diff --git a/src/mod_sso/mod_sso.c b/src/mod_sso/mod_sso.c
index d1a81b8fd2843b9cd478b4cac45c37bf4ca7898e..20c5b7b027dbc03cb17991ab52d02b50bc037fe7 100644
--- a/src/mod_sso/mod_sso.c
+++ b/src/mod_sso/mod_sso.c
@@ -24,15 +24,16 @@
#include <stdio.h>
+#include "ap_config.h"
+#include "apr_strings.h"
#include "httpd.h"
+
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
+#include "http_main.h"
#include "http_protocol.h"
#include "http_request.h"
-#include "http_main.h"
-#include "ap_config.h"
-#include "apr_strings.h"
#include "mod_sso.h"
@@ -64,15 +65,15 @@ typedef struct {
// size as well).
const unsigned char *session_key;
size_t session_key_len;
-
+
// All known groups (2.4: unused).
apr_array_header_t *groups;
} modsso_config;
-typedef const char *(*CMD_HAND_TYPE) ();
+typedef const char *(*CMD_HAND_TYPE)();
-static char *groups_array_to_commasep_string(apr_pool_t *p, apr_array_header_t *groups)
-{
+static char *groups_array_to_commasep_string(apr_pool_t *p,
+ apr_array_header_t *groups) {
return apr_array_pstrcat(p, groups, ',');
}
@@ -92,8 +93,7 @@ static char *groups_charp_to_string(apr_pool_t *p, const char **groups) {
* @param s unused.
* @return a newly allocated modsso_config with default values.
*/
-static void *create_modsso_config(apr_pool_t *p, char *s)
-{
+static void *create_modsso_config(apr_pool_t *p, char *s) {
// This module's configuration structure.
modsso_config *newcfg;
@@ -108,19 +108,18 @@ static void *create_modsso_config(apr_pool_t *p, char *s)
newcfg->session_key = NULL;
newcfg->session_key_len = 0;
newcfg->groups = NULL;
-
+
// Return the created configuration struct.
return (void *)newcfg;
}
-static void *merge_modsso_config(apr_pool_t *p, void *base, void *add)
-{
+static void *merge_modsso_config(apr_pool_t *p, void *base, void *add) {
modsso_config *cbase = (modsso_config *)base;
modsso_config *cadd = (modsso_config *)add;
- modsso_config *newcfg =
- (modsso_config *)apr_palloc(p, sizeof(modsso_config));
+ modsso_config *newcfg = (modsso_config *)apr_palloc(p, sizeof(modsso_config));
- newcfg->login_server = cadd->login_server ? cadd->login_server : cbase->login_server;
+ newcfg->login_server =
+ cadd->login_server ? cadd->login_server : cbase->login_server;
newcfg->service = cadd->service ? cadd->service : cbase->service;
newcfg->domain = cadd->domain ? cadd->domain : cbase->domain;
newcfg->public_key = cbase->public_key;
@@ -140,37 +139,37 @@ static void *merge_modsso_config(apr_pool_t *p, void *base, void *add)
return (void *)newcfg;
}
-static const char *set_modsso_login_server(cmd_parms *parms,
- void *mconfig, const char *arg)
-{
+static const char *set_modsso_login_server(cmd_parms *parms, void *mconfig,
+ const char *arg) {
modsso_config *s_cfg = (modsso_config *)mconfig;
s_cfg->login_server = arg;
return NULL;
}
-static const char *set_modsso_service(cmd_parms *parms, void *mconfig, const char *arg)
-{
+static const char *set_modsso_service(cmd_parms *parms, void *mconfig,
+ const char *arg) {
modsso_config *s_cfg = (modsso_config *)mconfig;
s_cfg->service = arg;
return NULL;
}
-static const char *set_modsso_domain(cmd_parms *parms, void *mconfig, const char *arg)
-{
+static const char *set_modsso_domain(cmd_parms *parms, void *mconfig,
+ const char *arg) {
modsso_config *s_cfg = (modsso_config *)mconfig;
s_cfg->domain = arg;
return NULL;
}
-static const char *set_modsso_public_key_file(cmd_parms *parms, void *mconfig, const char *arg)
-{
+static const char *set_modsso_public_key_file(cmd_parms *parms, void *mconfig,
+ const char *arg) {
modsso_config *s_cfg = (modsso_config *)mconfig;
char buf[128];
apr_size_t n = sizeof(buf);
apr_file_t *file;
int status;
- if (apr_file_open(&file, arg, APR_FOPEN_READ, 0, parms->pool) != APR_SUCCESS) {
+ if (apr_file_open(&file, arg, APR_FOPEN_READ, 0, parms->pool) !=
+ APR_SUCCESS) {
return "Could not open SSOPublicKeyFile";
}
status = apr_file_read(file, (void *)buf, &n);
@@ -186,13 +185,15 @@ static const char *set_modsso_public_key_file(cmd_parms *parms, void *mconfig, c
return NULL;
}
-static const char *set_modsso_session_key_file(cmd_parms *parms, void *mconfig, const char *arg) {
+static const char *set_modsso_session_key_file(cmd_parms *parms, void *mconfig,
+ const char *arg) {
modsso_config *s_cfg = (modsso_config *)mconfig;
unsigned char *session_key = NULL;
size_t session_key_len = MODSSO_SESSION_KEY_SIZE;
session_key = (unsigned char *)apr_palloc(parms->pool, session_key_len);
- if (modsso_session_read_key_from_file(parms->pool, arg, session_key, &session_key_len) < 0) {
+ if (modsso_session_read_key_from_file(parms->pool, arg, session_key,
+ &session_key_len) < 0) {
return "Could not open SSOSessionKeyFile";
}
@@ -202,25 +203,23 @@ static const char *set_modsso_session_key_file(cmd_parms *parms, void *mconfig,
return NULL;
}
-static const command_rec mod_sso_cmds[] =
-{
- AP_INIT_TAKE1("SSOLoginServer", (CMD_HAND_TYPE) set_modsso_login_server,
- NULL, OR_ALL,
- "SSOLoginServer (string) URL of the login server."),
- AP_INIT_TAKE1("SSOService", (CMD_HAND_TYPE) set_modsso_service,
- NULL, OR_ALL,
- "SSOService (string) SSO Service"),
- AP_INIT_TAKE1("SSODomain", (CMD_HAND_TYPE) set_modsso_domain,
- NULL, OR_ALL,
- "SSODomain (string) SSO Domain"),
- AP_INIT_TAKE1("SSOPublicKeyFile", (CMD_HAND_TYPE) set_modsso_public_key_file,
- NULL, RSRC_CONF,
- "SSOPublicKeyFile (string) Location of the login server public key"),
- AP_INIT_TAKE1("SSOSessionKeyFile", (CMD_HAND_TYPE) set_modsso_session_key_file,
- NULL, RSRC_CONF,
- "SSOSessionKeyFile (string) Location of the local session secret key"),
- {NULL}
-};
+static const command_rec mod_sso_cmds[] = {
+ AP_INIT_TAKE1("SSOLoginServer", (CMD_HAND_TYPE)set_modsso_login_server,
+ NULL, OR_ALL,
+ "SSOLoginServer (string) URL of the login server."),
+ AP_INIT_TAKE1("SSOService", (CMD_HAND_TYPE)set_modsso_service, NULL, OR_ALL,
+ "SSOService (string) SSO Service"),
+ AP_INIT_TAKE1("SSODomain", (CMD_HAND_TYPE)set_modsso_domain, NULL, OR_ALL,
+ "SSODomain (string) SSO Domain"),
+ AP_INIT_TAKE1(
+ "SSOPublicKeyFile", (CMD_HAND_TYPE)set_modsso_public_key_file, NULL,
+ RSRC_CONF,
+ "SSOPublicKeyFile (string) Location of the login server public key"),
+ AP_INIT_TAKE1(
+ "SSOSessionKeyFile", (CMD_HAND_TYPE)set_modsso_session_key_file, NULL,
+ RSRC_CONF,
+ "SSOSessionKeyFile (string) Location of the local session secret key"),
+ {NULL}};
/**
* Send the given text to the client.
@@ -238,7 +237,7 @@ static int http_sendstring(request_rec *r, const char *s) {
APR_BRIGADE_INSERT_TAIL(bb, b);
b = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, b);
-
+
ap_set_content_type(r, "text/html");
if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS)
return HTTP_INTERNAL_SERVER_ERROR;
@@ -266,17 +265,9 @@ static int http_redirect(request_rec *r, const char *location) {
* @param service_host Host part of the SSO service.
*/
static char *full_uri(request_rec *r, const char *service_host) {
- char *result = apr_pstrcat(r->pool,
- "https://",
- service_host,
- r->uri,
- NULL);
+ char *result = apr_pstrcat(r->pool, "https://", service_host, r->uri, NULL);
if (r->args) {
- result = apr_pstrcat(r->pool,
- result,
- "?",
- r->args,
- NULL);
+ result = apr_pstrcat(r->pool, result, "?", r->args, NULL);
}
return result;
}
@@ -290,14 +281,10 @@ static char *full_uri(request_rec *r, const char *service_host) {
* @param service SSO service.
* @return true if the redirection is valid.
*/
-static int is_valid_redir(request_rec *r,
- const char *redir,
+static int is_valid_redir(request_rec *r, const char *redir,
const char *service) {
const char *c;
- char *prefix = apr_pstrcat(r->pool,
- "https://",
- service,
- NULL);
+ char *prefix = apr_pstrcat(r->pool, "https://", service, NULL);
if (strlen(redir) < strlen(prefix)) {
return 0;
}
@@ -305,7 +292,7 @@ static int is_valid_redir(request_rec *r,
return 0;
}
for (c = redir; *c; c++) {
- if (*c < 32 || *c == ';')
+ if (*c < 32 || *c == ';')
return 0;
}
return 1;
@@ -315,10 +302,7 @@ static char *get_cookie_name(request_rec *r) {
char *cookie_name;
const char *auth_name = ap_auth_name(r);
if (auth_name) {
- cookie_name = apr_pstrcat(r->pool,
- "SSO_",
- auth_name,
- NULL);
+ cookie_name = apr_pstrcat(r->pool, "SSO_", auth_name, NULL);
} else {
cookie_name = "SSO";
}
@@ -326,15 +310,14 @@ static char *get_cookie_name(request_rec *r) {
}
// Parse the service spec
-static int parse_service(request_rec *r,
- modsso_config *s_cfg,
- const char **service,
- const char **service_host,
+static int parse_service(request_rec *r, modsso_config *s_cfg,
+ const char **service, const char **service_host,
const char **service_path) {
char *svc;
// Make sure the service ends with a slash.
- if (s_cfg->service != NULL && s_cfg->service[strlen(s_cfg->service) - 1] != '/') {
+ if (s_cfg->service != NULL &&
+ s_cfg->service[strlen(s_cfg->service) - 1] != '/') {
svc = apr_pstrcat(r->pool, s_cfg->service, "/", NULL);
} else {
svc = apr_pstrdup(r->pool, s_cfg->service);
@@ -363,13 +346,14 @@ static int parse_service(request_rec *r,
if (!r->server->defn_name) {
*service = "error";
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "sso: SSOService could not be determined");
+ "sso: SSOService could not be determined");
return -1;
}
*service_host = r->server->defn_name;
int port = ap_get_server_port(r);
if (port > 0 && port != 80 && port != 443) {
- *service_host = apr_pstrcat(r->pool, *service_host, ":", apr_ltoa(r->pool, port), NULL);
+ *service_host = apr_pstrcat(r->pool, *service_host, ":",
+ apr_ltoa(r->pool, port), NULL);
}
} else {
*service_host = host_hdr;
@@ -380,8 +364,7 @@ static int parse_service(request_rec *r,
return 0;
}
-static int check_config(request_rec *r, modsso_config *s_cfg)
-{
+static int check_config(request_rec *r, modsso_config *s_cfg) {
if (!s_cfg->login_server) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"sso: SSOLoginServer is not defined!");
@@ -410,16 +393,14 @@ static int check_config(request_rec *r, modsso_config *s_cfg)
*
* @param r Pointer to the request_rec structure.
*/
-static int mod_sso_method_handler(request_rec *r)
-{
+static int mod_sso_method_handler(request_rec *r) {
const char *uri, *sso_cookie_name;
- const char *service = NULL, *service_host = NULL,
- *service_path = NULL;
+ const char *service = NULL, *service_host = NULL, *service_path = NULL;
char *sso_logout_path, *sso_login_path;
// Get the module configuration
- modsso_config *s_cfg = (modsso_config *)
- ap_get_module_config(r->per_dir_config, &sso_module);
+ modsso_config *s_cfg =
+ (modsso_config *)ap_get_module_config(r->per_dir_config, &sso_module);
uri = r->uri;
// Return immediately if there's nothing to do (check the AuthType)
@@ -431,8 +412,8 @@ static int mod_sso_method_handler(request_rec *r)
sso_cookie_name = get_cookie_name(r);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "sso: cookie_name \"%s\"", sso_cookie_name);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "sso: cookie_name \"%s\"",
+ sso_cookie_name);
// Check if the required parameters are defined.
if (!check_config(r, s_cfg)) {
@@ -442,15 +423,14 @@ static int mod_sso_method_handler(request_rec *r)
// Parse the service into host/path (guess it if not specified).
if (parse_service(r, s_cfg, &service, &service_host, &service_path) != 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "sso: could not parse service \"%s\"",
- s_cfg->service);
+ "sso: could not parse service \"%s\"", s_cfg->service);
return HTTP_BAD_REQUEST;
}
// Handle /sso_logout
sso_logout_path = apr_pstrcat(r->pool, service_path, "sso_logout", NULL);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "sso: logout? \"%s\" \"%s\"", sso_logout_path, uri);
+ "sso: logout? \"%s\" \"%s\"", sso_logout_path, uri);
if (!strcmp(uri, sso_logout_path)) {
modsso_del_cookie(r, sso_cookie_name);
return http_sendstring(r, "OK");
@@ -468,35 +448,37 @@ static int mod_sso_method_handler(request_rec *r)
if (!r->args) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "sso: invalid sso_login request (no query args)");
+ "sso: invalid sso_login request (no query args)");
return HTTP_BAD_REQUEST;
}
// Parse query params
if (modsso_parse_query_string(r->pool, r->args, ¶ms) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "sso: invalid parameters for sso_login: %s",
- r->args);
+ "sso: invalid parameters for sso_login: %s", r->args);
return HTTP_BAD_REQUEST;
}
// Parse the SSO ticket and validate the nonce with the session.
// Only do this if a session key is set (sessions are enabled).
if (s_cfg->session_key != NULL) {
- if (modsso_session_read(r, s_cfg->session_key, s_cfg->session_key_len, &unique_id) < 0) {
+ if (modsso_session_read(r, s_cfg->session_key, s_cfg->session_key_len,
+ &unique_id) < 0) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"sso: could not read session cookie");
return HTTP_BAD_REQUEST;
}
if ((err = sso_ticket_open(&t, params.t, s_cfg->public_key)) != SSO_OK) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
- "sso: ticket decoding error: %s, tkt=%s", sso_strerror(err), params.t);
+ "sso: ticket decoding error: %s, tkt=%s",
+ sso_strerror(err), params.t);
return HTTP_BAD_REQUEST;
}
// TODO: add group validation. Not really a huge deal, since we're
// going to re-validate the token on the original endpoint anyway,
// but it would maybe be good for clarity.
- if ((err = sso_validate(t, service, s_cfg->domain, unique_id, NULL)) != SSO_OK) {
+ if ((err = sso_validate(t, service, s_cfg->domain, unique_id, NULL)) !=
+ SSO_OK) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"sso: ticket validation error: %s", sso_strerror(err));
return HTTP_BAD_REQUEST;
@@ -518,24 +500,17 @@ static int mod_sso_method_handler(request_rec *r)
return DECLINED;
}
-static int redirect_to_login_server(request_rec *r,
- modsso_config *s_cfg,
+static int redirect_to_login_server(request_rec *r, modsso_config *s_cfg,
const char *service_host,
- const char *service,
- const char **groups,
- const char *service_path)
-{
+ const char *service, const char **groups,
+ const char *service_path) {
char *dest, *login_url, *sso_login_path;
const char *unique_id;
-
+
dest = full_uri(r, service_host);
- login_url = apr_pstrcat(r->pool,
- "https://", s_cfg->login_server,
- "/?s=",
- modsso_url_encode(r->pool, service),
- "&d=",
- modsso_url_encode(r->pool, dest),
- NULL);
+ login_url = apr_pstrcat(r->pool, "https://", s_cfg->login_server,
+ "/?s=", modsso_url_encode(r->pool, service),
+ "&d=", modsso_url_encode(r->pool, dest), NULL);
if (s_cfg->session_key != NULL) {
// If we have a session key, send a nonce to the login server. We
// use mod_unique_id to provide us with a unique token. The fact
@@ -546,33 +521,24 @@ static int redirect_to_login_server(request_rec *r,
if (unique_id != NULL) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"sso: generated unique id %s", unique_id);
- login_url = apr_pstrcat(r->pool,
- login_url,
- "&n=",
- unique_id,
- NULL);
+ login_url = apr_pstrcat(r->pool, login_url, "&n=", unique_id, NULL);
// Set the cookie path to the /sso_login handler only, to avoid
// sending the session cookie on every unrelated request.
// Ignore errors here, not much else we can do.
- sso_login_path = apr_pstrcat(r->pool,
- service_path,
- "sso_login",
- NULL);
+ sso_login_path = apr_pstrcat(r->pool, service_path, "sso_login", NULL);
modsso_session_save(r, s_cfg->session_key, s_cfg->session_key_len,
unique_id, sso_login_path);
}
}
if (groups) {
- login_url = apr_pstrcat(r->pool,
- login_url,
- "&g=",
- groups_charp_to_string(r->pool, groups),
- NULL);
+ login_url =
+ apr_pstrcat(r->pool, login_url,
+ "&g=", groups_charp_to_string(r->pool, groups), NULL);
}
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"sso: unauthorized access to %s", dest);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "sso: redirecting to %s", login_url);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "sso: redirecting to %s",
+ login_url);
return http_redirect(r, login_url);
}
@@ -581,14 +547,12 @@ static int redirect_to_login_server(request_rec *r,
*
* @param r Pointer to the request_rec structure.
*/
-static int mod_sso_check_access_ex(request_rec *r)
-{
+static int mod_sso_check_access_ex(request_rec *r) {
const char *uri;
const char *sso_login_path, *sso_logout_path;
- const char *service = NULL, *service_host = NULL,
- *service_path = NULL;
- modsso_config *s_cfg = (modsso_config *)
- ap_get_module_config(r->per_dir_config, &sso_module);
+ const char *service = NULL, *service_host = NULL, *service_path = NULL;
+ modsso_config *s_cfg =
+ (modsso_config *)ap_get_module_config(r->per_dir_config, &sso_module);
if (!is_sso_auth(r)) {
return DECLINED;
@@ -602,9 +566,10 @@ static int mod_sso_check_access_ex(request_rec *r)
uri = r->uri;
if (parse_service(r, s_cfg, &service, &service_host, &service_path) != 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "sso (check_access_ex): could not parse service (cfg->service=%s)",
- s_cfg->service);
+ ap_log_error(
+ APLOG_MARK, APLOG_ERR, 0, r->server,
+ "sso (check_access_ex): could not parse service (cfg->service=%s)",
+ s_cfg->service);
return HTTP_BAD_REQUEST;
}
@@ -620,16 +585,14 @@ static int mod_sso_check_access_ex(request_rec *r)
return DECLINED;
}
-static int mod_sso_check_user_id(request_rec *r)
-{
+static int mod_sso_check_user_id(request_rec *r) {
const char *sso_cookie_name, *sso_cookie;
- const char *service = NULL, *service_host = NULL,
- *service_path = NULL;
+ const char *service = NULL, *service_host = NULL, *service_path = NULL;
int retval, err, do_redirect = 1;
const char **required_groups;
- modsso_config *s_cfg = (modsso_config *)
- ap_get_module_config(r->per_dir_config, &sso_module);
- //apr_array_header_t *sso_validate_groups = NULL;
+ modsso_config *s_cfg =
+ (modsso_config *)ap_get_module_config(r->per_dir_config, &sso_module);
+ // apr_array_header_t *sso_validate_groups = NULL;
if (!is_sso_auth(r)) {
return DECLINED;
@@ -655,15 +618,18 @@ static int mod_sso_check_user_id(request_rec *r)
}
if (parse_service(r, s_cfg, &service, &service_host, &service_path) != 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
- "sso (check_user_id): could not parse service (cfg->service=%s)",
- s_cfg->service);
+ ap_log_error(
+ APLOG_MARK, APLOG_ERR, 0, r->server,
+ "sso (check_user_id): could not parse service (cfg->service=%s)",
+ s_cfg->service);
return HTTP_BAD_REQUEST;
}
- // Fetch the list of desired groups set (eventually) by group_check_authorization.
- required_groups = (const char **)apr_table_get(r->notes, "SSO_REQUIRED_GROUPS");
-
+ // Fetch the list of desired groups set (eventually) by
+ // group_check_authorization.
+ required_groups =
+ (const char **)apr_table_get(r->notes, "SSO_REQUIRED_GROUPS");
+
// Test for valid cookie
sso_cookie = modsso_get_cookie(r, sso_cookie_name);
if (sso_cookie != NULL) {
@@ -672,7 +638,8 @@ static int mod_sso_check_user_id(request_rec *r)
err = sso_ticket_open(&t, sso_cookie, s_cfg->public_key);
if (err != SSO_OK) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
- "sso: ticket decoding error: %s, tkt=%s", sso_strerror(err), sso_cookie);
+ "sso: ticket decoding error: %s, tkt=%s", sso_strerror(err),
+ sso_cookie);
} else {
err = sso_validate(t, service, s_cfg->domain, NULL, required_groups);
if (err != SSO_OK) {
@@ -684,13 +651,13 @@ static int mod_sso_check_user_id(request_rec *r)
apr_table_setn(r->subprocess_env, "SSO_SERVICE",
apr_pstrdup(r->pool, service));
r->user = apr_pstrdup(r->pool, t->user);
- apr_table_setn(r->subprocess_env, "SSO_USER", r->user);
- apr_table_setn(r->subprocess_env, "SSO_TICKET", sso_cookie);
+ apr_table_setn(r->subprocess_env, "SSO_USER", r->user);
+ apr_table_setn(r->subprocess_env, "SSO_TICKET", sso_cookie);
if (t->nonce)
- apr_table_setn(r->subprocess_env, "SSO_NONCE", apr_pstrdup(r->pool, t->nonce));
+ apr_table_setn(r->subprocess_env, "SSO_NONCE",
+ apr_pstrdup(r->pool, t->nonce));
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
- "sso: authorized user '%s'",
- r->user);
+ "sso: authorized user '%s'", r->user);
retval = OK;
do_redirect = 0;
}
@@ -703,13 +670,15 @@ static int mod_sso_check_user_id(request_rec *r)
}
// Redirect to login server
- return redirect_to_login_server(r, s_cfg, service_host, service, required_groups, service_path);
+ return redirect_to_login_server(r, s_cfg, service_host, service,
+ required_groups, service_path);
}
-/**
+/**
* Apache authorization check callback for mod_sso.
*/
-static char **groups_array_to_charpp(apr_pool_t *p, apr_array_header_t *groups) {
+static char **groups_array_to_charpp(apr_pool_t *p,
+ apr_array_header_t *groups) {
int i;
char **pp, **ptr;
pp = (char **)apr_palloc(p, sizeof(char *) * (groups->nelts + 1));
@@ -720,12 +689,13 @@ static char **groups_array_to_charpp(apr_pool_t *p, apr_array_header_t *groups)
return pp;
}
-static apr_array_header_t *required_groups_array(request_rec *r, const void *parsed_require_args) {
+static apr_array_header_t *
+required_groups_array(request_rec *r, const void *parsed_require_args) {
const ap_expr_info_t *expr = parsed_require_args;
const char *err = NULL;
const char *require, *w, *t;
apr_array_header_t *grouparr = apr_array_make(r->pool, 1, sizeof(char *));
-
+
require = ap_expr_str_exec(r, expr, &err);
if (err) {
return NULL;
@@ -738,7 +708,8 @@ static apr_array_header_t *required_groups_array(request_rec *r, const void *par
return grouparr;
}
-static char **required_groups_charpp(request_rec *r, const void *parsed_require_args) {
+static char **required_groups_charpp(request_rec *r,
+ const void *parsed_require_args) {
apr_array_header_t *arr = required_groups_array(r, parsed_require_args);
if (!arr) {
return NULL;
@@ -750,7 +721,9 @@ static char **required_groups_charpp(request_rec *r, const void *parsed_require_
// handlers are executed, and we return AUTHZ_DENIED_NO_USER to tell
// Apache that we need a user. This should cause it to invoke
// mod_sso_check_user_id, and then call this function again.
-static authz_status group_check_authorization(request_rec *r, const char *require_args, const void *parsed_require_args) {
+static authz_status group_check_authorization(request_rec *r,
+ const char *require_args,
+ const void *parsed_require_args) {
// Do we have a user? All ok then! We assume that the request was
// validated by mod_sso_check_user_id using the value of
// SSO_REQUIRED_GROUPS we set earlier.
@@ -766,8 +739,7 @@ static authz_status group_check_authorization(request_rec *r, const char *requir
}
static const char *group_parse_config(cmd_parms *cmd, const char *require_line,
- const void **parsed_require_line)
-{
+ const void **parsed_require_line) {
const char *expr_err = NULL;
ap_expr_info_t *expr;
@@ -776,8 +748,8 @@ static const char *group_parse_config(cmd_parms *cmd, const char *require_line,
if (expr_err) {
return apr_pstrcat(cmd->temp_pool,
- "Cannot parse expression in require line: ",
- expr_err, NULL);
+ "Cannot parse expression in require line: ", expr_err,
+ NULL);
}
*parsed_require_line = expr;
@@ -785,10 +757,9 @@ static const char *group_parse_config(cmd_parms *cmd, const char *require_line,
return NULL;
}
-static const authz_provider authz_sso_group_provider =
-{
- &group_check_authorization,
- &group_parse_config,
+static const authz_provider authz_sso_group_provider = {
+ &group_check_authorization,
+ &group_parse_config,
};
/**
@@ -799,12 +770,15 @@ static const authz_provider authz_sso_group_provider =
* requests. This callback function declares the Handlers for other
* events.
*/
-static void mod_sso_register_hooks (apr_pool_t *p)
-{
+static void mod_sso_register_hooks(apr_pool_t *p) {
ap_hook_handler(mod_sso_method_handler, NULL, NULL, APR_HOOK_FIRST);
- ap_hook_check_authn(mod_sso_check_user_id, NULL, NULL, APR_HOOK_FIRST, AP_AUTH_INTERNAL_PER_CONF);
- ap_hook_check_access_ex(mod_sso_check_access_ex, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF);
- ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "group", "0", &authz_sso_group_provider, AP_AUTH_INTERNAL_PER_CONF);
+ ap_hook_check_authn(mod_sso_check_user_id, NULL, NULL, APR_HOOK_FIRST,
+ AP_AUTH_INTERNAL_PER_CONF);
+ ap_hook_check_access_ex(mod_sso_check_access_ex, NULL, NULL, APR_HOOK_MIDDLE,
+ AP_AUTH_INTERNAL_PER_CONF);
+ ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "group", "0",
+ &authz_sso_group_provider,
+ AP_AUTH_INTERNAL_PER_CONF);
}
/*
@@ -813,14 +787,12 @@ static void mod_sso_register_hooks (apr_pool_t *p)
* the module. This structure is the only "glue" between the httpd
* core and the module.
*/
-module AP_MODULE_DECLARE_DATA sso_module =
-{
- STANDARD20_MODULE_STUFF,
- create_modsso_config,
- merge_modsso_config,
- NULL,
- NULL,
- mod_sso_cmds,
- mod_sso_register_hooks,
+module AP_MODULE_DECLARE_DATA sso_module = {
+ STANDARD20_MODULE_STUFF,
+ create_modsso_config,
+ merge_modsso_config,
+ NULL,
+ NULL,
+ mod_sso_cmds,
+ mod_sso_register_hooks,
};
-
diff --git a/src/mod_sso/mod_sso.h b/src/mod_sso/mod_sso.h
index ffdcf9f581ac49da6eeedc4eb9655cc84a363e45..5bad1038d85b551d0425efb7ebc4056babd8fb12 100644
--- a/src/mod_sso/mod_sso.h
+++ b/src/mod_sso/mod_sso.h
@@ -22,9 +22,9 @@
* OTHER DEALINGS IN THE SOFTWARE.
*/
-#include <sso/sso.h>
#include "ap_config.h"
#include "apr_strings.h"
+#include <sso/sso.h>
#ifdef APLOG_USE_MODULE
APLOG_USE_MODULE(sso);
@@ -53,13 +53,12 @@ typedef struct modsso_params *modsso_params_t;
char *modsso_url_decode(apr_pool_t *p, const char *str);
char *modsso_url_encode(apr_pool_t *p, const char *str);
-int modsso_parse_query_string(apr_pool_t *p,
- const char *str,
- modsso_params_t params);
+int modsso_parse_query_string(apr_pool_t *p, const char *str,
+ modsso_params_t params);
char *modsso_get_cookie(request_rec *r, const char *cookie_name);
-void modsso_set_cookie(request_rec *r, const char *cookie_name,
+void modsso_set_cookie(request_rec *r, const char *cookie_name,
const char *value, const char *path);
void modsso_del_cookie(request_rec *r, const char *cookie_name);