Exemplo n.º 1
0
static int check_for_cookie(void *rec, const char *key, const char *value) {
    if (strcasecmp("Cookie", key) == 0) {
        check_for_cookie_data_t *data = rec;
        if (data->cookie_name == NULL) {
            crowd_cookie_config_t *cookie_config = crowd_get_cookie_config(data->r, data->config->crowd_config);
            if (cookie_config == NULL || cookie_config->cookie_name == NULL || (cookie_config->secure && !is_https(data->r))) {
                return 0;
            }
            data->cookie_name = log_ralloc(data->r, apr_pstrcat(data->r->pool, cookie_config->cookie_name, "=", NULL));
            if (data->cookie_name == NULL) {
                return 0;
            }
            data->cookie_name_len = strlen(data->cookie_name);
        }
        char *cookies = log_ralloc(data->r, apr_pstrdup(data->r->pool, value));
        if (cookies == NULL) {
            return 0;
        }
        apr_collapse_spaces(cookies, cookies);
        char *last;
        char *cookie = apr_strtok(cookies, ";,", &last);
        while (cookie != NULL) {
            if (strncasecmp(cookie, data->cookie_name, data->cookie_name_len) == 0) {
                data->token = log_ralloc(data->r, apr_pstrdup(data->r->pool, cookie + data->cookie_name_len));
                return 0;
            }
            cookie = apr_strtok(NULL, ";,", &last);
        }
    }
    return 1;
}
Exemplo n.º 2
0
static size_t write_crowd_response_header(void *ptr, size_t size, size_t nmemb, void *stream) {
    write_data_t *write_data = (write_data_t *)stream;
    if (write_data->headers_done) {
        /* A new header is starting, e.g. after re-direct */
        write_data->status_code = STATUS_CODE_UNKNOWN;
        write_data->headers_done = false;
        write_data->body_done = false;
        write_data->body_valid = false;
    }
    if (write_data->status_code == STATUS_CODE_UNKNOWN) {
        /* Parse the status code from the status line. */
        char *status_line = log_ralloc(write_data->r, apr_pstrmemdup(write_data->r->pool, ptr, size * nmemb));
        if (status_line == NULL) {
            return -1;
        }
        if (sscanf(status_line, "HTTP/%*u.%*u %u ", &(write_data->status_code)) != 1) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, write_data->r, "Failed to parse status line: '%s'", status_line);
            return -1;
        }
    } else if (size * nmemb == 2 && memcmp("\r\n", ptr, 2) == 0) {
        /* End of headers for this request */
        if (write_data->status_code == STATUS_CODE_UNKNOWN) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, write_data->r, "No headers in request.");
            return -1;
        }
        write_data->headers_done = TRUE;
    }
    return size * nmemb;
}
Exemplo n.º 3
0
static bool create_xml_reader(write_data_t *write_data) {
    write_data->xml_reader = log_ralloc(write_data->r, xmlReaderForMemory(write_data->response_text->elts, write_data->response_text->nelts * write_data->response_text->elt_size, NULL, NULL, 0) );
    if (write_data->xml_reader == NULL) {
        return false;
    }
    xmlTextReaderSetErrorHandler(write_data->xml_reader, xml_reader_error, write_data);
    return true;
}
Exemplo n.º 4
0
static bool add_header(const request_rec *r, struct curl_slist **headers, const char *header) {
    struct curl_slist *new_headers = log_ralloc(r, curl_slist_append(*headers, header));
    if (new_headers == NULL) {
        return false;
    }
    *headers = new_headers;
    return true;
}
Exemplo n.º 5
0
/* Given a username and password, expected to return AUTH_GRANTED if we can validate this user/password combination. */
static authn_status authn_crowd_check_password(request_rec *r, const char *user, const char *password)
{
    authnz_crowd_dir_config *config = get_config(r);
    if (config == NULL) {
        return AUTH_GENERAL_ERROR;
    }

    apr_array_header_t *basic_auth_xlates = config->basic_auth_xlates;
    int i;
    for (i = 0; i < basic_auth_xlates->nelts; i++) {
        apr_xlate_t *xlate = APR_ARRAY_IDX(basic_auth_xlates, i, apr_xlate_t *);
        char xlated_user[XLATE_BUFFER_SIZE] = {};
        char xlated_password[XLATE_BUFFER_SIZE] = {};
        if (!xlate_string(xlate, user, xlated_user) || !xlate_string(xlate, password, xlated_password)) {
            ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Failed to translate basic authentication credentials");
        } else {
            crowd_authenticate_result result = CROWD_AUTHENTICATE_NOT_ATTEMPTED;
            if (config->create_sso) {
                crowd_cookie_config_t *cookie_config = crowd_get_cookie_config(r, config->crowd_config);
                if (cookie_config != NULL && (!cookie_config->secure || is_https(r))) {
                    const char *token;
                    result = crowd_create_session(r, config->crowd_config, xlated_user, xlated_password, &token);
                    if (result == CROWD_AUTHENTICATE_SUCCESS && token != NULL) {
                        char *domain = "";
                        if (cookie_config->domain != NULL && cookie_config->domain[0] == '.') {
                            int domainlen = strlen(cookie_config->domain);
                            int hostlen = strlen(r->hostname);
                            if (hostlen > domainlen
                                && strcmp(cookie_config->domain, r->hostname + hostlen - domainlen) == 0) {
                                domain = apr_psprintf(r->pool, ";Domain=%s", cookie_config->domain);
                            }
                        }
                        char *cookie = log_ralloc(r,
                            apr_psprintf(r->pool, "%s=%s%s%s;Version=1", cookie_config->cookie_name, token, domain,
                            cookie_config->secure ? ";Secure" : ""));
                        if (cookie != NULL) {
                            apr_table_add(r->err_headers_out, "Set-Cookie", cookie);
                        }
                    }
                }
            }
            if (result == CROWD_AUTHENTICATE_NOT_ATTEMPTED) {
                result = crowd_authenticate(r, config->crowd_config, xlated_user, xlated_password);
            }
            switch (result) {
                case CROWD_AUTHENTICATE_SUCCESS:
                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Authenticated '%s'.", xlated_user);
                    return AUTH_GRANTED;
                case CROWD_AUTHENTICATE_FAILURE:
                    break;
                default:
                    ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Crowd authentication failed due to system exception");
            }
        }
    }

    return AUTH_DENIED;
}
Exemplo n.º 6
0
static const char *make_url(const request_rec *r, const crowd_config *config, CURL *curl_easy, const char *user,
    const char *format) {
    char *url;
    if (user == NULL) {
        url = apr_psprintf(r->pool, format, config->crowd_url);
    } else {
        char *encoded_user = log_ralloc(r, curl_easy_escape(curl_easy, user, 0));
        if (encoded_user == NULL) {
            return NULL;
        }
        url = apr_psprintf(r->pool, format, config->crowd_url, encoded_user);
        curl_free(encoded_user);
    }
    log_ralloc(r, url);
    if (url == NULL) {
        return NULL;
    }
    return url;
}