Dict session() const{
onion_dict *d=onion_request_get_session_dict(ptr);
if (d)
return Dict(d);
else
return Dict();
}
int oterm_nopam(onion_handler *next, onion_request *req, onion_response *res){
onion_dict *session=onion_request_get_session_dict(req);
onion_dict_lock_write(session);
const char *username=getenv("USER");
if (username)
onion_dict_add(session, "username", username, 0);
onion_dict_add(session, "nopam", "true", 0);
onion_dict_unlock(session);
return onion_handler_handle(next, req, res);
}
static onion_connection_status ask_session(void *_, onion_request *req, onion_response *res){
onion_dict *session=onion_request_get_session_dict(req);
if (set_data_on_session)
onion_dict_add(session,"Test","New data to create the session",0);
has_set_cookie=0;
onion_response_write0(res, "If I write before getting session, then there is no Set-Cookie.\n");
onion_response_printf(res, "%d elements at the session.\n", onion_dict_count(session));
ONION_DEBUG("Session ID is %s, cookies %s",req->session_id, onion_request_get_header(req, "Cookie"));
strcpy(lastsessionid, req->session_id);
return OCS_PROCESSED;
}
int onion_handler_auth_pam_handler(onion_handler_auth_pam_data *d, onion_request *request, onion_response *res){
/// Use session to know if already logged in, so do not mess with PAM so often.
if (onion_request_get_session(request, "pam_logged_in"))
return onion_handler_handle(d->inside, request, res);
const char *o=onion_request_get_header(request, "Authorization");
char *auth=NULL;
char *username=NULL;
char *passwd=NULL;
if (o && strncmp(o,"Basic",5)==0){
//fprintf(stderr,"auth: '%s'\n",&o[6]);
auth=onion_base64_decode(&o[6], NULL);
username=auth;
int i=0;
while (auth[i]!='\0' && auth[i]!=':') i++;
if (auth[i]==':'){
auth[i]='\0'; // so i have user ready
passwd=&auth[i+1];
}
else
passwd=NULL;
}
// I have my data, try to authorize
if (username && passwd){
int ok=authorize(d->pamname, username, passwd);
if (ok){ // I save the username at the session, so it can be accessed later.
onion_dict *session=onion_request_get_session_dict(request);
onion_dict_lock_write(session);
onion_dict_add(session, "username", username, OD_REPLACE|OD_DUP_VALUE);
onion_dict_add(session, "pam_logged_in", username, OD_REPLACE|OD_DUP_VALUE);
onion_dict_unlock(session);
free(auth);
return onion_handler_handle(d->inside, request, res);
}
}
if (auth)
free(auth);
// Not authorized. Ask for it.
char temp[256];
sprintf(temp, "Basic realm=\"%s\"",d->realm);
onion_response_set_header(res, "WWW-Authenticate",temp);
onion_response_set_code(res, HTTP_UNAUTHORIZED);
onion_response_set_length(res,sizeof(RESPONSE_UNAUTHORIZED));
onion_response_write(res,RESPONSE_UNAUTHORIZED,sizeof(RESPONSE_UNAUTHORIZED));
return OCS_PROCESSED;
}
onion_connection_status sessions(void *ignore, onion_request *req){
onion_response *res=onion_response_new(req);
onion_dict *session=onion_request_get_session_dict(req);
if (onion_request_get_query(req, "reset")){
onion_request_session_free(req);
onion_response_write0(res, "ok");
return onion_response_free(res);
}
const char *n=onion_dict_get(session, "count");
int count;
if (n){
count=atoi(n)+1;
}
else
count=0;
char tmp[16];
snprintf(tmp,sizeof(tmp),"%d",count);
onion_dict_add(session, "count", tmp, OD_DUP_ALL|OD_REPLACE);
if (onion_response_write_headers(res)==OR_SKIP_CONTENT) // Head
return onion_response_free(res);
onion_response_write0(res, "<html><body>\n<h1>Session data</h1>\n");
if (session){
onion_response_printf(res,"<ul>\n");
onion_dict_preorder(session, print_dict_element, res);
onion_response_printf(res,"</ul>\n");
}
else{
onion_response_printf(res,"No session data");
}
onion_response_write0(res,"</body></html>");
return onion_response_free(res);
}
/**
* @short Gets session data
* @memberof onion_request_t
*/
const char *onion_request_get_session(onion_request *req, const char *key) {
onion_dict *d=onion_request_get_session_dict(req);
return onion_dict_get(d, key);
}
void t02_cookies(){
INIT_LOCAL();
onion *o=onion_new(O_ONE_LOOP);
onion_request *req;
onion_dict *session;
char *cookieid;
char tmp[256];
req=onion_request_new(o->server, NULL, NULL);
FAIL_IF_NOT_EQUAL(req->session_id, NULL);
session=onion_request_get_session_dict(req);
onion_dict_add(session,"Test","tseT", 0);
FAIL_IF_EQUAL(req->session_id, NULL);
cookieid=strdup(req->session_id);
onion_request_free(req);
req=onion_request_new(o->server, NULL, NULL);
FAIL_IF_NOT_EQUAL(req->session_id, NULL);
session=onion_request_get_session_dict(req);
FAIL_IF_EQUAL(req->session_id, NULL);
session=onion_request_get_session_dict(req);
onion_dict_add(session,"Test","Another value", 0);
FAIL_IF_EQUAL_STR(req->session_id, cookieid);
onion_request_free(req);
req=onion_request_new(o->server, NULL, NULL);
snprintf(tmp,sizeof(tmp),"sessionid=%s",cookieid);
onion_dict_add(req->headers,"Cookie",tmp, OD_DUP_VALUE);
FAIL_IF_NOT_EQUAL(req->session_id, NULL);
session=onion_request_get_session_dict(req);
FAIL_IF_NOT_EQUAL_STR(req->session_id, cookieid);
FAIL_IF_NOT_EQUAL_STR(onion_dict_get(session,"Test"),"tseT");
onion_request_free(req);
req=onion_request_new(o->server, NULL, NULL);
snprintf(tmp,sizeof(tmp),"trashthingish=nothing interesting; sessionid=%s; wtf=ianal",cookieid);
onion_dict_add(req->headers,"Cookie",tmp, OD_DUP_VALUE);
FAIL_IF_NOT_EQUAL(req->session_id, NULL);
session=onion_request_get_session_dict(req);
FAIL_IF_NOT_EQUAL_STR(req->session_id, cookieid);
FAIL_IF_NOT_EQUAL_STR(onion_dict_get(session,"Test"),"tseT");
onion_request_free(req);
req=onion_request_new(o->server, NULL, NULL);
snprintf(tmp,sizeof(tmp),"sessionid=nothing interesting; sessionid=%s; other_sessionid=ianal",cookieid);
onion_dict_add(req->headers,"Cookie",tmp, OD_DUP_VALUE);
FAIL_IF_NOT_EQUAL(req->session_id, NULL);
session=onion_request_get_session_dict(req);
FAIL_IF_NOT_EQUAL_STR(req->session_id, cookieid);
FAIL_IF_NOT_EQUAL_STR(onion_dict_get(session,"Test"),"tseT");
onion_request_free(req);
req=onion_request_new(o->server, NULL, NULL);
snprintf(tmp,sizeof(tmp),"sessionid=nothing interesting; xsessionid=%s; other_sessionid=ianal",cookieid);
onion_dict_add(req->headers,"Cookie",tmp, OD_DUP_VALUE);
FAIL_IF_NOT_EQUAL(req->session_id, NULL);
session=onion_request_get_session_dict(req);
FAIL_IF_EQUAL_STR(req->session_id, cookieid);
FAIL_IF_EQUAL_STR(onion_dict_get(session,"Test"),"tseT");
onion_request_free(req);
onion_free(o);
free(cookieid);
END_LOCAL();
}
