r, "no bearer token found in the allowed methods (authorization header, post, query parameter or cookie)"); return FALSE; } /* log some stuff */ oidc_debug(r, "bearer token: %s", *access_token); return TRUE; }