diff options
Diffstat (limited to 'sandbox/sebastien/cpp/apr-2/modules/http')
5 files changed, 54 insertions, 12 deletions
diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf b/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf index a9077116da..42b1a656f3 100755 --- a/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf +++ b/sandbox/sebastien/cpp/apr-2/modules/http/form-auth-conf @@ -25,6 +25,8 @@ root=`readlink -f $1` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +pw=`cat $root/cert/ca.key | head -2 | tail -1` + # Generate form authentication configuration cat >>$root/conf/auth.conf <<EOF # Generated by: form-auth-conf $* @@ -38,7 +40,7 @@ AuthFormLoginRequiredLocation /login AuthFormLogoutLocation / Session On SessionCookieName TuscanyFormAuth path=/;secure=TRUE -#SessionCryptoPassphrase secret +SessionCryptoPassphrase $pw Require valid-user </Location> diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf b/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf index 37fa2e4051..e32acf2268 100755 --- a/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf +++ b/sandbox/sebastien/cpp/apr-2/modules/http/httpd-conf @@ -191,7 +191,7 @@ LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so LoadModule session_module ${modules_prefix}/modules/mod_session.so -#LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so +LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp b/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp index 78d292dc89..a222b38556 100644 --- a/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp +++ b/sandbox/sebastien/cpp/apr-2/modules/http/httpd.hpp @@ -57,6 +57,7 @@ #include <mod_core.h> #include <ap_provider.h> #include <mod_auth.h> +#include <mod_session.h> #include "string.hpp" #include "stream.hpp" diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp b/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp index b43624f08d..953d6891a6 100644 --- a/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp +++ b/sandbox/sebastien/cpp/apr-2/modules/http/mod-openauth.cpp @@ -77,14 +77,51 @@ public: }; /** + * Log a session entry. + */ +int debugSession(unused void* r, const char* key, const char* value) { + cdebug << " session key: " << key << ", value: " << value << endl; + return 1; +} + +/** + * Return the user info from a form auth encrypted session cookie. + */ +static int (*ap_session_load_fn) (request_rec * r, session_rec ** z) = NULL; +static void (*ap_session_get_fn) (request_rec * r, session_rec * z, const char *key, const char **value) = NULL; + +const failable<value> userInfoFromSession(const string& realm, request_rec* r) { + debug("modopenauth::userInfoFromSession"); + if (ap_session_load_fn == NULL) + ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load); + session_rec *z = NULL; + ap_session_load_fn(r, &z); + if (z == NULL) + return mkfailure<value>("Couldn't retrieve user session"); + apr_table_do(debugSession, r, z->entries, NULL); + + if (ap_session_get_fn == NULL) + ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get); + const char* user = NULL; + ap_session_get_fn(r, z, c_str(realm + "-user"), &user); + if (user == NULL) + return mkfailure<value>("Couldn't retrieve user id"); + const char* pw = NULL; + ap_session_get_fn(r, z, c_str(realm + "-pw"), &pw); + if (pw == NULL) + return mkfailure<value>("Couldn't retrieve password"); + return value(mklist<value>(mklist<value>("realm", realm), mklist<value>("id", string(user)), mklist<value>("password", string(pw)))); +} + +/** * Return the user info from a form auth session cookie. */ -const failable<value> userInfo(const value& sid, const string& realm) { +const failable<value> userInfoFromCookie(const value& sid, const string& realm, request_rec* r) { const list<list<value>> info = httpd::queryArgs(sid); - debug(info, "modopenauth::userInfo::info"); + debug(info, "modopenauth::userInfoFromCookie::info"); const list<value> user = assoc<value>(realm + "-user", info); if (isNil(user)) - return mkfailure<value>("Couldn't retrieve user id"); + return userInfoFromSession(realm, r); const list<value> pw = assoc<value>(realm + "-pw", info); if (isNil(pw)) return mkfailure<value>("Couldn't retrieve password"); @@ -94,8 +131,8 @@ const failable<value> userInfo(const value& sid, const string& realm) { /** * Return the user info from a basic auth header. */ -const failable<value> userInfo(const char* header, const string& realm, request_rec* r) { - debug(header, "modopenauth::userInfo::header"); +const failable<value> userInfoFromHeader(const char* header, const string& realm, request_rec* r) { + debug(header, "modopenauth::userInfoFromHeader::header"); if (strcasecmp(ap_getword(r->pool, &header, ' '), "Basic")) return mkfailure<value>("Wrong authentication scheme"); @@ -176,7 +213,7 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(mkfailure<int>("Missing AuthName")); // Extract user info from the session id - const failable<value> info = userInfo(content(sid), aname); + const failable<value> info = userInfoFromCookie(content(sid), aname, r); if (hasContent(info)) { // Try to authenticate the request @@ -205,7 +242,7 @@ static int checkAuthn(request_rec *r) { return httpd::reportStatus(mkfailure<int>("Missing AuthName")); // Extract user info from the session id - const failable<value> info = userInfo(header, aname, r); + const failable<value> info = userInfoFromHeader(header, aname, r); if (hasContent(info)) { // Try to authenticate the request diff --git a/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf b/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf index 2bd5bc3504..46fc5f88df 100755 --- a/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf +++ b/sandbox/sebastien/cpp/apr-2/modules/http/open-auth-conf @@ -25,6 +25,8 @@ root=`readlink -f $1` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +pw=`cat $root/cert/ca.key | head -2 | tail -1` + # Generate form authentication configuration cat >>$root/conf/auth.conf <<EOF # Generated by: open-auth-conf $* @@ -32,6 +34,9 @@ cat >>$root/conf/auth.conf <<EOF <Location /> AuthType Open AuthName "$host" +Session On +SessionCookieName TuscanyOpenAuth path=/;secure=TRUE +SessionCryptoPassphrase $pw AuthOpenAuth On AuthOpenAuthLoginPage /login Require valid-user @@ -44,9 +49,6 @@ AuthName "$host" AuthFormProvider file AuthFormLoginRequiredLocation /login AuthFormLogoutLocation / -Session On -SessionCookieName TuscanyOpenAuth path=/;secure=TRUE -#SessionCryptoPassphrase secret Require valid-user SetHandler form-login-handler </Location> |