| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Recent versions of libcurl do not allow CUROPT_SSL_VERIFYHOST to be
set to 1.
The default in cURL has been to validate both the certificate and the
host since 2002. Setting these options is therefore unnecessary.
Thanks to Nikola Ivačič for notifying us about this problem!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@216 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@214 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@213 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@212 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
This option allows you to set environment variables without the
"MELLON_" prefix.
Thanks to Laas Toom for implementing this!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@211 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
Thanks to Thijs Kinkhorst for providing this patch.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@210 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@209 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
Thansk to Thijs Kinkhorst for identifying the changes that were
necessary!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@208 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@207 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apache has fixed a bug/misfeature where
ap_unescape_url_keep2f() decoded %2f-escapes. This leaves us with no
functions that can be used to urldecode strings, so we have to roll
our own.
If we drop support for Apache 2.2, we can use
ap_unescape_urlencoded().
See: http://svn.apache.org/viewvc?view=revision&revision=578332
git-svn-id: https://modmellon.googlecode.com/svn/trunk@206 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@205 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@204 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@203 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
In the case where we are missing the repost data, we currently
display a 400 Bad Request error. This patch changes the code to
redirect to the end URL instead, which at least has a chance to
work.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@202 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
| |
We were mixing microseconds and seconds, causing us to always delete
all the repost data. This patch fixes the comparison, and also
optimizes it a bit.
Thanks to Matthew Slowe for diagnosing this bug!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@201 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@199 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@198 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
I accidentally committed a revert that I had done for debugging.
This commit reverts the revert :)
git-svn-id: https://modmellon.googlecode.com/svn/trunk@197 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@196 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
This reverts commit ee8e7f205d6c7cecdc56491877de88a361e027e3.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@195 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
Instead of relying on the Lasso library including GLib for us,
we should link directly with it.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@194 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
This sets the default indentation to 4 spaces, and disables tabs.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@193 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@190 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@189 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
This file has been replaced with the issue tracker, so remove it.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@188 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
The Debian build files will be moving to a separate repository.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@187 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Accessing the "login"-endpoint with multiple IdPs configured would
bypass the discovery service. This patch changes the behaviour so
that we send a discovery service request instead.
This breaks backwardscompatibility slightly, but hopefully it should
not be a problem.
This fixes issue 13: https://code.google.com/p/modmellon/issues/detail?id=13
git-svn-id: https://modmellon.googlecode.com/svn/trunk@186 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
This doesn't fix any bugs, it just makes the code cleaner.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@185 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
| |
If we mark the session as logged in before all processing is completed,
a failure during login processing (e.g. too big attribute values) can
cause a user to receive a "half-authenticated" session.
This patch changes the code so that the last task before releaseing the
session is to mark it as logged in.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@184 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
We currently release the session lock only to grab it again a few
instructions later. This patch changes this so that we initialize
the session in one operation.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@183 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
We had forgotten to release the session object in one of the error paths
during login. This could result in us hanging onto the session mutex after
the request has finished, this deadlocking the server. This patch fixes
that error.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@182 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
Since this function is used for both generating session IDs and for
generating POST data identifiers for POST replay, it should have a
generic name.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@181 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes all configuration options that receive paths to files
to convert them to an absolute path. This ensures that relative paths
work correctly after the server changes the current working directory
during session initialization.
Thanks to Jeroen De Ridder for reporting this bug and suggesting a fix!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@180 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@179 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
Now that the POST replay functionality has been disabled by default,
we can force the administrator to create this directory manually. This
saves us from worrying about temp file/directory vulnerabilities.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@178 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
Since we are going to disable autocreation of the POST data directory,
we will need to disable POST replay by default. This patch adds the
MellonPostReplay option, which can be used to enable and disable the
POST replay functionality on a per-location basis.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@177 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
The current code defaults to storing the lock file in /tmp. This patch
changes the default to /var/run, which is where such files belong.
Note that this lock file is only required on some platforms.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@176 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@175 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
The "metadata" and "repost" handlers were tested twice in the
endpoint handler. This patch removes the last occurence, since they
are never reached.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@174 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@173 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
| |
We need to restore the profile state when creating a logout request,
so that Lasso has the information it requires for logging out.
If we do not do this, every logout "fail" with the log message:
User attempted to initiate logout without being loggged in.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@172 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@171 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@170 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@169 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
This directive allows to list IdP entityID for which the signature of
their logout request must not be verified.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
Handle the case of an IdP not handling SLO as a normal situation, not an
internal error, so that the HTTP flow can get back to the ReturnURL
without interruption.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@167 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Change am_restore_lasso_profile_state to take an am_cache_entry_t*
as parameter instead of looking at the current session (there is no
session when you receive a SOAP request),
- Restore the profile state after parsing the Logout request not before,
- Always lookup the session through the NameID, as nothing in the spec
forbid out-of-browser HTTP-Redirect requests,
- Use the new helper function to return the LogoutResponse.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@166 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@165 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
configuration variable
git-svn-id: https://modmellon.googlecode.com/svn/trunk@158 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
JMeter may apparently use this.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@157 a716ebb1-153a-0410-b759-cfb97c6a1b53
|