Handle non successful status posted by the Idp

Idps may decide to deny authentication for a variety of reasons.
In such a case they will post to the application with an unsuccessful
status error code.

Handle the case by returning a more appropriate 401 Unauthorized
HTTP error code.

iDo this using an extensible mechanism to map arbitrary lasso errors
to HTTP errors.

Signed-off-by: Simo Sorce <simo@redhat.com>

git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53

1 files changed, 9 insertions, 1 deletions

diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 1d42fd7..e5c82a6 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -1974,6 +1974,7 @@ static int am_handle_post_reply(request_rec *r)
     LassoServer *server;
     LassoLogin *login;
     char *relay_state;
+    int i, err;
 
     /* Make sure that this is a POST request. */
     if(r->method_number != M_POST) {
@@ -2040,7 +2041,14 @@ static int am_handle_post_reply(request_rec *r)
                       " Lasso error: [%i] %s", rc, lasso_strerror(rc));
 
         lasso_login_destroy(login);
-        return HTTP_BAD_REQUEST;
+        err = HTTP_BAD_REQUEST;
+        for (i = 0; auth_mellon_errormap[i].lasso_error != 0; i++) {
+            if (auth_mellon_errormap[i].lasso_error == rc) {
+                err = auth_mellon_errormap[i].http_error;
+                break;
+            }
+        }
+        return err;
     }
 
     /* Extract RelayState parameter. */