diff options
-rw-r--r-- | README | 12 | ||||
-rw-r--r-- | auth_mellon.h | 8 | ||||
-rw-r--r-- | auth_mellon_cache.c | 18 | ||||
-rw-r--r-- | auth_mellon_config.c | 43 |
4 files changed, 71 insertions, 10 deletions
@@ -215,6 +215,13 @@ MellonPostCount 100 # Default. None set. MellonSetEnv "e-mail" "mail" + # MellonSetEnvNoPrefix is identical to MellonSetEnv, except this + # does not prepend 'MELLON_' to the constructed environment variable. + # The syntax is 'MellonSetEnvNoPrefix <local name> <IdP name>'. + # You can list multiple MellonSetEnvNoPrefix directives. + # Default. None set. + MellonSetEnvNoPrefix "DISPLAY_NAME" "displayName" + # If MellonSessionDump is set, then the SAML session will be # available in the MELLON_SESSION environment variable MellonSessionDump Off @@ -545,8 +552,9 @@ https://example.com/secret/, and get the contents of that page. When authenticating a user, mod_auth_mellon will set some environment variables to the attributes it received from the IdP. The name of the variables will be MELLON_<attribute name>. If you have specified a -different name with the MellonSetEnv configuration directive, then that -name will be used instead. The name will still be prefixed by 'MELLON_'. +different name with the MellonSetEnv or MellonSetEnvNoPrefix configuration +directive, then that name will be used instead. In the case of MellonSetEnv, +the name will still be prefixed by 'MELLON_'. The value of the attribute will be base64 decoded. diff --git a/auth_mellon.h b/auth_mellon.h index 2daacbe..e192850 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -266,6 +266,14 @@ typedef enum { AM_CACHE_NAMEID } am_cache_key_t; +/* Type for configuring environment variable names */ +typedef struct am_envattr_conf_t { + // Name of the variable + const char *name; + // Should a prefix be added + int prefixed; +} am_envattr_conf_t; + extern const command_rec auth_mellon_commands[]; /* When using a value from a directory configuration structure, a special value is used diff --git a/auth_mellon_cache.c b/auth_mellon_cache.c index eb7cc88..3923569 100644 --- a/auth_mellon_cache.c +++ b/auth_mellon_cache.c @@ -351,8 +351,9 @@ void am_cache_env_populate(request_rec *r, am_cache_entry_t *t) am_dir_cfg_rec *d; int i; apr_hash_t *counters; + am_envattr_conf_t *env_varname_conf; const char *varname; - const char *env_varname; + const char *varname_prefix; const char *value; int *count; @@ -376,12 +377,17 @@ void am_cache_env_populate(request_rec *r, am_cache_entry_t *t) */ for(i = 0; i < t->size; ++i) { varname = t->env[i].varname; + varname_prefix = "MELLON_"; /* Check if we should map this name into another name. */ - env_varname = (const char*)apr_hash_get( + env_varname_conf = (am_envattr_conf_t *)apr_hash_get( d->envattr, varname, APR_HASH_KEY_STRING); - if(env_varname != NULL) { - varname = env_varname; + + if(env_varname_conf != NULL) { + varname = env_varname_conf->name; + if (!env_varname_conf->prefixed) { + varname_prefix = ""; + } } value = t->env[i].value; @@ -403,7 +409,7 @@ void am_cache_env_populate(request_rec *r, am_cache_entry_t *t) /* Add the variable without a suffix. */ apr_table_set(r->subprocess_env, - apr_pstrcat(r->pool, "MELLON_", varname, NULL), + apr_pstrcat(r->pool, varname_prefix, varname, NULL), value); } @@ -411,7 +417,7 @@ void am_cache_env_populate(request_rec *r, am_cache_entry_t *t) * been added before. */ apr_table_set(r->subprocess_env, - apr_psprintf(r->pool, "MELLON_%s_%d", varname, *count), + apr_psprintf(r->pool, "%s%s_%d", varname_prefix, varname, *count), value); /* Increase the count. */ diff --git a/auth_mellon_config.c b/auth_mellon_config.c index 36a82ac..8d6345e 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -508,7 +508,38 @@ static const char *am_set_setenv_slot(cmd_parms *cmd, const char *oldName) { am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr; - apr_hash_set(d->envattr, oldName, APR_HASH_KEY_STRING, newName); + /* Configure as prefixed attribute name */ + am_envattr_conf_t *envattr_conf = (am_envattr_conf_t *)apr_palloc(cmd->pool, sizeof(am_envattr_conf_t)); + envattr_conf->name = newName; + envattr_conf->prefixed = 1; + apr_hash_set(d->envattr, oldName, APR_HASH_KEY_STRING, envattr_conf); + return NULL; +} + +/* This function handles the MellonSetEnvNoPrefix configuration directive. + * This directive allows the user to change the name of attributes without prefixing them with MELLON_. + * + * Parameters: + * cmd_parms *cmd The command structure for the MellonSetEnv + * configuration directive. + * void *struct_ptr Pointer to the current directory configuration. + * const char *newName The new name of the attribute. + * const char *oldName The old name of the attribute. + * + * Returns: + * This function will always return NULL. + */ +static const char *am_set_setenv_no_prefix_slot(cmd_parms *cmd, + void *struct_ptr, + const char *newName, + const char *oldName) +{ + am_dir_cfg_rec *d = (am_dir_cfg_rec *)struct_ptr; + /* Configure as not prefixed attribute name */ + am_envattr_conf_t *envattr_conf = (am_envattr_conf_t *)apr_palloc(cmd->pool, sizeof(am_envattr_conf_t)); + envattr_conf->name = newName; + envattr_conf->prefixed = 0; + apr_hash_set(d->envattr, oldName, APR_HASH_KEY_STRING, envattr_conf); return NULL; } @@ -951,9 +982,17 @@ const command_rec auth_mellon_commands[] = { am_set_setenv_slot, NULL, OR_AUTHCFG, - "Renames attributes received from the server. The format is" + "Renames attributes received from the server while retaining prefix MELLON_. The format is" " MellonSetEnv <old name> <new name>." ), + AP_INIT_TAKE2( + "MellonSetEnvNoPrefix", + am_set_setenv_no_prefix_slot, + NULL, + OR_AUTHCFG, + "Renames attributes received from the server without adding prefix. The format is" + " MellonSetEnvNoPrefix <old name> <new name>." + ), AP_INIT_FLAG( "MellonSessionDump", ap_set_flag_slot, |