static int amagent_auth_handler(request_rec *r) {
const char *thisfunc = "amagent_auth_handler():";
int rv;
am_request_t d;
am_config_t *boot = NULL;
amagent_config_t *c = ap_get_module_config(r->server->module_config, &amagent_module);
if (c == NULL || !c->enabled || c->error != AM_SUCCESS) {
/* amagent module is not enabled for this
* server/virtualhost - we are not handling this request
**/
return DECLINED;
}
if (c->error != AM_SUCCESS) {
LOG_R(APLOG_ERR, r, "%s is not configured to handle the request "
"to %s (unable to load bootstrap configuration from %s, error: %s)",
DESCRIPTION, r->uri, c->config, am_strerror(c->error));
return HTTP_FORBIDDEN;
}
LOG_R(APLOG_DEBUG, r, "amagent_auth_handler(): [%s] [%ld]", c->config, c->config_id);
/* register and update instance logger configuration (for already registered
* instances - update logging level only
*/
am_log_register_instance(c->config_id, c->debug_file, c->debug_level,
c->audit_file, c->audit_level);
am_log_debug(c->config_id, "%s begin", thisfunc);
/* fetch agent configuration instance (from cache if available) */
rv = am_get_agent_config(c->config_id, c->config, &boot);
if (boot == NULL || rv != AM_SUCCESS) {
LOG_R(APLOG_ERR, r, "%s is not configured to handle the request "
"to %s (unable to get agent configuration instance, configuration: %s, error: %s)",
DESCRIPTION, r->uri, c->config, am_strerror(rv));
am_log_error(c->config_id, "amagent_auth_handler(): failed to get agent configuration instance, error: %s",
am_strerror(rv));
return HTTP_FORBIDDEN;
}
/* set up request processor data structure */
memset(&d, 0, sizeof (am_request_t));
d.conf = boot;
d.status = AM_ERROR;
d.instance_id = c->config_id;
d.ctx = r;
d.method = get_method_num(r, c->config_id);
d.content_type = apr_table_get(r->headers_in, "Content-Type");
d.cookies = apr_table_get(r->headers_in, "Cookie");
if (ISVALID(d.conf->client_ip_header)) {
d.client_ip = (char *) apr_table_get(r->headers_in, d.conf->client_ip_header);
}
if (!ISVALID(d.client_ip)) {
#ifdef APACHE24
d.client_ip = (char *) r->connection->client_ip;
#else
d.client_ip = (char *) r->connection->remote_ip;
#endif
}
if (ISVALID(d.conf->client_hostname_header)) {
d.client_host = (char *) apr_table_get(r->headers_in, d.conf->client_hostname_header);
}
d.am_get_request_url_f = get_request_url;
d.am_get_post_data_f = get_request_body;
d.am_set_post_data_f = set_request_body;
d.am_set_user_f = set_user;
d.am_set_header_in_request_f = set_header_in_request;
d.am_add_header_in_response_f = add_header_in_response;
d.am_set_cookie_f = set_cookie;
d.am_set_custom_response_f = set_custom_response;
d.am_set_method_f = set_method;
am_process_request(&d);
rv = am_status_value(d.status);
am_log_debug(c->config_id, "amagent_auth_handler(): exit status: %s (%d)",
am_strerror(d.status), d.status);
am_config_free(&d.conf);
am_request_free(&d);
LOG_R(APLOG_DEBUG, r, "amagent_auth_handler(): return status: %d", rv);
return rv;
}
static int send_authcontext_request(am_net_t *conn, const char *realm, char **token) {
static const char *thisfunc = "send_authcontext_request():";
size_t post_sz, post_data_sz;
char *post = NULL, *post_data = NULL;
int status = AM_ERROR;
struct request_data *req_data;
if (conn == NULL || conn->data == NULL || token == NULL ||
!ISVALID(realm)) return AM_EINVAL;
req_data = (struct request_data *) conn->data;
post_data_sz = am_asprintf(&post_data,
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
"<RequestSet vers=\"1.0\" svcid=\"auth\" reqid=\"0\">"
"<Request><![CDATA["
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><AuthContext version=\"1.0\">"
"<Request authIdentifier=\"0\">"
"<NewAuthContext orgName=\"%s\"/></Request></AuthContext>]]>"
"</Request></RequestSet>",
realm);
if (post_data == NULL) return AM_ENOMEM;
post_sz = am_asprintf(&post, "POST %s/authservice HTTP/1.1\r\n"
"Host: %s:%d\r\n"
"User-Agent: "MODINFO"\r\n"
"Accept: text/xml\r\n"
"Connection: Keep-Alive\r\n"
"Content-Type: text/xml; charset=UTF-8\r\n"
"Content-Length: %d\r\n\r\n"
"%s", conn->uv.path, conn->uv.host, conn->uv.port, post_data_sz, post_data);
if (post == NULL) {
free(post_data);
return AM_ENOMEM;
}
#ifdef DEBUG
AM_LOG_DEBUG(conn->instance_id, "%s sending %d bytes:\n%s", thisfunc, post_sz, post);
#else
AM_LOG_DEBUG(conn->instance_id, "%s sending %d bytes", thisfunc, post_sz);
#endif
if (conn->log != NULL) {
#ifdef DEBUG
conn->log("%s sending %d bytes:\n%s", thisfunc, post_sz, post);
#else
conn->log("%s sending %d bytes", thisfunc, post_sz);
#endif
}
status = am_net_write(conn, post, post_sz);
free(post_data);
free(post);
if (status == AM_SUCCESS) {
wait_for_event(req_data->event, 0);
}
AM_LOG_DEBUG(conn->instance_id, "%s response status code: %d\n%s",
thisfunc, conn->http_status, LOGEMPTY(req_data->data));
if (conn->log != NULL) {
conn->log("%s response status code: %d\n%s", thisfunc,
conn->http_status, LOGEMPTY(req_data->data));
}
if (status == AM_SUCCESS && conn->http_status == 200 && ISVALID(req_data->data)) {
char *begin = strstr(req_data->data, "Response authIdentifier=\"");
if (begin != NULL) {
char *end = strstr(begin + 25, "\"");
if (end != NULL) {
*token = strndup(begin + 25, end - begin - 25);
}
}
if (ISINVALID(*token)) {
status = AM_NOT_FOUND;
}
if (status == AM_SUCCESS && ISVALID(conn->req_headers)) {
am_request_t req_temp;
int decode_status;
memset(&req_temp, 0, sizeof(am_request_t));
req_temp.token = strdup(*token);
decode_status = am_session_decode(&req_temp);
if (decode_status == AM_SUCCESS && req_temp.session_info.error == AM_SUCCESS) {
if (ISVALID(req_temp.session_info.si)) {
am_asprintf(&conn->req_headers, "%s%s\r\n", conn->req_headers, req_temp.session_info.si);
} else {
am_free(conn->req_headers);
conn->req_headers = NULL;
}
AM_LOG_DEBUG(conn->instance_id, "%s app token SI: %s, S1: %s", thisfunc,
LOGEMPTY(req_temp.session_info.si), LOGEMPTY(req_temp.session_info.s1));
}
am_request_free(&req_temp);
}
}
AM_LOG_DEBUG(conn->instance_id, "%s status: %s", thisfunc, am_strerror(status));
am_free(req_data->data);
req_data->data = NULL;
return status;
}
