entrouvert
/
modmellon
17
0
Fork 0
Code Issues Pull Requests Releases Activity
modmellon/auth_mellon_config.c

1596 lines
55 KiB
C
Raw Permalink Blame History

/*
*
* auth_mellon_config.c: an authentication apache module
* Copyright © 2003-2007 UNINETT (http://www.uninett.no/)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#include "auth_mellon.h"
/* This is the default endpoint path. Remember to update the description of
* the MellonEndpointPath configuration directive if you change this.
*/
static const char *default_endpoint_path = "/mellon/";
/* This is the default name of the attribute we use as a username. Remember
* to update the description of the MellonUser configuration directive if
* you change this.
*/
static const char *default_user_attribute = "NAME_ID";
/* This is the default name of the cookie which mod_auth_mellon will set.
* If you change this, then you should also update the description of the
* MellonVar configuration directive.
*/
static const char *default_cookie_name = "cookie";
/* The default setting for cookie flags is to not enforce HttpOnly and secure
*/
static const int default_secure_cookie = 0;
/* The default setting for setting MELLON_SESSION
*/
static const int default_dump_session = 0;
/* The default setting for setting MELLON_SAML_RESPONSE
*/
static const int default_dump_saml_response = 0;
/* This is the default IdP initiated login location
* the MellonDefaultLoginPath configuration directive if you change this.
*/
static const char *default_login_path = "/";
/* saved POST session time to live
* the MellonPostTTL configuration directive if you change this.
*/
static const apr_time_t post_ttl = 15 * 60;
/* saved POST session maximum size
* the MellonPostSize configuration directive if you change this.
*/
static const apr_size_t post_size = 1024 * 1024 * 1024;
/* maximum saved POST sessions
* the MellonPostCount configuration directive if you change this.
*/
static const int post_count = 100;
/* This function handles configuration directives which set a
* multivalued string slot in the module configuration (the destination
* strucure is a hash).
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *key The string argument following this configuration
* directive in the configuraion file.
* const char *value Optional value to be stored in the hash.
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_hash_string_slot(cmd_parms *cmd,
void *struct_ptr,
const char *key,
const char *value)
{
server_rec *s = cmd->server;
apr_pool_t *pconf = s->process->pconf;
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
int offset;
apr_hash_t **hash;
/*
* If no value is given, we just store the key in the hash.
*/
if (value == NULL || *value == '\0')
value = key;
offset = (int)(long)cmd->info;
hash = (apr_hash_t **)((char *)cfg + offset);
apr_hash_set(*hash, apr_pstrdup(pconf, key), APR_HASH_KEY_STRING, value);
return NULL;
}
/* This function handles configuration directives which set a
* multivalued string slot in the module configuration (the destination
* strucure is a table).
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *key The string argument following this configuration
* directive in the configuraion file.
* const char *value Optional value to be stored in the hash.
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_table_string_slot(cmd_parms *cmd,
void *struct_ptr,
const char *key,
const char *value)
{
server_rec *s = cmd->server;
apr_pool_t *pconf = s->process->pconf;
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
int offset;
apr_table_t **table;
/*
* If no value is given, we just store the key in the hash.
*/
if (value == NULL || *value == '\0')
value = key;
offset = (int)(long)cmd->info;
table = (apr_table_t **)((char *)cfg + offset);
apr_table_set(*table, apr_pstrdup(pconf, key), value);
return NULL;
}
/* This function handles configuration directives which set a file
* slot in the module configuration. If lasso is recent enough, it
* attempts to read the file immediatly.
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* This value isn't used by this function.
* const char *arg The string argument following this configuration
* directive in the configuraion file.
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_filestring_slot(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
const char *data;
const char *path;
path = ap_server_root_relative(cmd->pool, arg);
if (!path) {
return apr_pstrcat(cmd->pool, cmd->cmd->name,
": Invalid file path ", arg, NULL);
}
#ifdef HAVE_lasso_server_new_from_buffers
data = am_getfile(cmd->pool, cmd->server, path);
if (!data) {
return apr_pstrcat(cmd->pool, cmd->cmd->name,
": Cannot read file ", path, NULL);
}
#else
apr_finfo_t finfo;
apr_status_t rv;
char error[64];
rv = apr_stat(&finfo, path, APR_FINFO_SIZE, cmd->pool);
if(rv != 0) {
apr_strerror(rv, error, sizeof(error));
return apr_psprintf(cmd->pool,
"%s - Cannot read file \"%s\" [%d] \"%s\"",
cmd->cmd->name, path, rv, error);
}
data = path;
#endif
return ap_set_string_slot(cmd, struct_ptr, data);
}
/* This function handles configuration directives which use
* a glob pattern, with a second optional argument
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *glob_pat glob(3) pattern
* const char *option Optional argument
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_glob_fn12(cmd_parms *cmd,
void *struct_ptr,
const char *glob_pat,
const char *option)
{
const char *(*take_argv)(cmd_parms *, void *, const char *, const char *);
apr_array_header_t *files;
const char *error;
const char *directory;
int i;
take_argv = cmd->info;
directory = am_filepath_dirname(cmd->pool, glob_pat);
if (glob_pat == NULL || *glob_pat == '\0')
return apr_psprintf(cmd->pool,
"%s takes one or two arguments",
cmd->cmd->name);
if (apr_match_glob(glob_pat, &files, cmd->pool) != 0)
return take_argv(cmd, struct_ptr, glob_pat, option);
for (i = 0; i < files->nelts; i++) {
const char *path;
path = apr_pstrcat(cmd->pool, directory, "/",
((const char **)(files->elts))[i], NULL);
error = take_argv(cmd, struct_ptr, path, option);
if (error != NULL)
return error;
}
return NULL;
}
/* This function handles configuration directives which set an
* idp related slot in the module configuration.
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *metadata Path to metadata file for one or multiple IdP
* const char *chain Optional path to validating chain
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_idp_string_slot(cmd_parms *cmd,
void *struct_ptr,
const char *metadata,
const char *chain)
{
server_rec *s = cmd->server;
apr_pool_t *pconf = s->process->pconf;
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
#ifndef HAVE_lasso_server_load_metadata
if (chain != NULL)
return apr_psprintf(cmd->pool, "Cannot specify validating chain "
"for %s since lasso library lacks "
"lasso_server_load_metadata()", cmd->cmd->name);
#endif /* HAVE_lasso_server_load_metadata */
am_metadata_t *idp_metadata = apr_array_push(cfg->idp_metadata);
idp_metadata->file = apr_pstrdup(pconf, metadata);
idp_metadata->chain = apr_pstrdup(pconf, chain);
return NULL;
}
/* This function handles configuration directives which set an
* idp federation blacklist slot in the module configuration.
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* int argc Number of blacklisted providerId.
* char *const argv[] List of blacklisted providerId.
*
* Returns:
* NULL on success, or errror string
*/
static const char *am_set_idp_ignore_slot(cmd_parms *cmd,
void *struct_ptr,
int argc,
char *const argv[])
{
#ifdef HAVE_lasso_server_load_metadata
server_rec *s = cmd->server;
apr_pool_t *pconf = s->process->pconf;
am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr;
GList *new_idp_ignore;
int i;
if (argc < 1)
return apr_psprintf(cmd->pool, "%s takes at least one arguments",
cmd->cmd->name);
for (i = 0; i < argc; i++) {
new_idp_ignore = apr_palloc(pconf, sizeof(GList));
new_idp_ignore->data = apr_pstrdup(pconf, argv[i]);
/* Prepend it to the list. */
new_idp_ignore->next = cfg->idp_ignore;
if (cfg->idp_ignore != NULL)
cfg->idp_ignore->prev = new_idp_ignore;
cfg->idp_ignore = new_idp_ignore;
}
return NULL;
#else /* HAVE_lasso_server_load_metadata */
return apr_psprintf(cmd->pool, "Cannot use %s since lasso library lacks "
"lasso_server_load_metadata()", cmd->cmd->name);
#endif /* HAVE_lasso_server_load_metadata */
}
/* This function handles configuration directives which set a file path
* slot in the module configuration.
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* This value isn't used by this function.
* const char *arg The string argument following this configuration
* directive in the configuraion file.
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_module_config_file_slot(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
return ap_set_file_slot(cmd, am_get_mod_cfg(cmd->server), arg);
}
/* This function handles configuration directives which set an int
* slot in the module configuration.
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* This value isn't used by this function.
* const char *arg The string argument following this configuration
* directive in the configuraion file.
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_module_config_int_slot(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
return ap_set_int_slot(cmd, am_get_mod_cfg(cmd->server), arg);
}
/* This function handles the MellonEnable configuration directive.
* This directive can be set to "off", "info" or "auth".
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* const char *arg The string argument following this configuration
* directive in the configuraion file.
*
* Returns:
* NULL on success or an error string if the argument is wrong.
*/
static const char *am_set_enable_slot(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
if(!strcasecmp(arg, "auth")) {
d->enable_mellon = am_enable_auth;
} else if(!strcasecmp(arg, "info")) {
d->enable_mellon = am_enable_info;
} else if(!strcasecmp(arg, "off")) {
d->enable_mellon = am_enable_off;
} else {
return "parameter must be 'off', 'info' or 'auth'";
}
return NULL;
}
/* This function handles the MellonDecoder configuration directive.
* This directive can be set to "none" or "feide".
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* const char *arg The string argument following this configuration
* directive in the configuraion file.
*
* Returns:
* NULL on success or an error string if the argument is wrong.
*/
static const char *am_set_decoder_slot(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
if(!strcasecmp(arg, "none")) {
d->decoder = am_decoder_none;
} else if(!strcasecmp(arg, "feide")) {
d->decoder = am_decoder_feide;
} else {
return "MellonDecoder must be 'none' or 'feide'";
}
return NULL;
}
/* This function handles the MellonEndpointPath configuration directive.
* If the path doesn't end with a '/', then we will append one.
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonEndpointPath
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *arg The string argument containing the path of the
* endpoint directory.
*
* Returns:
* This function will always return NULL.
*/
static const char *am_set_endpoint_path(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
/* Make sure that the path ends with '/'. */
if(strlen(arg) == 0 || arg[strlen(arg) - 1] != '/') {
d->endpoint_path = apr_pstrcat(cmd->pool, arg, "/", NULL);
} else {
d->endpoint_path = arg;
}
return NULL;
}
/* This function handles the MellonSetEnv configuration directive.
* This directive allows the user to change the name of attributes.
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonSetEnv
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* const char *newName The new name of the attribute.
* const char *oldName The old name of the attribute.
*
* Returns:
* This function will always return NULL.
*/
static const char *am_set_setenv_slot(cmd_parms *cmd,
void *struct_ptr,
const char *newName,
const char *oldName)
{
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
/* Configure as prefixed attribute name */
am_envattr_conf_t *envattr_conf = (am_envattr_conf_t *)apr_palloc(cmd->pool, sizeof(am_envattr_conf_t));
envattr_conf->name = newName;
envattr_conf->prefixed = 1;
apr_hash_set(d->envattr, oldName, APR_HASH_KEY_STRING, envattr_conf);
return NULL;
}
/* This function handles the MellonSetEnvNoPrefix configuration directive.
* This directive allows the user to change the name of attributes without prefixing them with MELLON_.
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonSetEnv
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* const char *newName The new name of the attribute.
* const char *oldName The old name of the attribute.
*
* Returns:
* This function will always return NULL.
*/
static const char *am_set_setenv_no_prefix_slot(cmd_parms *cmd,
void *struct_ptr,
const char *newName,
const char *oldName)
{
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
/* Configure as not prefixed attribute name */
am_envattr_conf_t *envattr_conf = (am_envattr_conf_t *)apr_palloc(cmd->pool, sizeof(am_envattr_conf_t));
envattr_conf->name = newName;
envattr_conf->prefixed = 0;
apr_hash_set(d->envattr, oldName, APR_HASH_KEY_STRING, envattr_conf);
return NULL;
}
/* This function decodes MellonCond flags, such as [NOT,REG]
*
* Parameters:
* const char *arg Pointer to the flags string
*
* Returns:
* flags, or -1 on error
*/
static int am_cond_flags(const char *arg)
{
int flags = AM_COND_FLAG_NULL;
static const char const *options[] = {
"OR", /* AM_EXPIRE_FLAG_OR */
"NOT", /* AM_EXPIRE_FLAG_NOT */
"REG", /* AM_EXPIRE_FLAG_REG */
"NC", /* AM_EXPIRE_FLAG_NC */
"MAP", /* AM_EXPIRE_FLAG_MAP */
"REF", /* AM_EXPIRE_FLAG_REF */
"SUB", /* AM_EXPIRE_FLAG_SUB */
/* The other options (IGN, REQ, FSTR, ...) are only internally used */
};
apr_size_t options_count = sizeof(options) / sizeof(*options);
/* Skip inital [ */
if (arg[0] == '[')
arg++;
else
return -1;
do {
apr_size_t i;
for (i = 0; i < options_count; i++) {
apr_size_t optlen = strlen(options[i]);
if (strncmp(arg, options[i], optlen) == 0) {
/* Make sure we have a separator next */
if (arg[optlen] && !strchr("]\t ,", (int)arg[optlen]))
return -1;
flags |= (1 << i);
arg += optlen;
break;
}
/* no match */
if (i == options_count)
return -1;
/* skip spaces, tabs and commas */
arg += strspn(arg, " \t,");
/*
* End of option, but we fire an error if
* there is trailing garbage
*/
if (*arg == ']') {
arg++;
return (*arg == '\0') ? flags : -1;
}
}
} while (*arg);
/* Missing trailing ] */
return -1;
}
/* This function handles the MellonCond configuration directive, which
* allows the user to restrict access based on attributes received from
* the IdP.
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonCond
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* const char *attribute Pointer to the attribute name
* const char *value Pointer to the attribute value or regex
* const char *options Pointer to options
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_cond_slot(cmd_parms *cmd,
void *struct_ptr,
const char *attribute,
const char *value,
const char *options)
{
am_dir_cfg_rec *d = struct_ptr;
int flags = AM_COND_FLAG_NULL;
am_cond_t *element;
if (attribute == NULL || *attribute == '\0' ||
value == NULL || *value == '\0')
return apr_pstrcat(cmd->pool, cmd->cmd->name,
" takes at least two arguments", NULL);
if (options != NULL && *options != '\0')
flags = am_cond_flags(options);
if (flags == -1)
return apr_psprintf(cmd->pool, "%s - invalid flags %s",
cmd->cmd->name, options);
element = (am_cond_t *)apr_array_push(d->cond);
element->varname = attribute;
element->flags = flags;
element->str = NULL;
element->regex = NULL;
element->directive = apr_pstrcat(cmd->pool, cmd->directive->directive,
" ", cmd->directive->args, NULL);
if (element->flags & AM_COND_FLAG_REG) {
int regex_flags = AP_REG_EXTENDED|AP_REG_NOSUB;
if (element->flags & AM_COND_FLAG_NC)
regex_flags |= AP_REG_ICASE;
element->regex = ap_pregcomp(cmd->pool, value, regex_flags);
if (element->regex == NULL)
return apr_psprintf(cmd->pool, "%s - invalid regex %s",
cmd->cmd->name, value);
}
/*
* Flag values containing format strings to that we do
* not have to process the others at runtime.
*/
if (strchr(value, '%') != NULL)
element->flags |= AM_COND_FLAG_FSTR;
/*
* We keep the string also for regex, so that we can
* print it for debug purpose and perform substitutions on it.
*/
element->str = value;
return NULL;
}
/* This function handles the MellonRequire configuration directive, which
* allows the user to restrict access based on attributes received from
* the IdP.
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonRequire
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* const char *arg Pointer to the configuration string.
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_require_slot(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
am_dir_cfg_rec *d = struct_ptr;
char *attribute, *value;
int i;
am_cond_t *element;
am_cond_t *first_element;
attribute = ap_getword_conf(cmd->pool, &arg);
value = ap_getword_conf(cmd->pool, &arg);
if (*attribute == '\0' || *value == '\0') {
return apr_pstrcat(cmd->pool, cmd->cmd->name,
" takes at least two arguments", NULL);
}
/*
* MellonRequire overwrites previous conditions on this attribute
* We just tag the am_cond_t with the ignore flag, as it is
* easier (and probably faster) than to really remove it.
*/
for (i = 0; i < d->cond->nelts; i++) {
am_cond_t *ce = &((am_cond_t *)(d->cond->elts))[i];
if ((strcmp(ce->varname, attribute) == 0) &&
(ce->flags & AM_COND_FLAG_REQ))
ce->flags |= AM_COND_FLAG_IGN;
}
first_element = NULL;
do {
element = (am_cond_t *)apr_array_push(d->cond);
element->varname = attribute;
element->flags = AM_COND_FLAG_OR|AM_COND_FLAG_REQ;
element->str = value;
element->regex = NULL;
/*
* When multiple values are given, we track the first one
* in order to retreive the directive
*/
if (first_element == NULL) {
element->directive = apr_pstrcat(cmd->pool,
cmd->directive->directive, " ",
cmd->directive->args, NULL);
first_element = element;
} else {
element->directive = first_element->directive;
}
} while (*(value = ap_getword_conf(cmd->pool, &arg)) != '\0');
/*
* Remove OR flag on last element
*/
element->flags &= ~AM_COND_FLAG_OR;
return NULL;
}
/* This function handles the MellonOrganization* directives, which
* which specify language-qualified strings
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonOrganization*
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* const char *lang Pointer to the language string (optional)
* const char *value Pointer to the data
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_langstring_slot(cmd_parms *cmd,
void *struct_ptr,
const char *lang,
const char *value)
{
apr_hash_t *h = *(apr_hash_t **)(struct_ptr + (apr_size_t)cmd->info);
if (value == NULL || *value == '\0') {
value = lang;
lang = "";
}
apr_hash_set(h, lang, APR_HASH_KEY_STRING,
apr_pstrdup(cmd->server->process->pconf, value));
return NULL;
}
/* This function handles the MellonAuthnContextClassRef directive.
*
* Parameters:
* cmd_parms *cmd The command structure for the MellonAuthnContextClassRef
* configuration directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *arg An URI for an SAMLv2 AuthnContextClassRef
*
* Returns:
* This function will always return NULL.
*/
static const char *am_set_authn_context_class_ref(cmd_parms *cmd,
void *struct_ptr,
const char *arg)
{
am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr;
apr_pool_t *p= cmd->pool;
char **context_class_ref_p;
if(strlen(arg) == 0) {
return NULL;
}
context_class_ref_p = apr_array_push(d->authn_context_class_ref);
*context_class_ref_p = apr_pstrdup(p, arg);
return NULL;
}
/* This function handles the MellonDoNotVerifyLogoutSignature configuration directive,
* it is identical to the am_set_hash_string_slot function. You can refer to it.
*
* Parameters:
* cmd_parms *cmd The command structure for this configuration
* directive.
* void *struct_ptr Pointer to the current directory configuration.
* NULL if we are not in a directory configuration.
* const char *key The string argument following this configuration
* directive in the configuraion file.
*
* Returns:
* NULL on success or an error string on failure.
*/
static const char *am_set_do_not_verify_logout_signature(cmd_parms *cmd,
void *struct_ptr,
const char *key)
{
#ifdef HAVE_lasso_profile_set_signature_verify_hint
return am_set_hash_string_slot(cmd, struct_ptr, key, NULL);
#else
return apr_pstrcat(cmd->pool, cmd->cmd->name,
" is not usable as modmellon was compiled against "
"a version of the lasso library which miss the "
"function lasso_profile_set_signature_verify_hint.",
NULL);
#endif
}
/* This array contains all the configuration directive which are handled
* by auth_mellon.
*/
const command_rec auth_mellon_commands[] = {
/* Global configuration directives. */
AP_INIT_TAKE1(
"MellonCacheSize",
am_set_module_config_int_slot,
(void *)APR_OFFSETOF(am_mod_cfg_rec, cache_size),
RSRC_CONF,
"The number of sessions we can keep track of at once. You must"
" restart the server before any changes to this directive will"
" take effect. The default value is 100."
),
AP_INIT_TAKE1(
"MellonCacheEntrySize",
am_set_module_config_int_slot,
(void *)APR_OFFSETOF(am_mod_cfg_rec, entry_size),
RSRC_CONF,
"The maximum size for a single session entry. You must"
" restart the server before any changes to this directive will"
" take effect. The default value is 192KiB."
),
AP_INIT_TAKE1(
"MellonLockFile",
am_set_module_config_file_slot,
(void *)APR_OFFSETOF(am_mod_cfg_rec, lock_file),
RSRC_CONF,
"The lock file for session synchronization."
" Default value is \"/tmp/mellonLock\"."
),
AP_INIT_TAKE1(
"MellonPostDirectory",
am_set_module_config_file_slot,
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_dir),
RSRC_CONF,
"The directory for saving POST requests."
" Default value is \"/var/tmp/mellonpost\"."
),
AP_INIT_TAKE1(
"MellonPostTTL",
am_set_module_config_int_slot,
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_ttl),
RSRC_CONF,
"The time to live for saved POST requests in seconds."
" Default value is 15 mn."
),
AP_INIT_TAKE1(
"MellonPostCount",
am_set_module_config_int_slot,
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_count),
RSRC_CONF,
"The maximum saved POST sessions at once."
" Default value is 100."
),
AP_INIT_TAKE1(
"MellonPostSize",
am_set_module_config_int_slot,
(void *)APR_OFFSETOF(am_mod_cfg_rec, post_size),
RSRC_CONF,
"The maximum size of a saved POST, in bytes."
" Default value is 1 MB."
),
/* Per-location configuration directives. */
AP_INIT_TAKE1(
"MellonEnable",
am_set_enable_slot,
NULL,
OR_AUTHCFG,
"Enable auth_mellon on a location. This can be set to 'off', 'info'"
" and 'auth'. 'off' disables auth_mellon for a location, 'info'"
" will only populate the environment with attributes if the user"
" has logged in already. 'auth' will redirect the user to the IdP"
" if he hasn't logged in yet, but otherwise behaves like 'info'."
),
AP_INIT_TAKE1(
"MellonDecoder",
am_set_decoder_slot,
NULL,
OR_AUTHCFG,
"Select which decoder mod_auth_mellon should use to decode attribute"
" values. This option can be se to either 'none' or 'feide'. 'none'"
" is the default, and will store the attributes as they are received"
" from the IdP. 'feide' is for decoding base64-encoded values which"
" are separated by a underscore."
),
AP_INIT_TAKE1(
"MellonVariable",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, varname),
OR_AUTHCFG,
"The name of the cookie which auth_mellon will set. Defaults to"
" 'cookie'. This string is appended to 'mellon-' to create the"
" cookie name, and the default name of the cookie will therefore"
" be 'mellon-cookie'."
),
AP_INIT_FLAG(
"MellonSecureCookie",
ap_set_flag_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, secure),
OR_AUTHCFG,
"Whether the cookie set by auth_mellon should have HttpOnly and"
" secure flags set. Default is off."
),
AP_INIT_TAKE1(
"MellonCookieDomain",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, cookie_domain),
OR_AUTHCFG,
"The domain of the cookie which auth_mellon will set. Defaults to"
" the domain of the current request."
),
AP_INIT_TAKE1(
"MellonCookiePath",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, cookie_path),
OR_AUTHCFG,
"The path of the cookie which auth_mellon will set. Defaults to"
" '/'."
),
AP_INIT_TAKE1(
"MellonUser",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, userattr),
OR_AUTHCFG,
"Attribute to set as r->user. Defaults to NAME_ID, which is the"
" attribute we set to the identifier we receive from the IdP."
),
AP_INIT_TAKE1(
"MellonIdP",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, idpattr),
OR_AUTHCFG,
"Attribute we set to the IdP ProviderId."
),
AP_INIT_TAKE2(
"MellonSetEnv",
am_set_setenv_slot,
NULL,
OR_AUTHCFG,
"Renames attributes received from the server while retaining prefix MELLON_. The format is"
" MellonSetEnv <old name> <new name>."
),
AP_INIT_TAKE2(
"MellonSetEnvNoPrefix",
am_set_setenv_no_prefix_slot,
NULL,
OR_AUTHCFG,
"Renames attributes received from the server without adding prefix. The format is"
" MellonSetEnvNoPrefix <old name> <new name>."
),
AP_INIT_FLAG(
"MellonSessionDump",
ap_set_flag_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, dump_session),
OR_AUTHCFG,
"Dump session in environment. Default is off"
),
AP_INIT_FLAG(
"MellonSamlResponseDump",
ap_set_flag_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, dump_saml_response),
OR_AUTHCFG,
"Dump SAML authentication response in environment. Default is off"
),
AP_INIT_RAW_ARGS(
"MellonRequire",
am_set_require_slot,
NULL,
OR_AUTHCFG,
"Attribute requirements for authorization. Allows you to restrict"
" access based on attributes received from the IdP. If you list"
" several MellonRequire configuration directives, then all of them"
" must match. Every MellonRequire can list several allowed values"
" for the attribute. The syntax is:"
" MellonRequire <attribute> <value1> [value2....]."
),
AP_INIT_TAKE23(
"MellonCond",
am_set_cond_slot,
NULL,
OR_AUTHCFG,
"Attribute requirements for authorization. Allows you to restrict"
" access based on attributes received from the IdP. The syntax is:"
" MellonRequire <attribute> <value> [<options>]."
),
AP_INIT_TAKE1(
"MellonSessionLength",
ap_set_int_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, session_length),
OR_AUTHCFG,
"Maximum number of seconds a session will be valid for. Defaults"
" to 86400 seconds (1 day)."
),
AP_INIT_TAKE1(
"MellonNoCookieErrorPage",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, no_cookie_error_page),
OR_AUTHCFG,
"Web page to display if the user has disabled cookies. We will"
" return a 400 Bad Request error if this is unset and the user"
" ha disabled cookies."
),
AP_INIT_TAKE1(
"MellonNoSuccessErrorPage",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, no_success_error_page),
OR_AUTHCFG,
"Web page to display if the idp posts with a failed"
" authentication error. We will return a 401 Unauthorized error"
" if this is unset and the idp posts such assertion."
),
AP_INIT_TAKE1(
"MellonSPMetadataFile",
am_set_filestring_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_metadata_file),
OR_AUTHCFG,
"Full path to xml file with metadata for the SP."
),
AP_INIT_TAKE1(
"MellonSPPrivateKeyFile",
am_set_filestring_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_private_key_file),
OR_AUTHCFG,
"Full path to pem file with the private key for the SP."
),
AP_INIT_TAKE1(
"MellonSPCertFile",
am_set_filestring_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_cert_file),
OR_AUTHCFG,
"Full path to pem file with certificate for the SP."
),
AP_INIT_TAKE12(
"MellonIdPMetadataFile",
am_set_idp_string_slot,
NULL,
OR_AUTHCFG,
"Full path to xml metadata file for IdP, "
"with optional validating chain."
),
AP_INIT_TAKE12(
"MellonIdPMetadataGlob",
am_set_glob_fn12,
am_set_idp_string_slot,
OR_AUTHCFG,
"Full path to xml metadata files for IdP, with glob(3) patterns. "
"An optional validating chain can be supplied."
),
AP_INIT_TAKE1(
"MellonIdPPublicKeyFile",
ap_set_file_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, idp_public_key_file),
OR_AUTHCFG,
"Full path to pem file with the public key for the IdP."
),
AP_INIT_TAKE1(
"MellonIdPCAFile",
ap_set_file_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, idp_ca_file),
OR_AUTHCFG,
"Full path to pem file with CA chain for the IdP."
),
AP_INIT_TAKE_ARGV(
"MellonIdPIgnore",
am_set_idp_ignore_slot,
NULL,
OR_AUTHCFG,
"List of IdP entityId to ignore."
),
AP_INIT_TAKE1(
"MellonSPentityId",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_entity_id),
OR_AUTHCFG,
"SP entity Id to be used for metadata auto generation."
),
AP_INIT_TAKE12(
"MellonOrganizationName",
am_set_langstring_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_name),
OR_AUTHCFG,
"Language-qualified oranization name."
),
AP_INIT_TAKE12(
"MellonOrganizationDisplayName",
am_set_langstring_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_display_name),
OR_AUTHCFG,
"Language-qualified oranization name, human redable."
),
AP_INIT_TAKE12(
"MellonOrganizationURL",
am_set_langstring_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_url),
OR_AUTHCFG,
"Language-qualified oranization URL."
),
AP_INIT_TAKE1(
"MellonDefaultLoginPath",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, login_path),
OR_AUTHCFG,
"The location where to redirect after IdP initiated login."
" Default value is \"/\"."
),
AP_INIT_TAKE1(
"MellonDiscoveryURL",
ap_set_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, discovery_url),
OR_AUTHCFG,
"The URL of IdP discovery service. Default is unset."
),
AP_INIT_TAKE1(
"MellonProbeDiscoveryTimeout",
ap_set_int_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, probe_discovery_timeout),
OR_AUTHCFG,
"The timeout of IdP probe discovery service. "
"Default is 1s"
),
AP_INIT_TAKE12(
"MellonProbeDiscoveryIdP",
am_set_table_string_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, probe_discovery_idp),
OR_AUTHCFG,
"An IdP that can be used for IdP probe discovery."
),
AP_INIT_TAKE1(
"MellonEndpointPath",
am_set_endpoint_path,
NULL,
OR_AUTHCFG,
"The root directory of the SAML2 endpoints, relative to the root"
" of the web server. Default value is \"/mellon/\", which will"
" make mod_mellon to the handler for every request to"
" \"http://<servername>/mellon/*\". The path you specify must"
" be contained within the current Location directive."
),
AP_INIT_TAKE1(
"MellonAuthnContextClassRef",
am_set_authn_context_class_ref,
NULL,
OR_AUTHCFG,
"A list of AuthnContextClassRef to request in the AuthnRequest and "
"to validate upon reception of an Assertion"
),
AP_INIT_FLAG(
"MellonSubjectConfirmationDataAddressCheck",
ap_set_flag_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, subject_confirmation_data_address_check),
OR_AUTHCFG,
"Check address given in SubjectConfirmationData Address attribute. Default is on."
),
AP_INIT_TAKE1(
"MellonDoNotVerifyLogoutSignature",
am_set_do_not_verify_logout_signature,
(void *)APR_OFFSETOF(am_dir_cfg_rec, do_not_verify_logout_signature),
OR_AUTHCFG,
"A list of entity of IdP whose logout requests signatures will not "
"be valided"
),
AP_INIT_FLAG(
"MellonPostReplay",
ap_set_flag_slot,
(void *)APR_OFFSETOF(am_dir_cfg_rec, post_replay),
OR_AUTHCFG,
"Whether we should replay POST requests that trigger authentication. Default is off."
),
{NULL}
};
const am_error_map_t auth_mellon_errormap[] = {
{ LASSO_PROFILE_ERROR_STATUS_NOT_SUCCESS, HTTP_UNAUTHORIZED },
#ifdef LASSO_PROFILE_ERROR_REQUEST_DENIED
{ LASSO_PROFILE_ERROR_REQUEST_DENIED, HTTP_UNAUTHORIZED },
#endif
{ 0, 0 }
};
/* Release a lasso_server object associated with this configuration.
*
* Parameters:
* void *data The pointer to the configuration data.
*
* Returns:
* Always APR_SUCCESS.
*/
static apr_status_t auth_mellon_free_server(void *data)
{
am_dir_cfg_rec *dir = data;
if (dir->server != NULL) {
lasso_server_destroy(dir->server);
dir->server = NULL;
}
return APR_SUCCESS;
}
/* This function creates and initializes a directory configuration
* object for auth_mellon.
*
* Parameters:
* apr_pool_t *p The pool we should allocate memory from.
* char *d Unused, always NULL.
*
* Returns:
* The new directory configuration object.
*/
void *auth_mellon_dir_config(apr_pool_t *p, char *d)
{
am_dir_cfg_rec *dir = apr_palloc(p, sizeof(*dir));
apr_pool_cleanup_register(p, dir, auth_mellon_free_server,
auth_mellon_free_server);
dir->enable_mellon = am_enable_default;
dir->decoder = am_decoder_default;
dir->varname = default_cookie_name;
dir->secure = default_secure_cookie;
dir->cond = apr_array_make(p, 0, sizeof(am_cond_t));
dir->cookie_domain = NULL;
dir->cookie_path = NULL;
dir->envattr = apr_hash_make(p);
dir->userattr = default_user_attribute;
dir->idpattr = NULL;
dir->dump_session = default_dump_session;
dir->dump_saml_response = default_dump_saml_response;
dir->endpoint_path = default_endpoint_path;
dir->session_length = -1; /* -1 means use default. */
dir->no_cookie_error_page = NULL;
dir->no_success_error_page = NULL;
dir->sp_metadata_file = NULL;
dir->sp_private_key_file = NULL;
dir->sp_cert_file = NULL;
dir->idp_metadata = apr_array_make(p, 0, sizeof(am_metadata_t));
dir->idp_public_key_file = NULL;
dir->idp_ca_file = NULL;
dir->idp_ignore = NULL;
dir->login_path = default_login_path;
dir->discovery_url = NULL;
dir->probe_discovery_timeout = -1; /* -1 means no probe discovery */
dir->probe_discovery_idp = apr_table_make(p, 0);
dir->sp_entity_id = NULL;
dir->sp_org_name = apr_hash_make(p);
dir->sp_org_display_name = apr_hash_make(p);
dir->sp_org_url = apr_hash_make(p);
apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p);
dir->inherit_server_from = dir;
dir->server = NULL;
dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *));
dir->subject_confirmation_data_address_check = inherit_subject_confirmation_data_address_check;
dir->do_not_verify_logout_signature = apr_hash_make(p);
dir->post_replay = inherit_post_replay;
return dir;
}
/* Determine whether this configuration changes anything relevant to the
* lasso_server configuration.
*
* Parameters:
* am_dir_cfg_rec *add_cfg The new configuration.
*
* Returns:
* true if we can inherit the lasso_server object, false if not.
*/
static bool cfg_can_inherit_lasso_server(const am_dir_cfg_rec *add_cfg)
{
if (add_cfg->endpoint_path != default_endpoint_path)
return false;
if (add_cfg->sp_metadata_file != NULL
|| add_cfg->sp_private_key_file != NULL
|| add_cfg->sp_cert_file != NULL)
return false;
if (add_cfg->idp_metadata->nelts > 0
|| add_cfg->idp_public_key_file != NULL
|| add_cfg->idp_ca_file != NULL
|| add_cfg->idp_ignore != NULL)
return false;
if (apr_hash_count(add_cfg->sp_org_name) > 0
|| apr_hash_count(add_cfg->sp_org_display_name) > 0
|| apr_hash_count(add_cfg->sp_org_url) > 0)
return false;
return true;
}
/* This function merges two am_dir_cfg_rec structures.
* It will try to inherit from the base where possible.
*
* Parameters:
* apr_pool_t *p The pool we should allocate memory from.
* void *base The original structure.
* void *add The structure we should add to base.
*
* Returns:
* The merged structure.
*/
void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add)
{
am_dir_cfg_rec *base_cfg = (am_dir_cfg_rec *)base;
am_dir_cfg_rec *add_cfg = (am_dir_cfg_rec *)add;
am_dir_cfg_rec *new_cfg;
new_cfg = (am_dir_cfg_rec *)apr_palloc(p, sizeof(*new_cfg));
apr_pool_cleanup_register(p, new_cfg, auth_mellon_free_server,
auth_mellon_free_server);
new_cfg->enable_mellon = (add_cfg->enable_mellon != am_enable_default ?
add_cfg->enable_mellon :
base_cfg->enable_mellon);
new_cfg->decoder = (add_cfg->decoder != am_decoder_default ?
add_cfg->decoder :
base_cfg->decoder);
new_cfg->varname = (add_cfg->varname != default_cookie_name ?
add_cfg->varname :
base_cfg->varname);
new_cfg->secure = (add_cfg->secure != default_secure_cookie ?
add_cfg->secure :
base_cfg->secure);
new_cfg->cookie_domain = (add_cfg->cookie_domain != NULL ?
add_cfg->cookie_domain :
base_cfg->cookie_domain);
new_cfg->cookie_path = (add_cfg->cookie_path != NULL ?
add_cfg->cookie_path :
base_cfg->cookie_path);
new_cfg->cond = apr_array_copy(p,
(!apr_is_empty_array(add_cfg->cond)) ?
add_cfg->cond :
base_cfg->cond);
new_cfg->envattr = apr_hash_copy(p,
(apr_hash_count(add_cfg->envattr) > 0) ?
add_cfg->envattr :
base_cfg->envattr);
new_cfg->userattr = (add_cfg->userattr != default_user_attribute ?
add_cfg->userattr :
base_cfg->userattr);
new_cfg->idpattr = (add_cfg->idpattr != NULL ?
add_cfg->idpattr :
base_cfg->idpattr);
new_cfg->dump_session = (add_cfg->dump_session != default_dump_session ?
add_cfg->dump_session :
base_cfg->dump_session);
new_cfg->dump_saml_response =
(add_cfg->dump_saml_response != default_dump_saml_response ?
add_cfg->dump_saml_response :
base_cfg->dump_saml_response);
new_cfg->endpoint_path = (
add_cfg->endpoint_path != default_endpoint_path ?
add_cfg->endpoint_path :
base_cfg->endpoint_path
);
new_cfg->session_length = (add_cfg->session_length != -1 ?
add_cfg->session_length :
base_cfg->session_length);
new_cfg->no_cookie_error_page = (add_cfg->no_cookie_error_page != NULL ?
add_cfg->no_cookie_error_page :
base_cfg->no_cookie_error_page);
new_cfg->no_success_error_page = (add_cfg->no_success_error_page != NULL ?
add_cfg->no_success_error_page :
base_cfg->no_success_error_page);
new_cfg->sp_metadata_file = (add_cfg->sp_metadata_file ?
add_cfg->sp_metadata_file :
base_cfg->sp_metadata_file);
new_cfg->sp_private_key_file = (add_cfg->sp_private_key_file ?
add_cfg->sp_private_key_file :
base_cfg->sp_private_key_file);
new_cfg->sp_cert_file = (add_cfg->sp_cert_file ?
add_cfg->sp_cert_file :
base_cfg->sp_cert_file);
new_cfg->idp_metadata = (add_cfg->idp_metadata->nelts ?
add_cfg->idp_metadata :
base_cfg->idp_metadata);
new_cfg->idp_public_key_file = (add_cfg->idp_public_key_file ?
add_cfg->idp_public_key_file :
base_cfg->idp_public_key_file);
new_cfg->idp_ca_file = (add_cfg->idp_ca_file ?
add_cfg->idp_ca_file :
base_cfg->idp_ca_file);
new_cfg->idp_ignore = add_cfg->idp_ignore != NULL ?
add_cfg->idp_ignore :
base_cfg->idp_ignore;
new_cfg->sp_entity_id = (add_cfg->sp_entity_id ?
add_cfg->sp_entity_id :
base_cfg->sp_entity_id);
new_cfg->sp_org_name = apr_hash_copy(p,
(apr_hash_count(add_cfg->sp_org_name) > 0) ?
add_cfg->sp_org_name :
base_cfg->sp_org_name);
new_cfg->sp_org_display_name = apr_hash_copy(p,
(apr_hash_count(add_cfg->sp_org_display_name) > 0) ?
add_cfg->sp_org_display_name :
base_cfg->sp_org_display_name);
new_cfg->sp_org_url = apr_hash_copy(p,
(apr_hash_count(add_cfg->sp_org_url) > 0) ?
add_cfg->sp_org_url :
base_cfg->sp_org_url);
new_cfg->login_path = (add_cfg->login_path != default_login_path ?
add_cfg->login_path :
base_cfg->login_path);
new_cfg->discovery_url = (add_cfg->discovery_url ?
add_cfg->discovery_url :
base_cfg->discovery_url);
new_cfg->probe_discovery_timeout =
(add_cfg->probe_discovery_timeout != -1 ?
add_cfg->probe_discovery_timeout :
base_cfg->probe_discovery_timeout);
new_cfg->probe_discovery_idp = apr_table_copy(p,
(!apr_is_empty_table(add_cfg->probe_discovery_idp)) ?
add_cfg->probe_discovery_idp :
base_cfg->probe_discovery_idp);
if (cfg_can_inherit_lasso_server(add_cfg)) {
new_cfg->inherit_server_from = base_cfg->inherit_server_from;
} else {
apr_thread_mutex_create(&new_cfg->server_mutex,
APR_THREAD_MUTEX_DEFAULT, p);
new_cfg->inherit_server_from = new_cfg;
}
new_cfg->server = NULL;
new_cfg->authn_context_class_ref = (add_cfg->authn_context_class_ref->nelts ?
add_cfg->authn_context_class_ref :
base_cfg->authn_context_class_ref);
new_cfg->do_not_verify_logout_signature = apr_hash_copy(p,
(apr_hash_count(add_cfg->do_not_verify_logout_signature) > 0) ?
add_cfg->do_not_verify_logout_signature :
base_cfg->do_not_verify_logout_signature);
new_cfg->subject_confirmation_data_address_check =
CFG_MERGE(add_cfg, base_cfg, subject_confirmation_data_address_check);
new_cfg->post_replay = CFG_MERGE(add_cfg, base_cfg, post_replay);
return new_cfg;
}
/* This function creates a new per-server configuration.
* auth_mellon uses the server configuration to store a pointer
* to the global module configuration.
*
* Parameters:
* apr_pool_t *p The pool we should allocate memory from.
* server_rec *s The server we should add our configuration to.
*
* Returns:
* The new per-server configuration.
*/
void *auth_mellon_server_config(apr_pool_t *p, server_rec *s)
{
am_srv_cfg_rec *srv;
am_mod_cfg_rec *mod;
const char key[] = "auth_mellon_server_config";
srv = apr_palloc(p, sizeof(*srv));
/* we want to keeep our global configuration of shared memory and
* mutexes, so we try to find it in the userdata before doing anything
* else */
apr_pool_userdata_get((void **)&mod, key, p);
if (mod) {
srv->mc = mod;
return srv;
}
/* the module has not been initiated at all */
mod = apr_palloc(p, sizeof(*mod));
mod->cache_size = 100; /* ought to be enough for everybody */
mod->lock_file = "/var/run/mod_auth_mellon.lock";
mod->post_dir = NULL;
mod->post_ttl = post_ttl;
mod->post_count = post_count;
mod->post_size = post_size;
mod->entry_size = AM_CACHE_DEFAULT_ENTRY_SIZE;
mod->init_cache_size = 0;
mod->init_lock_file = NULL;
mod->init_entry_size = 0;
mod->cache = NULL;
mod->lock = NULL;
apr_pool_userdata_set(mod, key, apr_pool_cleanup_null, p);
srv->mc = mod;
return srv;
}
View Git Blame Copy Permalink