diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2011-05-18 10:49:25 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2011-05-18 10:49:25 +0000 |
commit | 72ae1cf68711a31ec62e27e8854b2100c8931c7e (patch) | |
tree | 638f16a9f6aca137704b51afe90f99e10260bd1a /auth_mellon_config.c | |
parent | b300601da94d8ec029ba7e55491f36dcee95b995 (diff) | |
download | mod_auth_mellon-72ae1cf68711a31ec62e27e8854b2100c8931c7e.tar.gz mod_auth_mellon-72ae1cf68711a31ec62e27e8854b2100c8931c7e.tar.xz mod_auth_mellon-72ae1cf68711a31ec62e27e8854b2100c8931c7e.zip |
Add support for loading federation metadata files.
Patch originally created by Emmanuel Dreyfus, some changes by me.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@129 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_config.c')
-rw-r--r-- | auth_mellon_config.c | 134 |
1 files changed, 106 insertions, 28 deletions
diff --git a/auth_mellon_config.c b/auth_mellon_config.c index aff13f6..23db996 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -163,37 +163,41 @@ static const char *am_set_filestring_slot(cmd_parms *cmd, /* This function handles configuration directives which use - * a glob pattern + * a glob pattern, with a second optional argument * * Parameters: * cmd_parms *cmd The command structure for this configuration * directive. * void *struct_ptr Pointer to the current directory configuration. * NULL if we are not in a directory configuration. - * const char *arg The string argument following this configuration - * directive in the configuraion file. + * const char *glob_pat glob(3) pattern + * const char *option Optional argument * * Returns: * NULL on success or an error string on failure. */ -static const char *am_set_glob_fn(cmd_parms *cmd, - void *struct_ptr, - const char *arg) +static const char *am_set_glob_fn12(cmd_parms *cmd, + void *struct_ptr, + const char *glob_pat, + const char *option) { - const char *(*take_argv)(cmd_parms *, void *, const char *); + const char *(*take_argv)(cmd_parms *, void *, const char *, const char *); apr_array_header_t *files; const char *error; const char *directory; int i; take_argv = cmd->info; - directory = am_filepath_dirname(cmd->pool, arg); - if (arg == NULL || *arg == '\0') - return apr_psprintf(cmd->pool, "%s takes one argument", cmd->cmd->name); + directory = am_filepath_dirname(cmd->pool, glob_pat); - if (apr_match_glob(arg, &files, cmd->pool) != 0) - return take_argv(cmd, struct_ptr, arg); + if (glob_pat == NULL || *glob_pat == '\0') + return apr_psprintf(cmd->pool, + "%s takes one or two arguments", + cmd->cmd->name); + + if (apr_match_glob(glob_pat, &files, cmd->pool) != 0) + return take_argv(cmd, struct_ptr, glob_pat, option); for (i = 0; i < files->nelts; i++) { const char *path; @@ -201,7 +205,7 @@ static const char *am_set_glob_fn(cmd_parms *cmd, path = apr_pstrcat(cmd->pool, directory, "/", ((const char **)(files->elts))[i], NULL); - error = take_argv(cmd, struct_ptr, path); + error = take_argv(cmd, struct_ptr, path, option); if (error != NULL) return error; @@ -218,25 +222,85 @@ static const char *am_set_glob_fn(cmd_parms *cmd, * directive. * void *struct_ptr Pointer to the current directory configuration. * NULL if we are not in a directory configuration. - * const char *arg The string argument following this configuration - * directive in the configuraion file. + * const char *metadata Path to metadata file for one or multiple IdP + * const char *chain Optional path to validating chain * * Returns: * NULL on success or an error string on failure. */ static const char *am_set_idp_string_slot(cmd_parms *cmd, void *struct_ptr, - const char *arg) + const char *metadata, + const char *chain) +{ + server_rec *s = cmd->server; + apr_pool_t *pconf = s->process->pconf; + am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr; + +#ifndef HAVE_lasso_server_load_metadata + if (chain != NULL) + return apr_psprintf(cmd->pool, "Cannot specify validating chain " + "for %s since lasso library lacks " + "lasso_server_load_metadata()", cmd->cmd->name); +#endif /* HAVE_lasso_server_load_metadata */ + + am_metadata_t *idp_metadata = apr_array_push(cfg->idp_metadata); + idp_metadata->file = apr_pstrdup(pconf, metadata); + idp_metadata->chain = apr_pstrdup(pconf, chain); + + return NULL; +} + + +/* This function handles configuration directives which set an + * idp federation blacklist slot in the module configuration. + * + * Parameters: + * cmd_parms *cmd The command structure for this configuration + * directive. + * void *struct_ptr Pointer to the current directory configuration. + * NULL if we are not in a directory configuration. + * int argc Number of blacklisted providerId. + * char *const argv[] List of blacklisted providerId. + * + * Returns: + * NULL on success, or errror string + */ +static const char *am_set_idp_ignore_slot(cmd_parms *cmd, + void *struct_ptr, + int argc, + char *const argv[]) { +#ifdef HAVE_lasso_server_load_metadata server_rec *s = cmd->server; apr_pool_t *pconf = s->process->pconf; am_dir_cfg_rec *cfg = (am_dir_cfg_rec *)struct_ptr; - const char **filename_slot; + GList *new_idp_ignore; + int i; + + if (argc < 1) + return apr_psprintf(cmd->pool, "%s takes at least one arguments", + cmd->cmd->name); - filename_slot = apr_array_push(cfg->idp_metadata_files); - *filename_slot = apr_pstrdup(pconf, arg); + for (i = 0; i < argc; i++) { + new_idp_ignore = apr_palloc(pconf, sizeof(GList)); + new_idp_ignore->data = apr_pstrdup(pconf, argv[i]); + + /* Prepend it to the list. */ + new_idp_ignore->next = cfg->idp_ignore; + if (cfg->idp_ignore != NULL) + cfg->idp_ignore->prev = new_idp_ignore; + cfg->idp_ignore = new_idp_ignore; + } return NULL; + +#else /* HAVE_lasso_server_load_metadata */ + + return apr_psprintf(cmd->pool, "Cannot use %s since lasso library lacks " + "lasso_server_load_metadata()", cmd->cmd->name); + +#endif /* HAVE_lasso_server_load_metadata */ } @@ -861,19 +925,21 @@ const command_rec auth_mellon_commands[] = { OR_AUTHCFG, "Full path to pem file with certificate for the SP." ), - AP_INIT_TAKE1( + AP_INIT_TAKE12( "MellonIdPMetadataFile", am_set_idp_string_slot, NULL, OR_AUTHCFG, - "Full path to xml metadata file for the IdP." + "Full path to xml metadata file for IdP, " + "with optional validating chain." ), - AP_INIT_TAKE1( + AP_INIT_TAKE12( "MellonIdPMetadataGlob", - am_set_glob_fn, + am_set_glob_fn12, am_set_idp_string_slot, OR_AUTHCFG, - "Full path to xml metadata files for the IdP, with glob(3) patterns." + "Full path to xml metadata files for IdP, with glob(3) patterns. " + "An optional validating chain can be supplied." ), AP_INIT_TAKE1( "MellonIdPPublicKeyFile", @@ -889,6 +955,13 @@ const command_rec auth_mellon_commands[] = { OR_AUTHCFG, "Full path to pem file with CA chain for the IdP." ), + AP_INIT_TAKE_ARGV( + "MellonIdPIgnore", + am_set_idp_ignore_slot, + NULL, + OR_AUTHCFG, + "List of IdP entityId to ignore." + ), AP_INIT_TAKE12( "MellonOrganizationName", am_set_langstring_slot, @@ -1017,9 +1090,10 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->sp_metadata_file = NULL; dir->sp_private_key_file = NULL; dir->sp_cert_file = NULL; - dir->idp_metadata_files = apr_array_make(p, 0, sizeof(const char *)); + dir->idp_metadata = apr_array_make(p, 0, sizeof(am_metadata_t)); dir->idp_public_key_file = NULL; dir->idp_ca_file = NULL; + dir->idp_ignore = NULL; dir->login_path = default_login_path; dir->discovery_url = NULL; dir->probe_discovery_timeout = -1; /* -1 means no probe discovery */ @@ -1141,9 +1215,9 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->sp_cert_file : base_cfg->sp_cert_file); - new_cfg->idp_metadata_files = (add_cfg->idp_metadata_files->nelts > 0 ? - add_cfg->idp_metadata_files : - base_cfg->idp_metadata_files); + new_cfg->idp_metadata = (add_cfg->idp_metadata->nelts ? + add_cfg->idp_metadata : + base_cfg->idp_metadata); new_cfg->idp_public_key_file = (add_cfg->idp_public_key_file ? add_cfg->idp_public_key_file : @@ -1153,6 +1227,10 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->idp_ca_file : base_cfg->idp_ca_file); + new_cfg->idp_ignore = add_cfg->idp_ignore != NULL ? + add_cfg->idp_ignore : + base_cfg->idp_ignore; + new_cfg->sp_org_name = apr_hash_copy(p, (apr_hash_count(add_cfg->sp_org_name) > 0) ? add_cfg->sp_org_name : |