static int check_for_cookie(void *rec, const char *key, const char *value) { if (strcasecmp("Cookie", key) == 0) { check_for_cookie_data_t *data = rec; if (data->cookie_name == NULL) { crowd_cookie_config_t *cookie_config = crowd_get_cookie_config(data->r, data->config->crowd_config); if (cookie_config == NULL || cookie_config->cookie_name == NULL || (cookie_config->secure && !is_https(data->r))) { return 0; } data->cookie_name = log_ralloc(data->r, apr_pstrcat(data->r->pool, cookie_config->cookie_name, "=", NULL)); if (data->cookie_name == NULL) { return 0; } data->cookie_name_len = strlen(data->cookie_name); } char *cookies = log_ralloc(data->r, apr_pstrdup(data->r->pool, value)); if (cookies == NULL) { return 0; } apr_collapse_spaces(cookies, cookies); char *last; char *cookie = apr_strtok(cookies, ";,", &last); while (cookie != NULL) { if (strncasecmp(cookie, data->cookie_name, data->cookie_name_len) == 0) { data->token = log_ralloc(data->r, apr_pstrdup(data->r->pool, cookie + data->cookie_name_len)); return 0; } cookie = apr_strtok(NULL, ";,", &last); } } return 1; }
static size_t write_crowd_response_header(void *ptr, size_t size, size_t nmemb, void *stream) { write_data_t *write_data = (write_data_t *)stream; if (write_data->headers_done) { /* A new header is starting, e.g. after re-direct */ write_data->status_code = STATUS_CODE_UNKNOWN; write_data->headers_done = false; write_data->body_done = false; write_data->body_valid = false; } if (write_data->status_code == STATUS_CODE_UNKNOWN) { /* Parse the status code from the status line. */ char *status_line = log_ralloc(write_data->r, apr_pstrmemdup(write_data->r->pool, ptr, size * nmemb)); if (status_line == NULL) { return -1; } if (sscanf(status_line, "HTTP/%*u.%*u %u ", &(write_data->status_code)) != 1) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, write_data->r, "Failed to parse status line: '%s'", status_line); return -1; } } else if (size * nmemb == 2 && memcmp("\r\n", ptr, 2) == 0) { /* End of headers for this request */ if (write_data->status_code == STATUS_CODE_UNKNOWN) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, write_data->r, "No headers in request."); return -1; } write_data->headers_done = TRUE; } return size * nmemb; }
static bool create_xml_reader(write_data_t *write_data) { write_data->xml_reader = log_ralloc(write_data->r, xmlReaderForMemory(write_data->response_text->elts, write_data->response_text->nelts * write_data->response_text->elt_size, NULL, NULL, 0) ); if (write_data->xml_reader == NULL) { return false; } xmlTextReaderSetErrorHandler(write_data->xml_reader, xml_reader_error, write_data); return true; }
static bool add_header(const request_rec *r, struct curl_slist **headers, const char *header) { struct curl_slist *new_headers = log_ralloc(r, curl_slist_append(*headers, header)); if (new_headers == NULL) { return false; } *headers = new_headers; return true; }
/* Given a username and password, expected to return AUTH_GRANTED if we can validate this user/password combination. */ static authn_status authn_crowd_check_password(request_rec *r, const char *user, const char *password) { authnz_crowd_dir_config *config = get_config(r); if (config == NULL) { return AUTH_GENERAL_ERROR; } apr_array_header_t *basic_auth_xlates = config->basic_auth_xlates; int i; for (i = 0; i < basic_auth_xlates->nelts; i++) { apr_xlate_t *xlate = APR_ARRAY_IDX(basic_auth_xlates, i, apr_xlate_t *); char xlated_user[XLATE_BUFFER_SIZE] = {}; char xlated_password[XLATE_BUFFER_SIZE] = {}; if (!xlate_string(xlate, user, xlated_user) || !xlate_string(xlate, password, xlated_password)) { ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Failed to translate basic authentication credentials"); } else { crowd_authenticate_result result = CROWD_AUTHENTICATE_NOT_ATTEMPTED; if (config->create_sso) { crowd_cookie_config_t *cookie_config = crowd_get_cookie_config(r, config->crowd_config); if (cookie_config != NULL && (!cookie_config->secure || is_https(r))) { const char *token; result = crowd_create_session(r, config->crowd_config, xlated_user, xlated_password, &token); if (result == CROWD_AUTHENTICATE_SUCCESS && token != NULL) { char *domain = ""; if (cookie_config->domain != NULL && cookie_config->domain[0] == '.') { int domainlen = strlen(cookie_config->domain); int hostlen = strlen(r->hostname); if (hostlen > domainlen && strcmp(cookie_config->domain, r->hostname + hostlen - domainlen) == 0) { domain = apr_psprintf(r->pool, ";Domain=%s", cookie_config->domain); } } char *cookie = log_ralloc(r, apr_psprintf(r->pool, "%s=%s%s%s;Version=1", cookie_config->cookie_name, token, domain, cookie_config->secure ? ";Secure" : "")); if (cookie != NULL) { apr_table_add(r->err_headers_out, "Set-Cookie", cookie); } } } } if (result == CROWD_AUTHENTICATE_NOT_ATTEMPTED) { result = crowd_authenticate(r, config->crowd_config, xlated_user, xlated_password); } switch (result) { case CROWD_AUTHENTICATE_SUCCESS: ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Authenticated '%s'.", xlated_user); return AUTH_GRANTED; case CROWD_AUTHENTICATE_FAILURE: break; default: ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Crowd authentication failed due to system exception"); } } } return AUTH_DENIED; }
static const char *make_url(const request_rec *r, const crowd_config *config, CURL *curl_easy, const char *user, const char *format) { char *url; if (user == NULL) { url = apr_psprintf(r->pool, format, config->crowd_url); } else { char *encoded_user = log_ralloc(r, curl_easy_escape(curl_easy, user, 0)); if (encoded_user == NULL) { return NULL; } url = apr_psprintf(r->pool, format, config->crowd_url, encoded_user); curl_free(encoded_user); } log_ralloc(r, url); if (url == NULL) { return NULL; } return url; }