summaryrefslogtreecommitdiffstats
path: root/auth_mellon_config.c
Commit message (Collapse)AuthorAgeFilesLines
* Convert session user name to dynamic size storageolavmrk2014-06-201-2/+0
| | | | | | | | | | Using the previously introduced storage facility convert storage of the user name from being constrained to fixed sized strings to being constrained only by the overall entry cache size. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@236 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Introduce dynamic memory pool for sessionsolavmrk2014-06-201-0/+12
| | | | | | | | | | | This pool has a fixed size and the aim is to avoid arbitrary limits on entry's components, while maintaining an overall fixed entry size. Accessors function for a storage unit are provided for future use. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@231 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add a helper to redirect on unauthorized errorolavmrk2014-04-251-0/+14
| | | | | | | | | | In case we are going to return a HTTP_UNAUTHORIZED error we can also redirect the client to an admin chosen page to let the application handle the error on its own. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@227 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Handle non successful status posted by the Idpolavmrk2014-04-251-0/+7
| | | | | | | | | | | | | | | | Idps may decide to deny authentication for a variety of reasons. In such a case they will post to the application with an unsuccessful status error code. Handle the case by returning a more appropriate 401 Unauthorized HTTP error code. iDo this using an extensible mechanism to map arbitrary lasso errors to HTTP errors. Signed-off-by: Simo Sorce <simo@redhat.com> git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix MellonDoNotVerifyLogoutSignature.olavmrk2013-10-281-1/+1
| | | | | | | | | | | | The configuration directive declaration was missing the parameter describing where the data from the option was stored. The result is that we access invalid memory during configuration parsing, leading to a segmentation fault. As far as I can tell, this error has always been present, so this option hasn't worked before. git-svn-id: https://modmellon.googlecode.com/svn/trunk@220 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSetEvnNoPrefix option.olavmrk2013-05-301-2/+41
| | | | | | | | | This option allows you to set environment variables without the "MELLON_" prefix. Thanks to Laas Toom for implementing this! git-svn-id: https://modmellon.googlecode.com/svn/trunk@211 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix typos.olavmrk2013-05-211-2/+2
| | | | | | Thanks to Thijs Kinkhorst for providing this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@210 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSPentityId to control entityId in autogenerated metadatamanu@netbsd.org2013-04-151-0/+12
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@205 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Handle relative paths in configuration.olavmrk2013-03-061-13/+23
| | | | | | | | | | | This patch changes all configuration options that receive paths to files to convert them to an absolute path. This ensures that relative paths work correctly after the server changes the current working directory during session initialization. Thanks to Jeroen De Ridder for reporting this bug and suggesting a fix! git-svn-id: https://modmellon.googlecode.com/svn/trunk@180 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Disable automatic creation of MellonPostDirectory.olavmrk2013-03-061-6/+1
| | | | | | | | Now that the POST replay functionality has been disabled by default, we can force the administrator to create this directory manually. This saves us from worrying about temp file/directory vulnerabilities. git-svn-id: https://modmellon.googlecode.com/svn/trunk@178 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Disable replay of POST request by default.olavmrk2013-03-061-0/+9
| | | | | | | | | Since we are going to disable autocreation of the POST data directory, we will need to disable POST replay by default. This patch adds the MellonPostReplay option, which can be used to enable and disable the POST replay functionality on a per-location basis. git-svn-id: https://modmellon.googlecode.com/svn/trunk@177 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Change lock file to be stored in /var/run.olavmrk2013-03-061-1/+1
| | | | | | | | | The current code defaults to storing the lock file in /tmp. This patch changes the default to /var/run, which is where such files belong. Note that this lock file is only required on some platforms. git-svn-id: https://modmellon.googlecode.com/svn/trunk@176 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add configuration directive MellonDoNotVerifyLogoutSignaturebenjamin.dauvergne2012-10-091-3/+44
| | | | | | | This directive allows to list IdP entityID for which the signature of their logout request must not be verified. git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix commit 140: error in the merge statement for authn_context_class_ref ↵benjamin.dauvergne2012-06-281-1/+1
| | | | | | configuration variable git-svn-id: https://modmellon.googlecode.com/svn/trunk@158 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add directive MellonSubjectConfirmationDataAddressCheckbenjamin.dauvergne2012-02-171-0/+10
| | | | | | | | | MellonSubjectConfirmationDataAddressCheck allows to block client address checking as given in IdP assertion in the SubjectConfirmationData node, it can be necessary when client and IdP or SP are in a NAT-ed network or when the SP is behind a reverse proxy. git-svn-id: https://modmellon.googlecode.com/svn/trunk@152 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Compatibility with older versions of the apr library.olavmrk2011-12-141-1/+3
| | | | | | | | | The APR_ARRAY_PUSH() macro was recently added to apr. Instead of using it, just use apr_array_push(). Thanks to Benjamin Dauver for providing this patch! git-svn-id: https://modmellon.googlecode.com/svn/trunk@143 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonAutnContextClassRef to configuration directivesolavmrk2011-12-071-0/+41
| | | | | | | | | | | You can list many class refs they will be concatenated inside an array. Beware that in each directory, if there is any MellonAuthnContextClassRef directive, any settings from the previous level is overwritten. Thanks to Benjamin Dauvergne for implementing this. git-svn-id: https://modmellon.googlecode.com/svn/trunk@140 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Honour MellonProbeDiscoveryIdP order when sending probesmanu@netbsd.org2011-12-051-7/+48
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@139 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for inheriting lasso_server objects.olavmrk2011-05-181-3/+43
| | | | | | | | | | | Change configuration to inherit the lasso_server objects when nothing affecting the lasso_server object changes from the parent configuration object. This should speed up processing of requests where you have request-specific configuration changes, such as access control rules. git-svn-id: https://modmellon.googlecode.com/svn/trunk@130 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for loading federation metadata files.olavmrk2011-05-181-28/+106
| | | | | | Patch originally created by Emmanuel Dreyfus, some changes by me. git-svn-id: https://modmellon.googlecode.com/svn/trunk@129 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Remove unused function am_get_provider_id().olavmrk2011-05-181-60/+0
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@128 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Change cfg->idp_metadata_files to an array instead of an hash.olavmrk2011-05-181-15/+7
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@126 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonCookieDomain and MellonCookiePath directivesbenjamin.dauvergne2011-04-071-1/+26
| | | | | | | | | | These allows respectively to set the domain and the path of the domain of the mellon cookie. Without these the domain defaults to the domain return by ap_get_server_name() (see http://httpd.apache.org/dev/apidoc/apidoc_ap_get_server_name.html) and the path to "/". git-svn-id: https://modmellon.googlecode.com/svn/trunk@120 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Fix leak of lasso_server objects.olavmrk2011-03-301-0/+27
| | | | | | | Unfortunately, the lasso_server objects were never destroyed, which led to a memory leak when using request-specific configuration. git-svn-id: https://modmellon.googlecode.com/svn/trunk@118 a716ebb1-153a-0410-b759-cfb97c6a1b53
* New MellonIdPMetadataGlob directive to load mulitple IdP metadatamanu@netbsd.org2011-03-231-0/+55
| | | | | | | using a glob(3) pattern. git-svn-id: https://modmellon.googlecode.com/svn/trunk@117 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Regexp backreference substitution in MellonCond manu@netbsd.org2011-03-221-41/+51
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@116 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Properly terminate parameter list for apr_pstrcat.olavmrk2011-03-181-1/+1
| | | | | | | | On 64-bit, "0" is an 32-bit integer while the parameter list should be terminated by a 64-bit NULL pointer. Change the parameter to NULL to avoid possible misbehaviour due to this. git-svn-id: https://modmellon.googlecode.com/svn/trunk@115 a716ebb1-153a-0410-b759-cfb97c6a1b53
* New MellonCond directive to enable attribute filtering beyond MellonRequire manu@netbsd.org2011-03-171-16/+182
| | | | | | | | | functionalities. Supports regexp, negations, and attribute name remapping though MellonSetEnv git-svn-id: https://modmellon.googlecode.com/svn/trunk@114 a716ebb1-153a-0410-b759-cfb97c6a1b53
* A /mellon/probeDisco endpoint replaces the builtin:get-metadata IdP manu@netbsd.org2011-03-091-9/+77
| | | | | | | | dicovery URL scheme. It is configured using the MellonProbeDiscoveryTimeout and MellonProbeDiscoveryIdP directives. git-svn-id: https://modmellon.googlecode.com/svn/trunk@113 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Remove compiler warningbenjamin.dauvergne2010-09-281-4/+3
| | | | | | | Those unused variable are only used by one branch of the preprocessor conditional. git-svn-id: https://modmellon.googlecode.com/svn/trunk@106 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Check whether the metadata files exists before passing them to Lasso.olavmrk2010-06-171-0/+12
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@92 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Optionaly ave the remote IdP entityId in the environmentmanu@netbsd.org2010-05-311-0/+12
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@84 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Replay POST requets after been sent to the IdPmanu@netbsd.org2009-11-091-0/+55
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@67 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Change apr_uintptr_t to apr_size_t.olavmrk2009-08-071-1/+1
| | | | | | | Older versions of APR does not define apr_uintptr_t. apr_size_t should be more or less equivalent in this place. git-svn-id: https://modmellon.googlecode.com/svn/trunk@60 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonOrganization(Name|DisplayName|URL) for filling themanu@netbsd.org2009-06-151-0/+70
| | | | | | | <Organization> element of autogenerated metadata git-svn-id: https://modmellon.googlecode.com/svn/trunk@57 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add a MellonSamlResponseDump option to dump the SAML authentication response in manu@netbsd.org2009-06-011-0/+17
| | | | | | | the environement git-svn-id: https://modmellon.googlecode.com/svn/trunk@51 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonSessionDump option, to make the session available in the environmentmanu@netbsd.org2009-05-251-1/+16
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@50 a716ebb1-153a-0410-b759-cfb97c6a1b53
* - Support for multiple IdPmanu@netbsd.org2009-05-121-7/+116
| | | | | | | | | - IdP discovery service - add a dimple built-in IdP discovery mechanism: send HTTP GET on ProviderID URL. If we get HTTP 200, the IdP is selected git-svn-id: https://modmellon.googlecode.com/svn/trunk@44 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add a MellonSecureCookie setting to enforce Secure + HttpOnly flags formanu@netbsd.org2009-03-021-0/+19
| | | | | | | | session cookies. git-svn-id: https://modmellon.googlecode.com/svn/trunk@40 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add MellonDefaultLoginPath option.olavmrk2008-11-111-8/+17
| | | | | | | | | | This option is used to decide which page the user should be redirected to if IdP-initiated SSO is used. Thanks to Emmanuel Dreyfus for this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@36 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Use lasso_server_new_from_buffer if available.olavmrk2008-11-101-3/+37
| | | | | | | | | | | | Recent versions of Lasso supports loading the SP metadata, certificate and private key from memory. This patch changes mod_mellon to use this function if it is available. This makes it possible to store the SP private key readable only from root. Thanks to Emmanuel Dreyfus for this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@35 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add two missing configuration merges from CA cert and SP cert support.olavmrk2008-11-101-0/+7
| | | | git-svn-id: https://modmellon.googlecode.com/svn/trunk@33 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Add support for IdP CA certificate and SP certificate.olavmrk2008-10-271-0/+25
| | | | | | | Thanks to Emmanuel Dreyfus for this patch. git-svn-id: https://modmellon.googlecode.com/svn/trunk@31 a716ebb1-153a-0410-b759-cfb97c6a1b53
* Initial import of version 0.0.6olavmrk2007-09-241-0/+580
git-svn-id: https://modmellon.googlecode.com/svn/trunk@3 a716ebb1-153a-0410-b759-cfb97c6a1b53