/**
* Destroy the eudoxus state when the transaction is complete.
*
* After the transaction is complete iterate over all of the states create
* during the transaction and destroy them.
*
* @param[in] ib IronBee engine.
* @param[in] tx Current transaction.
* @param[in] event Event type (should always be @ref tx_finished_event)
* @param[in] cbdata Callback data -- pointer to this module (@ref ib_module_t).
*
* @returns IB_OK on success.
*/
static
ib_status_t ee_tx_finished_handler(ib_engine_t *ib,
ib_tx_t *tx,
ib_state_event_type_t event,
void *cbdata)
{
ib_status_t rc;
ib_hash_t *hash;
ib_mpool_t *pool;
const ib_module_t *m = (const ib_module_t *)cbdata;
ia_eudoxus_state_t *state;
ib_hash_iterator_t *iterator;
rc = ib_tx_get_module_data(tx, m, &hash);
if (rc != IB_OK || hash == NULL) {
return rc;
}
rc = ib_mpool_create(&pool, "temp", NULL);
if (rc != IB_OK) {
return rc;
}
iterator = ib_hash_iterator_create(pool);
if (iterator == NULL) {
ib_mpool_destroy(pool);
return IB_EALLOC;
}
for (
ib_hash_iterator_first(iterator, hash);
! ib_hash_iterator_at_end(iterator);
ib_hash_iterator_next(iterator)
) {
ib_hash_iterator_fetch(NULL, NULL, &state, iterator);
if (state != NULL) {
ia_eudoxus_destroy_state(state);
state = NULL;
}
}
ib_mpool_destroy(pool);
return IB_OK;
}
/**
* Main identity handler. Called both on request_header_finished and
* request_finished: the configured provider decides which state to
* run on, and skips (returns immediately) on the other state.
*
* If configured mode is "Off", just returns. Otherwise calls provider's
* check_id function to check and log user ID. Optionally cycles through
* other providers. Finally, if client is not identified and mode is
* "Require", calls provider's challenge function to ask client to
* identify (e.g. HTTP 401).
*
* @param ib The engine
* @param tx The transaction
* @param state State that triggered the call
* @param cbdata Unused
*/
static ib_status_t ident_handler(ib_engine_t *ib, ib_tx_t *tx,
ib_state_t state,
void *cbdata)
{
ident_cfg_t *cfg;
const char *userid = NULL;
ib_ident_provider_t *provider;
ib_status_t rc;
ib_module_t *m;
assert(state == request_header_finished_state || state == request_finished_state);
rc = ib_engine_module_get(ib, MODULE_NAME_STR, &m);
assert((rc == IB_OK) && (m != NULL));
rc = ib_context_module_config(ib_context_main(ib), m, &cfg);
assert((rc == IB_OK) && (cfg != NULL));
if (cfg->mode == ident_off) {
return IB_OK;
}
if (cfg->type != NULL && cfg->providers != NULL) {
rc = ib_hash_get(cfg->providers, &provider, cfg->type);
if (rc != IB_OK || provider == NULL) {
ib_log_error_tx(tx, "Identifier '%s' configured but not available", cfg->type);
provider = &ident_dummy_provider;
}
}
else {
ib_log_error_tx(tx, "Ident module loaded but not configured!");
provider = &ident_dummy_provider;
}
if (provider->state != state) {
/* This provider doesn't check now */
return IB_OK;
}
/* OK, ident is on. Verify if there is a user ID */
userid = provider->check_id(tx);
if (userid == NULL && cfg->accept_any && cfg->providers != NULL) {
ib_hash_iterator_t *iterator = ib_hash_iterator_create(tx->mm);
ib_ident_provider_t *p;
for (ib_hash_iterator_first(iterator, cfg->providers);
!userid && !ib_hash_iterator_at_end(iterator);
ib_hash_iterator_next(iterator)) {
ib_hash_iterator_fetch(NULL, NULL, &p, iterator);
/* configured provider already checked - so skip it now */
if (p->check_id != provider->check_id) {
userid = p->check_id(tx);
}
}
}
if (userid != NULL) {
ib_log_info(ib, "User identified as %s", userid);
return IB_OK;
}
/* If we haven't configured an ident type, don't enforce */
if (cfg->type == NULL) {
return IB_OK;
}
/* If we're enforcing ident, send a challenge */
return provider->challenge(tx);
}