/* * generate a unique identifier for a session */ static void oidc_session_uuid_new(request_rec *r, oidc_session_t *z) { apr_uuid_t uuid; apr_uuid_get(&uuid); apr_uuid_format((char *) &z->uuid, &uuid); }
/** * Load the session by firing off a dbd query. * * If the session is anonymous, the session key will be extracted from * the cookie specified. Failing that, the session key will be extracted * from the GET parameters. * * If the session is keyed by the username, the session will be extracted * by that. * * If no session is found, an empty session will be created. * * On success, this returns OK. */ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z) { session_dbd_dir_conf *conf = ap_get_module_config(r->per_dir_config, &session_dbd_module); apr_status_t ret = APR_SUCCESS; session_rec *zz = NULL; const char *name = NULL; const char *note = NULL; const char *val = NULL; const char *key = NULL; request_rec *m = r->main ? r->main : r; /* is our session in a cookie? */ if (conf->name2_set) { name = conf->name2; } else if (conf->name_set) { name = conf->name; } else if (conf->peruser_set && r->user) { name = r->user; } else { return DECLINED; } /* first look in the notes */ note = apr_pstrcat(r->pool, MOD_SESSION_DBD, name, NULL); zz = (session_rec *)apr_table_get(m->notes, note); if (zz) { *z = zz; return OK; } /* load anonymous sessions */ if (conf->name_set || conf->name2_set) { /* load an RFC2109 or RFC2965 compliant cookie */ ap_cookie_read(r, name, &key, conf->remove); if (key) { ret = dbd_load(r, key, &val); if (ret != APR_SUCCESS) { return ret; } } } /* load named session */ else if (conf->peruser) { if (r->user) { ret = dbd_load(r, r->user, &val); if (ret != APR_SUCCESS) { return ret; } } } /* otherwise not for us */ else { return DECLINED; } /* create a new session and return it */ zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec)); zz->pool = r->pool; zz->entries = apr_table_make(zz->pool, 10); zz->uuid = (apr_uuid_t *) apr_pcalloc(zz->pool, sizeof(apr_uuid_t)); if (key) { apr_uuid_parse(zz->uuid, key); } else { apr_uuid_get(zz->uuid); } zz->encoded = val; *z = zz; /* put the session in the notes so we don't have to parse it again */ apr_table_setn(m->notes, note, (char *)zz); return OK; }
static void * APR_THREAD_FUNC deploymentAdmin_poll(apr_thread_t *thd, void *deploymentAdmin) { deployment_admin_pt admin = deploymentAdmin; /*first poll send framework started audit event, note this will register the target in Apache ACE*/ deploymentAdmin_updateAuditPool(admin, DEPLOYMENT_ADMIN_AUDIT_EVENT__FRAMEWORK_STARTED); while (admin->running) { //poll ace array_list_pt versions = NULL; deploymentAdmin_readVersions(admin, &versions); char *last = arrayList_get(versions, arrayList_size(versions) - 1); if (last != NULL) { if (admin->current == NULL || strcmp(last, admin->current) > 0) { char *request = NULL; if (admin->current == NULL) { request = apr_pstrcat(admin->pool, admin->pollUrl, "/", last, NULL); } else { // We do not yet support fix packages //request = apr_pstrcat(admin->pool, VERSIONS, "/", last, "?current=", admin->current, NULL); request = apr_pstrcat(admin->pool, admin->pollUrl, "/", last, NULL); } char inputFile[256]; inputFile[0] = '\0'; char *test = inputFile; celix_status_t status = deploymentAdmin_download(request, &test); if (status == CELIX_SUCCESS) { bundle_pt bundle = NULL; bundleContext_getBundle(admin->context, &bundle); char *entry = NULL; bundle_getEntry(bundle, "/", &entry); // Handle file char tmpDir[256]; char uuidStr[128]; apr_uuid_t tmpUuid; apr_uuid_get(&tmpUuid); apr_uuid_format(uuidStr, &tmpUuid); sprintf(tmpDir, "%s%s", entry, uuidStr); apr_dir_make(tmpDir, APR_UREAD|APR_UWRITE|APR_UEXECUTE, admin->pool); // TODO: update to use bundle cache DataFile instead of module entries. unzip_extractDeploymentPackage(test, tmpDir); char *manifest = apr_pstrcat(admin->pool, tmpDir, "/META-INF/MANIFEST.MF", NULL); manifest_pt mf = NULL; manifest_createFromFile(manifest, &mf); deployment_package_pt source = NULL; deploymentPackage_create(admin->pool, admin->context, mf, &source); char *name = NULL; deploymentPackage_getName(source, &name); char *repoDir = apr_pstrcat(admin->pool, entry, "repo", NULL); apr_dir_make(repoDir, APR_UREAD|APR_UWRITE|APR_UEXECUTE, admin->pool); char *repoCache = apr_pstrcat(admin->pool, entry, "repo/", name, NULL); deploymentAdmin_deleteTree(repoCache, admin->pool); apr_status_t stat = apr_file_rename(tmpDir, repoCache, admin->pool); if (stat != APR_SUCCESS) { printf("No success\n"); } deployment_package_pt target = hashMap_get(admin->packages, name); if (target == NULL) { // target = empty package } deploymentAdmin_stopDeploymentPackageBundles(admin, target); deploymentAdmin_updateDeploymentPackageBundles(admin, source); deploymentAdmin_startDeploymentPackageCustomizerBundles(admin, source, target); deploymentAdmin_processDeploymentPackageResources(admin, source); deploymentAdmin_dropDeploymentPackageResources(admin, source, target); deploymentAdmin_dropDeploymentPackageBundles(admin, source, target); deploymentAdmin_startDeploymentPackageBundles(admin, source); deploymentAdmin_deleteTree(repoCache, admin->pool); deploymentAdmin_deleteTree(tmpDir, admin->pool); remove(test); admin->current = strdup(last); hashMap_put(admin->packages, name, source); } } } sleep(5); } apr_thread_exit(thd, APR_SUCCESS); return NULL; }
/*--------------------------------------------------------------------------*/ static int post_config_hook(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { apr_status_t rv; const char *pk = "advertise_init_module_tag"; apr_pool_t *pproc = s->process->pool; apr_thread_t *tp; mod_advertise_config *mconf = ap_get_module_config(s->module_config, &advertise_module); int advertisefound = 0; server_rec *server = s; /* Advertise directive in more than one VirtualHost: not supported */ while (server) { mod_advertise_config *conf = ap_get_module_config(server->module_config, &advertise_module); if (conf->ma_advertise_server == server) { if (advertisefound) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "mod_advertise: directive in more than one VirtualHost: not supported"); return !OK; } else advertisefound = -1; } server = server->next; } /* Our server */ server = s; while (server) { mconf = ap_get_module_config(server->module_config, &advertise_module); if (mconf->ma_advertise_server == server) break; server = server->next; } apr_pool_userdata_get((void *)&magd, pk, pproc); if (!magd) { if (!(magd = apr_pcalloc(pproc, sizeof(ma_global_data_t)))) return apr_get_os_error(); apr_pool_create(&magd->ppool, pproc); apr_pool_userdata_set(magd, pk, apr_pool_cleanup_null, pproc); /* First time config phase -- skip. */ return OK; } #if defined(WIN32) { const char *ppid = getenv("AP_PARENT_PID"); if (ppid) { ma_parent_pid = atol(ppid); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "[%" APR_PID_T_FMT " - %" APR_PID_T_FMT "] in child post config hook", getpid(), ma_parent_pid); return OK; } } #endif ma_server_rec = server; if (mconf->ma_advertise_skey) { apr_md5_ctx_t mc; apr_md5_init(&mc); apr_md5_update(&mc, mconf->ma_advertise_skey, strlen(mconf->ma_advertise_skey)); apr_md5_final(magd->ssalt, &mc); } else { /* If security key is not configured, the digest is calculated from zero bytes */ memset(magd->ssalt, '\0', APR_MD5_DIGESTSIZE); } apr_uuid_get(&magd->suuid); magd->srvid[0] = '/'; apr_uuid_format(&magd->srvid[1], &magd->suuid); if (!mconf->ma_advertise_srvh) mconf->ma_advertise_srvh = magd->srvid; /* Check if we have advertise set */ if (mconf->ma_advertise_mode != ma_advertise_off && mconf->ma_advertise_adrs) { rv = ma_group_join(mconf->ma_advertise_adrs, mconf->ma_advertise_port, mconf->ma_bind_adrs, mconf->ma_bind_port, pconf, s); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "mod_advertise: multicast join failed for %s:%d.", mconf->ma_advertise_adrs, mconf->ma_advertise_port); ma_advertise_run = 0; } else { ma_advertise_run = 1; ma_advertise_stat = 200; } } /* Fill default values */ if (!mconf->ma_advertise_srvm) { if (ma_server_rec && ma_server_rec->server_scheme) { /* ServerName scheme://fully-qualified-domain-name[:port] */ mconf->ma_advertise_srvm = apr_pstrdup(pconf, ma_server_rec->server_scheme); } else { mconf->ma_advertise_srvm = apr_pstrdup(pconf, "http"); } } if (mconf->ma_advertise_srvs == NULL && ma_server_rec) { /* * That is not easy just use ServerAdvertise with the server parameter * if the code below doesn't work */ char *ptr = NULL; int port = DEFAULT_HTTP_PORT; if (ma_server_rec->addrs && ma_server_rec->addrs->host_addr && ma_server_rec->addrs->host_addr->next == NULL) { ptr = apr_psprintf(pproc, "%pI", ma_server_rec->addrs->host_addr); } /* Use don't use any as local address too */ if (ptr == NULL || strncmp(ptr,"0.0.0.0", 7) == 0 || strncmp(ptr,"::",2) == 0) { if ( ma_server_rec->port == 0 || ma_server_rec->port == 1) { if (ma_server_rec->addrs->host_addr->port != 0) port = ma_server_rec->addrs->host_addr->port; } else { port = ma_server_rec->port; } ptr = apr_psprintf(pproc, "%s:%lu", ma_server_rec->server_hostname, port); } rv = apr_parse_addr_port(&mconf->ma_advertise_srvs, &mconf->ma_advertise_srvi, &mconf->ma_advertise_srvp, ptr, pproc); if (rv != APR_SUCCESS || !mconf->ma_advertise_srvs || !mconf->ma_advertise_srvp) { ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, "mod_advertise: Invalid ServerAdvertise Address %s", ptr); return rv; } } /* prevent X-Manager-Address: (null):0 */ if (!mconf->ma_advertise_srvs || !mconf->ma_advertise_srvp) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, "mod_advertise: ServerAdvertise Address or Port not defined, Advertise disabled!!!"); return OK; } /* Create parent management thread */ is_mp_running = 1; rv = apr_thread_create(&tp, NULL, parent_thread, server, pconf); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, "mod_advertise: parent apr_thread_create"); return rv; } apr_thread_detach(tp); /* Create cleanup pool that will be destroyed first * in future use new apr_pool_pre_cleanup_register from APR 1.3 */ apr_pool_create(&magd->cpool, pconf); apr_pool_cleanup_register(magd->cpool, magd, pconfig_cleanup, apr_pool_cleanup_null); ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, "Advertise initialized for process %" APR_PID_T_FMT, getpid()); apr_pool_cleanup_register(magd->ppool, magd, process_cleanup, apr_pool_cleanup_null); return OK; }
/** * Encrypt the string given as per the current config. * * Returns APR_SUCCESS if successful. */ static apr_status_t encrypt_string(request_rec * r, const apr_crypto_t *f, session_crypto_dir_conf *dconf, const char *in, char **out) { apr_status_t res; apr_crypto_key_t *key = NULL; apr_size_t ivSize = 0; apr_crypto_block_t *block = NULL; unsigned char *encrypt = NULL; unsigned char *combined = NULL; apr_size_t encryptlen, tlen; char *base64; apr_size_t blockSize = 0; const unsigned char *iv = NULL; apr_uuid_t salt; apr_crypto_block_key_type_e *cipher; const char *passphrase; /* by default, return an empty string */ *out = ""; /* don't attempt to encrypt an empty string, trying to do so causes a segfault */ if (!in || !*in) { return APR_SUCCESS; } /* use a uuid as a salt value, and prepend it to our result */ apr_uuid_get(&salt); res = crypt_init(r, f, &cipher, dconf); if (res != APR_SUCCESS) { return res; } /* encrypt using the first passphrase in the list */ passphrase = APR_ARRAY_IDX(dconf->passphrases, 0, char *); res = apr_crypto_passphrase(&key, &ivSize, passphrase, strlen(passphrase), (unsigned char *) (&salt), sizeof(apr_uuid_t), *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); if (APR_STATUS_IS_ENOKEY(res)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01825) "the passphrase '%s' was empty", passphrase); } if (APR_STATUS_IS_EPADDING(res)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01826) "padding is not supported for cipher"); } if (APR_STATUS_IS_EKEYTYPE(res)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01827) "the key type is not known"); } if (APR_SUCCESS != res) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01828) "encryption could not be configured."); return res; } res = apr_crypto_block_encrypt_init(&block, &iv, key, &blockSize, r->pool); if (APR_SUCCESS != res) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01829) "apr_crypto_block_encrypt_init failed"); return res; } /* encrypt the given string */ res = apr_crypto_block_encrypt(&encrypt, &encryptlen, (unsigned char *)in, strlen(in), block); if (APR_SUCCESS != res) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01830) "apr_crypto_block_encrypt failed"); return res; } res = apr_crypto_block_encrypt_finish(encrypt + encryptlen, &tlen, block); if (APR_SUCCESS != res) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01831) "apr_crypto_block_encrypt_finish failed"); return res; } encryptlen += tlen; /* prepend the salt and the iv to the result */ combined = apr_palloc(r->pool, ivSize + encryptlen + sizeof(apr_uuid_t)); memcpy(combined, &salt, sizeof(apr_uuid_t)); memcpy(combined + sizeof(apr_uuid_t), iv, ivSize); memcpy(combined + sizeof(apr_uuid_t) + ivSize, encrypt, encryptlen); /* base64 encode the result */ base64 = apr_palloc(r->pool, apr_base64_encode_len(ivSize + encryptlen + sizeof(apr_uuid_t) + 1) * sizeof(char)); apr_base64_encode(base64, (const char *) combined, ivSize + encryptlen + sizeof(apr_uuid_t)); *out = base64; return res; }