"Fossies" - the Fresh Open Source Software Archive

Member "mod_auth_pubtkt-0.14/src/mod_auth_pubtkt.h" (17 Dec 2020, 5529 Bytes) of package /linux/www/apache_httpd_modules/mod_auth_pubtkt-0.14.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "mod_auth_pubtkt.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 0.13_vs_0.14.

    1 #ifndef MOD_AUTH_PUBTKT_H
    2 #define MOD_AUTH_PUBTKT_H 1
    3 
    4 #ifndef _WIN32
    5 #include <netinet/in.h>
    6 #include <arpa/inet.h>
    7 #endif
    8 #include <limits.h>
    9 #include <stdio.h>
   10 #include <string.h>
   11 #include <openssl/rsa.h>
   12 #include <openssl/evp.h>
   13 #include <openssl/objects.h>
   14 #include <openssl/x509.h>
   15 #include <openssl/err.h>
   16 #include <openssl/pem.h>
   17 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
   18 #define EVP_MD_CTX_new EVP_MD_CTX_create
   19 #define EVP_MD_CTX_free EVP_MD_CTX_destroy
   20 #endif
   21 
   22 #include "httpd.h"
   23 #include "http_config.h"
   24 #include "http_log.h"
   25 #include "http_core.h"
   26 #include "http_protocol.h"
   27 #include "http_request.h"
   28 #include "ap_mmn.h"
   29 
   30 #if MODULE_MAGIC_NUMBER < 20010224
   31 #include "ap_compat.h"
   32 #else
   33 #include "apr_lib.h"
   34 #include "apr_strings.h"
   35 #include "apr_uuid.h"
   36 #include "apr_base64.h"
   37 #include "apu_version.h"
   38 #endif
   39 #ifndef ap_http_method
   40 #define ap_http_method ap_http_scheme
   41 #endif
   42 #if APU_MAJOR_VERSION > 0
   43 #define apr_uri_default_port_for_scheme apr_uri_port_of_scheme
   44 #endif
   45 
   46 #define MOD_AUTH_PUBTKT_AUTH_TYPE "mod_auth_pubtkt"
   47 #define MOD_AUTH_PUBTKT_HEADER_NAME "Cookie"
   48 #define AUTH_COOKIE_NAME "auth_pubtkt"
   49 #define BACK_ARG_NAME "back"
   50 #define REMOTE_USER_ENV "REMOTE_USER"
   51 #define REMOTE_USER_DATA_ENV "REMOTE_USER_DATA"
   52 #define REMOTE_USER_TOKENS_ENV "REMOTE_USER_TOKENS"
   53 #define MIN_AUTH_COOKIE_SIZE 64 /* the Base64-encoded signature alone is >= 64 bytes */
   54 #define CACHE_SIZE 200          /* number of entries in ticket cache */
   55 #define MAX_UID_SIZE 255         /* maximum length of uid */
   56 #define MAX_TICKET_SIZE 1024    /* maximum length of raw ticket */
   57 #define PASSTHRU_AUTH_KEY_SIZE 16   /* length of symmetric key for passthru basic auth encryption */
   58 #define PASSTHRU_AUTH_IV_SIZE 16
   59 
   60 #define PUBTKT_AUTH_VERSION "0.13"
   61 
   62 /* ----------------------------------------------------------------------- */
   63 /* Per-directory configuration */
   64 typedef struct  {
   65     char                *directory;
   66     char                *login_url;
   67     char                *timeout_url;
   68     char                *post_timeout_url;
   69     char                *unauth_url;
   70     char                *auth_header_name;
   71     char                *auth_cookie_name;
   72     char                *back_arg_name;
   73     char                *refresh_url;
   74     char                *badip_url;
   75     apr_array_header_t  *auth_token;
   76     int                 require_ssl;
   77     int                 debug;
   78     int                 fake_basic_auth;
   79     int                 grace_period;
   80     int                 passthru_basic_auth;
   81     EVP_PKEY            *pubkey;    /* public key for signature verification */
   82     const EVP_MD        *digest;    /* TKTAuthDigest */
   83     const char          *passthru_basic_key;
   84         int                             require_multifactor;
   85         char                            *multifactor_url;
   86 } auth_pubtkt_dir_conf;
   87 
   88 /* Ticket structure */
   89 typedef struct {
   90     char            uid[MAX_UID_SIZE+1];
   91     char            clientip[40];
   92     unsigned int    valid_until;
   93     unsigned int    grace_period;
   94     char            bauth[256];
   95     char            tokens[256];
   96     char            user_data[256];
   97         int                     multifactor;
   98 } auth_pubtkt;
   99 
  100 typedef struct {
  101     request_rec *r;
  102     char *cookie;
  103     char *cookie_name;
  104 } cookie_res;
  105 
  106 /* An entry in the ticket cache.
  107    Note that while each entry has a hash (over the ticket string), this is
  108    not a hash table; managing a real hash table without fiddling with pointers
  109    (which could become a problem if the cache was ever converted to use
  110    shared memory) is rather difficult, and before we start optimizing the
  111    scan over ~200 integer hash values, getting rid of some strlen()s would
  112    probably make a bigger difference.
  113 */
  114 typedef struct {
  115     unsigned int    hash;                       /* hash over the unparsed ticket value (0 = slot available) */
  116     char            ticket[MAX_TICKET_SIZE+1];  /* the unparsed ticket value */
  117     auth_pubtkt     tkt;
  118 } auth_pubtkt_cache_ent;
  119 
  120 typedef struct {
  121     auth_pubtkt_cache_ent   slots[CACHE_SIZE];
  122     int                     nextslot;
  123 } auth_pubtkt_cache;
  124 
  125 #ifdef APACHE13
  126 void auth_pubtkt_init(server_rec *s, pool *p);
  127 void auth_pubtkt_child_init(server_rec *s, pool *p);
  128 #else
  129 static int auth_pubtkt_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s);
  130 static void auth_pubtkt_child_init(apr_pool_t *p, server_rec *s);
  131 #endif
  132 
  133 static void* create_auth_pubtkt_config(apr_pool_t *p, char* path);
  134 static void* merge_auth_pubtkt_config(apr_pool_t *p, void* parent_dirv, void* subdirv);
  135 
  136 static void cache_init(apr_pool_t *p, server_rec* s);
  137 static int cache_get(const char* ticket, auth_pubtkt *tkt);
  138 static void cache_put(const char *ticket, auth_pubtkt *tkt);
  139 static unsigned int cache_hash(const char *ticket);
  140 
  141 static const char *set_auth_pubtkt_token(cmd_parms *cmd, void *cfg, const char *param);
  142 static const char *setup_pubkey(cmd_parms *cmd, void *cfg, const char *param);
  143 static const char *setup_passthru_basic_key(cmd_parms *cmd, void *cfg, const char *param);
  144 static const char *set_auth_pubtkt_debug(cmd_parms *cmd, void *cfg, const char *param);
  145 
  146 static int parse_ticket(request_rec *r, char *ticket, auth_pubtkt *tkt);
  147 static int cookie_match(void *result, const char *key, const char *cookie);
  148 static char *get_cookie_ticket(request_rec *r);
  149 static auth_pubtkt* validate_parse_ticket(request_rec *r, char *ticket);
  150 static int check_tokens(request_rec *r, auth_pubtkt *tkt);
  151 static int check_clientip(request_rec *r, auth_pubtkt *tkt);
  152 static int check_timeout(request_rec *r, auth_pubtkt *tkt);
  153 static int check_grace_period(request_rec *r, auth_pubtkt *tkt);
  154 
  155 static APR_INLINE unsigned char *c2x(unsigned what, unsigned char *where);
  156 static char *escape_extras(apr_pool_t *p, const char *segment);
  157 
  158 static int redirect(request_rec *r, char *location);
  159 
  160 void dump_config(request_rec *r);
  161 
  162 static int auth_pubtkt_check(request_rec *r);
  163 
  164 #endif