diff options
| author | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-02-17 14:01:24 +0000 |
|---|---|---|
| committer | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-02-17 14:01:24 +0000 |
| commit | ce1a5d08aa3aa1e78b3bcf3a76915c875f37f8cb (patch) | |
| tree | 65d0881f51ee87cfe38738c260e8bf32ae43f26f /auth_mellon.h | |
| parent | 10e252281585a8a84b6be49ebca1e293aea78000 (diff) | |
| download | mod_auth_mellon-ce1a5d08aa3aa1e78b3bcf3a76915c875f37f8cb.tar.gz mod_auth_mellon-ce1a5d08aa3aa1e78b3bcf3a76915c875f37f8cb.tar.xz mod_auth_mellon-ce1a5d08aa3aa1e78b3bcf3a76915c875f37f8cb.zip | |
Add directive MellonSubjectConfirmationDataAddressCheck
MellonSubjectConfirmationDataAddressCheck allows to block client address
checking as given in IdP assertion in the SubjectConfirmationData node,
it can be necessary when client and IdP or SP are in a NAT-ed network or
when the SP is behind a reverse proxy.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@152 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon.h')
| -rw-r--r-- | auth_mellon.h | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/auth_mellon.h b/auth_mellon.h index 8846808..0ec0e11 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -219,6 +219,8 @@ typedef struct am_dir_cfg_rec { /* AuthnContextClassRef list */ apr_array_header_t *authn_context_class_ref; + /* Controls the checking of SubjectConfirmationData.Address attribute */ + int subject_confirmation_data_address_check; /* Cached lasso server object. */ LassoServer *server; @@ -255,6 +257,26 @@ typedef enum { extern const command_rec auth_mellon_commands[]; +/* When using a value from a directory configuration structure, a special value is used + * to state "inherit" from parent, when reading a value and the value is still inherit from, it + * means that no value has ever been set for this directive, in this case, we use the default + * value. + * + * This macro expects that if your variable is called "name" there is a static const variable named + * "default_name" which holds the default value for this variable. + */ +#define CFG_VALUE(container, name) \ + (container->name == inherit_##name ? default_##name : container->name) + +#define CFG_MERGE(add_cfg, base_cfg, name) \ + (add_cfg->name == inherit_##name ? base_cfg->name : add_cfg->name) + +/** Default and inherit value for SubjectConfirmationData Address check setting. + */ +static const int default_subject_confirmation_data_address_check = 1; +static const int inherit_subject_confirmation_data_address_check = -1; + + void *auth_mellon_dir_config(apr_pool_t *p, char *d); void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add); void *auth_mellon_server_config(apr_pool_t *p, server_rec *s); |