/*
* generate a unique identifier for a session
*/
static void oidc_session_uuid_new(request_rec *r, oidc_session_t *z) {
apr_uuid_t uuid;
apr_uuid_get(&uuid);
apr_uuid_format((char *) &z->uuid, &uuid);
}
/**
* Load the session by firing off a dbd query.
*
* If the session is anonymous, the session key will be extracted from
* the cookie specified. Failing that, the session key will be extracted
* from the GET parameters.
*
* If the session is keyed by the username, the session will be extracted
* by that.
*
* If no session is found, an empty session will be created.
*
* On success, this returns OK.
*/
static apr_status_t session_dbd_load(request_rec * r, session_rec ** z)
{
session_dbd_dir_conf *conf = ap_get_module_config(r->per_dir_config,
&session_dbd_module);
apr_status_t ret = APR_SUCCESS;
session_rec *zz = NULL;
const char *name = NULL;
const char *note = NULL;
const char *val = NULL;
const char *key = NULL;
request_rec *m = r->main ? r->main : r;
/* is our session in a cookie? */
if (conf->name2_set) {
name = conf->name2;
}
else if (conf->name_set) {
name = conf->name;
}
else if (conf->peruser_set && r->user) {
name = r->user;
}
else {
return DECLINED;
}
/* first look in the notes */
note = apr_pstrcat(r->pool, MOD_SESSION_DBD, name, NULL);
zz = (session_rec *)apr_table_get(m->notes, note);
if (zz) {
*z = zz;
return OK;
}
/* load anonymous sessions */
if (conf->name_set || conf->name2_set) {
/* load an RFC2109 or RFC2965 compliant cookie */
ap_cookie_read(r, name, &key, conf->remove);
if (key) {
ret = dbd_load(r, key, &val);
if (ret != APR_SUCCESS) {
return ret;
}
}
}
/* load named session */
else if (conf->peruser) {
if (r->user) {
ret = dbd_load(r, r->user, &val);
if (ret != APR_SUCCESS) {
return ret;
}
}
}
/* otherwise not for us */
else {
return DECLINED;
}
/* create a new session and return it */
zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
zz->pool = r->pool;
zz->entries = apr_table_make(zz->pool, 10);
zz->uuid = (apr_uuid_t *) apr_pcalloc(zz->pool, sizeof(apr_uuid_t));
if (key) {
apr_uuid_parse(zz->uuid, key);
}
else {
apr_uuid_get(zz->uuid);
}
zz->encoded = val;
*z = zz;
/* put the session in the notes so we don't have to parse it again */
apr_table_setn(m->notes, note, (char *)zz);
return OK;
}
static void * APR_THREAD_FUNC deploymentAdmin_poll(apr_thread_t *thd, void *deploymentAdmin) {
deployment_admin_pt admin = deploymentAdmin;
/*first poll send framework started audit event, note this will register the target in Apache ACE*/
deploymentAdmin_updateAuditPool(admin, DEPLOYMENT_ADMIN_AUDIT_EVENT__FRAMEWORK_STARTED);
while (admin->running) {
//poll ace
array_list_pt versions = NULL;
deploymentAdmin_readVersions(admin, &versions);
char *last = arrayList_get(versions, arrayList_size(versions) - 1);
if (last != NULL) {
if (admin->current == NULL || strcmp(last, admin->current) > 0) {
char *request = NULL;
if (admin->current == NULL) {
request = apr_pstrcat(admin->pool, admin->pollUrl, "/", last, NULL);
} else {
// We do not yet support fix packages
//request = apr_pstrcat(admin->pool, VERSIONS, "/", last, "?current=", admin->current, NULL);
request = apr_pstrcat(admin->pool, admin->pollUrl, "/", last, NULL);
}
char inputFile[256];
inputFile[0] = '\0';
char *test = inputFile;
celix_status_t status = deploymentAdmin_download(request, &test);
if (status == CELIX_SUCCESS) {
bundle_pt bundle = NULL;
bundleContext_getBundle(admin->context, &bundle);
char *entry = NULL;
bundle_getEntry(bundle, "/", &entry);
// Handle file
char tmpDir[256];
char uuidStr[128];
apr_uuid_t tmpUuid;
apr_uuid_get(&tmpUuid);
apr_uuid_format(uuidStr, &tmpUuid);
sprintf(tmpDir, "%s%s", entry, uuidStr);
apr_dir_make(tmpDir, APR_UREAD|APR_UWRITE|APR_UEXECUTE, admin->pool);
// TODO: update to use bundle cache DataFile instead of module entries.
unzip_extractDeploymentPackage(test, tmpDir);
char *manifest = apr_pstrcat(admin->pool, tmpDir, "/META-INF/MANIFEST.MF", NULL);
manifest_pt mf = NULL;
manifest_createFromFile(manifest, &mf);
deployment_package_pt source = NULL;
deploymentPackage_create(admin->pool, admin->context, mf, &source);
char *name = NULL;
deploymentPackage_getName(source, &name);
char *repoDir = apr_pstrcat(admin->pool, entry, "repo", NULL);
apr_dir_make(repoDir, APR_UREAD|APR_UWRITE|APR_UEXECUTE, admin->pool);
char *repoCache = apr_pstrcat(admin->pool, entry, "repo/", name, NULL);
deploymentAdmin_deleteTree(repoCache, admin->pool);
apr_status_t stat = apr_file_rename(tmpDir, repoCache, admin->pool);
if (stat != APR_SUCCESS) {
printf("No success\n");
}
deployment_package_pt target = hashMap_get(admin->packages, name);
if (target == NULL) {
// target = empty package
}
deploymentAdmin_stopDeploymentPackageBundles(admin, target);
deploymentAdmin_updateDeploymentPackageBundles(admin, source);
deploymentAdmin_startDeploymentPackageCustomizerBundles(admin, source, target);
deploymentAdmin_processDeploymentPackageResources(admin, source);
deploymentAdmin_dropDeploymentPackageResources(admin, source, target);
deploymentAdmin_dropDeploymentPackageBundles(admin, source, target);
deploymentAdmin_startDeploymentPackageBundles(admin, source);
deploymentAdmin_deleteTree(repoCache, admin->pool);
deploymentAdmin_deleteTree(tmpDir, admin->pool);
remove(test);
admin->current = strdup(last);
hashMap_put(admin->packages, name, source);
}
}
}
sleep(5);
}
apr_thread_exit(thd, APR_SUCCESS);
return NULL;
}
/*--------------------------------------------------------------------------*/
static int post_config_hook(apr_pool_t *pconf, apr_pool_t *plog,
apr_pool_t *ptemp, server_rec *s)
{
apr_status_t rv;
const char *pk = "advertise_init_module_tag";
apr_pool_t *pproc = s->process->pool;
apr_thread_t *tp;
mod_advertise_config *mconf = ap_get_module_config(s->module_config, &advertise_module);
int advertisefound = 0;
server_rec *server = s;
/* Advertise directive in more than one VirtualHost: not supported */
while (server) {
mod_advertise_config *conf = ap_get_module_config(server->module_config, &advertise_module);
if (conf->ma_advertise_server == server) {
if (advertisefound) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"mod_advertise: directive in more than one VirtualHost: not supported");
return !OK;
} else
advertisefound = -1;
}
server = server->next;
}
/* Our server */
server = s;
while (server) {
mconf = ap_get_module_config(server->module_config, &advertise_module);
if (mconf->ma_advertise_server == server)
break;
server = server->next;
}
apr_pool_userdata_get((void *)&magd, pk, pproc);
if (!magd) {
if (!(magd = apr_pcalloc(pproc, sizeof(ma_global_data_t))))
return apr_get_os_error();
apr_pool_create(&magd->ppool, pproc);
apr_pool_userdata_set(magd, pk, apr_pool_cleanup_null, pproc);
/* First time config phase -- skip. */
return OK;
}
#if defined(WIN32)
{
const char *ppid = getenv("AP_PARENT_PID");
if (ppid) {
ma_parent_pid = atol(ppid);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"[%" APR_PID_T_FMT " - %" APR_PID_T_FMT
"] in child post config hook",
getpid(), ma_parent_pid);
return OK;
}
}
#endif
ma_server_rec = server;
if (mconf->ma_advertise_skey) {
apr_md5_ctx_t mc;
apr_md5_init(&mc);
apr_md5_update(&mc, mconf->ma_advertise_skey, strlen(mconf->ma_advertise_skey));
apr_md5_final(magd->ssalt, &mc);
} else {
/* If security key is not configured, the digest is calculated from zero bytes */
memset(magd->ssalt, '\0', APR_MD5_DIGESTSIZE);
}
apr_uuid_get(&magd->suuid);
magd->srvid[0] = '/';
apr_uuid_format(&magd->srvid[1], &magd->suuid);
if (!mconf->ma_advertise_srvh)
mconf->ma_advertise_srvh = magd->srvid;
/* Check if we have advertise set */
if (mconf->ma_advertise_mode != ma_advertise_off &&
mconf->ma_advertise_adrs) {
rv = ma_group_join(mconf->ma_advertise_adrs, mconf->ma_advertise_port, mconf->ma_bind_adrs, mconf->ma_bind_port, pconf, s);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"mod_advertise: multicast join failed for %s:%d.",
mconf->ma_advertise_adrs, mconf->ma_advertise_port);
ma_advertise_run = 0;
}
else {
ma_advertise_run = 1;
ma_advertise_stat = 200;
}
}
/* Fill default values */
if (!mconf->ma_advertise_srvm) {
if (ma_server_rec && ma_server_rec->server_scheme) {
/* ServerName scheme://fully-qualified-domain-name[:port] */
mconf->ma_advertise_srvm = apr_pstrdup(pconf, ma_server_rec->server_scheme);
} else {
mconf->ma_advertise_srvm = apr_pstrdup(pconf, "http");
}
}
if (mconf->ma_advertise_srvs == NULL && ma_server_rec) {
/*
* That is not easy just use ServerAdvertise with the server parameter
* if the code below doesn't work
*/
char *ptr = NULL;
int port = DEFAULT_HTTP_PORT;
if (ma_server_rec->addrs && ma_server_rec->addrs->host_addr &&
ma_server_rec->addrs->host_addr->next == NULL) {
ptr = apr_psprintf(pproc, "%pI", ma_server_rec->addrs->host_addr);
}
/* Use don't use any as local address too */
if (ptr == NULL || strncmp(ptr,"0.0.0.0", 7) == 0 || strncmp(ptr,"::",2) == 0) {
if ( ma_server_rec->port == 0 || ma_server_rec->port == 1) {
if (ma_server_rec->addrs->host_addr->port != 0)
port = ma_server_rec->addrs->host_addr->port;
} else {
port = ma_server_rec->port;
}
ptr = apr_psprintf(pproc, "%s:%lu", ma_server_rec->server_hostname, port);
}
rv = apr_parse_addr_port(&mconf->ma_advertise_srvs,
&mconf->ma_advertise_srvi,
&mconf->ma_advertise_srvp,
ptr, pproc);
if (rv != APR_SUCCESS || !mconf->ma_advertise_srvs ||
!mconf->ma_advertise_srvp) {
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
"mod_advertise: Invalid ServerAdvertise Address %s",
ptr);
return rv;
}
}
/* prevent X-Manager-Address: (null):0 */
if (!mconf->ma_advertise_srvs || !mconf->ma_advertise_srvp) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"mod_advertise: ServerAdvertise Address or Port not defined, Advertise disabled!!!");
return OK;
}
/* Create parent management thread */
is_mp_running = 1;
rv = apr_thread_create(&tp, NULL, parent_thread, server, pconf);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
"mod_advertise: parent apr_thread_create");
return rv;
}
apr_thread_detach(tp);
/* Create cleanup pool that will be destroyed first
* in future use new apr_pool_pre_cleanup_register from APR 1.3
*/
apr_pool_create(&magd->cpool, pconf);
apr_pool_cleanup_register(magd->cpool, magd, pconfig_cleanup,
apr_pool_cleanup_null);
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
"Advertise initialized for process %" APR_PID_T_FMT,
getpid());
apr_pool_cleanup_register(magd->ppool, magd, process_cleanup,
apr_pool_cleanup_null);
return OK;
}
/**
* Encrypt the string given as per the current config.
*
* Returns APR_SUCCESS if successful.
*/
static apr_status_t encrypt_string(request_rec * r, const apr_crypto_t *f,
session_crypto_dir_conf *dconf, const char *in, char **out)
{
apr_status_t res;
apr_crypto_key_t *key = NULL;
apr_size_t ivSize = 0;
apr_crypto_block_t *block = NULL;
unsigned char *encrypt = NULL;
unsigned char *combined = NULL;
apr_size_t encryptlen, tlen;
char *base64;
apr_size_t blockSize = 0;
const unsigned char *iv = NULL;
apr_uuid_t salt;
apr_crypto_block_key_type_e *cipher;
const char *passphrase;
/* by default, return an empty string */
*out = "";
/* don't attempt to encrypt an empty string, trying to do so causes a segfault */
if (!in || !*in) {
return APR_SUCCESS;
}
/* use a uuid as a salt value, and prepend it to our result */
apr_uuid_get(&salt);
res = crypt_init(r, f, &cipher, dconf);
if (res != APR_SUCCESS) {
return res;
}
/* encrypt using the first passphrase in the list */
passphrase = APR_ARRAY_IDX(dconf->passphrases, 0, char *);
res = apr_crypto_passphrase(&key, &ivSize, passphrase,
strlen(passphrase),
(unsigned char *) (&salt), sizeof(apr_uuid_t),
*cipher, APR_MODE_CBC, 1, 4096, f, r->pool);
if (APR_STATUS_IS_ENOKEY(res)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01825)
"the passphrase '%s' was empty", passphrase);
}
if (APR_STATUS_IS_EPADDING(res)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01826)
"padding is not supported for cipher");
}
if (APR_STATUS_IS_EKEYTYPE(res)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01827)
"the key type is not known");
}
if (APR_SUCCESS != res) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01828)
"encryption could not be configured.");
return res;
}
res = apr_crypto_block_encrypt_init(&block, &iv, key, &blockSize, r->pool);
if (APR_SUCCESS != res) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01829)
"apr_crypto_block_encrypt_init failed");
return res;
}
/* encrypt the given string */
res = apr_crypto_block_encrypt(&encrypt, &encryptlen, (unsigned char *)in,
strlen(in), block);
if (APR_SUCCESS != res) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01830)
"apr_crypto_block_encrypt failed");
return res;
}
res = apr_crypto_block_encrypt_finish(encrypt + encryptlen, &tlen, block);
if (APR_SUCCESS != res) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01831)
"apr_crypto_block_encrypt_finish failed");
return res;
}
encryptlen += tlen;
/* prepend the salt and the iv to the result */
combined = apr_palloc(r->pool, ivSize + encryptlen + sizeof(apr_uuid_t));
memcpy(combined, &salt, sizeof(apr_uuid_t));
memcpy(combined + sizeof(apr_uuid_t), iv, ivSize);
memcpy(combined + sizeof(apr_uuid_t) + ivSize, encrypt, encryptlen);
/* base64 encode the result */
base64 = apr_palloc(r->pool, apr_base64_encode_len(ivSize + encryptlen +
sizeof(apr_uuid_t) + 1)
* sizeof(char));
apr_base64_encode(base64, (const char *) combined,
ivSize + encryptlen + sizeof(apr_uuid_t));
*out = base64;
return res;
}
