/*
* initialize the crypto context in the server configuration record; the passphrase is set already
*/
static apr_byte_t oidc_crypto_init(oidc_cfg *cfg, server_rec *s) {
if (cfg->encrypt_ctx != NULL)
return TRUE;
unsigned char *key_data = (unsigned char *) cfg->crypto_passphrase;
int key_data_len = strlen(cfg->crypto_passphrase);
unsigned int s_salt[] = { 41892, 72930 };
unsigned char *salt = (unsigned char *) &s_salt;
int i, nrounds = 5;
unsigned char key[32], iv[32];
/*
* Gen key & IV for AES 256 CBC mode. A SHA1 digest is used to hash the supplied key material.
* nrounds is the number of times the we hash the material. More rounds are more secure but
* slower.
*/
i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data,
key_data_len, nrounds, key, iv);
if (i != 32) {
oidc_serror(s, "key size must be 256 bits!");
return FALSE;
}
cfg->encrypt_ctx = apr_palloc(s->process->pool, sizeof(EVP_CIPHER_CTX));
cfg->decrypt_ctx = apr_palloc(s->process->pool, sizeof(EVP_CIPHER_CTX));
/* initialize the encoding context */
EVP_CIPHER_CTX_init(cfg->encrypt_ctx);
if (!EVP_EncryptInit_ex(cfg->encrypt_ctx, EVP_aes_256_cbc(), NULL, key,
iv)) {
oidc_serror(s, "EVP_EncryptInit_ex on the encrypt context failed: %s",
ERR_error_string(ERR_get_error(), NULL));
return FALSE;
}
/* initialize the decoding context */
EVP_CIPHER_CTX_init(cfg->decrypt_ctx);
if (!EVP_DecryptInit_ex(cfg->decrypt_ctx, EVP_aes_256_cbc(), NULL, key,
iv)) {
oidc_serror(s, "EVP_DecryptInit_ex on the decrypt context failed: %s",
ERR_error_string(ERR_get_error(), NULL));
return FALSE;
}
return TRUE;
}
/*
* initialized the shared memory block in the parent process
*/
int oidc_cache_shm_post_config(server_rec *s) {
oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(s->module_config,
&auth_openidc_module);
if (cfg->cache_cfg != NULL)
return APR_SUCCESS;
oidc_cache_cfg_shm_t *context = oidc_cache_shm_cfg_create(s->process->pool);
cfg->cache_cfg = context;
/* create the shared memory segment */
apr_status_t rv = apr_shm_create(&context->shm,
cfg->cache_shm_entry_size_max * cfg->cache_shm_size_max,
NULL, s->process->pool);
if (rv != APR_SUCCESS) {
oidc_serror(s, "apr_shm_create failed to create shared memory segment");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* initialize the whole segment to '/0' */
int i;
oidc_cache_shm_entry_t *t = apr_shm_baseaddr_get(context->shm);
for (i = 0; i < cfg->cache_shm_size_max; i++, OIDC_CACHE_SHM_ADD_OFFSET(t, cfg->cache_shm_entry_size_max)) {
t->section_key[0] = '\0';
t->access = 0;
}
if (oidc_cache_mutex_post_config(s, context->mutex, "shm") == FALSE)
return HTTP_INTERNAL_SERVER_ERROR;
oidc_sdebug(s, "initialized shared memory with a cache size (# entries) of: %d, and a max (single) entry size of: %d", cfg->cache_shm_size_max, cfg->cache_shm_entry_size_max);
return OK;
}
/*
* initialize the Redis struct the specified Redis server
*/
static int oidc_cache_redis_post_config(server_rec *s) {
oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(s->module_config,
&auth_openidc_module);
if (cfg->cache_cfg != NULL)
return APR_SUCCESS;
oidc_cache_cfg_redis_t *context = oidc_cache_redis_cfg_create(
s->process->pool);
cfg->cache_cfg = context;
apr_status_t rv = APR_SUCCESS;
/* parse the host:post tuple from the configuration */
if (cfg->cache_redis_server == NULL) {
oidc_serror(s,
"cache type is set to \"redis\", but no valid OIDCRedisCacheServer setting was found");
return HTTP_INTERNAL_SERVER_ERROR;
}
char* scope_id;
rv = apr_parse_addr_port(&context->host_str, &scope_id, &context->port,
cfg->cache_redis_server, s->process->pool);
if (rv != APR_SUCCESS) {
oidc_serror(s, "failed to parse cache server: '%s'",
cfg->cache_redis_server);
return HTTP_INTERNAL_SERVER_ERROR;
}
if (context->host_str == NULL) {
oidc_serror(s,
"failed to parse cache server, no hostname specified: '%s'",
cfg->cache_redis_server);
return HTTP_INTERNAL_SERVER_ERROR;
}
if (context->port == 0)
context->port = 6379;
if (oidc_cache_mutex_post_config(s, context->mutex, "redis") == FALSE)
return HTTP_INTERNAL_SERVER_ERROR;
return OK;
}
/*
* initialize the memcache struct to a number of memcache servers
*/
static int oidc_cache_memcache_post_config(server_rec *s) {
oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(s->module_config,
&auth_openidc_module);
if (cfg->cache_cfg != NULL)
return APR_SUCCESS;
oidc_cache_cfg_memcache_t *context = oidc_cache_memcache_cfg_create(
s->process->pool);
cfg->cache_cfg = context;
apr_status_t rv = APR_SUCCESS;
int nservers = 0;
char* split;
char* tok;
apr_pool_t *p = s->process->pool;
if (cfg->cache_memcache_servers == NULL) {
oidc_serror(s,
"cache type is set to \"memcache\", but no valid OIDCMemCacheServers setting was found");
return HTTP_INTERNAL_SERVER_ERROR;
}
/* loop over the provided memcache servers to find out the number of servers configured */
char *cache_config = apr_pstrdup(p, cfg->cache_memcache_servers);
split = apr_strtok(cache_config, " ", &tok);
while (split) {
nservers++;
split = apr_strtok(NULL, " ", &tok);
}
/* allocated space for the number of servers */
rv = apr_memcache_create(p, nservers, 0, &context->cache_memcache);
if (rv != APR_SUCCESS) {
oidc_serror(s, "failed to create memcache object of '%d' size",
nservers);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* loop again over the provided servers */
cache_config = apr_pstrdup(p, cfg->cache_memcache_servers);
split = apr_strtok(cache_config, " ", &tok);
while (split) {
apr_memcache_server_t* st;
char* host_str;
char* scope_id;
apr_port_t port;
/* parse out host and port */
rv = apr_parse_addr_port(&host_str, &scope_id, &port, split, p);
if (rv != APR_SUCCESS) {
oidc_serror(s, "failed to parse cache server: '%s'", split);
return HTTP_INTERNAL_SERVER_ERROR;
}
if (host_str == NULL) {
oidc_serror(s,
"failed to parse cache server, no hostname specified: '%s'",
split);
return HTTP_INTERNAL_SERVER_ERROR;
}
if (port == 0)
port = 11211;
/* create the memcache server struct */
// TODO: tune this
rv = apr_memcache_server_create(p, host_str, port, 0, 1, 1, 60, &st);
if (rv != APR_SUCCESS) {
oidc_serror(s, "failed to create cache server: %s:%d", host_str,
port);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* add the memcache server struct to the list */
rv = apr_memcache_add_server(context->cache_memcache, st);
if (rv != APR_SUCCESS) {
oidc_serror(s, "failed to add cache server: %s:%d", host_str, port);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* go to the next entry */
split = apr_strtok(NULL, " ", &tok);
}
return OK;
}
