| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Using the previously introduced storage facility convert storage of the
user name from being constrained to fixed sized strings to being
constrained only by the overall entry cache size.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@236 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
| |
This pool has a fixed size and the aim is to avoid arbitrary limits
on entry's components, while maintaining an overall fixed entry size.
Accessors function for a storage unit are provided for future use.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@231 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
| |
In case we are going to return a HTTP_UNAUTHORIZED
error we can also redirect the client to an admin chosen
page to let the application handle the error on its own.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@227 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Idps may decide to deny authentication for a variety of reasons.
In such a case they will post to the application with an unsuccessful
status error code.
Handle the case by returning a more appropriate 401 Unauthorized
HTTP error code.
iDo this using an extensible mechanism to map arbitrary lasso errors
to HTTP errors.
Signed-off-by: Simo Sorce <simo@redhat.com>
git-svn-id: https://modmellon.googlecode.com/svn/trunk@226 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configuration directive declaration was missing the parameter
describing where the data from the option was stored. The result is
that we access invalid memory during configuration parsing, leading to
a segmentation fault.
As far as I can tell, this error has always been present, so this
option hasn't worked before.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@220 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
This option allows you to set environment variables without the
"MELLON_" prefix.
Thanks to Laas Toom for implementing this!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@211 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
Thanks to Thijs Kinkhorst for providing this patch.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@210 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@205 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes all configuration options that receive paths to files
to convert them to an absolute path. This ensures that relative paths
work correctly after the server changes the current working directory
during session initialization.
Thanks to Jeroen De Ridder for reporting this bug and suggesting a fix!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@180 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
Now that the POST replay functionality has been disabled by default,
we can force the administrator to create this directory manually. This
saves us from worrying about temp file/directory vulnerabilities.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@178 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
Since we are going to disable autocreation of the POST data directory,
we will need to disable POST replay by default. This patch adds the
MellonPostReplay option, which can be used to enable and disable the
POST replay functionality on a per-location basis.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@177 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
The current code defaults to storing the lock file in /tmp. This patch
changes the default to /var/run, which is where such files belong.
Note that this lock file is only required on some platforms.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@176 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
This directive allows to list IdP entityID for which the signature of
their logout request must not be verified.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@168 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
configuration variable
git-svn-id: https://modmellon.googlecode.com/svn/trunk@158 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
MellonSubjectConfirmationDataAddressCheck allows to block client address
checking as given in IdP assertion in the SubjectConfirmationData node,
it can be necessary when client and IdP or SP are in a NAT-ed network or
when the SP is behind a reverse proxy.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@152 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
The APR_ARRAY_PUSH() macro was recently added to apr. Instead of using
it, just use apr_array_push().
Thanks to Benjamin Dauver for providing this patch!
git-svn-id: https://modmellon.googlecode.com/svn/trunk@143 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
| |
You can list many class refs they will be concatenated inside an array.
Beware that in each directory, if there is any
MellonAuthnContextClassRef directive, any settings from the previous
level is overwritten.
Thanks to Benjamin Dauvergne for implementing this.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@140 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@139 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
| |
Change configuration to inherit the lasso_server objects when nothing
affecting the lasso_server object changes from the parent configuration
object.
This should speed up processing of requests where you have
request-specific configuration changes, such as access control rules.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@130 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
| |
Patch originally created by Emmanuel Dreyfus, some changes by me.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@129 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@128 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@126 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
| |
These allows respectively to set the domain and the path of the domain
of the mellon cookie. Without these the domain defaults to the domain
return by ap_get_server_name() (see
http://httpd.apache.org/dev/apidoc/apidoc_ap_get_server_name.html)
and the path to "/".
git-svn-id: https://modmellon.googlecode.com/svn/trunk@120 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
Unfortunately, the lasso_server objects were never destroyed, which
led to a memory leak when using request-specific configuration.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@118 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
using a glob(3) pattern.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@117 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@116 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
On 64-bit, "0" is an 32-bit integer while the parameter list should be
terminated by a 64-bit NULL pointer. Change the parameter to NULL to
avoid possible misbehaviour due to this.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@115 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
functionalities. Supports regexp, negations, and attribute name remapping
though MellonSetEnv
git-svn-id: https://modmellon.googlecode.com/svn/trunk@114 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
dicovery URL scheme. It is configured using the MellonProbeDiscoveryTimeout
and MellonProbeDiscoveryIdP directives.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@113 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
Those unused variable are only used by one branch of the preprocessor
conditional.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@106 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@92 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@84 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@67 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
Older versions of APR does not define apr_uintptr_t. apr_size_t should
be more or less equivalent in this place.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@60 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
<Organization> element of autogenerated metadata
git-svn-id: https://modmellon.googlecode.com/svn/trunk@57 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
the environement
git-svn-id: https://modmellon.googlecode.com/svn/trunk@51 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@50 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
| |
- IdP discovery service
- add a dimple built-in IdP discovery mechanism: send HTTP GET on ProviderID
URL. If we get HTTP 200, the IdP is selected
git-svn-id: https://modmellon.googlecode.com/svn/trunk@44 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
| |
session cookies.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@40 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
| |
This option is used to decide which page the user should be
redirected to if IdP-initiated SSO is used.
Thanks to Emmanuel Dreyfus for this patch.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@36 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent versions of Lasso supports loading the SP metadata,
certificate and private key from memory. This patch changes mod_mellon
to use this function if it is available. This makes it possible to store
the SP private key readable only from root.
Thanks to Emmanuel Dreyfus for this patch.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@35 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
| |
git-svn-id: https://modmellon.googlecode.com/svn/trunk@33 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
|
|
|
|
|
| |
Thanks to Emmanuel Dreyfus for this patch.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@31 a716ebb1-153a-0410-b759-cfb97c6a1b53
|
|
git-svn-id: https://modmellon.googlecode.com/svn/trunk@3 a716ebb1-153a-0410-b759-cfb97c6a1b53
|