static int get_days_remaining(ASN1_UTCTIME *tm) { apr_time_t then, now = apr_time_now(); apr_time_exp_t exp = {0}; int diff; /* Fail if the time isn't a valid ASN.1 UTCTIME; RFC3280 mandates * that the seconds digits are present even though ASN.1 * doesn't. */ if (tm->length < 11 || !ASN1_UTCTIME_check(tm)) return 0; exp.tm_year = DIGIT2NUM(tm->data); exp.tm_mon = DIGIT2NUM(tm->data + 2) - 1; exp.tm_mday = DIGIT2NUM(tm->data + 4) + 1; exp.tm_hour = DIGIT2NUM(tm->data + 6); exp.tm_min = DIGIT2NUM(tm->data + 8); exp.tm_sec = DIGIT2NUM(tm->data + 10); if (exp.tm_year <= 50) exp.tm_year += 100; if (apr_time_exp_gmt_get(&then, &exp) != APR_SUCCESS) return 0; diff = (int)((apr_time_sec(then) - apr_time_sec(now)) / (60*60*24)); return diff > 0 ? diff : 0; }
static apr_status_t call_port_getn(int port, port_event_t list[], unsigned int max, unsigned int *nget, apr_interval_time_t timeout) { struct timespec tv, *tvptr; int ret; apr_status_t rv = APR_SUCCESS; if (timeout < 0) { tvptr = NULL; } else { tv.tv_sec = (long) apr_time_sec(timeout); tv.tv_nsec = (long) apr_time_usec(timeout) * 1000; tvptr = &tv; } list[0].portev_user = (void *)-1; /* so we can double check that an * event was returned */ ret = port_getn(port, list, max, nget, tvptr); /* Note: 32-bit port_getn() on Solaris 10 x86 returns large negative * values instead of 0 when returning immediately. */ if (ret == -1) { rv = apr_get_netos_error(); switch(rv) { case EINTR: case ETIME: if (*nget > 0 && list[0].portev_user != (void *)-1) { /* This confusing API can return an event at the same time * that it reports EINTR or ETIME. If that occurs, just * report the event. With EINTR, nget can be > 0 without * any event, so check that portev_user was filled in. * * (Maybe it will be simplified; see thread * http://mail.opensolaris.org * /pipermail/networking-discuss/2009-August/011979.html * This code will still work afterwards.) */ rv = APR_SUCCESS; break; } if (rv == ETIME) { rv = APR_TIMEUP; } /* fall-through */ default: *nget = 0; } } else if (*nget == 0) { rv = APR_TIMEUP; } return rv; }
cache_t *lru_cache_load(void *arg, inip_file_t *fd, char *grp, data_attr_t *da, int timeout) { cache_t *c; cache_lru_t *cp; int dt; if (grp == NULL) grp = "cache-lru"; //** Create the default structure c = lru_cache_create(arg, da, timeout); cp = (cache_lru_t *)c->fn.priv; cache_lock(c); cp->max_bytes = inip_get_integer(fd, grp, "max_bytes", cp->max_bytes); cp->dirty_fraction = inip_get_double(fd, grp, "dirty_fraction", cp->dirty_fraction); cp->dirty_bytes_trigger = cp->dirty_fraction * cp->max_bytes; c->default_page_size = inip_get_integer(fd, grp, "default_page_size", c->default_page_size); dt = inip_get_integer(fd, grp, "dirty_max_wait", apr_time_sec(cp->dirty_max_wait)); cp->dirty_max_wait = apr_time_make(dt, 0); c->max_fetch_fraction = inip_get_double(fd, grp, "max_fetch_fraction", c->max_fetch_fraction); c->max_fetch_size = c->max_fetch_fraction * cp->max_bytes; c->write_temp_overflow_fraction = inip_get_double(fd, grp, "write_temp_overflow_fraction", c->write_temp_overflow_fraction); c->write_temp_overflow_size = c->write_temp_overflow_fraction * cp->max_bytes; c->n_ppages = inip_get_integer(fd, grp, "ppages", c->n_ppages); log_printf(0, "COP size=" XOT "\n", c->write_temp_overflow_size); cache_unlock(c); return(c); }
static char * test_jwt_parse(apr_pool_t *pool) { // from http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20 // 3.1. Example JWT char *s = apr_pstrdup(pool, "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9" \ ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" \ ".dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"); apr_jwt_t *jwt = NULL; TST_ASSERT("apr_jwt_parse", apr_jwt_parse(pool, s, &jwt, NULL, NULL)); TST_ASSERT_STR("header.alg", jwt->header.alg, "HS256"); TST_ASSERT_STR("header.enc", jwt->header.enc, NULL); TST_ASSERT_STR("header.kid", jwt->header.kid, NULL); TST_ASSERT_STR("payload.iss", jwt->payload.iss, "joe"); TST_ASSERT_LONG("payload.exp", (long)apr_time_sec(jwt->payload.exp), 1300819380L); char *str_key = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; char *raw_key = NULL; int raw_key_len = apr_jwt_base64url_decode(pool, &raw_key, str_key, 1); TST_ASSERT("apr_jws_verify_hmac", apr_jws_verify_hmac(pool, jwt, raw_key, raw_key_len)); s[5] = '.'; TST_ASSERT("corrupted header (1) apr_jwt_parse", apr_jwt_parse(pool, s, &jwt, NULL, NULL) == FALSE); s[0] = '\0'; TST_ASSERT("corrupted header (2) apr_jwt_parse", apr_jwt_parse(pool, s, &jwt, NULL, NULL) == FALSE); return 0; }
/* * Create the required structures in the shared memory segment. * The following stuff goes to the shared memory: * a) Cookie Name * b) Cookie Value * c) First URL (which is later used for redirection) * * Note that it is important to save the unparsed URI here, so that URL encoding is preserved. * If we used the parsed URI here, we'd open up ourselves to a HTTP Response Splitting attack * through CR/LF injection. * * Function "searches" for free space within the shm section, and creates a new shm structure, * containing all relevant information a mod_but session requires. * * Writes SHM offset of newly generated session to shmoffset. * * Returns: * STATUS_OK and SHM offset in shmoffset * STATUS_ESHM if out of SHM space * STATUS_EHACKING if hacking is detected * STATUS_ERROR for all other internal errors */ apr_status_t create_new_shm_session(request_rec *r, char *sid, int *shmoffset) { mod_but_server_t *config = ap_get_module_config(r->server->module_config, &but_module); int i; for (i = 0; i < MOD_BUT_SESSION_COUNT; i++) { mod_but_cookie *c = apr_rmm_addr_get(cs_rmm, off[i]); ERRLOG_INFO("Existing session name [%s] and value [%s]", c->session_name, c->session_value); if (!apr_strnatcmp(c->session_name, "empty")) { ERRLOG_INFO("Setting-up new SHM session at offset [%d]", i); apr_cpystrn(c->session_name, config->cookie_name, sizeof(c->session_name)); apr_cpystrn(c->session_value, sid, sizeof(c->session_value)); /* Store r->unparsed_uri to prevent HTTP Response Splitting attacks */ apr_cpystrn(c->session_firsturl, r->unparsed_uri, sizeof(c->session_firsturl)); c->session_create_time = (int)apr_time_sec(apr_time_now()); c->session_last_access_time = c->session_create_time; c->link_to_cookiestore=-1; c->logon_state = 0; c->auth_strength = 0; apr_cpystrn(c->service_list, config->service_list_cookie_value, sizeof(c->service_list)); ERRLOG_CRIT("Session original URL is [%s]", c->session_firsturl); ERRLOG_INFO("Session name [%s] value [%s] ctime [%ds]", c->session_name, c->session_value, c->session_create_time); *shmoffset = i; return STATUS_OK; } } ERRLOG_INFO("No empty session slot found; all SHM used up"); return STATUS_ESHM; }
static apr_status_t setUserInDb(apr_dbm_t *userDbm, const char *user, const char *password, yubiauth_dir_cfg *cfg, request_rec *r) { char *timeAuthenticated = NULL; char *dbToken = NULL; //This is used to store pw:date char *userKey = NULL; apr_datum_t key, value; apr_status_t rv; /* Built up some combination of token:time */ timeAuthenticated = apr_psprintf(r->pool, "%" APR_TIME_T_FMT, (apr_time_t) (apr_time_sec(apr_time_now()))); dbToken = apr_pstrcat(r->pool, password, ":", timeAuthenticated, NULL); /* store OTP:time combo with username as key in DB */ userKey = getDbKey(user, cfg, r); key = string2datum(userKey, r); value = string2datum(dbToken, r); /* Pump user into db, store un, cookie value, creation date, * let this expire sometime */ ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "Writing key: %s and value: %s to db", key.dptr, value.dptr); rv = apr_dbm_store(userDbm, key, value); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, LOG_PREFIX "Error writing to db ... with key: %s and value: %s", key.dptr, value.dptr); } /* Spit back, so we can decide wheather s.th. went wrong or not */ return rv; }
static char * test_proto_authorization_request(request_rec *r) { oidc_provider_t provider; provider.issuer = "https://idp.example.com"; provider.authorization_endpoint_url = "https://idp.example.com/authorize"; provider.scope = "openid"; provider.client_id = "client_id"; provider.response_type = "code"; provider.auth_request_params = NULL; const char *redirect_uri = "https://www.example.com/protected/"; const char *state = "12345"; json_t * proto_state = json_object(); json_object_set_new(proto_state, "nonce", json_string("anonce")); json_object_set_new(proto_state, "original_url", json_string("https://localhost/protected/index.php")); json_object_set_new(proto_state, "original_method", json_string("get")); json_object_set_new(proto_state, "issuer", json_string(provider.issuer)); json_object_set_new(proto_state, "response_type", json_string(provider.response_type)); json_object_set_new(proto_state, "timestamp", json_integer(apr_time_sec(apr_time_now()))); TST_ASSERT("oidc_proto_authorization_request (1)", oidc_proto_authorization_request(r, &provider, NULL, redirect_uri, state, proto_state, NULL, NULL) == HTTP_MOVED_TEMPORARILY); TST_ASSERT_STR("oidc_proto_authorization_request (2)", apr_table_get(r->headers_out, "Location"), "https://idp.example.com/authorize?response_type=code&scope=openid&client_id=client_id&state=12345&redirect_uri=https%3A%2F%2Fwww.example.com%2Fprotected%2F&nonce=anonce"); return 0; }
apr_status_t insert_update_sessionid(mem_t *s, sessionidinfo_t *sessionid) { apr_status_t rv; sessionidinfo_t *ou; int ident; sessionid->id = 0; s->storage->ap_slotmem_lock(s->slotmem); rv = s->storage->ap_slotmem_do(s->slotmem, insert_update, &sessionid, s->p); if (sessionid->id != 0 && rv == APR_SUCCESS) { s->storage->ap_slotmem_unlock(s->slotmem); return APR_SUCCESS; /* updated */ } /* we have to insert it */ rv = s->storage->ap_slotmem_alloc(s->slotmem, &ident, (void **) &ou); if (rv != APR_SUCCESS) { s->storage->ap_slotmem_unlock(s->slotmem); return rv; } memcpy(ou, sessionid, sizeof(sessionidinfo_t)); ou->id = ident; s->storage->ap_slotmem_unlock(s->slotmem); ou->updatetime = apr_time_sec(apr_time_now()); return APR_SUCCESS; }
void cleaning_shm_from_expired_session(request_rec *r) { mod_but_server_t *config = ap_get_module_config(r->server->module_config, &but_module); int y; for (y = 0; y < MOD_BUT_SESSION_COUNT; y++) { mod_but_cookie *c = apr_rmm_addr_get(cs_rmm, off[y]); apr_time_t curtime = apr_time_now(); int tnow = (int)apr_time_sec(curtime); int tcreate = c->session_create_time; int tlastaccess = c->session_last_access_time; if (!apr_strnatcmp(c->session_name, config->cookie_name)) { if ((tnow - tcreate) > config->session_timeout) { ERRLOG_INFO("(SHM) Cleanup Task A: Delta between tnow and tcreate %d at shmoffset %d", tnow-tcreate, y); mod_but_delete_session(y, r); } else { if ((tnow - tlastaccess) > config->session_inactivity_timeout) { ERRLOG_INFO("(SHM) Cleanup Task B: Delta between tnow and tlastaccess %d at shmoffset %d", tnow-tlastaccess, y); mod_but_delete_session(y, r); } } } } }
/* * Provide information for "status" logic */ static void advertise_info(request_rec *r) { server_rec *s = main_server; /* Find the VirtualHost (Server) that does the Advertise */ while (s) { void *sconf = s->module_config; mod_advertise_config *mconf = ap_get_module_config(sconf, &advertise_module); ap_rprintf(r, "Server: %s ", s->server_hostname); if (s->is_virtual && s->addrs) { server_addr_rec *srec = s->addrs; ap_rprintf(r, "VirtualHost: %s:%d", srec->virthost, srec->host_port); } if (mconf->ma_advertise_server != NULL) { ap_rprintf(r, " Advertising on Group %s Port %d ", mconf->ma_advertise_adrs, mconf->ma_advertise_port); ap_rprintf(r, "for %s://%s:%d every %d seconds<br/>", mconf->ma_advertise_srvm, mconf->ma_advertise_srvs, mconf-> ma_advertise_srvp, apr_time_sec(mconf->ma_advertise_freq) ); } else { ap_rputs("<br/>", r); } s = s->next; } }
static void test_exp_lt(CuTest *tc) { apr_status_t rv; apr_time_exp_t xt; time_t posix_secs = (time_t)apr_time_sec(now); struct tm *posix_exp = localtime(&posix_secs); rv = apr_time_exp_lt(&xt, now); if (rv == APR_ENOTIMPL) { CuNotImpl(tc, "apr_time_exp_lt"); } CuAssertTrue(tc, rv == APR_SUCCESS); #define CHK_FIELD(f) \ CuAssert(tc, "Mismatch in " #f, posix_exp->f == xt.f) CHK_FIELD(tm_sec); CHK_FIELD(tm_min); CHK_FIELD(tm_hour); CHK_FIELD(tm_mday); CHK_FIELD(tm_mon); CHK_FIELD(tm_year); CHK_FIELD(tm_wday); CHK_FIELD(tm_yday); CHK_FIELD(tm_isdst); #undef CHK_FIELD }
/* * save a session to cache/cookie */ apr_byte_t oidc_session_save(request_rec *r, oidc_session_t *z, apr_byte_t first_time) { oidc_cfg *c = ap_get_module_config(r->server->module_config, &auth_openidc_module); apr_byte_t rc = FALSE; const char *p_tb_id = oidc_util_get_provided_token_binding_id(r); if (z->state != NULL) { oidc_session_set(r, z, OIDC_SESSION_REMOTE_USER_KEY, z->remote_user); json_object_set_new(z->state, OIDC_SESSION_EXPIRY_KEY, json_integer(apr_time_sec(z->expiry))); if ((first_time) && (p_tb_id != NULL)) { oidc_debug(r, "Provided Token Binding ID environment variable found; adding its value to the session state"); oidc_session_set(r, z, OIDC_SESSION_PROVIDED_TOKEN_BINDING_KEY, p_tb_id); } } if (c->session_type == OIDC_SESSION_TYPE_SERVER_CACHE) /* store the session in the cache */ rc = oidc_session_save_cache(r, z, first_time); /* if we get here we configured client-cookie or saving in the cache failed */ if ((c->session_type == OIDC_SESSION_TYPE_CLIENT_COOKIE) || ((rc == FALSE) && oidc_cfg_session_cache_fallback_to_cookie(r))) /* store the session in a self-contained cookie */ rc = oidc_session_save_cookie(r, z, first_time); return rc; }
/* do a HTTP/1.1 age calculation */ CACHE_DECLARE(apr_int64_t) ap_cache_current_age(cache_info *info, const apr_time_t age_value, apr_time_t now) { apr_time_t apparent_age, corrected_received_age, response_delay, corrected_initial_age, resident_time, current_age, age_value_usec; age_value_usec = apr_time_from_sec(age_value); /* Perform an HTTP/1.1 age calculation. (RFC2616 13.2.3) */ apparent_age = MAX(0, info->response_time - info->date); corrected_received_age = MAX(apparent_age, age_value_usec); response_delay = info->response_time - info->request_time; corrected_initial_age = corrected_received_age + response_delay; resident_time = now - info->response_time; current_age = corrected_initial_age + resident_time; if (current_age < 0) { current_age = 0; } return apr_time_sec(current_age); }
static apr_status_t proc_mutex_posix_create(apr_proc_mutex_t *new_mutex, const char *fname) { sem_t *psem; char semname[31]; apr_time_t now; unsigned long sec; unsigned long usec; new_mutex->interproc = apr_palloc(new_mutex->pool, sizeof(*new_mutex->interproc)); /* * This bogusness is to follow what appears to be the * lowest common denominator in Posix semaphore naming: * - start with '/' * - be at most 14 chars * - be unique and not match anything on the filesystem * * Because of this, we ignore fname, and try our * own naming system. We tuck the name away, since it might * be useful for debugging. to make this as robust as possible, * we initially try something larger (and hopefully more unique) * and gracefully fail down to the LCD above. * * NOTE: Darwin (Mac OS X) seems to be the most restrictive * implementation. Versions previous to Darwin 6.2 had the 14 * char limit, but later rev's allow up to 31 characters. * * FIXME: There is a small window of opportunity where * instead of getting a new semaphore descriptor, we get * a previously obtained one. This can happen if the requests * are made at the "same time" and in the small span of time between * the sem_open and the sem_unlink. Use of O_EXCL does not * help here however... * */ now = apr_time_now(); sec = apr_time_sec(now); usec = apr_time_usec(now); apr_snprintf(semname, sizeof(semname), "/ApR.%lxZ%lx", sec, usec); psem = sem_open(semname, O_CREAT, 0644, 1); if ((psem == (sem_t *)SEM_FAILED) && (errno == ENAMETOOLONG)) { /* Oh well, good try */ semname[13] = '\0'; psem = sem_open(semname, O_CREAT, 0644, 1); } if (psem == (sem_t *)SEM_FAILED) { return errno; } /* Ahhh. The joys of Posix sems. Predelete it... */ sem_unlink(semname); new_mutex->psem_interproc = psem; new_mutex->fname = apr_pstrdup(new_mutex->pool, semname); apr_pool_cleanup_register(new_mutex->pool, (void *)new_mutex, apr_proc_mutex_cleanup, apr_pool_cleanup_null); return APR_SUCCESS; }
/* * access token expires */ void oidc_session_set_access_token_expires(request_rec *r, oidc_session_t *z, const int expires_in) { if (expires_in != -1) { oidc_session_set(r, z, OIDC_SESSION_KEY_ACCESSTOKEN_EXPIRES, apr_psprintf(r->pool, "%" APR_TIME_T_FMT, apr_time_sec(apr_time_now()) + expires_in)); } }
static void fcgi_write_response(mapcache_context_fcgi *ctx, mapcache_http_response *response) { if(response->code != 200) { printf("Status: %ld %s\r\n",response->code, err_msg(response->code)); } if(response->headers && !apr_is_empty_table(response->headers)) { const apr_array_header_t *elts = apr_table_elts(response->headers); int i; for(i=0; i<elts->nelts; i++) { apr_table_entry_t entry = APR_ARRAY_IDX(elts,i,apr_table_entry_t); printf("%s: %s\r\n", entry.key, entry.val); } } if(response->mtime) { char *datestr; char *if_modified_since = getenv("HTTP_IF_MODIFIED_SINCE"); datestr = apr_palloc(ctx->ctx.pool, APR_RFC822_DATE_LEN); apr_rfc822_date(datestr, response->mtime); printf("Last-Modified: %s\r\n", datestr); if(if_modified_since) { apr_time_t ims_time; apr_int64_t ims,mtime; mtime = apr_time_sec(response->mtime); ims_time = apr_date_parse_http(if_modified_since); ims = apr_time_sec(ims_time); if(ims >= mtime) { printf("Status: 304 Not Modified\r\n"); /* * "The 304 response MUST NOT contain a message-body" * https://tools.ietf.org/html/rfc2616#section-10.3.5 */ printf("\r\n"); return; } } } if(response->data) { printf("Content-Length: %ld\r\n\r\n", response->data->size); fwrite((char*)response->data->buf, response->data->size,1,stdout); } }
/** * waits on a condition variable, directly using OS interfaces. * * This function does not implement interruptability and thread state * functionality, thus the caller of this function have to handle it. */ int os_cond_timedwait(hycond_t *cond, osmutex_t *mutex, I_64 ms, IDATA nano) { int r = 0; if (!ms && !nano) { r = pthread_cond_wait(cond, mutex); } else { // the main point here is to translate time from ms:nano // format into sec:nano format (acceptable by pthread) apr_time_t now = apr_time_now(); // translate 'now' into: seconds + nanos I_64 Nsec = apr_time_sec(now); I_64 Nnsec = (apr_time_usec(now) % APR_USEC_PER_SEC) * ((1000*1000*1000) / APR_USEC_PER_SEC); // translate delay method parameters ('ms' and 'nano') into: // seconds + nanos (taking care about overflow) I_64 Dsec = (ms / 1000) + (nano / (1000 * 1000 * 1000)); I_64 Dnsec = (ms % 1000) * (1000 * 1000) + (nano % (1000 * 1000 * 1000)); Dsec = Dsec + (Dnsec / (1000 * 1000 * 1000)); Dnsec = Dnsec % (1000 * 1000 * 1000); // calculating result sec:nanos values // (taking care about overflow as well) I_64 Rsec = Dsec + Nsec + (Dnsec + Nnsec) / (1000 * 1000 * 1000); I_64 Rnsec = (Dnsec + Nnsec) % (1000 * 1000 * 1000); // wrap the resulting wake up time (absolute time) into struct // acceptable by pthread_cond_timedwait() struct timespec wakeup_time; // final boundary checks: pthread struct sec is 32 bit if (Rsec <= 0x7FFFFFFF) { wakeup_time.tv_sec = Rsec; } else { wakeup_time.tv_sec = 0x7FFFFFFF; } // final boundary checks: pthread struct nanos is 32 bit as well if (Rnsec <= 0x7FFFFFFF) { wakeup_time.tv_nsec = Rnsec; } else { wakeup_time.tv_nsec = 0x7FFFFFFF; } r = pthread_cond_timedwait(cond, mutex, &wakeup_time); } if (r == ETIMEDOUT) r = TM_ERROR_TIMEOUT; else if (r == EINTR) r = TM_ERROR_INTERRUPT; return r; }
APR_DECLARE(apr_status_t) apr_file_mtime_set(const char *fname, apr_time_t mtime, apr_pool_t *pool) { apr_status_t status; apr_finfo_t finfo; status = apr_stat(&finfo, fname, APR_FINFO_ATIME, pool); if (status) { return status; } #ifdef HAVE_UTIMES { struct timeval tvp[2]; tvp[0].tv_sec = apr_time_sec(finfo.atime); tvp[0].tv_usec = apr_time_usec(finfo.atime); tvp[1].tv_sec = apr_time_sec(mtime); tvp[1].tv_usec = apr_time_usec(mtime); if (utimes(fname, tvp) == -1) { return errno; } } #elif defined(HAVE_UTIME) { struct utimbuf buf; buf.actime = (time_t) (finfo.atime / APR_USEC_PER_SEC); buf.modtime = (time_t) (mtime / APR_USEC_PER_SEC); if (utime(fname, &buf) == -1) { return errno; } } #else return APR_ENOTIMPL; #endif return APR_SUCCESS; }
static int passwordExpired(const char *user, apr_time_t lookedUpDate, apr_time_t timeout, request_rec *r) { if ((apr_time_sec(apr_time_now())) > (lookedUpDate + timeout)) { ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "Session expired for user %s", user); return TRUE; } return FALSE; }
static zend_stat_t* php_apache_sapi_get_stat(void) { php_struct *ctx = SG(server_context); #ifdef PHP_WIN32 ctx->finfo.st_uid = 0; ctx->finfo.st_gid = 0; #else ctx->finfo.st_uid = ctx->r->finfo.user; ctx->finfo.st_gid = ctx->r->finfo.group; #endif ctx->finfo.st_dev = ctx->r->finfo.device; ctx->finfo.st_ino = ctx->r->finfo.inode; #if defined(NETWARE) && defined(CLIB_STAT_PATCH) ctx->finfo.st_atime.tv_sec = apr_time_sec(ctx->r->finfo.atime); ctx->finfo.st_mtime.tv_sec = apr_time_sec(ctx->r->finfo.mtime); ctx->finfo.st_ctime.tv_sec = apr_time_sec(ctx->r->finfo.ctime); #else ctx->finfo.st_atime = apr_time_sec(ctx->r->finfo.atime); ctx->finfo.st_mtime = apr_time_sec(ctx->r->finfo.mtime); ctx->finfo.st_ctime = apr_time_sec(ctx->r->finfo.ctime); #endif ctx->finfo.st_size = ctx->r->finfo.size; ctx->finfo.st_nlink = ctx->r->finfo.nlink; return &ctx->finfo; }
void util_ldap_url_node_display(request_rec *r, util_ald_cache_t *cache, void *n) { util_url_node_t *node = n; char date_str[APR_CTIME_LEN]; const char *type_str; util_ald_cache_t *cache_node; int x; for (x=0;x<3;x++) { switch (x) { case 0: cache_node = node->search_cache; type_str = "Searches"; break; case 1: cache_node = node->compare_cache; type_str = "Compares"; break; case 2: default: cache_node = node->dn_compare_cache; type_str = "DN Compares"; break; } if (cache_node->marktime) { apr_ctime(date_str, cache_node->marktime); } else date_str[0] = 0; ap_rprintf(r, "<tr valign='top'>" "<td nowrap>%s (%s)</td>" "<td nowrap>%ld</td>" "<td nowrap>%ld</td>" "<td nowrap>%ld</td>" "<td nowrap>%" APR_TIME_T_FMT "</td>" "<td nowrap>%ld</td>" "<td nowrap>%s</td>" "</tr>", node->url, type_str, cache_node->size, cache_node->maxentries, cache_node->numentries, apr_time_sec(cache_node->ttl), cache_node->fullmark, date_str); } }
/** * Insert(alloc) and update a domain record in the shared table * @param pointer to the shared table. * @param domain domain to store in the shared table. * @return APR_SUCCESS if all went well * */ static apr_status_t insert_update(void* mem, void **data, int id, apr_pool_t *pool) { domaininfo_t *in = (domaininfo_t *)*data; domaininfo_t *ou = (domaininfo_t *)mem; if (strcmp(in->JVMRoute, ou->JVMRoute) == 0 && strcmp(in->balancer, ou->balancer) == 0) { memcpy(ou, in, sizeof(domaininfo_t)); ou->id = id; ou->updatetime = apr_time_sec(apr_time_now()); *data = ou; return APR_SUCCESS; } return APR_NOTFOUND; }
/** * Insert(alloc) and update a sessionid record in the shared table * @param pointer to the shared table. * @param sessionid sessionid to store in the shared table. * @return APR_SUCCESS if all went well * */ static apr_status_t insert_update(void* mem, void **data, int id, apr_pool_t *pool) { sessionidinfo_t *in = (sessionidinfo_t *)*data; sessionidinfo_t *ou = (sessionidinfo_t *)mem; if (strcmp(in->sessionid, ou->sessionid) == 0) { memcpy(ou, in, sizeof(sessionidinfo_t)); ou->id = id; ou->updatetime = apr_time_sec(apr_time_now()); *data = ou; return APR_SUCCESS; } return APR_NOTFOUND; }
static apr_interval_time_t sb_get_uptime() { apr_time_t nowtime; apr_interval_time_t up_time; if (!ap_extended_status) return 0; nowtime = apr_time_now(); up_time = (apr_uint32_t)apr_time_sec(nowtime - ap_scoreboard_image->global->restart_time); return up_time; }
/* * store a name/value pair in Redis */ static apr_byte_t oidc_cache_redis_set(request_rec *r, const char *section, const char *key, const char *value, apr_time_t expiry) { oidc_debug(r, "enter, section=\"%s\", key=\"%s\"", section, key); oidc_cfg *cfg = ap_get_module_config(r->server->module_config, &auth_openidc_module); oidc_cache_cfg_redis_t *context = (oidc_cache_cfg_redis_t *) cfg->cache_cfg; redisReply *reply = NULL; /* grab the global lock */ if (oidc_cache_mutex_lock(r, context->mutex) == FALSE) return FALSE; /* see if we should be clearing this entry */ if (value == NULL) { /* delete it */ reply = oidc_cache_redis_command(r, context, "DEL %s", oidc_cache_redis_get_key(r->pool, section, key)); if (reply == NULL) { oidc_cache_mutex_unlock(r, context->mutex); return FALSE; } freeReplyObject(reply); } else { /* calculate the timeout from now */ apr_uint32_t timeout = apr_time_sec(expiry - apr_time_now()); /* store it */ reply = oidc_cache_redis_command(r, context, "SETEX %s %d %s", oidc_cache_redis_get_key(r->pool, section, key), timeout, value); if (reply == NULL) { oidc_cache_mutex_unlock(r, context->mutex); return FALSE; } freeReplyObject(reply); } /* release the global lock */ oidc_cache_mutex_unlock(r, context->mutex); return TRUE; }
/** Explode time to human readable form. */ log4cxx_status_t explode( apr_time_exp_t * result, log4cxx_time_t input ) const { apr_status_t stat; // APR 1.1 and early mishandles microseconds on dates // before 1970, APR bug 32520 if (LOG4CXX_UNLIKELY(input < 0 && apr_time_usec(input) < 0)) { apr_time_t floorTime = (apr_time_sec(input) -1) * APR_USEC_PER_SEC; stat = apr_time_exp_lt(result, floorTime); result->tm_usec = (int) (input - floorTime); } else { stat = apr_time_exp_lt( result, input ); } return stat; }
/* * check to see if dynamically registered JSON client metadata is valid and has not expired */ static apr_byte_t oidc_metadata_client_is_valid(request_rec *r, json_t *j_client, const char *issuer) { /* get a handle to the client_id we need to use for this provider */ json_t *j_client_id = json_object_get(j_client, "client_id"); if ((j_client_id == NULL) || (!json_is_string(j_client_id))) { oidc_error(r, "client (%s) JSON metadata did not contain a \"client_id\" string", issuer); return FALSE; } /* get a handle to the client_secret we need to use for this provider */ json_t *j_client_secret = json_object_get(j_client, "client_secret"); if ((j_client_secret == NULL) || (!json_is_string(j_client_secret))) { oidc_warn(r, "client (%s) JSON metadata did not contain a \"client_secret\" string", issuer); //return FALSE; } /* the expiry timestamp from the JSON object */ json_t *expires_at = json_object_get(j_client, "client_secret_expires_at"); if ((expires_at == NULL) || (!json_is_integer(expires_at))) { oidc_debug(r, "client (%s) metadata did not contain a \"client_secret_expires_at\" setting", issuer); /* assume that it never expires */ return TRUE; } /* see if it is unrestricted */ if (json_integer_value(expires_at) == 0) { oidc_debug(r, "client (%s) metadata never expires (client_secret_expires_at=0)", issuer); return TRUE; } /* check if the value >= now */ if (apr_time_sec(apr_time_now()) > json_integer_value(expires_at)) { oidc_warn(r, "client (%s) secret expired", issuer); return FALSE; } oidc_debug(r, "client (%s) metadata is valid", issuer); return TRUE; }
/* * Get the unix time with timezone corrections * given in the config struct. */ static int get_now(rotate_config_t *config) { apr_time_t tNow = apr_time_now(); int utc_offset = config->utc_offset; if (config->use_localtime) { /* Check for our UTC offset before using it, since it might * change if there's a switch between standard and daylight * savings time. */ apr_time_exp_t lt; apr_time_exp_lt(<, tNow); utc_offset = lt.tm_gmtoff; } return (int)apr_time_sec(tNow) + utc_offset; }
/* * if a nonce was passed in the authorization request (and stored in the browser state), * check that it matches the nonce value in the id_token payload */ static apr_byte_t oidc_proto_validate_nonce(request_rec *r, oidc_cfg *cfg, oidc_provider_t *provider, const char *nonce, apr_jwt_t *jwt) { /* see if we have this nonce cached already */ const char *replay = NULL; cfg->cache->get(r, OIDC_CACHE_SECTION_NONCE, nonce, &replay); if (replay != NULL) { oidc_error(r, "the nonce value (%s) passed in the browser state was found in the cache already; possible replay attack!?", nonce); return FALSE; } /* get the "nonce" value in the id_token payload */ char *j_nonce = NULL; apr_jwt_get_string(r->pool, &jwt->payload.value, "nonce", &j_nonce); if (j_nonce == NULL) { oidc_error(r, "id_token JSON payload did not contain a \"nonce\" string"); return FALSE; } /* see if the nonce in the id_token matches the one that we sent in the authorization request */ if (apr_strnatcmp(nonce, j_nonce) != 0) { oidc_error(r, "the nonce value (%s) in the id_token did not match the one stored in the browser session (%s)", j_nonce, nonce); return FALSE; } /* * nonce cache duration (replay prevention window) is the 2x the configured * slack on the timestamp (+-) for token issuance plus 10 seconds for safety */ apr_time_t nonce_cache_duration = apr_time_from_sec( provider->idtoken_iat_slack * 2 + 10); /* store it in the cache for the calculated duration */ cfg->cache->set(r, OIDC_CACHE_SECTION_NONCE, nonce, nonce, apr_time_now() + nonce_cache_duration); oidc_debug(r, "nonce \"%s\" validated successfully and is now cached for %" APR_TIME_T_FMT " seconds", nonce, apr_time_sec(nonce_cache_duration)); return TRUE; }
static ngx_inline ngx_int_t ngx_http_modsecurity_save_headers_out(ngx_http_request_t *r) { ngx_http_modsecurity_ctx_t *ctx; ngx_http_upstream_t *upstream; ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity); /* r->chunked = ctx->req->chunked; */ ngx_http_clean_header(r); upstream = r->upstream; r->upstream = &ngx_http_modsecurity_upstream; /* case SecServerSignature was used, the "Server: ..." header is added * here, overwriting the default header supplied by nginx. */ if (modsecIsServerSignatureAvailale() != NULL) { apr_table_add(ctx->req->headers_out, "Server", modsecIsServerSignatureAvailale()); } if (apr_table_do(ngx_http_modsecurity_save_headers_out_visitor, r, ctx->req->headers_out, NULL) == 0) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: save headers out error"); return NGX_ERROR; } r->upstream = upstream; r->headers_out.status = ctx->req->status; r->headers_out.status_line.data = (u_char *)ctx->req->status_line; r->headers_out.status_line.len = ctx->req->status_line ? ngx_strlen(ctx->req->status_line) : 0; r->headers_out.content_length_n = ctx->req->clength; r->headers_out.last_modified_time = apr_time_sec(ctx->req->mtime); ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "ModSecurity: save headers out done"); return NGX_OK; }