From 283d4c444bccc6bc52410eed6cd9fccf6ea3fa40 Mon Sep 17 00:00:00 2001 From: "manu@netbsd.org" Date: Mon, 15 Jun 2009 13:33:34 +0000 Subject: Add MellonOrganization(Name|DisplayName|URL) for filling the element of autogenerated metadata git-svn-id: https://modmellon.googlecode.com/svn/trunk@57 a716ebb1-153a-0410-b759-cfb97c6a1b53 --- README | 10 ++++++- auth_mellon.h | 5 ++++ auth_mellon_config.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++ auth_mellon_handler.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++- 4 files changed, 158 insertions(+), 2 deletions(-) diff --git a/README b/README index cac212c..1bd7941 100644 --- a/README +++ b/README @@ -241,7 +241,15 @@ MellonLockFile "/tmp/mellonLock" # MellonSPMetadataFile is the full path to the file containing # the metadata for this service provider. # Default: if not set, metadata will be autogenerated - MellonSPMetadataFile /etc/apache2/mellon/sp-metadata.xml + MellonSPMetadataFile /etc/apache2/mellon/sp-metadata.xml + + # If you choose to autogenerate metadata, these option + # can be used to fill the element. They + # all follow the syntax "option [lang] value": + # MellonOrganizationName "random-service" + # MellonOrganizationDisplayName "en" "Random service" + # MellonOrganizationDisplayName "fr" "Service quelconque" + # MellonOrganizationURL "http://www.espci.fr" # MellonSPPrivateKeyFile is a .pem file which contains the private # key of the service provider. The .pem-file cannot be encrypted diff --git a/auth_mellon.h b/auth_mellon.h index 2554cfc..be56b6d 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -152,6 +152,11 @@ typedef struct am_dir_cfg_rec { const char *idp_public_key_file; const char *idp_ca_file; + /* metadata autogeneration helper */ + apr_hash_t *sp_org_name; + apr_hash_t *sp_org_display_name; + apr_hash_t *sp_org_url; + /* Maximum number of seconds a session is valid for. */ int session_length; diff --git a/auth_mellon_config.c b/auth_mellon_config.c index bcb74ac..e0277a5 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -399,6 +399,36 @@ static const char *am_set_require_slot(cmd_parms *cmd, return NULL; } +/* This function handles the MellonOrganization* directives, which + * which specify language-qualified strings + * + * Parameters: + * cmd_parms *cmd The command structure for the MellonOrganization* + * configuration directive. + * void *struct_ptr Pointer to the current directory configuration. + * const char *lang Pointer to the language string (optional) + * const char *value Pointer to the data + * + * Returns: + * NULL on success or an error string on failure. + */ +static const char *am_set_langstring_slot(cmd_parms *cmd, + void *struct_ptr, + const char *lang, + const char *value) +{ + apr_hash_t *h = *(apr_hash_t **)(struct_ptr + (apr_uintptr_t)cmd->info); + + if (value == NULL || *value == '\0') { + value = lang; + lang = ""; + } + + apr_hash_set(h, lang, APR_HASH_KEY_STRING, + apr_pstrdup(cmd->server->process->pconf, value)); + + return NULL; +} /* This array contains all the configuration directive which are handled * by auth_mellon. @@ -569,6 +599,27 @@ const command_rec auth_mellon_commands[] = { OR_AUTHCFG, "Full path to pem file with CA chain for the IdP." ), + AP_INIT_TAKE12( + "MellonOrganizationName", + am_set_langstring_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_name), + OR_AUTHCFG, + "Language-qualified oranization name." + ), + AP_INIT_TAKE12( + "MellonOrganizationDisplayName", + am_set_langstring_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_display_name), + OR_AUTHCFG, + "Language-qualified oranization name, human redable." + ), + AP_INIT_TAKE12( + "MellonOrganizationURL", + am_set_langstring_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, sp_org_url), + OR_AUTHCFG, + "Language-qualified oranization URL." + ), AP_INIT_TAKE1( "MellonDefaultLoginPath", ap_set_string_slot, @@ -640,6 +691,10 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->login_path = default_login_path; dir->discovery_url = NULL; + dir->sp_org_name = apr_hash_make(p); + dir->sp_org_display_name = apr_hash_make(p); + dir->sp_org_url = apr_hash_make(p); + apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p); dir->server = NULL; @@ -751,6 +806,21 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->idp_ca_file : base_cfg->idp_ca_file); + new_cfg->sp_org_name = apr_hash_copy(p, + (apr_hash_count(add_cfg->sp_org_name) > 0) ? + add_cfg->sp_org_name : + base_cfg->sp_org_name); + + new_cfg->sp_org_display_name = apr_hash_copy(p, + (apr_hash_count(add_cfg->sp_org_display_name) > 0) ? + add_cfg->sp_org_display_name : + base_cfg->sp_org_display_name); + + new_cfg->sp_org_url = apr_hash_copy(p, + (apr_hash_count(add_cfg->sp_org_url) > 0) ? + add_cfg->sp_org_url : + base_cfg->sp_org_url); + new_cfg->login_path = (add_cfg->login_path != default_login_path ? add_cfg->login_path : base_cfg->login_path); diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 8bdf64a..6d4259a 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -69,6 +69,78 @@ static char *am_get_endpoint_url(request_rec *r) } #ifdef HAVE_lasso_server_new_from_buffers +/* This function generates optional metadata for a given element + * + * Parameters: + * apr_pool_t *p Pool to allocate memory from + * apr_hash_t *t Hash of lang -> strings + * const char *e Name of the element + * + * Returns: + * the metadata, or NULL if an error occured + */ +static char *am_optional_metadata_element(apr_pool_t *p, + apr_hash_t *h, + const char *e) +{ + apr_hash_index_t *index; + char *data = ""; + + for (index = apr_hash_first(p, h); index; index = apr_hash_next(index)) { + char *lang; + char *value; + apr_ssize_t slen; + char *xmllang = ""; + + apr_hash_this(index, (const void **)&lang, &slen, (void *)&value); + + if (*lang != '\0') + xmllang = apr_psprintf(p, " xml:lang=\"%s\"", lang); + + data = apr_psprintf(p, "%s<%s%s>%s", + data, e, xmllang, value, e); + } + + return data; +} + +/* This function generates optinal metadata + * + * Parameters: + * request_rec *r The request we received. + * + * Returns: + * the metadata, or NULL if an error occured + */ +static char *am_optional_metadata(apr_pool_t *p, request_rec *r) +{ + am_dir_cfg_rec *cfg = am_get_dir_cfg(r); + int count = 0; + char *org_data = NULL; + char *org_name = NULL; + char *org_display_name = NULL; + char *org_url = NULL; + + count += apr_hash_count(cfg->sp_org_name); + count += apr_hash_count(cfg->sp_org_display_name); + count += apr_hash_count(cfg->sp_org_url); + + if (count == 0) + return ""; + + org_name = am_optional_metadata_element(p, cfg->sp_org_name, + "OrganizationName"); + org_display_name = am_optional_metadata_element(p, cfg->sp_org_display_name, + "OrganizationDisplayName"); + org_url = am_optional_metadata_element(p, cfg->sp_org_url, + "OrganizationURL"); + org_data = apr_psprintf(p, "%s%s%s", + org_name, org_display_name, org_url); + + return org_data; +} + + /* This function generates metadata * * Parameters: @@ -161,8 +233,9 @@ static char *am_generate_metadata(apr_pool_t *p, request_rec *r) "Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" " "Location=\"%spostResponse\" />" "" + "%s" "", - url, cert, url, url, url, url); + url, cert, url, url, url, url, am_optional_metadata(p, r)); } #endif /* HAVE_lasso_server_new_from_buffers */ -- cgit