From 349630f6763f44ceebc021b454376b2c97663c5e Mon Sep 17 00:00:00 2001
From: jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>
Date: Mon, 27 Dec 2010 05:59:19 +0000
Subject: Merge changes from apr-2 branch. Port to APR 1.4.x and enable
 mod_session_crypto.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1053002 13f79535-47bb-0310-9956-ffa450edef68
---
 sca-cpp/trunk/modules/http/form-auth-conf   |  4 ++-
 sca-cpp/trunk/modules/http/httpd-conf       |  2 +-
 sca-cpp/trunk/modules/http/httpd.hpp        |  1 +
 sca-cpp/trunk/modules/http/mod-openauth.cpp | 51 +++++++++++++++++++++++++----
 sca-cpp/trunk/modules/http/open-auth-conf   |  8 +++--
 5 files changed, 54 insertions(+), 12 deletions(-)

(limited to 'sca-cpp/trunk/modules')

diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf
index a9077116da..42b1a656f3 100755
--- a/sca-cpp/trunk/modules/http/form-auth-conf
+++ b/sca-cpp/trunk/modules/http/form-auth-conf
@@ -25,6 +25,8 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
+pw=`cat $root/cert/ca.key | head -2 | tail -1`
+
 # Generate form authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: form-auth-conf $*
@@ -38,7 +40,7 @@ AuthFormLoginRequiredLocation /login
 AuthFormLogoutLocation /
 Session On
 SessionCookieName TuscanyFormAuth path=/;secure=TRUE
-#SessionCryptoPassphrase secret
+SessionCryptoPassphrase $pw
 Require valid-user
 </Location>
 
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index 37fa2e4051..e32acf2268 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -191,7 +191,7 @@ LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
 LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
 LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
 LoadModule session_module ${modules_prefix}/modules/mod_session.so
-#LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
+LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
 LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so
 LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
 LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
diff --git a/sca-cpp/trunk/modules/http/httpd.hpp b/sca-cpp/trunk/modules/http/httpd.hpp
index 78d292dc89..a222b38556 100644
--- a/sca-cpp/trunk/modules/http/httpd.hpp
+++ b/sca-cpp/trunk/modules/http/httpd.hpp
@@ -57,6 +57,7 @@
 #include <mod_core.h>
 #include <ap_provider.h>
 #include <mod_auth.h>
+#include <mod_session.h>
 
 #include "string.hpp"
 #include "stream.hpp"
diff --git a/sca-cpp/trunk/modules/http/mod-openauth.cpp b/sca-cpp/trunk/modules/http/mod-openauth.cpp
index b43624f08d..953d6891a6 100644
--- a/sca-cpp/trunk/modules/http/mod-openauth.cpp
+++ b/sca-cpp/trunk/modules/http/mod-openauth.cpp
@@ -76,15 +76,52 @@ public:
     string login;
 };
 
+/**
+ * Log a session entry.
+ */
+int debugSession(unused void* r, const char* key, const char* value) {
+    cdebug << "  session key: " << key << ", value: " << value << endl;
+    return 1;
+}
+
+/**
+ * Return the user info from a form auth encrypted session cookie.
+ */
+static int (*ap_session_load_fn) (request_rec * r, session_rec ** z) = NULL;
+static void (*ap_session_get_fn) (request_rec * r, session_rec * z, const char *key, const char **value) = NULL;
+
+const failable<value> userInfoFromSession(const string& realm, request_rec* r) {
+    debug("modopenauth::userInfoFromSession");
+    if (ap_session_load_fn == NULL)
+        ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load);
+    session_rec *z = NULL;
+    ap_session_load_fn(r, &z);
+    if (z == NULL)
+        return mkfailure<value>("Couldn't retrieve user session");
+    apr_table_do(debugSession, r, z->entries, NULL);
+
+    if (ap_session_get_fn == NULL)
+        ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get);
+    const char* user = NULL;
+    ap_session_get_fn(r, z, c_str(realm + "-user"), &user);
+    if (user == NULL)
+        return mkfailure<value>("Couldn't retrieve user id");
+    const char* pw = NULL;
+    ap_session_get_fn(r, z, c_str(realm + "-pw"), &pw);
+    if (pw == NULL)
+        return mkfailure<value>("Couldn't retrieve password");
+    return value(mklist<value>(mklist<value>("realm", realm), mklist<value>("id", string(user)), mklist<value>("password", string(pw))));
+}
+
 /**
  * Return the user info from a form auth session cookie.
  */
-const failable<value> userInfo(const value& sid, const string& realm) {
+const failable<value> userInfoFromCookie(const value& sid, const string& realm, request_rec* r) {
     const list<list<value>> info = httpd::queryArgs(sid);
-    debug(info, "modopenauth::userInfo::info");
+    debug(info, "modopenauth::userInfoFromCookie::info");
     const list<value> user = assoc<value>(realm + "-user", info);
     if (isNil(user))
-        return mkfailure<value>("Couldn't retrieve user id");
+        return userInfoFromSession(realm, r);
     const list<value> pw = assoc<value>(realm + "-pw", info);
     if (isNil(pw))
         return mkfailure<value>("Couldn't retrieve password");
@@ -94,8 +131,8 @@ const failable<value> userInfo(const value& sid, const string& realm) {
 /**
  * Return the user info from a basic auth header.
  */
-const failable<value> userInfo(const char* header, const string& realm, request_rec* r) {
-    debug(header, "modopenauth::userInfo::header");
+const failable<value> userInfoFromHeader(const char* header, const string& realm, request_rec* r) {
+    debug(header, "modopenauth::userInfoFromHeader::header");
     if (strcasecmp(ap_getword(r->pool, &header, ' '), "Basic"))
         return mkfailure<value>("Wrong authentication scheme");
 
@@ -176,7 +213,7 @@ static int checkAuthn(request_rec *r) {
             return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
 
         // Extract user info from the session id
-        const failable<value> info = userInfo(content(sid), aname);
+        const failable<value> info = userInfoFromCookie(content(sid), aname, r);
         if (hasContent(info)) {
 
             // Try to authenticate the request
@@ -205,7 +242,7 @@ static int checkAuthn(request_rec *r) {
             return httpd::reportStatus(mkfailure<int>("Missing AuthName"));
 
         // Extract user info from the session id
-        const failable<value> info = userInfo(header, aname, r);
+        const failable<value> info = userInfoFromHeader(header, aname, r);
         if (hasContent(info)) {
 
             // Try to authenticate the request
diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf
index 2bd5bc3504..46fc5f88df 100755
--- a/sca-cpp/trunk/modules/http/open-auth-conf
+++ b/sca-cpp/trunk/modules/http/open-auth-conf
@@ -25,6 +25,8 @@ root=`readlink -f $1`
 conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"`
 host=`echo $conf | awk '{ print $6 }'`
 
+pw=`cat $root/cert/ca.key | head -2 | tail -1`
+
 # Generate form authentication configuration
 cat >>$root/conf/auth.conf <<EOF
 # Generated by: open-auth-conf $*
@@ -32,6 +34,9 @@ cat >>$root/conf/auth.conf <<EOF
 <Location />
 AuthType Open
 AuthName "$host"
+Session On
+SessionCookieName TuscanyOpenAuth path=/;secure=TRUE
+SessionCryptoPassphrase $pw
 AuthOpenAuth On
 AuthOpenAuthLoginPage /login
 Require valid-user
@@ -44,9 +49,6 @@ AuthName "$host"
 AuthFormProvider file
 AuthFormLoginRequiredLocation /login
 AuthFormLogoutLocation /
-Session On
-SessionCookieName TuscanyOpenAuth path=/;secure=TRUE
-#SessionCryptoPassphrase secret
 Require valid-user
 SetHandler form-login-handler
 </Location>
-- 
cgit v1.2.3