diff options
Diffstat (limited to 'pki/base/tps/src/modules/tps')
-rw-r--r-- | pki/base/tps/src/modules/tps/AP_Context.cpp | 83 | ||||
-rw-r--r-- | pki/base/tps/src/modules/tps/AP_Session.cpp | 1169 | ||||
-rw-r--r-- | pki/base/tps/src/modules/tps/CMakeLists.txt | 52 | ||||
-rw-r--r-- | pki/base/tps/src/modules/tps/mod_tps.cpp | 732 |
4 files changed, 0 insertions, 2036 deletions
diff --git a/pki/base/tps/src/modules/tps/AP_Context.cpp b/pki/base/tps/src/modules/tps/AP_Context.cpp deleted file mode 100644 index cde314254..000000000 --- a/pki/base/tps/src/modules/tps/AP_Context.cpp +++ /dev/null @@ -1,83 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This library is free software; you can redistribute it and/or -// modify it under the terms of the GNU Lesser General Public -// License as published by the Free Software Foundation; -// version 2.1 of the License. -// -// This library is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// Lesser General Public License for more details. -// -// You should have received a copy of the GNU Lesser General Public -// License along with this library; if not, write to the Free Software -// Foundation, Inc., 51 Franklin Street, Fifth Floor, -// Boston, MA 02110-1301 USA -// -// Copyright (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include "httpd/httpd.h" -#include "httpd/http_log.h" -#include "nspr.h" - -#include "modules/tps/AP_Context.h" - -#define MAX_LOG_MSG_SIZE 4096 - - -AP_Context::AP_Context( server_rec *sv ) -{ - m_sv = sv; -} - - -AP_Context::~AP_Context() -{ - /* no clean up */ -} - - -void AP_Context::LogError( const char *func, int line, const char *fmt, ... ) -{ - char buf[MAX_LOG_MSG_SIZE]; - - va_list argp; - va_start( argp, fmt ); - PR_vsnprintf( buf, MAX_LOG_MSG_SIZE, fmt, argp ); - va_end( argp ); - - ap_log_error( func, line, APLOG_ERR, 0, m_sv, buf ); -} - - -void AP_Context::LogInfo( const char *func, int line, const char *fmt, ... ) -{ - char buf[MAX_LOG_MSG_SIZE]; - - va_list argp; - va_start( argp, fmt ); - PR_vsnprintf( buf, MAX_LOG_MSG_SIZE, fmt, argp ); - va_end( argp ); - - ap_log_error( func, line, APLOG_INFO, 0, m_sv, buf ); -} - - -void AP_Context::InitializationError( const char *func, int line ) -{ - ap_log_error( func, line, APLOG_INFO, 0, m_sv, - "The nss module must be initialized " - "prior to calling the tps module." ); -} - -#ifdef __cplusplus -} -#endif - diff --git a/pki/base/tps/src/modules/tps/AP_Session.cpp b/pki/base/tps/src/modules/tps/AP_Session.cpp deleted file mode 100644 index 36f455355..000000000 --- a/pki/base/tps/src/modules/tps/AP_Session.cpp +++ /dev/null @@ -1,1169 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This library is free software; you can redistribute it and/or -// modify it under the terms of the GNU Lesser General Public -// License as published by the Free Software Foundation; -// version 2.1 of the License. -// -// This library is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// Lesser General Public License for more details. -// -// You should have received a copy of the GNU Lesser General Public -// License along with this library; if not, write to the Free Software -// Foundation, Inc., 51 Franklin Street, Fifth Floor, -// Boston, MA 02110-1301 USA -// -// Copyright (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include <stdio.h> -#include <stdlib.h> -#include <stdarg.h> -#include "nspr.h" -#include "httpd/httpd.h" -#include "httpd/http_protocol.h" - -#include "engine/RA.h" -#include "main/Util.h" -#include "main/RA_Msg.h" -#include "main/RA_pblock.h" -#include "main/RA_Session.h" -#include "msg/RA_Begin_Op_Msg.h" -#include "msg/RA_Login_Response_Msg.h" -#include "msg/RA_Extended_Login_Response_Msg.h" -#include "msg/RA_SecureId_Response_Msg.h" -#include "msg/RA_ASQ_Response_Msg.h" -#include "msg/RA_New_Pin_Response_Msg.h" -#include "msg/RA_Token_PDU_Response_Msg.h" -#include "msg/RA_Login_Request_Msg.h" -#include "msg/RA_Extended_Login_Request_Msg.h" -#include "msg/RA_SecureId_Request_Msg.h" -#include "msg/RA_ASQ_Request_Msg.h" -#include "msg/RA_New_Pin_Request_Msg.h" -#include "msg/RA_Token_PDU_Request_Msg.h" -#include "msg/RA_End_Op_Msg.h" -#include "msg/RA_Status_Update_Request_Msg.h" -#include "msg/RA_Status_Update_Response_Msg.h" -#include "modules/tps/AP_Session.h" -#include "main/Memory.h" -#include "apr_strings.h" - -/** - * http parameters used in the protocol - */ -#define PARAM_MSG_TYPE "msg_type" -#define PARAM_OPERATION "operation" -#define PARAM_INVALID_PW "invalid_pw" -#define PARAM_BLOCKED "blocked" -#define PARAM_SCREEN_NAME "screen_name" -#define PARAM_PASSWORD "password" -#define PARAM_PIN_REQUIRED "pin_required" -#define PARAM_NEXT_VALUE "next_value" -#define PARAM_VALUE "value" -#define PARAM_PIN "pin" -#define PARAM_QUESTION "question" -#define PARAM_ANSWER "answer" -#define PARAM_MINIMUM_LENGTH "minimum_length" -#define PARAM_MAXIMUM_LENGTH "maximum_length" -#define PARAM_NEW_PIN "new_pin" -#define PARAM_PDU_SIZE "pdu_size" -#define PARAM_PDU_DATA "pdu_data" -#define PARAM_RESULT "result" -#define PARAM_MESSAGE "message" -#define PARAM_STATUS "current_state" -#define PARAM_INFO "next_task_name" -#define PARAM_EXTENSIONS "extensions" - -#define MAX_RA_MSG_SIZE 4096 -#define MAX_LOG_MSG_SIZE 4096 - -// maximum number of digits for message length -#define MAX_LEN_DIGITS 4 - - -static int contains_sensitive_keywords(char *msg) -{ - if (strstr(msg, "password" ) != NULL ) { - return 1; - } - if (strstr(msg, "PASSWORD" ) != NULL ) { - return 1; - } - if (strstr(msg, "new_pin" ) != NULL ) { - return 1; - } - return 0; -} - - -/** - * AP_Session represents an active connection between the - * Registration authority and the token client. - * - * Note that AP_Session encapsulates all the glue logic - * between Apache and the RA. If we need to go to anther platform - * (i.e. NPE, NES, or other web servers) later, we just need - * to implement a new Session implementation. - */ -AP_Session::AP_Session( request_rec *rq ) -{ - m_rq = rq; - /* REQUEST_CHUNKED_DECHUNK If chunked, remove the chunks for me */ - ap_setup_client_block( rq, REQUEST_CHUNKED_DECHUNK); -} - - -AP_Session::~AP_Session() -{ - /* no clean up */ -} - - -char *AP_Session::GetRemoteIP() -{ - return ( m_rq->connection->remote_ip ); -} - - -/** - * reads from network "s=xx" where xx is the length of the message - * that follows. The length is returned as int. - * @return length in int - */ -static int GetMsgLen( request_rec *rq ) -{ - int len=0; - char msg_len[MAX_LEN_DIGITS]; // msg_len can't take more than 4 digits - char *p_msg_len = msg_len; - int sum = 0; - - /* read msg size */ - len = ( int ) ap_get_client_block( rq, p_msg_len, - ( apr_size_t ) 1 ); /* s */ - if( len != 1 ) { - RA::Error( "AP_Session::GetMsgLen", - "ap_get_client_block returned error: %d", len ); - - return 0; - } - - len = ( int ) ap_get_client_block( rq, p_msg_len, - ( apr_size_t ) 1 ); /* = */ - - if( len != 1 ) { - RA::Error( "AP_Session::GetMsgLen", - "ap_get_client_block returned error: %d", len ); - - return 0; - } - - while( 1 ) { - if( sum > ( MAX_LEN_DIGITS -1 ) ) { - /* the length is too large */ - RA::Error( "AP_Session::ReadMsg", "Message Size is too large." ); - return -1; - } - - len = ( int ) ap_get_client_block( rq, p_msg_len, ( apr_size_t ) 1 ); - - if( len != 1 ) { - break; - } - - if( len != 0 ) { - if( *p_msg_len == '&' ) { - break; - } - - p_msg_len++; - sum++; - } - } - - *p_msg_len = '\0'; - - return atoi( msg_len ); -} - -static int GetMsg( request_rec *rq, char *buf, int size ) -{ - int len; - int sum = 0; - char *p_msg = buf; - - while( 1 ) { - len = ( int ) ap_get_client_block( rq, p_msg, ( apr_size_t ) 1 ); - if( len != 1 ) { - return -1; - } - p_msg += len; - sum += len; - buf[sum] = '\0'; - if( sum == size ) { - break; - } - } - - buf[sum] = '\0'; - - return sum; -} - -char *stripEmptyArgs( char *data ) -{ - char *n_data = ( char * ) PR_Malloc( strlen( data ) + 2 ); - n_data[0] = '\0'; - int nv_count = 0; - - if( data != NULL && strlen( data ) > 0 ) { - char *lasts = NULL; - char *tok = PL_strtok_r( data, " ", &lasts ); - - while( tok != NULL ) { - if( tok[strlen( tok )-1] != '=' ) { - n_data = strcat( n_data, tok ); - n_data = strcat( n_data, " " ); - nv_count++; - } - - tok = PL_strtok_r( NULL, " ", &lasts ); - } - int len = strlen( n_data ); - n_data[len-1] = '\0'; - } - - if( ( nv_count > MAX_NVS ) || ( n_data[0] == '\0' ) ) { - PR_Free( n_data ); - n_data = NULL; - } - - return n_data; -} - - -int pblock_str2pblock( char *n_data, apr_array_header_t *tm_pblock , request_rec *rec) -{ - int element = 0; - - if( n_data != NULL && strlen( n_data ) > 0 ) { - char *lasts = NULL; - char *tok = PL_strtok_r( n_data, " ", &lasts ); - - /* store each name/value pair in the string into the pblock array */ - while( tok != NULL ) { - char name[4096]; - char value[4096]; - - for( int i = 0; i < ( int ) strlen( tok ); i++ ) { - if( tok[i] != '=' ) { - /* extract and add to the name portion */ - name[i] = tok[i]; - } else { - /* null terminate the name portion */ - name[i] = '\0'; - /* extract the entire value portion */ - strcpy( value, &tok[i+1] ); - break; - } - } - - /* store the name/value pair as an entry in the pblock array */ - ( ( apr_table_entry_t * ) tm_pblock->elts )[element].key = - apr_pstrdup(rec->pool, name); - ( ( apr_table_entry_t * ) tm_pblock->elts )[element].val = - apr_pstrdup(rec->pool, value); - - /* increment the entry to the pblock array */ - element++; - - /* get the next name/value pair from the string */ - tok = PL_strtok_r( NULL, " ", &lasts ); - } - } - - return element; -} - - -/** - * Parses the data and creates an RA_pblock to store name/value pairs - * @param data null-terminated string containing a string with format: - * n1=v1&n2=v2&n3=v3&... - * @return - * pointer to RA_pblock if success - * NULL if failure; - */ -RA_pblock *AP_Session::create_pblock( char *data ) -{ - if( ( data == NULL ) || ( data[0] == '\0' ) ) { - RA::Error( "AP_Session::create_pblock", - "data is NULL" ); - return NULL; - } - - if(contains_sensitive_keywords(data)) { - RA::Debug( LL_PER_PDU, - "AP_Session::create_pblock", - "Data '(sensitive)'"); - } else { - RA::Debug( LL_PER_PDU, - "AP_Session::create_pblock", - "Data '%s'", data); - } - - // - // The data contains a set of name value pairs separated by an '&' - // (i. e. - n1=v1&n2=v2...). Replace each '&' with a ' '. - // - // Note that since the values are expected to have been url-encoded, - // they must be url-decoded within the subclass method. - // - int i, j; - int len = strlen( data ); - - for( i = 0; i < len; i++ ) { - // need to check if data[i] is a valid url-encoded char...later - if( data[i] == '&' ) { - data[i] = ' '; - } - } - - apr_array_header_t *tm_pblock = apr_array_make( m_rq->pool, - MAX_NVS, - sizeof( apr_table_entry_t ) - ); - - if( tm_pblock == NULL ) { - RA::Error( "AP_Session::create_pblock", - "apr_array_make returns NULL" ); - return NULL; - } - - // - // The data is in the format of "name=v1 name=v2 name=v3". If the data - // has content like "name=v1 name= name=v3", the pblock_str2pblock will - // return (-1). This is because pblock_str2pblock does not know how to - // handle the case of an empty value. Therefore, before we invoke - // pblock_str2pblock, we make sure to remove any input data which - // contains an empty value. - // - char *n_data = stripEmptyArgs( data ); - if( n_data == NULL ) { - RA::Error( "AP_Session::create_pblock", - "stripEmptyArgs was either empty or " - "contained more than %d name/value pairs!", - MAX_NVS ); - return NULL; - } - - int tm_nargs = pblock_str2pblock( n_data, tm_pblock , m_rq); - apr_table_entry_t *pe = NULL; - - RA::Debug( LL_PER_PDU, - "AP_Session::create_pblock", - "Found Arguments=%d, nalloc=%d", - tm_nargs, - tm_pblock->nalloc ); - - // url decode all values and place into Buffer_nv's - Buffer_nv *tm_nvs[MAX_NVS]; - - for( i = 0, j = 0; i < tm_nargs; i++, j++ ) { - tm_nvs[j] = NULL; - - pe = ( apr_table_entry_t * ) tm_pblock->elts; - - if( pe == NULL ) { - continue; - } - - if( ( pe[i].key == NULL ) || - ( ( PR_CompareStrings( pe[i].key, "" ) == 1 ) ) || - ( pe[i].val == NULL ) || - ( ( PR_CompareStrings( pe[i].val, "" ) == 1 ) ) ) { - RA::Debug( LL_ALL_DATA_IN_PDU, - "AP_Session::create_pblock", - "name/value pair contains NULL...skip" ); - continue; - } - - if(contains_sensitive_keywords(pe[i].key)) { - RA::Debug( LL_PER_PDU, - "AP_Session::create_pblock", - "entry name=%s, value=<...do not print...>", - pe[i].key ); - } else { - RA::Debug( LL_PER_PDU, - "AP_Session::create_pblock", - "entry name=%s, value=%s", - pe[i].key, - pe[i].val ); - } - - Buffer *decoded = NULL; - - decoded = Util::URLDecode( pe[i].val ); - - tm_nvs[j] = ( struct Buffer_nv * ) - PR_Malloc( sizeof( struct Buffer_nv ) ); - - if( tm_nvs[j] != NULL ) { - tm_nvs[j]->name = PL_strdup( pe[i].key ); - tm_nvs[j]->value_s = PL_strdup( pe[i].val ); - tm_nvs[j]->value = decoded; - } else { - RA::Debug( LL_PER_PDU, - "AP_Session::create_pblock", - "tm_nvs[%d] is NULL", - j ); - } - } // for - - RA_pblock *ra_pb = new RA_pblock( tm_nargs, tm_nvs ); - - if( n_data != NULL ) { - PR_Free( n_data ); - n_data = NULL; - } - - if( ra_pb == NULL ) { - RA::Error( "AP_Session::create_pblock", - "RA_pblock is NULL" ); - return NULL; - } - - return ra_pb; -} - -RA_Msg *AP_Session::ReadMsg() -{ - int len; - int msg_len = 0; - char msg[MAX_RA_MSG_SIZE]; - char *msg_type = NULL; - int i_msg_type; - Buffer *msg_type_b = NULL; - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "========== ReadMsg Begins =======" ); - - msg_len = GetMsgLen( m_rq ); - - if( ( msg_len <= 0 ) || ( msg_len > MAX_RA_MSG_SIZE ) ) { - RA::Error( "AP_Session::ReadMsg", - "Message Size not in range. size =%d. Operation may have been cancelled.", msg_len ); - return NULL; - } - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", "msg_len=%d", msg_len ); - - len = GetMsg( m_rq, msg, msg_len ); - - if( len != msg_len ) { - RA::Error( "AP_Session::ReadMsg", - "Message Size Mismatch. Expected '%d' Received '%d'", - msg_len, len ); - return NULL; - } - - if(!contains_sensitive_keywords(msg)) { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Received len='%d' msg='%s'", len, msg ); - } else { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Received len='%d' msg='<Password or new pin>'", len ); - } - - RA_Msg *ret_msg = NULL; - - // format into array of name/value pair with value Buffer's - RA_pblock *ra_pb = ( RA_pblock * ) create_pblock( msg ); - - if( ra_pb == NULL ) { - goto loser; - } - - // msg_type_b will be freed by destructor of RA_pblock - msg_type_b = ra_pb->find_val( PARAM_MSG_TYPE ); - if( msg_type_b == NULL ) { - goto loser; - } - - // msg_type should be freed when done using - msg_type = msg_type_b->string(); - - if( msg_type == NULL ) { - RA::Error( "AP_Session::ReadMsg", - "Parameter Not Found %s", PARAM_MSG_TYPE ); - goto loser; - } - - i_msg_type = atoi( msg_type ); - - switch( i_msg_type ) - { - case MSG_BEGIN_OP: /* BEGIN_OP */ - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "BEGIN_OP", msg_type ); - - Buffer *opB = ra_pb->find_val( PARAM_OPERATION ); - - if( opB == NULL ) { - goto loser; - } - - RA::DebugBuffer( "AP_Session::ReadMsg", "content=", opB ); - - char *op_c = opB->string(); - - if( op_c == NULL ) { - goto loser; - } - - int i_op = atoi( op_c ); - - if( op_c != NULL ) { - PR_Free( op_c ); - op_c = NULL; - } - - NameValueSet *exts = NULL; - - Buffer *opE = ra_pb->find_val( PARAM_EXTENSIONS ); // optional - - if( opE != NULL ) { - char *op_e = opE->string(); - if( op_e == NULL ) { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "No extensions" ); - } else { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Extensions %s", op_e ); - exts = NameValueSet::Parse( op_e, "&" ); - if( op_e != NULL ) { - PR_Free( op_e ); - op_e = NULL; - } - } - } - - switch( i_op ) - { - case OP_ENROLL: - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "begin_op_msg msg_type=ENROLL" ); - ret_msg = new RA_Begin_Op_Msg( OP_ENROLL, exts ); - break; - } - case OP_UNBLOCK: - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "begin_op_msg msg_type=UNBLOCK" ); - ret_msg = new RA_Begin_Op_Msg( OP_UNBLOCK, exts ); - break; - } - case OP_RESET_PIN: - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "begin_op_msg msg_type=RESET_PIN" ); - ret_msg = new RA_Begin_Op_Msg( OP_RESET_PIN, exts ); - break; - } - case OP_RENEW: - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "begin_op_msg msg_type=RENEW" ); - ret_msg = new RA_Begin_Op_Msg( OP_RENEW, exts ); - break; - } - case OP_FORMAT: - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "begin_op_msg msg_type=FORMAT" ); - ret_msg = new RA_Begin_Op_Msg( OP_FORMAT, exts ); - break; - } - default: - { - break; - /* error */ - } - } // switch( i_op ) - - break; - } - case MSG_EXTENDED_LOGIN_RESPONSE: /* LOGIN_RESPONSE */ - { - char *name = NULL; - Buffer* value = NULL; - char *bufferStr = NULL; - AuthParams *params = new AuthParams(); - int i; - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "EXTENDED_LOGIN_RESPONSE", msg_type ); - - i = ra_pb->get_num_of_names(); - - for( i = 0; i < ra_pb->get_num_of_names(); i++ ) { - name = ra_pb->get_name( i ); - if( name != NULL ) { - value = ra_pb->find_val( ( const char * ) name ); - bufferStr = value->string(); - if( value != NULL ) { - params->Add( name, bufferStr ); - } - if (bufferStr != NULL) { - PR_Free(bufferStr); - bufferStr = NULL; - } - } - } - - ret_msg = new RA_Extended_Login_Response_Msg( params ); - - break; - } - case MSG_LOGIN_RESPONSE: /* LOGIN_RESPONSE */ - { - char *uid = NULL, *password = NULL; - Buffer *uid_b, *pwd_b = NULL; - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "LOGIN_RESPONSE", msg_type ); - - uid_b = ra_pb->find_val( PARAM_SCREEN_NAME ); - - if( uid_b == NULL ) { - goto aloser; - } - - uid = uid_b->string(); - - if( uid == NULL ) { - goto aloser; - } - - pwd_b = ra_pb->find_val( PARAM_PASSWORD ); - - if( pwd_b == NULL ) { - goto aloser; - } - - password = pwd_b->string(); - - if( password == NULL ) { - goto aloser; - } - - ret_msg = new RA_Login_Response_Msg( uid, password ); - - aloser: - if( uid != NULL ) { - PR_Free( uid ); - uid = NULL; - } - - if( password != NULL ) { - PR_Free( password ); - password = NULL; - } - - goto loser; - - break; - } - case MSG_STATUS_UPDATE_RESPONSE: /* SECUREID_RESPONSE */ - { - char *value = NULL; - Buffer *value_b; - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "STATUS_UPDATE_RESPONSE", msg_type ); - - value_b = ra_pb->find_val( PARAM_STATUS ); - - if( value_b == NULL ) { - goto zloser; - } - - value = value_b->string(); - - if( value == NULL ) { - goto zloser; - } - - ret_msg = new RA_Status_Update_Response_Msg( atoi( value ) ); - - zloser: - if( value != NULL ) { - PR_Free( value ); - value = NULL; - } - - goto loser; - - break; - } - case MSG_SECUREID_RESPONSE: /* SECUREID_RESPONSE */ - { - char *value = NULL, *pin = NULL; - Buffer *value_b = NULL, *pin_b = NULL; - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "SECUREID_RESPONSE", msg_type ); - - value_b = ra_pb->find_val( PARAM_VALUE ); - - if( value_b == NULL ) { - goto bloser; - } - - value = value_b->string(); - - if( value == NULL ) { - goto bloser; - } - - pin_b = ra_pb->find_val( PARAM_PIN ); - - if( pin_b == NULL ) { - goto bloser; - } - - pin = pin_b->string(); - - if( pin == NULL ) { - pin_b->zeroize(); - goto bloser; - } - - ret_msg = new RA_SecureId_Response_Msg( value, pin ); - - if( pin != NULL ) { - // zeroize memory before releasing - unsigned int i = 0; - for( i = 0; i < strlen( pin ); i++ ) { - pin[i] = '\0'; - } - if( pin != NULL ) { - PR_Free( pin ); - pin = NULL; - } - } - - pin_b->zeroize(); - - bloser: - if( value != NULL ) { - PR_Free( value ); - value = NULL; - } - - if( pin != NULL ) { - PR_Free( pin ); - pin = NULL; - } - - goto loser; - - break; - } - case MSG_ASQ_RESPONSE: /* ASQ_RESPONSE */ - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "ASQ_RESPONSE", msg_type ); - - Buffer *ans_b = ra_pb->find_val( PARAM_ANSWER ); - - if( ans_b == NULL ) { - goto loser; - } - - char *answer = ans_b->string(); - - if( answer == NULL ) { - goto loser; - } - - ret_msg = new RA_ASQ_Response_Msg( answer ); - - if( answer != NULL ) { - PR_Free( answer ); - answer = NULL; - } - - break; - } - case MSG_TOKEN_PDU_RESPONSE: /* TOKEN_PDU_RESPONSE */ - { - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "TOKEN_PDU_RESPONSE", msg_type ); - - unsigned int pdu_size =0; - - Buffer *pdu_size_b = ra_pb->find_val( PARAM_PDU_SIZE ); - - if( pdu_size_b == NULL ) { - goto loser; - } - - char *p = pdu_size_b->string(); - - pdu_size = atoi( p ); - - if( p != NULL ) { - PR_Free( p ); - p = NULL; - } - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%d", PARAM_PDU_SIZE, pdu_size ); - - if( pdu_size > 261 ) { - RA::Error( LL_PER_PDU, "AP_Session::ReadMsg", - "%s exceeds limit", PARAM_PDU_SIZE ); - goto loser; - } - - Buffer *decoded_pdu = ra_pb->find_val( PARAM_PDU_DATA ); - - if( decoded_pdu == NULL ) { - goto loser; - } - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "decoded_pdu size= %d", decoded_pdu->size() ); - - if( pdu_size != decoded_pdu->size() ) { - goto loser; - } - - RA::DebugBuffer( "AP_Session::ReadMsg", - "decoded pdu = ", decoded_pdu ); - - APDU_Response *response = new APDU_Response( *decoded_pdu ); - - ret_msg = new RA_Token_PDU_Response_Msg( response ); - - break; - } - case MSG_NEW_PIN_RESPONSE: /* NEW_PIN_RESPONSE */ - { - char *new_pin = NULL; - Buffer *new_pin_b = NULL; - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "Found %s=%s (%s)", PARAM_MSG_TYPE, - "NEW_PIN_RESPONSE", msg_type ); - - new_pin_b = ra_pb->find_val( PARAM_NEW_PIN ); - - if( new_pin_b == NULL ) { - goto loser; - } - - new_pin = new_pin_b->string(); - - if( new_pin == NULL ) { - new_pin_b->zeroize(); - goto loser; - } - - ret_msg = new RA_New_Pin_Response_Msg( new_pin ); - - if( new_pin != NULL ) { - // zeroize memory before releasing - unsigned int i = 0; - - for( i = 0; i< strlen( new_pin ); i++ ) { - new_pin[i] = '\0'; - } - - if( new_pin != NULL ) { - PR_Free( new_pin ); - new_pin = NULL; - } - } - - new_pin_b->zeroize(); - - break; - } - default: - { - RA::Error( "AP_Session::ReadMsg", "Found %s=%s", - PARAM_MSG_TYPE, "UNDEFINED" ); - /* error */ - break; - } - } // switch( i_msg_type ) - -loser: - if( msg_type != NULL ) { - PR_Free( msg_type ); - msg_type = NULL; - } - - if( ra_pb != NULL ) { - delete ra_pb; - ra_pb = NULL; - } - - RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", - "========= ReadMsg Ends =========" ); - - return ret_msg; -} - -static void CreateChunk( char *msgbuf, char *buf, int buflen ) -{ - int len; - - len = strlen( msgbuf ); - sprintf( buf, "s=%d&%s", len, msgbuf ); -} - -void AP_Session::WriteMsg( RA_Msg *msg ) -{ - char msgbuf[MAX_RA_MSG_SIZE]; - char buf[MAX_RA_MSG_SIZE]; - - switch( msg->GetType() ) - { - case MSG_EXTENDED_LOGIN_REQUEST: - { - RA_Extended_Login_Request_Msg *login_request_msg = - ( RA_Extended_Login_Request_Msg * ) msg; - int invalid_password = login_request_msg->IsInvalidPassword(); - int is_blocked = login_request_msg->IsBlocked(); - - char *title = Util::URLEncode( login_request_msg->GetTitle() ); - char *desc = Util::URLEncode( login_request_msg->GetDescription() ); - - sprintf( msgbuf, "%s=%d&%s=%d&%s=%d&%s=%s&%s=%s", - PARAM_MSG_TYPE, MSG_EXTENDED_LOGIN_REQUEST, - "invalid_login", invalid_password, - PARAM_BLOCKED, is_blocked, - "title", title, - "description", desc); - if (title != NULL) { - PR_Free(title); - title = NULL; - } - - if (desc != NULL) { - PR_Free(desc); - desc = NULL; - } - - for( int i = 0; i < login_request_msg->GetLen(); i++ ) { - char *p = login_request_msg->GetParam( i ); - char *encp = Util::URLEncode1( p ); - sprintf( msgbuf, "%s&required_parameter%d=%s", - msgbuf, i, encp ); - if (encp != NULL) { - PR_Free(encp); - encp = NULL; - } - } - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - break; - } - case MSG_LOGIN_REQUEST: - { - RA_Login_Request_Msg *login_request_msg = - ( RA_Login_Request_Msg * ) msg; - int invalid_password = login_request_msg->IsInvalidPassword(); - int is_blocked = login_request_msg->IsBlocked(); - - sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", - PARAM_MSG_TYPE, MSG_LOGIN_REQUEST, - PARAM_INVALID_PW, invalid_password, - PARAM_BLOCKED, is_blocked ); - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - - break; - } - case MSG_END_OP: - { - RA_End_Op_Msg *end_op = ( RA_End_Op_Msg * ) msg; - int result = end_op->GetResult(); - int local_msg = end_op->GetMsg(); - int op = end_op->GetOpType(); - - sprintf( msgbuf, "%s=%d&%s=%d&%s=%d&%s=%d\r\n0\r\n", - PARAM_MSG_TYPE, MSG_END_OP, - PARAM_OPERATION, op, - PARAM_RESULT, result, - PARAM_MESSAGE, local_msg ); - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - - break; - } - case MSG_STATUS_UPDATE_REQUEST: - { - RA_Status_Update_Request_Msg *status_update_request_msg = - ( RA_Status_Update_Request_Msg * ) msg; - int status = status_update_request_msg->GetStatus(); - char *info = status_update_request_msg->GetInfo(); - - sprintf( msgbuf, "%s=%d&%s=%d&%s=%s", - PARAM_MSG_TYPE, MSG_STATUS_UPDATE_REQUEST, - PARAM_STATUS, status, - PARAM_INFO, info ); - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - - break; - } - case MSG_SECUREID_REQUEST: - { - RA_SecureId_Request_Msg *secureid_request_msg = - ( RA_SecureId_Request_Msg * ) msg; - int is_pin_required = secureid_request_msg->IsPinRequired(); - int is_next_value = secureid_request_msg->IsNextValue(); - - sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", - PARAM_MSG_TYPE, MSG_SECUREID_REQUEST, - PARAM_PIN_REQUIRED, is_pin_required, - PARAM_NEXT_VALUE, is_next_value ); - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - - break; - } - case MSG_ASQ_REQUEST: - { - RA_ASQ_Request_Msg *asq_request_msg = ( RA_ASQ_Request_Msg * ) msg; - char *question = asq_request_msg->GetQuestion(); - - sprintf( msgbuf, "%s=%d&%s=%s", - PARAM_MSG_TYPE, MSG_ASQ_REQUEST, - PARAM_QUESTION, question ); - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - - break; - } - case MSG_NEW_PIN_REQUEST: - { - RA_New_Pin_Request_Msg *new_pin_request_msg = - ( RA_New_Pin_Request_Msg * ) msg; - int min = new_pin_request_msg->GetMinLen(); - int max = new_pin_request_msg->GetMaxLen(); - - sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", - PARAM_MSG_TYPE, MSG_NEW_PIN_REQUEST, - PARAM_MINIMUM_LENGTH, min, - PARAM_MAXIMUM_LENGTH, max ); - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - - break; - } - case MSG_TOKEN_PDU_REQUEST: - { - RA_Token_PDU_Request_Msg *token_pdu_request_msg = - ( RA_Token_PDU_Request_Msg * ) msg; - APDU *apdu = token_pdu_request_msg->GetAPDU(); - Buffer encoding; - - apdu->GetEncoding( encoding ); - - int pdu_len = encoding.size(); - - RA::Debug( LL_PER_CONNECTION, "AP_Session::WriteMsg", - "pdu_len='%d'", pdu_len ); - - Buffer pdu = encoding; - char *pdu_encoded = NULL; - - if( RA::GetConfigStore()->GetConfigAsBool( "pdu_encoding.hex_mode", - 1 ) ) { - // pdu will be encoded in Hex mode which is easier to read - pdu_encoded = Util::URLEncodeInHex( pdu ); - } else { - pdu_encoded = Util::URLEncode( pdu ); - } - - sprintf( msgbuf, "%s=%d&%s=%d&%s=%s", - PARAM_MSG_TYPE, MSG_TOKEN_PDU_REQUEST, - PARAM_PDU_SIZE, pdu_len, - PARAM_PDU_DATA, pdu_encoded ); - - CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE ); - - if( pdu_encoded != NULL ) { - PR_Free( pdu_encoded ); - pdu_encoded = NULL; - } - - RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf ); - - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq ); - - break; - } - default: - { - break; - /* error */ - } - } // switch( msg->GetType() ) - - ap_rflush(m_rq); - -} - -#ifdef __cplusplus -} -#endif - diff --git a/pki/base/tps/src/modules/tps/CMakeLists.txt b/pki/base/tps/src/modules/tps/CMakeLists.txt deleted file mode 100644 index 275d8b30a..000000000 --- a/pki/base/tps/src/modules/tps/CMakeLists.txt +++ /dev/null @@ -1,52 +0,0 @@ -project(tps_module CXX) - -set(TPS_PRIVATE_INCLUDE_DIRS - ${TPS_INCLUDE_DIR} - ${CMAKE_BINARY_DIR} - ${NSPR_INCLUDE_DIRS} - ${NSS_INCLUDE_DIRS} - ${APR_INCLUDE_DIRS} - ${SVRCORE_INCLUDE_DIRS} - ${LDAP_INCLUDE_DIRS} -) - -set(TPS_MODULE - tps_module - CACHE INTERNAL "tps apache module" -) - -set(TPS_LINK_LIBRARIES - ${TPS_SHARED_LIBRARY} - ${NSPR_LIBRARIES} - ${NSS_LIBRARIES} - ${APR_LIBRARIES} - ${SVRCORE_LIBRARIES} - ${LDAP_LIBRARIES} - ${TOKENDB_SHARED_LIBRARY} - ${TPS_SHARED_LIBRARY} -) - -set(tps_module_SRCS - AP_Context.cpp - AP_Session.cpp - mod_tps.cpp -) - -include_directories(${TPS_PRIVATE_INCLUDE_DIRS}) - -add_library(${TPS_MODULE} MODULE ${tps_module_SRCS}) -target_link_libraries(${TPS_MODULE} ${TPS_LINK_LIBRARIES}) - -set_target_properties(${TPS_MODULE} - PROPERTIES - OUTPUT_NAME - mod_tps - PREFIX "" -) - -install( - TARGETS - ${TPS_MODULE} - DESTINATION - ${LIB_INSTALL_DIR}/httpd/modules -) diff --git a/pki/base/tps/src/modules/tps/mod_tps.cpp b/pki/base/tps/src/modules/tps/mod_tps.cpp deleted file mode 100644 index dc6cc95f9..000000000 --- a/pki/base/tps/src/modules/tps/mod_tps.cpp +++ /dev/null @@ -1,732 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This library is free software; you can redistribute it and/or -// modify it under the terms of the GNU Lesser General Public -// License as published by the Free Software Foundation; -// version 2.1 of the License. -// -// This library is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -// Lesser General Public License for more details. -// -// You should have received a copy of the GNU Lesser General Public -// License along with this library; if not, write to the Free Software -// Foundation, Inc., 51 Franklin Street, Fifth Floor, -// Boston, MA 02110-1301 USA -// -// Copyright (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -#ifdef __cplusplus -extern "C" -{ -#endif - -#ifdef XP_WIN32 -#define TPS_PUBLIC __declspec(dllexport) -#else /* !XP_WIN32 */ -#define TPS_PUBLIC -#endif /* !XP_WIN32 */ - - - -/* _________________________________________________________________ -** -** TPS Module Headers -** _________________________________________________________________ -*/ - -#include <stdio.h> -#include <unistd.h> -#include "nspr.h" - -#include "httpd/httpd.h" -#include "httpd/http_config.h" -#include "httpd/http_log.h" -#include "httpd/http_protocol.h" -#include "httpd/http_main.h" - -#include "apr_strings.h" - -#include "engine/RA.h" -#include "main/Memory.h" -#include "main/RA_Msg.h" -#include "main/RA_Session.h" -#include "modules/tps/AP_Context.h" -#include "modules/tps/AP_Session.h" -#include "msg/RA_Begin_Op_Msg.h" -#include "msg/RA_End_Op_Msg.h" -#include "processor/RA_Enroll_Processor.h" -#include "processor/RA_Format_Processor.h" -#include "processor/RA_Pin_Reset_Processor.h" -#include "processor/RA_Renew_Processor.h" -#include "processor/RA_Unblock_Processor.h" -#include "ssl.h" - -#define MOD_TPS_KEY_NAME "mod_tps" - -/* _________________________________________________________________ -** -** TPS Module Request Data -** _________________________________________________________________ -*/ - -/** - * Processors for different operations. - */ -static RA_Enroll_Processor m_enroll_processor; -static RA_Unblock_Processor m_unblock_processor; -static RA_Pin_Reset_Processor m_pin_reset_processor; -static RA_Renew_Processor m_renew_processor; -static RA_Format_Processor m_format_processor; - - -/* _________________________________________________________________ -** -** TPS Module Command Data -** _________________________________________________________________ -*/ - -static const char MOD_TPS_CONFIGURATION_FILE_PARAMETER[] = "TPSConfigPathFile"; - -static const char MOD_TPS_CONFIGURATION_FILE_USAGE[] = -"TPS Configuration Filename prefixed by a complete path, or\n" -"a path that is relative to the Apache server root."; - -/* per-process config structure */ -typedef struct { - int nInitCount; - int nSignedAuditInitCount; -} mod_tps_global_config; - - -/* _________________________________________________________________ -** -** TPS Module Server Configuration Creation Data -** _________________________________________________________________ -*/ - -typedef struct { - char *TPS_Configuration_File; - AP_Context *context; - mod_tps_global_config *gconfig; /* pointer to per-process config */ -} mod_tps_server_configuration; - - - -/* _________________________________________________________________ -** -** TPS Module Registration Data -** _________________________________________________________________ -*/ - -#define MOD_TPS_CONFIG_KEY tps_module - -static const char MOD_TPS_CONFIG_KEY_NAME[] = "tps_module"; - -extern module TPS_PUBLIC MOD_TPS_CONFIG_KEY; - - - -/* _________________________________________________________________ -** -** TPS Module Helper Functions -** _________________________________________________________________ -*/ - -mod_tps_global_config *mod_tps_config_global_create(server_rec *s) -{ - apr_pool_t *pool = s->process->pool; - mod_tps_global_config *globalc = NULL; - void *vglobalc = NULL; - - apr_pool_userdata_get(&vglobalc, MOD_TPS_KEY_NAME, pool); - if (vglobalc) { - return (mod_tps_global_config *) vglobalc; /* reused for lifetime of the server */ - } - - /* - * allocate an own subpool which survives server restarts - */ - globalc = (mod_tps_global_config *)apr_palloc(pool, sizeof(*globalc)); - - /* - * initialize per-module configuration - */ - globalc->nInitCount = 0; - globalc->nSignedAuditInitCount = 0; - - apr_pool_userdata_set(globalc, MOD_TPS_KEY_NAME, - apr_pool_cleanup_null, - pool); - - return globalc; -} - -/** - * Terminate Apache - */ -void tps_die( void ) -{ - /* - * This is used for fatal errors and here - * it is common module practice to really - * exit from the complete program. - */ - exit( 1 ); -} - - -/** - * Creates an RA_Session from the RA framework. - * - * Centralize the allocation of the session object here so that - * we can provide our own session management here in the future. - */ -static RA_Session * -mod_tps_create_session( request_rec *rq ) -{ - return new AP_Session( rq ); -} /* mod_tps_create_session */ - - -/** - * Returns RA_Session to the RA framework. - */ -static void -mod_tps_destroy_session( RA_Session *session ) -{ - if( session != NULL ) { - delete session; - session = NULL; - } -} /* mod_tps_destroy_session */ - - - -/* _________________________________________________________________ -** -** TPS Module Request Phase -** _________________________________________________________________ -*/ - -/** - * Terminate the TPS module - */ -static apr_status_t -mod_tps_terminate( void *data ) -{ - /* This routine is ONLY called when this server's */ - /* pool has been cleared or destroyed. */ - - /* Log TPS module debug information. */ - RA::Debug( "mod_tps::mod_tps_terminate", - "The TPS module has been terminated!" ); - - /* Free TPS resources. */ - RA::Shutdown(); - - /* Since all members of mod_tps_server_configuration are allocated */ - /* from a pool, there is no need to unset any of these members. */ - -#ifdef MEM_PROFILING - /* If memory profiling is enabled, turn off memory profiling. */ - MEM_shutdown(); -#endif - - SSL_ClearSessionCache(); - /* Shutdown all APR library routines. */ - /* NOTE: This automatically destroys all memory pools. */ - /* Allow the NSS Module to perform this task. */ - /* apr_terminate(); */ - - - /* Terminate the entire Apache server */ - /* NOTE: Allow the NSS Module to perform this task. */ - /* tps_die(); */ - - return OK; -} - -static apr_status_t -mod_tps_child_terminate (void *data) -{ - RA::Debug("mod_tps::mod_tps_child_terminate", - "The TPS module has been terminated!" ); - - /* Free TPS resources. */ - RA::Child_Shutdown(); - - return OK; -} - -static int -mod_tps_initialize( apr_pool_t *p, - apr_pool_t *plog, - apr_pool_t *ptemp, - server_rec *sv ) -{ - mod_tps_server_configuration *sc = NULL; - char *cfg_path_file = NULL; - int status; - - /* Retrieve the TPS module. */ - sc = ( ( mod_tps_server_configuration * ) - ap_get_module_config( sv->module_config, - &MOD_TPS_CONFIG_KEY ) ); - - /* Check to see if the TPS module has been loaded. */ - if( sc->context != NULL ) { - return OK; - } - - sc->gconfig->nInitCount++; - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, sv, - "Entering mod_tps_initialize - init count is [%d]", - sc->gconfig->nInitCount); - - /* Load the TPS module. */ - -#ifdef MEM_PROFILING - /* If memory profiling is enabled, turn on memory profiling. */ - MEM_init( MEM_AUDIT_FILE, MEM_DUMP_FILE ); -#endif - - /* Retrieve the path to where the configuration files are located, */ - /* and insure that the TPS module configuration file is located here. */ - if( sc->TPS_Configuration_File != NULL ) { - /* provide TPS Config File from <apache_server_root>/conf/httpd.conf */ - if( sc->TPS_Configuration_File[0] == '/' ) { - /* Complete path to TPS Config File is denoted */ - cfg_path_file = apr_psprintf( p, - "%s", - ( char * ) - sc->TPS_Configuration_File ); - } else { - /* TPS Config File is located relative to the Apache server root */ - cfg_path_file = apr_psprintf( p, - "%s/%s", - ( char * ) ap_server_root, - ( char * ) - sc->TPS_Configuration_File ); - } - } else { - /* Log information regarding this failure. */ - ap_log_error( "mod_tps_initialize", - __LINE__, APLOG_ERR, 0, sv, - "The tps module was installed incorrectly since the " - "parameter named '%s' is missing from the Apache " - "Configuration file!", - ( char * ) MOD_TPS_CONFIGURATION_FILE_PARAMETER ); - - /* Display information on the screen regarding this failure. */ - printf( "\nUnable to start Apache:\n" - " The tps module is missing the required parameter named\n" - " '%s' in the Apache Configuration file!\n", - ( char * ) MOD_TPS_CONFIGURATION_FILE_PARAMETER ); - - goto loser; - } - - /* Initialize the "server" member of mod_tps_server_configuration. */ - sc->context = new AP_Context( sv ); - - status = RA::Initialize( cfg_path_file, sc->context ); - if( status != RA_INITIALIZATION_SUCCESS ) { - /* Log information regarding this failure. */ - ap_log_error( "mod_tps_initialize", - __LINE__, APLOG_ERR, 0, sv, - "The tps module was installed incorrectly " - "since the file named '%s' does not exist!", - cfg_path_file ); - - /* Display information on the screen regarding this failure. */ - printf( "\nUnable to start Apache:\n" - " The tps module configuration file called\n" - " '%s' does not exist!\n", - cfg_path_file ); - - /* Since all members of mod_tps_server_configuration are allocated */ - /* from a pool, there is no need to unset any of these members. */ - - goto loser; - } - - if (sc->gconfig->nInitCount < 2 ) { - sc->gconfig->nSignedAuditInitCount++; - status = RA::InitializeInChild( sc->context, - sc->gconfig->nSignedAuditInitCount); - } else { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, sv, - "mod_tps_initialize - pid is [%d] - post config already done once -" - " additional config will be done in init_child", - getpid()); - status = RA_INITIALIZATION_SUCCESS; - } - - if (status != RA_INITIALIZATION_SUCCESS ) { - ap_log_error( "mod_tps_initialize", - __LINE__, APLOG_ERR, 0, sv, - "The tps module failed to do the initializeInChild tasks. "); - printf( "\nUnable to start Apache:\n" - " The tps module failed to do the initializeInChild tasks. "); - goto loser; - } - - /* Register a server termination routine. */ - apr_pool_cleanup_register( p, - sv, - mod_tps_terminate, - apr_pool_cleanup_null ); - - /* Log TPS module debug information. */ - RA::Debug( "mod_tps::mod_tps_initialize", - "The TPS module has been successfully loaded!" ); - - return OK; - -loser: - /* Log TPS module debug information. */ - RA::Debug( "mod_tps::mod_tps_initialize", - "Failed loading the TPS module!" ); - - if( sc->context != NULL ) { - /* Free TPS resources. */ - RA::Shutdown(); - - /* Since all members of mod_tps_server_configuration are allocated */ - /* from a pool, there is no need to unset any of these members. */ - } - -#ifdef MEM_PROFILING - /* If memory profiling is enabled, turn off memory profiling. */ - MEM_shutdown(); -#endif - - /* Shutdown all APR library routines. */ - /* NOTE: This automatically destroys all memory pools. */ - apr_terminate(); - - /* Terminate the entire Apache server */ - tps_die(); - - return DECLINED; -} - -/** - * mod_tps_handler handles the protocol between the token client - * and the RA (Session) - */ -static int -mod_tps_handler( request_rec *rq ) -{ - char buf[1024]; - int ret_code = DECLINED; - int status = DECLINED; - RA_Session *session = NULL; - RA_Begin_Op_Msg *begin_op_msg = NULL; - NameValueSet *extensions = NULL; - const char *tenc = apr_table_get(rq->headers_in, "Transfer-Encoding"); - - /* Log TPS module debug information. */ - RA::Debug( "mod_tps::mod_tps_handler", - "mod_tps::mod_tps_handler" ); - - RA::Debug( "mod_tps::mod_tps_handler", - "uri '%s'", rq->uri); - - /* XXX: We need to change "nk_service" to "tps", - and need to update ESC. */ - if (strcmp(rq->handler,"nk_service") != 0) { - RA::Debug( "mod_tps::mod_tps_handler", - "DECLINED uri '%s'", rq->uri); - return DECLINED; - } - - RA::Debug( "mod_tps::mod_tps_handler", - "uri '%s' DONE", rq->uri); - - /* - * check to see if the http request contains - * "transfer-encoding: chunked" - */ - /* XXX: rq->chunked not set to true even in the chunked mode */ - if(!tenc || PL_strcasecmp(tenc, "chunked") != 0) { - /* print the following when browser accesses directly */ - strcpy( buf, "<HTML>Registration Authority</HTML>" ); - - /* write out the data */ - ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), rq ); - - ret_code = OK; - - return ret_code; - } - - /* request contains chunked encoding */ - session = mod_tps_create_session( rq ); - - /* read in the data present on the connection */ - begin_op_msg = ( RA_Begin_Op_Msg * ) session->ReadMsg(); - if( begin_op_msg == NULL ) { - /* Log TPS module error information. */ - RA::Error( "mod_tps::mod_tps_handler", - "no begin op found" ); - goto loser; - } - - /* retrieve the extensions */ - extensions = begin_op_msg->GetExtensions(); - - /* perform the appropriate processing based upon the type of operation */ - if( begin_op_msg->GetOpType() == OP_ENROLL ) { - status = m_enroll_processor.Process( session, extensions ); - } else if( begin_op_msg->GetOpType() == OP_UNBLOCK ) { - status = m_unblock_processor.Process( session, extensions ); - } else if( begin_op_msg->GetOpType() == OP_RESET_PIN ) { - status = m_pin_reset_processor.Process( session, extensions ); - } else if( begin_op_msg->GetOpType() == OP_RENEW ) { - status = m_renew_processor.Process( session, extensions ); - } else if( begin_op_msg->GetOpType() == OP_FORMAT ) { - status = m_format_processor.Process( session, extensions ); - } else { - /* Log TPS module error information. */ - RA::Error( "mod_tps::mod_tps_handler", - "unknown operation requested (op='%d')", - begin_op_msg->GetOpType() ); - goto loser; - } /* if */ - - ret_code = OK; - -loser: - /* determine the results of the operation and report it */ - if( begin_op_msg != NULL ) { - int result; - - if( status == 0 ) { - result = RESULT_GOOD; - } else { - result = RESULT_ERROR; - } - - RA_End_Op_Msg *end_op = new RA_End_Op_Msg( begin_op_msg->GetOpType(), - result, - status ); - - session->WriteMsg( end_op ); - - if( end_op != NULL ) { - delete end_op; - end_op = NULL; - } - } - - /* remove any operational messages */ - if( begin_op_msg != NULL ) { - delete begin_op_msg; - begin_op_msg = NULL; - } - - /* remove any sessions */ - if( session != NULL ) { - mod_tps_destroy_session( session ); - session = NULL; - } - - return ret_code; -} /* mod_tps_handler */ - - - -/* _________________________________________________________________ -** -** TPS Module Command Phase -** _________________________________________________________________ -*/ - -static const char *mod_tps_get_config_path_file( cmd_parms *cmd, - void *mconfig, - const char *tpsconf ) -{ - if( cmd->path ) { - ap_log_error( APLOG_MARK, APLOG_ERR, 0, NULL, - "The %s config param cannot be specified " - "in a Directory section.", - cmd->directive->directive ); - } else { - mod_tps_server_configuration *sc = NULL; - - /* Retrieve the TPS module. */ - sc = ( ( mod_tps_server_configuration * ) - ap_get_module_config( cmd->server->module_config, - &MOD_TPS_CONFIG_KEY ) ); - - /* Initialize the "TPS Configuration File" */ - /* member of mod_tps_server_configuration. */ - sc->TPS_Configuration_File = apr_pstrdup( cmd->pool, tpsconf ); - } - - return NULL; -} - - -static const command_rec mod_tps_config_cmds[] = { - AP_INIT_TAKE1( MOD_TPS_CONFIGURATION_FILE_PARAMETER, - ( const char*(*)() ) mod_tps_get_config_path_file, - NULL, - RSRC_CONF, - MOD_TPS_CONFIGURATION_FILE_USAGE ), - { NULL } -}; - - - -/* _________________________________________________________________ -** -** TPS Module Server Configuration Creation Phase -** _________________________________________________________________ -*/ - -/** - * Create TPS module server configuration - */ -static void * -mod_tps_config_server_create( apr_pool_t *p, server_rec *sv ) -{ - /* Initialize all APR library routines. */ - apr_initialize(); - - /* Create a memory pool for this server. */ - mod_tps_server_configuration *sc = ( mod_tps_server_configuration * ) - apr_pcalloc( p, - ( apr_size_t ) - sizeof( *sc ) ); - - /* Initialize all members of mod_tps_server_configuration. */ - sc->TPS_Configuration_File = NULL; - sc->context = NULL; - sc->gconfig = mod_tps_config_global_create(sv); - - return sc; -} - -static void mod_tps_init_child(apr_pool_t *p, server_rec *sv) -{ - int status = -1; - mod_tps_server_configuration *srv_cfg = NULL; - srv_cfg = ( ( mod_tps_server_configuration * ) - ap_get_module_config(sv->module_config, &MOD_TPS_CONFIG_KEY)); - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL, - "Entering mod_tps_init_child pid [%d] init count is [%d]", - getpid(), srv_cfg->gconfig->nInitCount); - - srv_cfg = ( ( mod_tps_server_configuration * ) - ap_get_module_config(sv->module_config, &MOD_TPS_CONFIG_KEY)); - - if (srv_cfg->gconfig->nInitCount > 1) { - srv_cfg->gconfig->nSignedAuditInitCount++; - status = RA::InitializeInChild(srv_cfg->context, - srv_cfg->gconfig->nSignedAuditInitCount); - - - if (status != RA_INITIALIZATION_SUCCESS) { - /* Need to shut down, the child was not initialized properly. */ - ap_log_error( "mod_tps_init_child", - __LINE__, APLOG_ERR, 0, sv, - "The tps module failed to do the initializeInChild tasks. "); - printf( "\nUnable to start Apache:\n" - " The tps module failed to do the initializeInChild tasks. "); - goto loser; - } - - /* Register a server termination routine. */ - apr_pool_cleanup_register( p, - sv, - mod_tps_child_terminate, - apr_pool_cleanup_null ); - } else { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, sv, - "mod_tps_init_child - pid is [%d] - config should be done in regular post config", - getpid()); - } - - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL, - "Leaving mod_tps_init_child"); - return; -loser: - /* Log TPS module debug information. */ - RA::Debug( "mod_tps::mod_tps_initialize", - "Failed loading the TPS module!" ); - - /* Free TPS resources. */ - /* If we are here, the parent should be up. */ - RA::Shutdown(); - - /* Since all members of mod_tps_server_configuration are allocated */ - /* from a pool, there is no need to unset any of these members. */ - -#ifdef MEM_PROFILING - /* If memory profiling is enabled, turn off memory profiling. */ - MEM_shutdown(); -#endif - - /* Shutdown all APR library routines. */ - /* NOTE: This automatically destroys all memory pools. */ - apr_terminate(); - - /* Terminate the entire Apache server */ - _exit(APEXIT_CHILDFATAL); - - return; - -} - - - -/* _________________________________________________________________ -** -** TPS Module Registration Phase -** _________________________________________________________________ -*/ - -static void -mod_tps_register_hooks( apr_pool_t *p ) -{ - static const char *const mod_tps_preloaded_modules[] = { "mod_nss.c", - NULL }; - static const char *const mod_tps_postloaded_modules[] = { NULL }; - - ap_hook_post_config( mod_tps_initialize, - mod_tps_preloaded_modules, - mod_tps_postloaded_modules, - APR_HOOK_MIDDLE ); - - ap_hook_child_init(mod_tps_init_child, NULL,NULL, APR_HOOK_MIDDLE); - - ap_hook_handler( mod_tps_handler, - mod_tps_preloaded_modules, - mod_tps_postloaded_modules, - APR_HOOK_MIDDLE ); -} - - -module TPS_PUBLIC MOD_TPS_CONFIG_KEY = { - STANDARD20_MODULE_STUFF, - NULL, /* create per-dir config structures */ - NULL, /* merge per-dir config structures */ - mod_tps_config_server_create, /* create per-server config structures */ - NULL, /* merge per-server config structures */ - mod_tps_config_cmds, /* table of configuration directives */ - mod_tps_register_hooks /* register hooks */ -}; - - - -#ifdef __cplusplus -} -#endif - |