diff options
author | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-10-09 08:41:45 +0000 |
---|---|---|
committer | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-10-09 08:41:45 +0000 |
commit | 0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0 (patch) | |
tree | 0e4cb945b99e7407cd91dac354a909b7f5278e2c /auth_mellon_config.c | |
parent | 9081ebffabfbb281ad77fb365e7273f5fcab4604 (diff) | |
download | mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.gz mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.tar.xz mod_auth_mellon-0e35cd2063aa3e9857e59e62a9ffddcdbd21aaa0.zip |
Add configuration directive MellonDoNotVerifyLogoutSignature
This directive allows to list IdP entityID for which the signature of
their logout request must not be verified.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_config.c')
-rw-r--r-- | auth_mellon_config.c | 47 |
1 files changed, 44 insertions, 3 deletions
diff --git a/auth_mellon_config.c b/auth_mellon_config.c index 89f33ac..793d7af 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -77,7 +77,6 @@ static const apr_size_t post_size = 1024 * 1024 * 1024; */ static const int post_count = 100; -#if unused /* This function handles configuration directives which set a * multivalued string slot in the module configuration (the destination * strucure is a hash). @@ -117,7 +116,6 @@ static const char *am_set_hash_string_slot(cmd_parms *cmd, return NULL; } -#endif /* unused */ /* This function handles configuration directives which set a * multivalued string slot in the module configuration (the destination @@ -783,6 +781,35 @@ static const char *am_set_authn_context_class_ref(cmd_parms *cmd, return NULL; } +/* This function handles the MellonDoNotVerifyLogoutSignature configuration directive, + * it is identical to the am_set_hash_string_slot function. You can refer to it. + * + * Parameters: + * cmd_parms *cmd The command structure for this configuration + * directive. + * void *struct_ptr Pointer to the current directory configuration. + * NULL if we are not in a directory configuration. + * const char *key The string argument following this configuration + * directive in the configuraion file. + * + * Returns: + * NULL on success or an error string on failure. + */ +static const char *am_set_do_not_verify_logout_signature(cmd_parms *cmd, + void *struct_ptr, + const char *key) +{ +#ifdef HAVE_lasso_profile_set_signature_verify_hint + return am_set_hash_string_slot(cmd, struct_ptr, key, NULL); +#else + return apr_pstrcat(cmd->pool, cmd->cmd->name, + " is not usable as modmellon was compiled against " + "a version of the lasso library which miss the " + "function lasso_profile_set_signature_verify_hint.", + NULL); +#endif +} + /* This array contains all the configuration directive which are handled * by auth_mellon. */ @@ -1109,6 +1136,14 @@ const command_rec auth_mellon_commands[] = { OR_AUTHCFG, "Check address given in SubjectConfirmationData Address attribute. Default is on." ), + AP_INIT_TAKE1( + "MellonDoNotVerifyLogoutSignature", + am_set_do_not_verify_logout_signature, + NULL, + OR_AUTHCFG, + "A list of entity of IdP whose logout requests signatures will not " + "be valided" + ), {NULL} }; @@ -1191,8 +1226,9 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p); dir->inherit_server_from = dir; dir->server = NULL; - dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *));; + dir->authn_context_class_ref = apr_array_make(p, 0, sizeof(char *)); dir->subject_confirmation_data_address_check = inherit_subject_confirmation_data_address_check; + dir->do_not_verify_logout_signature = apr_hash_make(p); return dir; } @@ -1399,6 +1435,11 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->authn_context_class_ref : base_cfg->authn_context_class_ref); + new_cfg->do_not_verify_logout_signature = apr_hash_copy(p, + (apr_hash_count(add_cfg->do_not_verify_logout_signature) > 0) ? + add_cfg->do_not_verify_logout_signature : + base_cfg->do_not_verify_logout_signature); + new_cfg->subject_confirmation_data_address_check = CFG_MERGE(add_cfg, base_cfg, subject_confirmation_data_address_check); |