diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2011-05-18 10:49:32 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2011-05-18 10:49:32 +0000 |
commit | 83de18800f9cea18b1ccf7889cb4499f141525d0 (patch) | |
tree | 0bb460ed89462b0b89d326b31f179e8cce3b8ba4 | |
parent | 72ae1cf68711a31ec62e27e8854b2100c8931c7e (diff) | |
download | mod_auth_mellon-83de18800f9cea18b1ccf7889cb4499f141525d0.tar.gz mod_auth_mellon-83de18800f9cea18b1ccf7889cb4499f141525d0.tar.xz mod_auth_mellon-83de18800f9cea18b1ccf7889cb4499f141525d0.zip |
Add support for inheriting lasso_server objects.
Change configuration to inherit the lasso_server objects when nothing
affecting the lasso_server object changes from the parent configuration
object.
This should speed up processing of requests where you have
request-specific configuration changes, such as access control rules.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@130 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r-- | auth_mellon.h | 2 | ||||
-rw-r--r-- | auth_mellon_config.c | 46 | ||||
-rw-r--r-- | auth_mellon_handler.c | 10 |
3 files changed, 52 insertions, 6 deletions
diff --git a/auth_mellon.h b/auth_mellon.h index 69c19f1..f5a5a0c 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -212,6 +212,8 @@ typedef struct am_dir_cfg_rec { int probe_discovery_timeout; apr_hash_t *probe_discovery_idp; + /* The configuration record we "inherit" the lasso server object from. */ + struct am_dir_cfg_rec *inherit_server_from; /* Mutex to prevent us from creating several lasso server objects. */ apr_thread_mutex_t *server_mutex; /* Cached lasso server object. */ diff --git a/auth_mellon_config.c b/auth_mellon_config.c index 23db996..c3b307d 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -19,6 +19,7 @@ * */ +#include <stdbool.h> #include "auth_mellon.h" @@ -1104,13 +1105,46 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->sp_org_url = apr_hash_make(p); apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p); - + dir->inherit_server_from = dir; dir->server = NULL; return dir; } +/* Determine whether this configuration changes anything relevant to the + * lasso_server configuration. + * + * Parameters: + * am_dir_cfg_rec *add_cfg The new configuration. + * + * Returns: + * true if we can inherit the lasso_server object, false if not. + */ +static bool cfg_can_inherit_lasso_server(const am_dir_cfg_rec *add_cfg) +{ + if (add_cfg->endpoint_path != default_endpoint_path) + return false; + + if (add_cfg->sp_metadata_file != NULL + || add_cfg->sp_private_key_file != NULL + || add_cfg->sp_cert_file != NULL) + return false; + if (add_cfg->idp_metadata->nelts > 0 + || add_cfg->idp_public_key_file != NULL + || add_cfg->idp_ca_file != NULL + || add_cfg->idp_ignore != NULL) + return false; + + if (apr_hash_count(add_cfg->sp_org_name) > 0 + || apr_hash_count(add_cfg->sp_org_display_name) > 0 + || apr_hash_count(add_cfg->sp_org_url) > 0) + return false; + + return true; +} + + /* This function merges two am_dir_cfg_rec structures. * It will try to inherit from the base where possible. * @@ -1264,8 +1298,14 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->probe_discovery_idp : base_cfg->probe_discovery_idp); - apr_thread_mutex_create(&new_cfg->server_mutex, - APR_THREAD_MUTEX_DEFAULT, p); + + if (cfg_can_inherit_lasso_server(add_cfg)) { + new_cfg->inherit_server_from = base_cfg->inherit_server_from; + } else { + apr_thread_mutex_create(&new_cfg->server_mutex, + APR_THREAD_MUTEX_DEFAULT, p); + new_cfg->inherit_server_from = new_cfg; + } new_cfg->server = NULL; return new_cfg; diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 5694f88..4f79d3a 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -206,14 +206,14 @@ static char *am_generate_metadata(apr_pool_t *p, request_rec *r) * This function loads all IdP metadata in a lasso server * * Parameters: + * am_dir_cfg_rec *cfg The server configuration. * request_rec *r The request we received. * * Returns: * number of loaded providers */ -static guint am_server_add_providers(request_rec *r) +static guint am_server_add_providers(am_dir_cfg_rec *cfg, request_rec *r) { - am_dir_cfg_rec *cfg = am_get_dir_cfg(r); const char *idp_public_key_file; apr_size_t index; @@ -276,6 +276,8 @@ static LassoServer *am_get_lasso_server(request_rec *r) { am_dir_cfg_rec *cfg = am_get_dir_cfg(r); + cfg = cfg->inherit_server_from; + apr_thread_mutex_lock(cfg->server_mutex); if(cfg->server == NULL) { if(cfg->sp_metadata_file == NULL) { @@ -308,7 +310,7 @@ static LassoServer *am_get_lasso_server(request_rec *r) return NULL; } - if (am_server_add_providers(r) == 0) { + if (am_server_add_providers(cfg, r) == 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error adding IdP to lasso server object. Please" " verify the following configuration directives:" @@ -2265,6 +2267,8 @@ static int am_handle_metadata(request_rec *r) if(server == NULL) return HTTP_INTERNAL_SERVER_ERROR; + cfg = cfg->inherit_server_from; + data = cfg->sp_metadata_file; if (data == NULL) return HTTP_INTERNAL_SERVER_ERROR; |