[pubcookie-dev] WEBISO CVS update: jteaton;
index.cgi.c,1.109,1.109.2.1 index.cgi.h,1.42,1.42.4.1
keyclient.c,2.37,2.37.2.1 libpubcookie.c,2.62,2.62.2.1
libpubcookie.h,1.40,1.40.2.1 mod_pubcookie.c,1.123,1.123.4.1
mod_pubcookie.h,2.4,2.4.4.1 pubcookie.h,1.17,1.17.6.1
security.c,1.6,1.6.6.1 security.h,1.8,1.8.4.1
security_legacy.c,1.31,1.31.2.1
jeaton+ at andrew.cmu.edu
jeaton+ at andrew.cmu.edu
Tue Dec 9 10:37:06 PST 2003
- Previous message: [pubcookie-dev] Pubcookei cvs back
- Next message: [pubcookie-dev] WEBISO CVS update: jteaton;
index.cgi.c,1.109,1.109.2.1 index.cgi.h,1.42,1.42.4.1
keyclient.c,2.37,2.37.2.1 libpubcookie.c,2.62,2.62.2.1
libpubcookie.h,1.40,1.40.2.1 mod_pubcookie.c,1.123,1.123.4.1
mod_pubcookie.h,2.4,2.4.4.1 pubcookie
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /usr/local/cvsroot/webiso/pubcookie/src
In directory webiso-cvs.cac.washington.edu:/var/tmp/cvs-serv2903/webiso/pubcookie/src
Modified Files:
Tag: security-context
flavor.h flavor_getcred.c index.cgi.c index.cgi.h keyclient.c
libpubcookie.c libpubcookie.h mod_pubcookie.c mod_pubcookie.h
pubcookie.h security.c security.h security_legacy.c
Log Message:
first pass at integrating CMU security context changes
Index: webiso/pubcookie/src/flavor.h
diff -c webiso/pubcookie/src/flavor.h:1.9 webiso/pubcookie/src/flavor.h:1.9.6.1
*** webiso/pubcookie/src/flavor.h:1.9 Wed Jul 2 15:04:04 2003
--- webiso/pubcookie/src/flavor.h Tue Dec 9 10:37:03 2003
***************
*** 10,16 ****
* - the policy of when freerides are allowed
* - what the layout of the login page is, how login messages are printed.
*
! * $Id: flavor.h,v 1.9 2003/07/02 22:04:04 willey Exp $
*/
#ifndef INCLUDED_FLAVOR_H
--- 10,16 ----
* - the policy of when freerides are allowed
* - what the layout of the login page is, how login messages are printed.
*
! * $Id: flavor.h,v 1.9.6.1 2003/12/09 18:37:03 jteaton Exp $
*/
#ifndef INCLUDED_FLAVOR_H
***************
*** 49,55 ****
/* given a login request 'l' and a (possibly NULL) login cookie 'c',
process the request. if there are insufficient credentials,
print out a login form and return accordingly. */
! login_result (*process_request)(pool *p, login_rec *l, login_rec *c,
const char **errstr);
};
--- 49,56 ----
/* given a login request 'l' and a (possibly NULL) login cookie 'c',
process the request. if there are insufficient credentials,
print out a login form and return accordingly. */
! login_result (*process_request)(pool *p, const security_context *context,
! login_rec *l, login_rec *c,
const char **errstr);
};
Index: webiso/pubcookie/src/flavor_getcred.c
diff -c webiso/pubcookie/src/flavor_getcred.c:1.19 webiso/pubcookie/src/flavor_getcred.c:1.19.4.1
*** webiso/pubcookie/src/flavor_getcred.c:1.19 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/flavor_getcred.c Tue Dec 9 10:37:03 2003
***************
*** 6,12 ****
/** @file flavor_getcred.c
* Getcred flavor
*
! * $Id: flavor_getcred.c,v 1.19 2003/07/03 04:25:21 willey Exp $
*/
--- 6,12 ----
/** @file flavor_getcred.c
* Getcred flavor
*
! * $Id: flavor_getcred.c,v 1.19.4.1 2003/12/09 18:37:03 jteaton Exp $
*/
***************
*** 178,184 ****
return r;
}
! static login_result process_getcred(pool *p, login_rec *l, login_rec *c,
const char **errstr)
{
login_result basic_res;
--- 178,185 ----
return r;
}
! static login_result process_getcred(pool *p, const security_context *context,
! login_rec *l, login_rec *c,
const char **errstr)
{
login_result basic_res;
***************
*** 190,196 ****
assert(v != NULL);
! basic_res = login_flavor_basic.process_request(p, l, c, errstr);
if (basic_res != LOGIN_OK) {
/* we aren't authenticated; we need to do that */
--- 191,197 ----
assert(v != NULL);
! basic_res = login_flavor_basic.process_request(p, context, l, c, errstr);
if (basic_res != LOGIN_OK) {
/* we aren't authenticated; we need to do that */
***************
*** 264,270 ****
}
/* decrypt */
! if (libpbc_rd_priv(p, NULL, plain, plainlen,
&(master->str), &(master->sz))) {
pbc_log_activity(p, PBC_LOG_ERROR,
"flavor_getcred: couldn't libpbc_rd_priv %s",
--- 265,271 ----
}
/* decrypt */
! if (libpbc_rd_priv(p, context, NULL, plain, plainlen,
&(master->str), &(master->sz))) {
pbc_log_activity(p, PBC_LOG_ERROR,
"flavor_getcred: couldn't libpbc_rd_priv %s",
***************
*** 291,297 ****
/* put the new credentials in a star cookie so they'll be sent to the
app server */
/* encrypt */
! if (libpbc_mk_priv(p, l->host, newcreds->str, newcreds->sz,
&outbuf, &outlen)) {
pbc_log_activity(p, PBC_LOG_ERROR,
"flavor_getcred: libpbc_mk_priv failed");
--- 292,298 ----
/* put the new credentials in a star cookie so they'll be sent to the
app server */
/* encrypt */
! if (libpbc_mk_priv(p, context, l->host, newcreds->str, newcreds->sz,
&outbuf, &outlen)) {
pbc_log_activity(p, PBC_LOG_ERROR,
"flavor_getcred: libpbc_mk_priv failed");
Index: webiso/pubcookie/src/index.cgi.c
diff -c webiso/pubcookie/src/index.cgi.c:1.109 webiso/pubcookie/src/index.cgi.c:1.109.2.1
*** webiso/pubcookie/src/index.cgi.c:1.109 Thu Dec 4 13:40:24 2003
--- webiso/pubcookie/src/index.cgi.c Tue Dec 9 10:37:03 2003
***************
*** 6,12 ****
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.109 2003/12/04 21:40:24 willey Exp $
*/
#ifdef HAVE_CONFIG_H
--- 6,12 ----
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.109.2.1 2003/12/09 18:37:03 jteaton Exp $
*/
#ifdef HAVE_CONFIG_H
***************
*** 529,535 ****
* @returns PBC_FAIL on error
* @returns PBC_OK if everything went ok
*/
! int expire_login_cookie(pool *p, login_rec *l, login_rec *c) {
char *l_cookie;
char *message = NULL;
int l_res;
--- 529,535 ----
* @returns PBC_FAIL on error
* @returns PBC_OK if everything went ok
*/
! int expire_login_cookie(pool *p, security_context *sectext, login_rec *l, login_rec *c) {
char *l_cookie;
char *message = NULL;
int l_res;
***************
*** 556,562 ****
user = c->user;
}
! l_res = create_cookie( p, urluser =url_encode(p, user),
urlappsrvid = url_encode(p, "expired"),
urlappid = url_encode(p, "expired"),
PBC_COOKIE_TYPE_L,
--- 556,562 ----
user = c->user;
}
! l_res = create_cookie( p, sectext, urluser =url_encode(p, user),
urlappsrvid = url_encode(p, "expired"),
urlappid = url_encode(p, "expired"),
PBC_COOKIE_TYPE_L,
***************
*** 975,981 ****
/* */
/* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */
! int vector_request(pool *p, login_rec *l, login_rec *c)
{
login_result res;
const char *errstr = NULL;
--- 975,981 ----
/* */
/* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */ /* */
! int vector_request(pool *p, security_context *sectext, login_rec *l, login_rec *c)
{
login_result res;
const char *errstr = NULL;
***************
*** 1007,1016 ****
}
/* decode login cookie */
! l->check_error = check_l_cookie(p, l, c);
/* call authn flavor to determine correct result */
! res = fl->process_request(p, l, c, &errstr);
switch (res) {
case LOGIN_OK:
--- 1007,1016 ----
}
/* decode login cookie */
! l->check_error = check_l_cookie(p, sectext, l, c);
/* call authn flavor to determine correct result */
! res = fl->process_request(p, sectext, l, c, &errstr);
switch (res) {
case LOGIN_OK:
***************
*** 1200,1206 ****
}
! int logout(pool *p, login_rec *l, login_rec *c, int logout_action)
{
char *appid;
char *appsrvid;
--- 1200,1206 ----
}
! int logout(pool *p, security_context *sectext, login_rec *l, login_rec *c, int logout_action)
{
char *appid;
char *appsrvid;
***************
*** 1257,1263 ****
NULL);
}
else if( logout_action == LOGOUT_ACTION_CLEAR_L ) {
! expire_login_cookie(p, l, c);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_part1",
"logout_part1"),
--- 1257,1263 ----
NULL);
}
else if( logout_action == LOGOUT_ACTION_CLEAR_L ) {
! expire_login_cookie(p, sectext, l, c);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_part1",
"logout_part1"),
***************
*** 1283,1289 ****
NULL);
}
else if( logout_action == LOGOUT_ACTION_CLEAR_L_NO_APP ) {
! expire_login_cookie(p, l, c);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_part1",
"logout_part1"),
--- 1283,1289 ----
NULL);
}
else if( logout_action == LOGOUT_ACTION_CLEAR_L_NO_APP ) {
! expire_login_cookie(p, sectext, l, c);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_part1",
"logout_part1"),
***************
*** 1320,1326 ****
*
* @returns PBC_OK if not a logout, or never returns if a logout
*/
! int check_logout(pool *p, login_rec *l, login_rec *c)
{
int logout_action;
char *logout_prog;
--- 1320,1326 ----
*
* @returns PBC_OK if not a logout, or never returns if a logout
*/
! int check_logout(pool *p, security_context *sectext, login_rec *l, login_rec *c)
{
int logout_action;
char *logout_prog;
***************
*** 1339,1345 ****
if ( logout_action != LOGOUT_ACTION_UNSET ) {
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
"check_logout: logout_action : %s\n", cgiScriptName);
! logout(p, l, c, logout_action);
do_output(p);
exit(0);
}
--- 1339,1345 ----
if ( logout_action != LOGOUT_ACTION_UNSET ) {
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
"check_logout: logout_action : %s\n", cgiScriptName);
! logout(p, sectext, l, c, logout_action);
do_output(p);
exit(0);
}
***************
*** 1369,1375 ****
if(logout_prog != NULL && uri != NULL &&
strcasecmp(logout_prog, uri) == 0 ) {
! logout(p, l, c, LOGOUT_ACTION_CLEAR_L_NO_APP);
do_output(p);
if (uri != NULL)
free(uri);
--- 1369,1375 ----
if(logout_prog != NULL && uri != NULL &&
strcasecmp(logout_prog, uri) == 0 ) {
! logout(p, sectext, l, c, LOGOUT_ACTION_CLEAR_L_NO_APP);
do_output(p);
if (uri != NULL)
free(uri);
***************
*** 1432,1438 ****
* @param l info for login session
* @param c contents of login cookie
*/
! int pinit(pool *p, login_rec *l, login_rec *c)
{
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,"pinit: hello");
--- 1432,1438 ----
* @param l info for login session
* @param c contents of login cookie
*/
! int pinit(pool *p, security_context *sectext, login_rec *l, login_rec *c)
{
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,"pinit: hello");
***************
*** 1468,1477 ****
fl = get_flavor(p, l->creds_from_greq);
/* decode login cookie */
! l->check_error = check_l_cookie(p, l, c);
fl->init_flavor();
! res = fl->process_request(p, l, c, &errstr);
if (res != LOGIN_INPROGRESS) {
pbc_log_activity(p, PBC_LOG_ERROR,
"unexpected response from fl->process_request: "
--- 1468,1477 ----
fl = get_flavor(p, l->creds_from_greq);
/* decode login cookie */
! l->check_error = check_l_cookie(p, sectext, l, c);
fl->init_flavor();
! res = fl->process_request(p, sectext, l, c, &errstr);
if (res != LOGIN_INPROGRESS) {
pbc_log_activity(p, PBC_LOG_ERROR,
"unexpected response from fl->process_request: "
***************
*** 1506,1511 ****
--- 1506,1512 ----
const char *mirrorfile;
void *p; /* we pass a pointer around that is an Apache memory pool if we're
using apache, here we just pass a void pointer */
+ security_context *sectext; /* to hold all of the certs for a transaction */
libpbc_config_init(p, NULL, "logincgi");
debug = libpbc_config_getint(p, "debug", 0);
***************
*** 1521,1527 ****
mirrorfile = libpbc_config_getstring(p, "mirrorfile", NULL);
! libpbc_pubcookie_init(p);
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "cgiMain() done initializing...\n");
--- 1522,1528 ----
mirrorfile = libpbc_config_getstring(p, "mirrorfile", NULL);
! libpbc_pubcookie_init(p §ext);
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "cgiMain() done initializing...\n");
***************
*** 1574,1580 ****
l = get_query(p);
/* unload the login cookie if we have it */
! c = verify_unload_login_cookie(p, l);
/* log the arrival */
pbc_log_activity(p, PBC_LOG_AUDIT,
--- 1575,1581 ----
l = get_query(p);
/* unload the login cookie if we have it */
! c = verify_unload_login_cookie(p, sectext, l);
/* log the arrival */
pbc_log_activity(p, PBC_LOG_AUDIT,
***************
*** 1600,1611 ****
}
/* look for various logout conditions */
! check_logout(p, l, c);
/* check to see what cookies we have */
/* pinit detected in here */
/* pinit response detected in here */
! if (cookie_test(p, l, c) == PBC_FAIL) {
goto done;
}
--- 1601,1612 ----
}
/* look for various logout conditions */
! check_logout(p, sectext, l, c);
/* check to see what cookies we have */
/* pinit detected in here */
/* pinit response detected in here */
! if (cookie_test(p, sectext, l, c) == PBC_FAIL) {
goto done;
}
***************
*** 1617,1623 ****
l->fr = strdup("NFR");
}
! if (vector_request(p, l, c) == PBC_OK ) {
/* the reward for a hard days work */
pbc_log_activity(p, PBC_LOG_AUDIT,
"%s Issuing cookies for user: %s client addr: %s app host: %s appid: %s",
--- 1618,1624 ----
l->fr = strdup("NFR");
}
! if (vector_request(p, sectext, l, c) == PBC_OK ) {
/* the reward for a hard days work */
pbc_log_activity(p, PBC_LOG_AUDIT,
"%s Issuing cookies for user: %s client addr: %s app host: %s appid: %s",
***************
*** 1628,1634 ****
l->appid);
/* generate the cookies and print the redirect page */
! print_redirect_page(p, l, c);
}
done:
--- 1629,1635 ----
l->appid);
/* generate the cookies and print the redirect page */
! print_redirect_page(p, sectext, l, c);
}
done:
***************
*** 1648,1654 ****
/* returns NULL if the L cookie is valid */
/* else a description of it's invalid nature */
/* xxx most of this work should probably be done inside of the flavor */
! char *check_l_cookie(pool *p, login_rec *l, login_rec *c)
{
time_t t;
char *g_version;
--- 1649,1655 ----
/* returns NULL if the L cookie is valid */
/* else a description of it's invalid nature */
/* xxx most of this work should probably be done inside of the flavor */
! char *check_l_cookie(pool *p, security_context *sectext, login_rec *l, login_rec *c)
{
time_t t;
char *g_version;
***************
*** 1656,1663 ****
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "check_l_cookie: hello\n");
! if (c == NULL )
! c = verify_unload_login_cookie(p, l);
if (c == NULL)
return("couldn't decode login cookie");
--- 1657,1664 ----
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "check_l_cookie: hello\n");
! if (c == NULL)
! c = verify_unload_login_cookie(p, sectext, l);
if (c == NULL)
return("couldn't decode login cookie");
***************
*** 1872,1878 ****
* @returns PBC_FAIL if the program should finish
* @returns PBC_OK if the program should continue
*/
! int cookie_test(pool *p, login_rec *l, login_rec *c)
{
char *cookies;
char cleared_g_req[PBC_1K];
--- 1873,1879 ----
* @returns PBC_FAIL if the program should finish
* @returns PBC_OK if the program should continue
*/
! int cookie_test(pool *p, security_context *sectext, login_rec *l, login_rec *c)
{
char *cookies;
char cleared_g_req[PBC_1K];
***************
*** 1886,1892 ****
/* if no cookies, then must be pinit */
if ((cookies = getenv("HTTP_COOKIE")) == NULL) {
! pinit(p, l, c);
return(PBC_FAIL);
}
--- 1887,1893 ----
/* if no cookies, then must be pinit */
if ((cookies = getenv("HTTP_COOKIE")) == NULL) {
! pinit(p, sectext, l, c);
return(PBC_FAIL);
}
***************
*** 1915,1921 ****
strstr(cookies, cleared_g_req) != NULL ) {
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
"cookie_test: no g_req or empty g_req");
! pinit(p, l, c);
return(PBC_FAIL);
}
--- 1916,1922 ----
strstr(cookies, cleared_g_req) != NULL ) {
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
"cookie_test: no g_req or empty g_req");
! pinit(p, sectext, l, c);
return(PBC_FAIL);
}
***************
*** 2016,2022 ****
}
! void print_redirect_page(pool *p, login_rec *l, login_rec *c)
{
char *g_cookie;
char *l_cookie;
--- 2017,2023 ----
}
! void print_redirect_page(pool *p, security_context *sectext, login_rec *l, login_rec *c)
{
char *g_cookie;
char *l_cookie;
***************
*** 2064,2070 ****
/* the login cookie is encoded as having passed 'creds', which is what
the flavor verified. */
! l_res = create_cookie( p,
user = url_encode(p, l->user),
appsrvid = url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
--- 2065,2071 ----
/* the login cookie is encoded as having passed 'creds', which is what
the flavor verified. */
! l_res = create_cookie( p, sectext,
user = url_encode(p, l->user),
appsrvid = url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
***************
*** 2089,2095 ****
LOGIN_OK, we tell the application that it's desire for 'creds_from_greq'
was successful. */
! g_res = create_cookie(p, user = url_encode(p, l->user),
appsrvid =url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
PBC_COOKIE_TYPE_G,
--- 2090,2097 ----
LOGIN_OK, we tell the application that it's desire for 'creds_from_greq'
was successful. */
! g_res = create_cookie(p, sectext,
! user = url_encode(p, l->user),
appsrvid =url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
PBC_COOKIE_TYPE_G,
***************
*** 2217,2237 ****
/* when the page loads click on the last element */
/* (which will always be the submit) in the array */
/* of elements in the first, and only, form. */
! print_html(p, "<BODY BGCOLOR=\"white\" onLoad=\"");
!
! /* depending on whether-or-not there is a SUBMIT field in the form */
! /* use the correct javascript to autosubmit the POST */
! /* this should probably be upgraded to only look for submits as */
! /* field names, not anywhere else */
! post_stuff_lower = strdup(l->post_stuff);
! for(ptr=post_stuff_lower; *ptr != '\0'; ptr++)
! *ptr = tolower(*ptr);
! if (strstr(post_stuff_lower, "submit") != NULL )
! print_html(p, "document.query.submit.click()");
! else
! print_html(p, "document.query.submit");
!
! print_html(p, "\">\n");
print_html(p, "<center>");
print_table_start(p);
--- 2219,2225 ----
/* when the page loads click on the last element */
/* (which will always be the submit) in the array */
/* of elements in the first, and only, form. */
! print_html(p, "<BODY BGCOLOR=\"white\">");
print_html(p, "<center>");
print_table_start(p);
***************
*** 2293,2298 ****
--- 2281,2311 ----
PBC_POST_NO_JS_BUTTON);
print_html(p, "</form>\n");
+
+ /* depending on whether-or-not there is a SUBMIT field in the form */
+ /* use the correct javascript to autosubmit the POST */
+ /* this should probably be upgraded to only look for submits as */
+ /* field names, not anywhere else */
+ print_html(p, "<script type=\"text/javascript\" language=\"javascript\
+ "><!--\n");
+ post_stuff_lower = strdup(l->post_stuff);
+ for(ptr=post_stuff_lower; *ptr != '\0'; ptr++)
+ *ptr = tolower(*ptr);
+ if (strstr(post_stuff_lower, "submit") != NULL )
+ print_html(p, "document.query.submit.click()");
+ else
+ print_html(p, "document.query.submit");
+
+ print_html(p, "\n// --></script>\n");
+
+ print_html(p, "<center>");
+ print_table_start(p);
+ print_html(p, "<tr><td align=\"LEFT\">\n");
+
+ print_html(p, "<form method=\"POST\" action=\"%s\" ", redirect_final);
+ print_html(p, "enctype=\"application/x-www-form-urlencoded\" ");
+ print_html(p, "name=\"query\">\n");
+
print_copyright(p);
print_html(p, "</center>");
print_html(p, "</BODY></HTML>\n");
***************
*** 2429,2435 ****
/* uses libpubcookie calls to check the cookie and load the login rec with */
/* cookie contents */
! login_rec *verify_unload_login_cookie (pool *p, login_rec *l)
{
pbc_cookie_data *cookie_data;
char *cookie = NULL;
--- 2442,2448 ----
/* uses libpubcookie calls to check the cookie and load the login rec with */
/* cookie contents */
! login_rec *verify_unload_login_cookie (pool *p, security_context *sectext, login_rec *l)
{
pbc_cookie_data *cookie_data;
char *cookie = NULL;
***************
*** 2452,2458 ****
new = malloc(sizeof(login_rec));
init_login_rec(p, new);
! cookie_data = libpbc_unbundle_cookie(p, cookie, NULL);
/* Done with cookie */
if (cookie != NULL)
--- 2465,2471 ----
new = malloc(sizeof(login_rec));
init_login_rec(p, new);
! cookie_data = libpbc_unbundle_cookie(p, sectext, cookie, NULL);
/* Done with cookie */
if (cookie != NULL)
***************
*** 2485,2491 ****
}
! int create_cookie(pool *p, char *user_buf,
char *appsrvid_buf,
char *appid_buf,
char type,
--- 2498,2505 ----
}
! int create_cookie(pool *p, security_context *sectext,
! char *user_buf,
char *appsrvid_buf,
char *appid_buf,
char type,
***************
*** 2536,2542 ****
}
cookie_local = (char *)
! libpbc_get_cookie_with_expire(p, user, type, creds, pre_sess_tok,
expire, appsrvid, appid, peer);
if (peer != NULL)
--- 2550,2557 ----
}
cookie_local = (char *)
! libpbc_get_cookie_with_expire(p, sectext,
! user, type, creds, pre_sess_tok,
expire, appsrvid, appid, peer);
if (peer != NULL)
Index: webiso/pubcookie/src/index.cgi.h
diff -c webiso/pubcookie/src/index.cgi.h:1.42 webiso/pubcookie/src/index.cgi.h:1.42.4.1
*** webiso/pubcookie/src/index.cgi.h:1.42 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/index.cgi.h Tue Dec 9 10:37:04 2003
***************
*** 4,10 ****
*/
/*
! $Id: index.cgi.h,v 1.42 2003/07/03 04:25:21 willey Exp $
*/
#ifndef PUBCOOKIE_LOGIN_CGI
--- 4,10 ----
*/
/*
! $Id: index.cgi.h,v 1.42.4.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef PUBCOOKIE_LOGIN_CGI
***************
*** 81,87 ****
/* prototypes */
int cgiMain();
void abend(pool *, char *);
! int cookie_test(pool *, login_rec *, login_rec *);
void notok(pool *, void (*)() );
void notok_no_g_or_l(pool *);
void print_http_header(pool *);
--- 81,87 ----
/* prototypes */
int cgiMain();
void abend(pool *, char *);
! int cookie_test(pool *, security_context *, login_rec *, login_rec *);
void notok(pool *, void (*)() );
void notok_no_g_or_l(pool *);
void print_http_header(pool *);
***************
*** 98,111 ****
void log_error(pool *,int, const char *, int, const char *, ...);
void clear_error(pool *,const char *, const char *);
void print_uwnetid_logo(pool *);
! login_rec *verify_unload_login_cookie (pool *,login_rec *);
! int create_cookie(pool *, char *, char *, char *, char, char, int, time_t,
! char *, const char *host, int);
int get_cookie(pool *p, char *name, char *result, int max);
login_rec *get_query(pool *);
char *check_login(pool *, login_rec *, login_rec *);
! char *check_l_cookie(pool *, login_rec *, login_rec *);
! void print_redirect_page(pool *, login_rec *, login_rec *);
char *url_encode(pool *, char *);
char *get_cookie_created(pool *, char *);
char *decode_granting_request(pool *, char *, char **peerp);
--- 98,111 ----
void log_error(pool *,int, const char *, int, const char *, ...);
void clear_error(pool *,const char *, const char *);
void print_uwnetid_logo(pool *);
! login_rec *verify_unload_login_cookie (pool *, security_context *, login_rec *);
! int create_cookie(pool *, security_context *, char *, char *, char *, char,
! char, int, time_t, char *, const char *host, int);
int get_cookie(pool *p, char *name, char *result, int max);
login_rec *get_query(pool *);
char *check_login(pool *, login_rec *, login_rec *);
! char *check_l_cookie(pool *, security_context *, login_rec *, login_rec *);
! void print_redirect_page(pool *, security_context *, login_rec *, login_rec *);
char *url_encode(pool *, char *);
char *get_cookie_created(pool *, char *);
char *decode_granting_request(pool *, char *, char **peerp);
Index: webiso/pubcookie/src/keyclient.c
diff -c webiso/pubcookie/src/keyclient.c:2.37 webiso/pubcookie/src/keyclient.c:2.37.2.1
*** webiso/pubcookie/src/keyclient.c:2.37 Wed Nov 26 14:18:43 2003
--- webiso/pubcookie/src/keyclient.c Tue Dec 9 10:37:04 2003
***************
*** 6,12 ****
/** @file keyclient.c
* Key administration tool for clients
*
! * $Id: keyclient.c,v 2.37 2003/11/26 22:18:43 willey Exp $
*/
--- 6,12 ----
/** @file keyclient.c
* Key administration tool for clients
*
! * $Id: keyclient.c,v 2.37.2.1 2003/12/09 18:37:04 jteaton Exp $
*/
***************
*** 161,166 ****
--- 161,167 ----
int keyport = 443;
int r;
pool *p = NULL;
+ security_context *context = NULL;
#ifdef WIN32
SystemRoot = malloc(MAX_PATH*sizeof(char));
***************
*** 181,187 ****
libpbc_config_init(p, NULL, "keyclient");
pbc_log_init(p, "keyclient", NULL, NULL, NULL);
! libpbc_pubcookie_init(p);
keyfile = libpbc_config_getstring(p, "ssl_key_file", "server.pem");
certfile = libpbc_config_getstring(p, "ssl_cert_file", "server.pem");
cafile = libpbc_config_getstring(p, "ssl_ca_file", NULL);
--- 182,188 ----
libpbc_config_init(p, NULL, "keyclient");
pbc_log_init(p, "keyclient", NULL, NULL, NULL);
! libpbc_pubcookie_init(p, context);
keyfile = libpbc_config_getstring(p, "ssl_key_file", "server.pem");
certfile = libpbc_config_getstring(p, "ssl_cert_file", "server.pem");
cafile = libpbc_config_getstring(p, "ssl_ca_file", NULL);
***************
*** 385,399 ****
str = X509_NAME_oneline (X509_get_subject_name (mycert),0,0);
hostname = extract_cn(str);
if (hostname) {
! /* warn if hostname != get_my_hostname(p) */
! if (strcasecmp(hostname, get_my_hostname(p))) {
fprintf(stderr, "warning: certificate name (%s) doesn't match"
! " my hostname (%s)\n", hostname, get_my_hostname(p));
}
} else {
fprintf(stderr,
"warning: no hostname in my certificate? trying anyway.\n");
! hostname = get_my_hostname(p);
}
}
--- 386,400 ----
str = X509_NAME_oneline (X509_get_subject_name (mycert),0,0);
hostname = extract_cn(str);
if (hostname) {
! /* warn if hostname != get_my_hostname(p, context) */
! if (strcasecmp(hostname, get_my_hostname(p, context))) {
fprintf(stderr, "warning: certificate name (%s) doesn't match"
! " my hostname (%s)\n", hostname, get_my_hostname(p, context));
}
} else {
fprintf(stderr,
"warning: no hostname in my certificate? trying anyway.\n");
! hostname = get_my_hostname(p, context);
}
}
Index: webiso/pubcookie/src/libpubcookie.c
diff -c webiso/pubcookie/src/libpubcookie.c:2.62 webiso/pubcookie/src/libpubcookie.c:2.62.2.1
*** webiso/pubcookie/src/libpubcookie.c:2.62 Fri Sep 26 15:27:02 2003
--- webiso/pubcookie/src/libpubcookie.c Tue Dec 9 10:37:04 2003
***************
*** 6,12 ****
/** @file libpubcookie.c
* Core pubcookie library
*
! * $Id: libpubcookie.c,v 2.62 2003/09/26 22:27:02 ryanc Exp $
*/
--- 6,12 ----
/** @file libpubcookie.c
* Core pubcookie library
*
! * $Id: libpubcookie.c,v 2.62.2.1 2003/12/09 18:37:04 jteaton Exp $
*/
***************
*** 130,138 ****
"Bad Pre-session Cookie" /* 12 */
};
! const char *get_my_hostname(pool *p)
{
! return libpbc_get_cryptname(p);
}
/**
--- 130,138 ----
"Bad Pre-session Cookie" /* 12 */
};
! const char *get_my_hostname(pool *p, security_context *context)
{
! return libpbc_get_cryptname(p, context);
}
/**
***************
*** 281,287 ****
#else
void
#endif
! libpbc_pubcookie_init(pool *p)
{
unsigned char buf[sizeof(pid_t)];
pid_t pid;
--- 281,287 ----
#else
void
#endif
! libpbc_pubcookie_init(pool *p, security_context **contextp)
{
unsigned char buf[sizeof(pid_t)];
pid_t pid;
***************
*** 291,305 ****
memcpy(buf, &pid, sizeof(pid_t));
libpbc_augment_rand_state(p, buf, sizeof(pid));
! if (security_init(p)) {
pbc_log_activity(p, PBC_LOG_ERROR, "security_init failed");
#ifndef WIN32
exit(1);
}
#else
! return FALSE;
! }
! return TRUE;
#endif
}
--- 291,306 ----
memcpy(buf, &pid, sizeof(pid_t));
libpbc_augment_rand_state(p, buf, sizeof(pid));
! if (security_init(p, contextp)) {
pbc_log_activity(p, PBC_LOG_ERROR, "security_init failed");
#ifndef WIN32
exit(1);
}
#else
! return FALSE;
! }
!
! return TRUE;
#endif
}
***************
*** 368,374 ****
* @param buf a buffer of at least 1024 characters which gets the filename
* @return always succeeds
*/
! static void make_crypt_keyfile(pool *p, const char *peername, char *buf)
{
#ifdef WIN32
char SystemRootBuff[MAX_PATH+1];
--- 369,376 ----
* @param buf a buffer of at least 1024 characters which gets the filename
* @return always succeeds
*/
! static void make_crypt_keyfile(pool *p,
! const char *peername, char *buf)
{
#ifdef WIN32
char SystemRootBuff[MAX_PATH+1];
***************
*** 599,606 ****
* @param peer the peer this cookie is destined for (NULL for myself)
* @returns a pointer to a newly malloc()ed base64 string
*/
! unsigned char *libpbc_sign_bundle_cookie(pool *p, unsigned char *cookie_string,
! const char *peer)
{
unsigned char *cookie;
char *out;
--- 601,609 ----
* @param peer the peer this cookie is destined for (NULL for myself)
* @returns a pointer to a newly malloc()ed base64 string
*/
! unsigned char *libpbc_sign_bundle_cookie(pool *p, security_context *context,
! unsigned char *cookie_string,
! const char *peer)
{
unsigned char *cookie;
char *out;
***************
*** 609,615 ****
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
"libpbc_sign_bundle_cookie: hello\n");
! if (libpbc_mk_priv(p, peer, (const char *) cookie_string,
sizeof(pbc_cookie_data), &out, &outlen)) {
pbc_log_activity(p, PBC_LOG_ERROR,
"libpbc_sign_bundle_cookie: libpbc_mk_priv failed\n");
--- 612,618 ----
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
"libpbc_sign_bundle_cookie: hello\n");
! if (libpbc_mk_priv(p, context, peer, (const char *) cookie_string,
sizeof(pbc_cookie_data), &out, &outlen)) {
pbc_log_activity(p, PBC_LOG_ERROR,
"libpbc_sign_bundle_cookie: libpbc_mk_priv failed\n");
***************
*** 640,646 ****
/* */
/* for now we use the last_ts field in login cookie as expire_ts */
/* this is the call used for creating G and S cookies */
! unsigned char *libpbc_get_cookie(pool *p, unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
--- 643,650 ----
/* */
/* for now we use the last_ts field in login cookie as expire_ts */
/* this is the call used for creating G and S cookies */
! unsigned char *libpbc_get_cookie(pool *p, security_context *context,
! unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
***************
*** 649,655 ****
const char *peer)
{
! return(libpbc_get_cookie_with_expire(p, user,
type,
creds,
pre_sess_token,
--- 653,660 ----
const char *peer)
{
! return(libpbc_get_cookie_with_expire(p, context,
! user,
type,
creds,
pre_sess_token,
***************
*** 667,673 ****
/* the overleading of last_ts with expire_ts is ugly but we're */
/* going to reframe the library interfaces anyway and this will */
/* be treated better then. */
! unsigned char *libpbc_get_cookie_with_expire(pool *p, unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
--- 672,679 ----
/* the overleading of last_ts with expire_ts is ugly but we're */
/* going to reframe the library interfaces anyway and this will */
/* be treated better then. */
! unsigned char *libpbc_get_cookie_with_expire(pool *p, security_context *context,
! unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
***************
*** 692,698 ****
cookie_string = libpbc_stringify_cookie_data(p, cookie_data);
pbc_free(p, cookie_data);
! cookie = libpbc_sign_bundle_cookie(p, cookie_string, peer);
pbc_free(p, cookie_string);
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
--- 698,704 ----
cookie_string = libpbc_stringify_cookie_data(p, cookie_data);
pbc_free(p, cookie_data);
! cookie = libpbc_sign_bundle_cookie(p, context, cookie_string, peer);
pbc_free(p, cookie_string);
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
***************
*** 704,710 ****
/* */
/* deal with unbundling a cookie */
/* */
! pbc_cookie_data *libpbc_unbundle_cookie(pool *p, char *in, const char *peer)
{
pbc_cookie_data *cookie_data;
char *plain;
--- 710,717 ----
/* */
/* deal with unbundling a cookie */
/* */
! pbc_cookie_data *libpbc_unbundle_cookie(pool *p, security_context *context,
! char *in, const char *peer)
{
pbc_cookie_data *cookie_data;
char *plain;
***************
*** 726,732 ****
return 0;
}
! if (libpbc_rd_priv(p, peer, (const char *)buf, outlen, &plain, &plainlen)) {
pbc_log_activity(p, PBC_LOG_ERROR, "libpbc_unbundle_cookie: libpbc_rd_priv() failed\n");
return 0;
}
--- 733,739 ----
return 0;
}
! if (libpbc_rd_priv(p, context, peer, (const char *)buf, outlen, &plain, &plainlen)) {
pbc_log_activity(p, PBC_LOG_ERROR, "libpbc_unbundle_cookie: libpbc_rd_priv() failed\n");
return 0;
}
***************
*** 762,768 ****
/* takes a cookie_data structure, updates the time, signs and packages up */
/* the cookie to be sent back into the world */
/* */
! unsigned char *libpbc_update_lastts(pool *p, pbc_cookie_data *cookie_data,
const char *peer)
{
unsigned char *cookie_string;
--- 769,776 ----
/* takes a cookie_data structure, updates the time, signs and packages up */
/* the cookie to be sent back into the world */
/* */
! unsigned char *libpbc_update_lastts(pool *p, security_context *context,
! pbc_cookie_data *cookie_data,
const char *peer)
{
unsigned char *cookie_string;
***************
*** 770,776 ****
(*cookie_data).broken.last_ts = time(NULL);
cookie_string = libpbc_stringify_cookie_data(p, cookie_data);
! cookie = libpbc_sign_bundle_cookie(p, cookie_string, peer);
/* xxx memory leaks? */
return cookie;
--- 778,784 ----
(*cookie_data).broken.last_ts = time(NULL);
cookie_string = libpbc_stringify_cookie_data(p, cookie_data);
! cookie = libpbc_sign_bundle_cookie(p, context, cookie_string, peer);
/* xxx memory leaks? */
return cookie;
Index: webiso/pubcookie/src/libpubcookie.h
diff -c webiso/pubcookie/src/libpubcookie.h:1.40 webiso/pubcookie/src/libpubcookie.h:1.40.2.1
*** webiso/pubcookie/src/libpubcookie.h:1.40 Thu Nov 20 22:50:48 2003
--- webiso/pubcookie/src/libpubcookie.h Tue Dec 9 10:37:04 2003
***************
*** 4,10 ****
*/
/*
! $Id: libpubcookie.h,v 1.40 2003/11/21 06:50:48 ryanc Exp $
*/
#ifndef PUBCOOKIE_LIB
--- 4,10 ----
*/
/*
! $Id: libpubcookie.h,v 1.40.2.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef PUBCOOKIE_LIB
***************
*** 31,37 ****
#include "pubcookie.h"
! const char *get_my_hostname(pool *p);
/**
* find the credential id value for an authtype name
--- 31,37 ----
#include "pubcookie.h"
! const char *get_my_hostname(pool *p, security_context *context);
/**
* find the credential id value for an authtype name
***************
*** 42,48 ****
int libpbc_get_crypt_key(pool *p, crypt_stuff *c_stuff, const char *peer);
! unsigned char *libpbc_get_cookie(pool *p, unsigned char *,
unsigned char,
unsigned char,
int,
--- 42,49 ----
int libpbc_get_crypt_key(pool *p, crypt_stuff *c_stuff, const char *peer);
! unsigned char *libpbc_get_cookie(pool *p, security_context *,
! unsigned char *,
unsigned char,
unsigned char,
int,
***************
*** 50,56 ****
unsigned char *,
const char *peer);
/* for now we use the last_ts field in login cookie as expire_ts */
! unsigned char *libpbc_get_cookie_with_expire(pool *p, unsigned char *,
unsigned char,
unsigned char,
int,
--- 51,58 ----
unsigned char *,
const char *peer);
/* for now we use the last_ts field in login cookie as expire_ts */
! unsigned char *libpbc_get_cookie_with_expire(pool *p, security_context *,
! unsigned char *,
unsigned char,
unsigned char,
int,
***************
*** 58,66 ****
unsigned char *,
unsigned char *,
const char *peer);
! pbc_cookie_data *libpbc_unbundle_cookie(pool *p, char *,
const char *peer);
! unsigned char *libpbc_update_lastts(pool *p, pbc_cookie_data *,
const char *peer);
md_context_plus *libpbc_sign_init(pool *p, char *);
#ifdef WIN32
--- 60,68 ----
unsigned char *,
unsigned char *,
const char *peer);
! pbc_cookie_data *libpbc_unbundle_cookie(pool *p, security_context *, char *,
const char *peer);
! unsigned char *libpbc_update_lastts(pool *p, security_context *, pbc_cookie_data *,
const char *peer);
md_context_plus *libpbc_sign_init(pool *p, char *);
#ifdef WIN32
***************
*** 68,74 ****
#else
void
#endif
! libpbc_pubcookie_init(pool *p);
unsigned char *libpbc_alloc_init(pool *p, int);
unsigned char *libpbc_gethostip(pool *p);
void libpbc_free_md_context_plus(pool *p, md_context_plus *);
--- 70,76 ----
#else
void
#endif
! libpbc_pubcookie_init(pool *p, security_context **);
unsigned char *libpbc_alloc_init(pool *p, int);
unsigned char *libpbc_gethostip(pool *p);
void libpbc_free_md_context_plus(pool *p, md_context_plus *);
Index: webiso/pubcookie/src/mod_pubcookie.c
diff -c webiso/pubcookie/src/mod_pubcookie.c:1.123 webiso/pubcookie/src/mod_pubcookie.c:1.123.4.1
*** webiso/pubcookie/src/mod_pubcookie.c:1.123 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/mod_pubcookie.c Tue Dec 9 10:37:04 2003
***************
*** 6,12 ****
/** @file mod_pubcookie.c
* Apache pubcookie module
*
! * $Id: mod_pubcookie.c,v 1.123 2003/07/03 04:25:21 willey Exp $
*/
--- 6,12 ----
/** @file mod_pubcookie.c
* Apache pubcookie module
*
! * $Id: mod_pubcookie.c,v 1.123.4.1 2003/12/09 18:37:04 jteaton Exp $
*/
***************
*** 339,348 ****
/* just update the idle timer */
/* xxx it would be nice if the idle timeout has been disabled
to avoid recomputing and resigning the cookie? */
! cookie = libpbc_update_lastts(r->pool, cfg->cookie_data, NULL);
} else {
/* create a brand new cookie, initialized with the present time */
! cookie = libpbc_get_cookie(r->pool,
(unsigned char *)r->connection->user,
PBC_COOKIE_TYPE_S,
cfg->creds,
--- 339,348 ----
/* just update the idle timer */
/* xxx it would be nice if the idle timeout has been disabled
to avoid recomputing and resigning the cookie? */
! cookie = libpbc_update_lastts(r->pool, scfg->sectext, cfg->cookie_data, NULL);
} else {
/* create a brand new cookie, initialized with the present time */
! cookie = libpbc_get_cookie(r->pool, scfg->sectext,
(unsigned char *)r->connection->user,
PBC_COOKIE_TYPE_S,
cfg->creds,
***************
*** 372,378 ****
the first time since our cred cookie doesn't expire (which is poor
and why we need cookie extensions) */
/* encrypt */
! if (libpbc_mk_priv(r->pool, NULL, cfg->cred_transfer,
cfg->cred_transfer_len,
&blob, &bloblen)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
--- 372,378 ----
the first time since our cred cookie doesn't expire (which is poor
and why we need cookie extensions) */
/* encrypt */
! if (libpbc_mk_priv(r->pool, scfg->sectext, NULL, cfg->cred_transfer,
cfg->cred_transfer_len,
&blob, &bloblen)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
***************
*** 826,832 ****
/* make the pre-session cookie */
! pre_s = (char *) libpbc_get_cookie(p,
(unsigned char *) "presesuser",
PBC_COOKIE_TYPE_PRE_S,
PBC_CREDS_NONE,
--- 826,832 ----
/* make the pre-session cookie */
! pre_s = (char *) libpbc_get_cookie(p, scfg->sectext,
(unsigned char *) "presesuser",
PBC_COOKIE_TYPE_PRE_S,
PBC_CREDS_NONE,
***************
*** 1024,1029 ****
--- 1024,1030 ----
exit(1);
}
+ /* JEATON - remove this? */
if (ap_table_get(scfg->configlist, "ssl_key_file") == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_NOERRNO, s,
"PubCookieSessionKeyFile configuration directive must be set!");
***************
*** 1034,1039 ****
--- 1035,1041 ----
"PubCookieSessionCertFile configuration directive must be set!");
exit(1);
}
+ /* JEATON - end remove this */
/* old config way */
/* libpbc_config_init(p, NULL, "mod_pubcookie"); */
***************
*** 1047,1061 ****
&libpbc_apacheconfig_getstring,
&libpbc_apacheconfig_getswitch);
if (ap_table_get(scfg->configlist, "granting_cert_file") == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_NOERRNO, s,
"PubCookieGrantingCertFile configuration directive not set, using %s/%s",
PBC_KEY_DIR, "pubcookie_granting.cert");
}
/* libpubcookie initialization */
! libpbc_pubcookie_init(p);
if (!scfg->login) {
/* if the user didn't explicitly configure a login server,
--- 1049,1065 ----
&libpbc_apacheconfig_getstring,
&libpbc_apacheconfig_getswitch);
+ /* JEATON - remove this? */
if (ap_table_get(scfg->configlist, "granting_cert_file") == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_NOERRNO, s,
"PubCookieGrantingCertFile configuration directive not set, using %s/%s",
PBC_KEY_DIR, "pubcookie_granting.cert");
}
+ /* JEATON - end remove this */
/* libpubcookie initialization */
! libpbc_pubcookie_init(p, &scfg->sectext);
if (!scfg->login) {
/* if the user didn't explicitly configure a login server,
***************
*** 1142,1147 ****
--- 1146,1162 ----
cfg->end_session = ncfg->end_session ?
ncfg->end_session : pcfg->end_session;
+ cfg->strip_realm = ncfg->strip_realm ?
+ ncfg->strip_realm : pcfg->strip_realm;
+
+ if (ncfg->accept_realms) {
+ cfg->accept_realms = ap_pstrdup(p, ncfg->accept_realms);
+ } else if (pcfg->accept_realms) {
+ cfg->accept_realms = ap_pstrdup(p, pcfg->accept_realms);
+ } else {
+ cfg->accept_realms = NULL;
+ }
+
if (pcfg->addl_requests) {
if (ncfg->addl_requests) {
cfg->addl_requests = (unsigned char *) ap_pstrcat(p, pcfg->addl_requests,
***************
*** 1177,1182 ****
--- 1192,1198 ----
int get_pre_s_from_cookie(request_rec *r)
{
pubcookie_dir_rec *cfg;
+ pubcookie_server_rec *scfg;
pbc_cookie_data *cookie_data = NULL;
char *cookie = NULL;
pool *p = r->pool;
***************
*** 1184,1195 ****
cfg = (pubcookie_dir_rec *)ap_get_module_config(r->per_dir_config,
&pubcookie_module);
if( (cookie = get_cookie(r, PBC_PRE_S_COOKIENAME)) == NULL )
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"get_pre_s_from_cookie: no pre_s cookie, uri: %s\n",
r->uri);
else
! cookie_data = libpbc_unbundle_cookie(p, cookie, NULL);
if( cookie_data == NULL ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
--- 1200,1214 ----
cfg = (pubcookie_dir_rec *)ap_get_module_config(r->per_dir_config,
&pubcookie_module);
+ scfg = (pubcookie_server_rec *)ap_get_module_config(r->server->module_config,
+ &pubcookie_module);
+
if( (cookie = get_cookie(r, PBC_PRE_S_COOKIENAME)) == NULL )
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"get_pre_s_from_cookie: no pre_s cookie, uri: %s\n",
r->uri);
else
! cookie_data = libpbc_unbundle_cookie(p, scfg->sectext, cookie, NULL);
if( cookie_data == NULL ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
***************
*** 1271,1277 ****
if we don't have one. This helps if there are any old g cookies */
cookie_data = NULL;
if( (cookie = get_cookie(r, PBC_G_COOKIENAME)) && strcmp(cookie, "") != 0 ) {
! cookie_data = libpbc_unbundle_cookie(p, cookie, ap_get_server_name(r));
if( !cookie_data) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"can't unbundle G cookie; uri: %s\n", r->uri);
--- 1290,1296 ----
if we don't have one. This helps if there are any old g cookies */
cookie_data = NULL;
if( (cookie = get_cookie(r, PBC_G_COOKIENAME)) && strcmp(cookie, "") != 0 ) {
! cookie_data = libpbc_unbundle_cookie(p, scfg->sectext, cookie, ap_get_server_name(r));
if( !cookie_data) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"can't unbundle G cookie; uri: %s\n", r->uri);
***************
*** 1298,1304 ****
}
else { /* hav S cookie */
! cookie_data = libpbc_unbundle_cookie(p, cookie, NULL);
if( ! cookie_data ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"can't unbundle S cookie; uri: %s\n", r->uri);
--- 1317,1323 ----
}
else { /* hav S cookie */
! cookie_data = libpbc_unbundle_cookie(p, scfg->sectext, cookie, NULL);
if( ! cookie_data ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"can't unbundle S cookie; uri: %s\n", r->uri);
***************
*** 1314,1319 ****
--- 1333,1376 ----
r->connection->ap_auth_type = ap_pstrdup(r->pool, ap_auth_type(r));
r->connection->user = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+ /* save the full user/realm for later */
+ cfg->user = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+
+ /* check for acceptable realms and strip realm */
+ if (1==1) {
+ char *tmprealm, *tmpuser;
+ tmpuser = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+ tmprealm = index(tmpuser, '@');
+ if (tmprealm) {
+ tmprealm[0] = 0;
+ tmprealm++;
+ r->connection->user = tmpuser;
+ ap_table_set(r->subprocess_env, "REMOTE_REALM", tmprealm);
+ }
+ ap_table_set(r->subprocess_env, "REMOTE_REALM", tmprealm);
+
+ if (cfg->strip_realm == 1) {
+ r->connection->user = tmpuser;
+ } else {
+ r->connection->user = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+ }
+
+ if (cfg->accept_realms != NULL) {
+ int realmmatched = 0;
+ char *thisrealm;
+ char *okrealms = ap_pstrdup(r->pool, cfg->accept_realms);
+ while (*okrealms && !realmmatched &&
+ (thisrealm=ap_getword_white_nc(r->pool,&okrealms))){
+ if (strcmp(thisrealm,tmprealm) == 0) {
+ realmmatched++;
+ }
+ }
+ if (realmmatched == 0) {
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+ }
+
if( libpbc_check_exp(p, (*cookie_data).broken.create_ts, cfg->hard_exp) == PBC_FAIL ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"S cookie hard expired; user: %s cookie timestamp: %d timeout: %d now: %d uri: %s\n",
***************
*** 1381,1386 ****
--- 1438,1482 ----
r->connection->ap_auth_type = ap_pstrdup(r->pool, ap_auth_type(r));
r->connection->user = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+ /* save the full user/realm for later */
+ cfg->user = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+
+ /* check for acceptable realms and strip realm */
+ if (1==1) {
+ char *tmprealm, *tmpuser;
+ tmpuser = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+ tmprealm = index(tmpuser, '@');
+ if (tmprealm) {
+ tmprealm[0] = 0;
+ tmprealm++;
+ r->connection->user = tmpuser;
+ ap_table_set(r->subprocess_env, "REMOTE_REALM", tmprealm);
+ }
+ ap_table_set(r->subprocess_env, "REMOTE_REALM", tmprealm);
+
+ if (cfg->strip_realm == 1) {
+ r->connection->user = tmpuser;
+ } else {
+ r->connection->user = ap_pstrdup(r->pool, (char *) (*cookie_data).broken.user);
+ }
+
+ if (cfg->accept_realms != NULL) {
+ int realmmatched = 0;
+ char *thisrealm;
+ char *okrealms = ap_pstrdup(r->pool, cfg->accept_realms);
+ while (*okrealms && !realmmatched &&
+ (thisrealm=ap_getword_white_nc(r->pool,&okrealms))){
+ if (strcmp(thisrealm,tmprealm) == 0) {
+ realmmatched++;
+ }
+ }
+ if (realmmatched == 0) {
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+ }
+
+
if( libpbc_check_exp(p, (*cookie_data).broken.create_ts, PBC_GRANTING_EXPIRE) == PBC_FAIL ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"pubcookie_user: G cookie expired by %ld; user: %s create: %ld uri: %s", time(NULL)-(*cookie_data).broken.create_ts-PBC_GRANTING_EXPIRE, (*cookie_data).broken.user, (*cookie_data).broken.create_ts, r->uri);
***************
*** 1467,1473 ****
/* decrypt cookie. if credtrans is set, then it's from login server
to me. otherwise it's from me to me. */
! if (!res && libpbc_rd_priv(p, cred_from_trans ?
ap_get_server_name(r) : NULL,
blob, bloblen,
&plain, &plainlen)) {
--- 1563,1569 ----
/* decrypt cookie. if credtrans is set, then it's from login server
to me. otherwise it's from me to me. */
! if (!res && libpbc_rd_priv(p, scfg->sectext, cred_from_trans ?
ap_get_server_name(r) : NULL,
blob, bloblen,
&plain, &plainlen)) {
***************
*** 1836,1841 ****
--- 1932,1970 ----
}
+ const char *pubcookie_accept_realms(cmd_parms *cmd,
+ void *mconfig,
+ unsigned char *v)
+ {
+ server_rec *s = cmd->server;
+ pubcookie_server_rec *scfg;
+ pubcookie_dir_rec *cfg;
+
+ cfg = (pubcookie_dir_rec *) mconfig;
+ scfg = (pubcookie_server_rec *) ap_get_module_config(s->module_config,
+ &pubcookie_module);
+
+ if (!scfg) return "pubcookie_accept_realms(): scfg is NULL ?!";
+
+ ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, s,
+ "pubcookie_accept_realms(): %s", v);
+ cfg->accept_realms = ap_pstrcat(cmd->pool,
+ cfg->accept_realms ? cfg->accept_realms :
+ "", " ", v, NULL);
+ return NULL;
+ }
+
+ const char *pubcookie_strip_realm(cmd_parms *cmd, void *mconfig, int f) {
+ pubcookie_dir_rec *cfg = (pubcookie_dir_rec *) mconfig;
+
+ if(f != 0) {
+ cfg->strip_realm = 1;
+ } else {
+ cfg->strip_realm = 0;
+ }
+ return NULL;
+ }
+
/* */
const char *pubcookie_set_appsrvid(cmd_parms *cmd, void *mconfig, unsigned char *v) {
server_rec *s = cmd->server;
***************
*** 1998,2004 ****
server_rec *s = cmd->server;
ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_NOERRNO, s,
! "PubcookieSuperDebug depreciated, please remove.");
return NULL;
--- 2127,2133 ----
server_rec *s = cmd->server;
ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_NOERRNO, s,
! "PubcookieSuperDebug deprecated, please remove.");
return NULL;
***************
*** 2037,2045 ****
/* */
command_rec pubcookie_commands[] = {
! {"PubCookieInactiveExpire", pubcookie_set_inact_exp, NULL, OR_AUTHCFG, TAKE1,
"Set the inactivity expire time for PubCookies."},
! {"PubCookieHardExpire", pubcookie_set_hard_exp, NULL, OR_AUTHCFG, TAKE1,
"Set the hard expire time for PubCookies."},
{"PubCookieLogin", pubcookie_set_login, NULL, RSRC_CONF, TAKE1,
"Set the login page for PubCookies."},
--- 2166,2174 ----
/* */
command_rec pubcookie_commands[] = {
! {"PubCookieInactiveExpire", pubcookie_set_inact_exp, NULL, OR_OPTIONS|OR_AUTHCFG, TAKE1,
"Set the inactivity expire time for PubCookies."},
! {"PubCookieHardExpire", pubcookie_set_hard_exp, NULL, OR_OPTIONS|OR_AUTHCFG, TAKE1,
"Set the hard expire time for PubCookies."},
{"PubCookieLogin", pubcookie_set_login, NULL, RSRC_CONF, TAKE1,
"Set the login page for PubCookies."},
***************
*** 2064,2070 ****
{"PubCookieAuthTypeNames", set_authtype_names, NULL, RSRC_CONF, RAW_ARGS,
"Sets the text names for authtypes."},
! {"PubCookieAppID", pubcookie_set_appid, NULL, OR_AUTHCFG, TAKE1,
"Set the name of the application."},
{"PubCookieAppSrvID", pubcookie_set_appsrvid, NULL, RSRC_CONF, TAKE1,
"Set the name of the server(cluster)."},
--- 2193,2199 ----
{"PubCookieAuthTypeNames", set_authtype_names, NULL, RSRC_CONF, RAW_ARGS,
"Sets the text names for authtypes."},
! {"PubCookieAppID", pubcookie_set_appid, NULL, OR_OPTIONS|OR_AUTHCFG, TAKE1,
"Set the name of the application."},
{"PubCookieAppSrvID", pubcookie_set_appsrvid, NULL, RSRC_CONF, TAKE1,
"Set the name of the server(cluster)."},
***************
*** 2077,2082 ****
--- 2206,2215 ----
"End application session and possibly login session"},
{"PubCookieAddlRequest", pubcookie_add_request, NULL, OR_AUTHCFG, ITERATE,
"Send the following options to the login server along with authentication requests"},
+ {"PubCookieAcceptRealm", pubcookie_accept_realms, NULL, OR_OPTIONS|OR_AUTHCFG, ITERATE,
+ "Only accept realms in this list"},
+ {"PubCookieStripRealm", pubcookie_strip_realm, NULL, OR_OPTIONS|OR_AUTHCFG, FLAG,
+ "Strip the realm (and set the REMOTE_REALM envirorment variable)"},
{"PubCookieSuperDebug", set_super_debug, NULL, OR_AUTHCFG, FLAG,
"Deprecated, do not use"},
Index: webiso/pubcookie/src/mod_pubcookie.h
diff -c webiso/pubcookie/src/mod_pubcookie.h:2.4 webiso/pubcookie/src/mod_pubcookie.h:2.4.4.1
*** webiso/pubcookie/src/mod_pubcookie.h:2.4 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/mod_pubcookie.h Tue Dec 9 10:37:04 2003
***************
*** 4,10 ****
*/
/*
! $Id: mod_pubcookie.h,v 2.4 2003/07/03 04:25:21 willey Exp $
*/
#ifndef INCLUDED_MOD_PUBCOOKIE_H
--- 4,10 ----
*/
/*
! $Id: mod_pubcookie.h,v 2.4.4.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef INCLUDED_MOD_PUBCOOKIE_H
***************
*** 80,85 ****
--- 80,86 ----
char *login;
unsigned char *appsrvid;
char *authtype_names; /* raw arg string from conf */
+ security_context *sectext;
} pubcookie_server_rec;
typedef struct {
***************
*** 96,105 ****
--- 97,111 ----
int session_reauth;
pbc_cookie_data *cookie_data;
unsigned char *addl_requests;
+ char *user;
/* for flavor_getcred */
char *cred_transfer;
int cred_transfer_len;
+
+
+ int strip_realm;
+ char *accept_realms;
} pubcookie_dir_rec;
#endif /* INCLUDED_MOD_PUBCOOKIE_H */
Index: webiso/pubcookie/src/pubcookie.h
diff -c webiso/pubcookie/src/pubcookie.h:1.17 webiso/pubcookie/src/pubcookie.h:1.17.6.1
*** webiso/pubcookie/src/pubcookie.h:1.17 Tue May 6 16:51:19 2003
--- webiso/pubcookie/src/pubcookie.h Tue Dec 9 10:37:04 2003
***************
*** 4,10 ****
*/
/*
! $Id: pubcookie.h,v 1.17 2003/05/06 23:51:19 willey Exp $
*/
#ifndef PUBCOOKIE_MAIN
--- 4,10 ----
*/
/*
! $Id: pubcookie.h,v 1.17.6.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef PUBCOOKIE_MAIN
***************
*** 23,28 ****
--- 23,30 ----
#else
# include <pem.h>
#endif /* OPENSSL_IN_DIR */
+
+ #include <security.h>
#define PBC_USER_LEN 42
#define PBC_VER_LEN 4
Index: webiso/pubcookie/src/security.c
diff -c webiso/pubcookie/src/security.c:1.6 webiso/pubcookie/src/security.c:1.6.6.1
*** webiso/pubcookie/src/security.c:1.6 Wed Jul 2 15:04:04 2003
--- webiso/pubcookie/src/security.c Tue Dec 9 10:37:04 2003
***************
*** 6,12 ****
/** @file security.c
* Support for security structure
*
! * $Id: security.c,v 1.6 2003/07/02 22:04:04 willey Exp $
*/
--- 6,12 ----
/** @file security.c
* Support for security structure
*
! * $Id: security.c,v 1.6.6.1 2003/12/09 18:37:04 jteaton Exp $
*/
***************
*** 39,44 ****
--- 39,45 ----
char *outbuf, *out2buf;
char *in;
int inlen;
+ security_context *sectext;
if (argc != 2) {
fprintf(stderr, "%s <string>\n", argv[0]);
***************
*** 48,54 ****
libpbc_config_init(p, NULL, "security");
printf("initializing...\n");
! if (security_init(p)) {
printf("failed\n");
exit(1);
}
--- 49,55 ----
libpbc_config_init(p, NULL, "security");
printf("initializing...\n");
! if (security_init(p, §ext)) {
printf("failed\n");
exit(1);
}
***************
*** 57,84 ****
in = argv[1];
inlen = strlen(in);
printf("signing '%s'...\n", in);
! if (libpbc_mk_safe(p, NULL, in, inlen, &outbuf, &outlen)) {
printf("libpbc_mk_safe() failed\n");
exit(1);
}
printme(p, "sig", outbuf, outlen);
printf("verifying sig...");
! if (libpbc_rd_safe(p, NULL, in, inlen, outbuf, outlen)) {
printf("libpbc_rd_safe() failed\n");
exit(1);
}
printf("ok\n");
printf("encrypting '%s'...\n", in);
! if (libpbc_mk_priv(p, NULL, in, inlen, &outbuf, &outlen)) {
printf("libpbc_mk_priv() failed\n");
exit(1);
}
printme(p, "blob", outbuf, outlen);
printf("decrypting blob...\n");
! if (libpbc_rd_priv(p, NULL, outbuf, outlen, &out2buf, &out2len)) {
printf("libpbc_rd_priv() failed\n");
exit(1);
}
--- 58,85 ----
in = argv[1];
inlen = strlen(in);
printf("signing '%s'...\n", in);
! if (libpbc_mk_safe(p, sectext, NULL, in, inlen, &outbuf, &outlen)) {
printf("libpbc_mk_safe() failed\n");
exit(1);
}
printme(p, "sig", outbuf, outlen);
printf("verifying sig...");
! if (libpbc_rd_safe(p, sectext, NULL, in, inlen, outbuf, outlen)) {
printf("libpbc_rd_safe() failed\n");
exit(1);
}
printf("ok\n");
printf("encrypting '%s'...\n", in);
! if (libpbc_mk_priv(p, sectext, NULL, in, inlen, &outbuf, &outlen)) {
printf("libpbc_mk_priv() failed\n");
exit(1);
}
printme(p, "blob", outbuf, outlen);
printf("decrypting blob...\n");
! if (libpbc_rd_priv(p, sectext, NULL, outbuf, outlen, &out2buf, &out2len)) {
printf("libpbc_rd_priv() failed\n");
exit(1);
}
Index: webiso/pubcookie/src/security.h
diff -c webiso/pubcookie/src/security.h:1.8 webiso/pubcookie/src/security.h:1.8.4.1
*** webiso/pubcookie/src/security.h:1.8 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/security.h Tue Dec 9 10:37:04 2003
***************
*** 4,10 ****
*/
/*
! $Id: security.h,v 1.8 2003/07/03 04:25:21 willey Exp $
*/
#ifndef INCLUDED_SECURITY_H
--- 4,10 ----
*/
/*
! $Id: security.h,v 1.8.4.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef INCLUDED_SECURITY_H
***************
*** 15,31 ****
#endif
/**
* initializes the security subsystem.
* the configuration & logging subsystems are required prerequisites
* @param pool pionter to an Apache memory pool
* @returns non-zero on error
*/
! int security_init(pool *p);
/**
* libpbc_mk_priv takes 'buf', 'len', and returns 'outbuf', 'outlen',
* an encrypted string that can only be read by 'peer'.
* @param pool pionter to an Apache memory pool
* @param peer the name of the peer this is destined for. if NULL,
* the message will be signed with private material that is only known
* to this host.
--- 15,39 ----
#endif
/**
+ * the secuirty context structure
+ */
+ struct security_context_s;
+ typedef struct security_context_s security_context;
+
+ /**
* initializes the security subsystem.
* the configuration & logging subsystems are required prerequisites
* @param pool pionter to an Apache memory pool
+ * @param context a pointer to the context to be created inside pool
* @returns non-zero on error
*/
! int security_init(pool *p, security_context **context);
/**
* libpbc_mk_priv takes 'buf', 'len', and returns 'outbuf', 'outlen',
* an encrypted string that can only be read by 'peer'.
* @param pool pionter to an Apache memory pool
+ * @param context the security context for the (virtual) host
* @param peer the name of the peer this is destined for. if NULL,
* the message will be signed with private material that is only known
* to this host.
***************
*** 36,42 ****
* @param outlen the length of outbuf.
* @returns 0 on success, non-zero on failure.
*/
! int libpbc_mk_priv(pool *p, const char *peer, const char *buf, const int len,
char **outbuf, int *outlen);
/**
--- 44,51 ----
* @param outlen the length of outbuf.
* @returns 0 on success, non-zero on failure.
*/
! int libpbc_mk_priv(pool *p, const security_context *context, const char *peer,
! const char *buf, const int len,
char **outbuf, int *outlen);
/**
***************
*** 44,49 ****
--- 53,59 ----
* 'peer' is NULL, we assume that this host previously called libpbc_mk_priv
* with NULL.
* @param pool Apache memory pool
+ * @param context the security context for the (virtual) host
* @param peer the peer this message is destined to (the first parameter to
* libpbc_mk_priv()).
* @param buf a pointer to the encrypted message
***************
*** 53,59 ****
* @returns 0 on success, non-0 on failure (including if the message could
* not be decrypted or did not pass integrity checks)
*/
! int libpbc_rd_priv(pool *p, const char *peer, const char *buf, const int len,
char **outbuf, int *outlen);
/**
--- 63,70 ----
* @returns 0 on success, non-0 on failure (including if the message could
* not be decrypted or did not pass integrity checks)
*/
! int libpbc_rd_priv(pool *p, const security_context *context,
! const char *peer, const char *buf, const int len,
char **outbuf, int *outlen);
/**
***************
*** 61,66 ****
--- 72,78 ----
* application. 'outbuf' does not contain the plaintext message; both
* 'buf' and 'outbuf' must be sent to the other side.
* @param pool pionter to an Apache memory pool
+ * @param context the security context for the (virtual) host
* @param peer the peer this message is being sent to; if NULL, this message
* is destined to myself.
* @param buf a pointer to the message to be sent
***************
*** 69,80 ****
* @param outlen the length of the signature
* @returns 0 success, non-0 on failure
*/
! int libpbc_mk_safe(pool *p, const char *peer, const char *buf, const int len,
char **outbuf, int *outlen);
/**
* verifies a message signed with libpbc_mk_safe()
* @param pool pionter to an Apache memory pool
* @param peer the peer this message was sent to; the first parameter passed
* to libpbc_mk_safe()
* @param buf the plaintext message
--- 81,94 ----
* @param outlen the length of the signature
* @returns 0 success, non-0 on failure
*/
! int libpbc_mk_safe(pool *p, const security_context *context,
! const char *peer, const char *buf, const int len,
char **outbuf, int *outlen);
/**
* verifies a message signed with libpbc_mk_safe()
* @param pool pionter to an Apache memory pool
+ * @param context the security context for the (virtual) host
* @param peer the peer this message was sent to; the first parameter passed
* to libpbc_mk_safe()
* @param buf the plaintext message
***************
*** 83,97 ****
* @param siglen the length of the received signature
* @returns 0 on success, non-0 on any failure
*/
! int libpbc_rd_safe(pool *p, const char *peer, const char *buf, const int len,
const char *sigbuf, const int siglen);
/**
* returns the public name of this service. this is what other systems
* should use as peer to send data here with libpbc_mk_safe()
* @param pool pionter to an Apache memory pool
* @returns a constant string, which should not be modified or free()ed
*/
! const char *libpbc_get_cryptname(pool *p);
#endif
--- 97,113 ----
* @param siglen the length of the received signature
* @returns 0 on success, non-0 on any failure
*/
! int libpbc_rd_safe(pool *p, const security_context *context,
! const char *peer, const char *buf, const int len,
const char *sigbuf, const int siglen);
/**
* returns the public name of this service. this is what other systems
* should use as peer to send data here with libpbc_mk_safe()
* @param pool pionter to an Apache memory pool
+ * @param context the security context for the (virtual) host
* @returns a constant string, which should not be modified or free()ed
*/
! const char *libpbc_get_cryptname(pool *p, const security_context *context);
#endif
Index: webiso/pubcookie/src/security_legacy.c
diff -c webiso/pubcookie/src/security_legacy.c:1.31 webiso/pubcookie/src/security_legacy.c:1.31.2.1
*** webiso/pubcookie/src/security_legacy.c:1.31 Thu Nov 20 22:50:48 2003
--- webiso/pubcookie/src/security_legacy.c Tue Dec 9 10:37:04 2003
***************
*** 6,12 ****
/** @file security_legacy.c
* Heritage message protection
*
! * $Id: security_legacy.c,v 1.31 2003/11/21 06:50:48 ryanc Exp $
*/
--- 6,12 ----
/** @file security_legacy.c
* Heritage message protection
*
! * $Id: security_legacy.c,v 1.31.2.1 2003/12/09 18:37:04 jteaton Exp $
*/
***************
*** 66,72 ****
#ifdef WIN32
# include <io.h>
! # include <assert.h>
# define DIR_SEP "\\"
#else
# define DIR_SEP "/"
--- 66,72 ----
#ifdef WIN32
# include <io.h>
! # include <assert.h>
# define DIR_SEP "\\"
#else
# define DIR_SEP "/"
***************
*** 77,83 ****
#include "libpubcookie.h"
#include "strlcpy.h"
#include "snprintf.h"
! #include "pbc_configure.h"
#include "security.h"
#include "pubcookie.h"
--- 77,83 ----
#include "libpubcookie.h"
#include "strlcpy.h"
#include "snprintf.h"
! #include "pbc_configure.h"
#include "security.h"
#include "pubcookie.h"
***************
*** 103,120 ****
*/
! /* our private session keypair */
! static EVP_PKEY *sess_key;
! static X509 *sess_cert;
! static EVP_PKEY *sess_pub;
!
! /* the granting key & certificate */
! static EVP_PKEY *g_key;
! static X509 *g_cert;
! static EVP_PKEY *g_pub;
!
! /* my name */
! static char *myname = NULL;
static char *mystrdup(pool *p, const char *s)
{
--- 103,126 ----
*/
! /* a place to hold all of the certificates and keys */
! struct security_context_s {
! /* our private session keypair */
! EVP_PKEY *sess_key;
! X509 *sess_cert;
! EVP_PKEY *sess_pub;
!
! /* the granting key & certificate */
! EVP_PKEY *g_key;
! X509 *g_cert;
! EVP_PKEY *g_pub;
!
! /* my name */
! char *myname;
!
! /* the crypt_key */
! unsigned char cryptkey[PBC_DES_KEY_BUF];
! };
static char *mystrdup(pool *p, const char *s)
{
***************
*** 159,165 ****
. check pubcookie_granting
*/
! int security_init(pool *p)
{
/* our private session keypair */
--- 165,171 ----
. check pubcookie_granting
*/
! int security_init(pool *p, security_context **contextp)
{
/* our private session keypair */
***************
*** 168,206 ****
/* the granting key & certificate */
char *g_keyfile;
char *g_certfile;
! #ifdef WIN32
! char SystemRootBuff[MAX_PATH+1];
! char strbuff[MAX_REG_BUFF];
! #endif
FILE *fp;
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "security_init: hello\n");
!
! /* initialize the random number generator */
! #if defined (WIN32)
! /* Windows only has milliseconds */
! {
! SYSTEMTIME ts;
! unsigned char buf[sizeof(ts.wMilliseconds)];
!
! GetLocalTime(&ts);
! memcpy(buf, &ts.wMilliseconds, sizeof(ts.wMilliseconds));
! RAND_seed(buf, sizeof(ts.wMilliseconds));
! }
! #else
! {
! struct timeval tv;
! struct timezone tz;
! unsigned char buf[sizeof(tv.tv_usec)];
!
! gettimeofday(&tv, &tz);
! memcpy(buf, &tv.tv_usec, sizeof(tv.tv_usec));
! RAND_seed(buf, sizeof(tv.tv_usec));
! }
! #endif
/* first we try to use the ssl files */
! keyfile = mystrdup(p, libpbc_config_getstring(p, "ssl_key_file", NULL));
if (keyfile && access(keyfile, R_OK | F_OK)) {
pbc_free(p, keyfile);
/* not there ? */
--- 174,218 ----
/* the granting key & certificate */
char *g_keyfile;
char *g_certfile;
! /* our crypt key */
! char *cryptkey = NULL;
!
! #ifdef WIN32
! char SystemRootBuff[MAX_PATH+1];
! char strbuff[MAX_REG_BUFF];
! #endif
FILE *fp;
+ security_context *context;
+
+ context = *contextp = pbc_malloc(p, sizeof(**contextp));
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "security_init: hello\n");
!
! /* initialize the random number generator */
! #if defined (WIN32)
! /* Windows only has milliseconds */
! {
! SYSTEMTIME ts;
! unsigned char buf[sizeof(ts.wMilliseconds)];
!
! GetLocalTime(&ts);
! memcpy(buf, &ts.wMilliseconds, sizeof(ts.wMilliseconds));
! RAND_seed(buf, sizeof(ts.wMilliseconds));
! }
! #else
! {
! struct timeval tv;
! struct timezone tz;
! unsigned char buf[sizeof(tv.tv_usec)];
!
! gettimeofday(&tv, &tz);
! memcpy(buf, &tv.tv_usec, sizeof(tv.tv_usec));
! RAND_seed(buf, sizeof(tv.tv_usec));
! }
! #endif
/* first we try to use the ssl files */
! keyfile = mystrdup(p, libpbc_config_getstring(p, "ssl_key_file", NULL));
if (keyfile && access(keyfile, R_OK | F_OK)) {
pbc_free(p, keyfile);
/* not there ? */
***************
*** 255,261 ****
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't find session keyfile (try setting ssl_key_file?)");
return -1;
! }
if (!certfile) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't find session certfile (try setting ssl_cert_file?)");
--- 267,273 ----
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't find session keyfile (try setting ssl_key_file?)");
return -1;
! }
if (!certfile) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't find session certfile (try setting ssl_cert_file?)");
***************
*** 295,303 ****
/* now read them into memory */
! /* session key */
! #ifdef WIN32
! if (keyfile && certfile) {
#endif
fp = pbc_fopen(p, keyfile, "r");
--- 307,315 ----
/* now read them into memory */
! /* session key */
! #ifdef WIN32
! if (keyfile && certfile) {
#endif
fp = pbc_fopen(p, keyfile, "r");
***************
*** 307,320 ****
return -1;
}
! /*
! sess_key = (EVP_PKEY *) PEM_ASN1_read((char *(*)())d2i_PrivateKey,
! PEM_STRING_EVP_PKEY,
! fp, NULL, NULL, NULL);
! */
! sess_key = (EVP_PKEY *) PEM_read_PrivateKey(fp, NULL, NULL, NULL);
! if (!sess_key) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse session key: %s", keyfile);
return -1;
--- 319,327 ----
return -1;
}
! context->sess_key = (EVP_PKEY *) PEM_read_PrivateKey(fp, NULL, NULL, NULL);
! if (!context->sess_key) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse session key: %s", keyfile);
return -1;
***************
*** 328,403 ****
"security_init: couldn't read certfile: pbc_fopen %s", certfile);
return -1;
}
! /*
! sess_cert = (X509 *) PEM_ASN1_read((char *(*)()) d2i_X509,
! PEM_STRING_X509,
! fp, NULL, NULL, NULL);
! */
! sess_cert = (X509 *) PEM_read_X509(fp, NULL, NULL, NULL);
! if (!sess_cert) {
/* xxx openssl errors */
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse session certificate: %s", certfile);
return -1;
}
! sess_pub = X509_extract_key(sess_cert);
! myname = X509_NAME_oneline (X509_get_subject_name (sess_cert),0,0);
! myname = extract_cn(p, myname);
! if (!myname) {
char tmp[1024];
/* hmm, no name encoded in the certificate; we'll just use our
hostname */
gethostname(tmp, sizeof(tmp)-1);
! myname = mystrdup(p, tmp);
}
pbc_fclose(p, fp);
! #ifdef WIN32
! }
! else {
!
! sess_key=EVP_PKEY_new();
!
! if (!EVP_PKEY_assign_RSA(sess_key,RSA_generate_key(1024,RSA_F4,NULL,NULL)))
! {
! pbc_log_activity(p, PBC_LOG_ERROR,
! "[Pubcookie_Init] Unable to find or generate session keypair.");
! return -1;
! }
!
! /* sess_key was assigned both public and private keys */
! sess_pub = sess_key;
pbc_log_activity(p, PBC_LOG_AUDIT,
"security_init: generated new session keypair.");
! }
!
! {
! char tmp[1024];
! struct hostent *hp;
!
! gethostname(tmp, sizeof(tmp)-1);
! if ( !(hp = gethostbyname(tmp)) ) {
! pbc_log_activity(p, PBC_LOG_ERROR,
! "[Pubcookie_Init] gethostbyname failed.");
! return -1;
! }
! myname = mystrdup(p, hp->h_name);
! }
!
! #endif
/* granting key */
if (g_keyfile) {
fp = pbc_fopen(p, g_keyfile, "r");
if (fp) {
! /*
! g_key = (EVP_PKEY *) PEM_ASN1_read((char *(*)()) d2i_PrivateKey,
! PEM_STRING_EVP_PKEY,
! fp, NULL, NULL, NULL);
! */
! g_key = (EVP_PKEY *) PEM_read_PrivateKey(fp, NULL, NULL, NULL);
! if (!g_key) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse granting key: %s", g_keyfile);
return -1;
--- 335,401 ----
"security_init: couldn't read certfile: pbc_fopen %s", certfile);
return -1;
}
!
! context->sess_cert = (X509 *) PEM_read_X509(fp, NULL, NULL, NULL);
! if (!context->sess_cert) {
/* xxx openssl errors */
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse session certificate: %s", certfile);
return -1;
}
! context->sess_pub = X509_extract_key(context->sess_cert);
! context->myname = X509_NAME_oneline (X509_get_subject_name (context->sess_cert),0,0);
! context->myname = extract_cn(p, context->myname);
! if (!context->myname) {
char tmp[1024];
/* hmm, no name encoded in the certificate; we'll just use our
hostname */
gethostname(tmp, sizeof(tmp)-1);
! context->myname = mystrdup(p, tmp);
}
pbc_fclose(p, fp);
! #ifdef WIN32
! }
! else {
!
! sess_key=EVP_PKEY_new();
!
! if (!EVP_PKEY_assign_RSA(sess_key,RSA_generate_key(1024,RSA_F4,NULL,NULL)))
! {
! pbc_log_activity(p, PBC_LOG_ERROR,
! "[Pubcookie_Init] Unable to find or generate session keypair.");
! return -1;
! }
!
! /* sess_key was assigned both public and private keys */
! sess_pub = sess_key;
pbc_log_activity(p, PBC_LOG_AUDIT,
"security_init: generated new session keypair.");
! }
!
! {
! char tmp[1024];
! struct hostent *hp;
!
! gethostname(tmp, sizeof(tmp)-1);
! if ( !(hp = gethostbyname(tmp)) ) {
! pbc_log_activity(p, PBC_LOG_ERROR,
! "[Pubcookie_Init] gethostbyname failed.");
! return -1;
! }
! myname = mystrdup(p, hp->h_name);
! }
!
! #endif
/* granting key */
if (g_keyfile) {
fp = pbc_fopen(p, g_keyfile, "r");
if (fp) {
! context->g_key = (EVP_PKEY *) PEM_read_PrivateKey(fp, NULL, NULL, NULL);
! if (!context->g_key) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse granting key: %s", g_keyfile);
return -1;
***************
*** 419,440 ****
g_certfile);
return -1;
}
! /*
! g_cert = (X509 *) PEM_ASN1_read((char *(*)()) d2i_X509,
! PEM_STRING_X509,
! fp, NULL, NULL, NULL);
! */
! g_cert = (X509 *) PEM_read_X509(fp, NULL, NULL, NULL);
! if (!g_cert) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse granting certificate: %s", g_certfile);
return -1;
}
! g_pub = X509_extract_key(g_cert);
pbc_fclose(p, fp);
/* xxx CA file / CA dir ? */
if (keyfile != NULL)
pbc_free(p, keyfile);
--- 417,466 ----
g_certfile);
return -1;
}
! context->g_cert = (X509 *) PEM_read_X509(fp, NULL, NULL, NULL);
! if (!context->g_cert) {
pbc_log_activity(p, PBC_LOG_ERROR,
"security_init: couldn't parse granting certificate: %s", g_certfile);
return -1;
}
! context->g_pub = X509_extract_key(context->g_cert);
pbc_fclose(p, fp);
/* xxx CA file / CA dir ? */
+ /* our crypt key */
+ cryptkey = (char *)libpbc_config_getstring(p, "crypt_key", NULL);
+ if (cryptkey) {
+ if (access(cryptkey, R_OK | F_OK) == -1) {
+ pbc_log_activity(p, PBC_LOG_ERROR, "security_init: can't access crypt key file %s, will try standard location", cryptkey);
+ pbc_free(p, cryptkey);
+ cryptkey = NULL;
+ }
+ }
+ if (!cryptkey) {
+ cryptkey = pbc_malloc(p, 1024);
+ make_crypt_keyfile(p, context->myname, cryptkey);
+ if (access(cryptkey, R_OK | F_OK) == -1) {
+ pbc_log_activity(p, PBC_LOG_ERROR, "security_init: can't access crypt key file %s (try setting crypt_key)", cryptkey);
+ free(cryptkey);
+ return -2;
+ }
+ }
+
+ fp = pbc_fopen(p, cryptkey, "r");
+ if (!fp) {
+ pbc_log_activity(p, PBC_LOG_ERROR, "security_init: couldn't read crypt key: pbc_fopen %s: %m", cryptkey);
+ return -2;
+ }
+
+ if( fread(context->cryptkey, sizeof(char), PBC_DES_KEY_BUF, fp) != PBC_DES_KEY_BUF) {
+ pbc_log_activity(p, PBC_LOG_ERROR,
+ "can't read crypt key %s: short read", keyfile);
+ pbc_fclose(p, fp);
+ return -2;
+ }
+
+
if (keyfile != NULL)
pbc_free(p, keyfile);
***************
*** 450,458 ****
return 0;
}
! const char *libpbc_get_cryptname(pool *p)
{
! return myname;
}
--- 476,484 ----
return 0;
}
! const char *libpbc_get_cryptname(pool *p, const security_context *context)
{
! return context->myname;
}
***************
*** 464,472 ****
*/
static void make_crypt_keyfile(pool *p, const char *peername, char *buf)
{
! #ifdef WIN32
! char SystemRootBuff[MAX_PATH+1];
! #endif
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "make_crypt_keyfile: hello\n");
strlcpy(buf, PBC_KEY_DIR, 1024);
--- 490,498 ----
*/
static void make_crypt_keyfile(pool *p, const char *peername, char *buf)
{
! #ifdef WIN32
! char SystemRootBuff[MAX_PATH+1];
! #endif
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "make_crypt_keyfile: hello\n");
strlcpy(buf, PBC_KEY_DIR, 1024);
***************
*** 479,506 ****
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "make_crypt_keyfile: goodbye\n");
}
! static int get_crypt_key(pool *p, const char *peername, char *buf)
{
FILE *fp;
char keyfile[1024];
!
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "get_crypt_key: hello\n");
! pbc_log_activity(p, PBC_LOG_ERROR,
! "Looking for crypt key %s", peername); //debug
make_crypt_keyfile(p, peername, keyfile);
!
if (!(fp = pbc_fopen(p, keyfile, "rb"))) {
! pbc_log_activity(p, PBC_LOG_ERROR,
! "can't open crypt key %s", keyfile);
! return -1;
}
if( fread(buf, sizeof(char), PBC_DES_KEY_BUF, fp) != PBC_DES_KEY_BUF) {
! pbc_log_activity(p, PBC_LOG_ERROR,
"can't read crypt key %s: short read", keyfile);
! pbc_fclose(p, fp);
! return -1;
}
pbc_fclose(p, fp);
--- 505,539 ----
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "make_crypt_keyfile: goodbye\n");
}
! static int get_crypt_key(pool *p, const security_context *context,
! const char *peername, char *buf)
{
+
FILE *fp;
char keyfile[1024];
! char *configkey;
!
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "get_crypt_key: hello\n");
!
! /* check to see if this is our key, which we already read in once */
! if (strcmp(peername, context->myname) == 0) {
! memcpy(buf, context->cryptkey, PBC_DES_KEY_BUF);
! return 0;
! }
make_crypt_keyfile(p, peername, keyfile);
!
if (!(fp = pbc_fopen(p, keyfile, "rb"))) {
! pbc_log_activity(p, PBC_LOG_ERROR,
! "can't open crypt key %s: %m", keyfile);
! return -1;
}
if( fread(buf, sizeof(char), PBC_DES_KEY_BUF, fp) != PBC_DES_KEY_BUF) {
! pbc_log_activity(p, PBC_LOG_ERROR,
"can't read crypt key %s: short read", keyfile);
! pbc_fclose(p, fp);
! return -1;
}
pbc_fclose(p, fp);
***************
*** 522,528 ****
* @param outlen the length of outbuf.
* @returns 0 on success, non-zero on failure.
*/
! int libpbc_mk_priv(pool *p, const char *peer, const char *buf, const int len,
char **outbuf, int *outlen)
{
int r;
--- 555,562 ----
* @param outlen the length of outbuf.
* @returns 0 on success, non-zero on failure.
*/
! int libpbc_mk_priv(pool *p, const security_context *context,
! const char *peer, const char *buf, const int len,
char **outbuf, int *outlen)
{
int r;
***************
*** 544,553 ****
assert(outbuf != NULL && outlen != NULL);
assert(buf != NULL && len > 0);
! peer2 = peer ? peer : libpbc_get_cryptname(p);
! if (get_crypt_key(p, peer2, (char *) keybuf) < 0) {
pbc_log_activity(p, PBC_LOG_ERROR,
"get_crypt_key(%s) failed", peer2);
return -1;
--- 578,587 ----
assert(outbuf != NULL && outlen != NULL);
assert(buf != NULL && len > 0);
! peer2 = peer ? peer : libpbc_get_cryptname(p, context);
! if (get_crypt_key(p, context, peer2, (char *) keybuf) < 0) {
pbc_log_activity(p, PBC_LOG_ERROR,
"get_crypt_key(%s) failed", peer2);
return -1;
***************
*** 579,585 ****
ivec[c] ^= ivec_tmp[i % sizeof(ivec_tmp)];
}
! r = libpbc_mk_safe(p, peer, buf, len, &mysig, &siglen);
if (!r) {
*outlen = len + siglen + 2;
*outbuf = pbc_malloc(p, *outlen);
--- 613,619 ----
ivec[c] ^= ivec_tmp[i % sizeof(ivec_tmp)];
}
! r = libpbc_mk_safe(p, context, peer, buf, len, &mysig, &siglen);
if (!r) {
*outlen = len + siglen + 2;
*outbuf = pbc_malloc(p, *outlen);
***************
*** 625,631 ****
* @returns 0 on success, non-0 on failure (including if the message could
* not be decrypted or did not pass integrity checks
*/
! int libpbc_rd_priv(pool *p, const char *peer, const char *buf, const int len,
char **outbuf, int *outlen)
{
int index1, index2;
--- 659,666 ----
* @returns 0 on success, non-0 on failure (including if the message could
* not be decrypted or did not pass integrity checks
*/
! int libpbc_rd_priv(pool *p, const security_context *context,
! const char *peer, const char *buf, const int len,
char **outbuf, int *outlen)
{
int index1, index2;
***************
*** 641,647 ****
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "libpbc_rd_priv: hello\n");
! sig_len = EVP_PKEY_size(peer ? g_pub : sess_pub);
mysig = (char *) pbc_malloc(p, sig_len);
if (len < sig_len + 2) {
--- 676,682 ----
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "libpbc_rd_priv: hello\n");
! sig_len = EVP_PKEY_size(peer ? context->g_pub : context->sess_pub);
mysig = (char *) pbc_malloc(p, sig_len);
if (len < sig_len + 2) {
***************
*** 652,658 ****
/* since i'm reading a message, i always decrypt using my key in this
security model. */
! if (get_crypt_key(p, libpbc_get_cryptname(p), (char *) keybuf) < 0) {
return(1) ;
}
--- 687,693 ----
/* since i'm reading a message, i always decrypt using my key in this
security model. */
! if (get_crypt_key(p, context, libpbc_get_cryptname(p, context), (char *) keybuf) < 0) {
return(1) ;
}
***************
*** 687,693 ****
DES_DECRYPT);
/* verify signature */
! r = libpbc_rd_safe(p, peer, *outbuf, *outlen, mysig, sig_len);
if (!r) return 0;
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
--- 722,728 ----
DES_DECRYPT);
/* verify signature */
! r = libpbc_rd_safe(p, context, peer, *outbuf, *outlen, mysig, sig_len);
if (!r) return 0;
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
***************
*** 705,711 ****
* application. 'outbuf' does not contain the plaintext message; both
* 'buf' and 'outbuf' must be sent to the other side
*/
! int libpbc_mk_safe(pool *p, const char *peer, const char *buf, const int len,
char **outbuf, int *outlen)
{
unsigned char *sig;
--- 740,747 ----
* application. 'outbuf' does not contain the plaintext message; both
* 'buf' and 'outbuf' must be sent to the other side
*/
! int libpbc_mk_safe(pool *p, const security_context *context,
! const char *peer, const char *buf, const int len,
char **outbuf, int *outlen)
{
unsigned char *sig;
***************
*** 723,731 ****
*outbuf = NULL;
*outlen = 0;
/* sign with g_key if it exists and there is a peer; session key otherwise */
! if (g_key && peer) thekey = g_key;
! else thekey = sess_key;
sig = (unsigned char *) pbc_malloc(p, EVP_PKEY_size(thekey));
sig_len = EVP_PKEY_size(thekey);
--- 759,773 ----
*outbuf = NULL;
*outlen = 0;
+ if (peer && !context->g_key) {
+ pbc_log_activity(p, PBC_LOG_ERROR,
+ "libpbc_mk_safe: no granting key: can't secure message to %s", peer);
+ return -1;
+ }
+
/* sign with g_key if it exists and there is a peer; session key otherwise */
! if (context->g_key && peer) thekey = context->g_key;
! else thekey = context->sess_key;
sig = (unsigned char *) pbc_malloc(p, EVP_PKEY_size(thekey));
sig_len = EVP_PKEY_size(thekey);
***************
*** 749,756 ****
return r;
}
! int libpbc_rd_safe(pool *p, const char *peer, const char *buf, const int len,
! const char *sigbuf, const int siglen)
{
EVP_MD_CTX ctx;
int r;
--- 791,799 ----
return r;
}
! int libpbc_rd_safe(pool *p, const security_context *context,
! const char *peer, const char *buf, const int len,
! const char *sigbuf, const int siglen)
{
EVP_MD_CTX ctx;
int r;
***************
*** 766,772 ****
EVP_VerifyInit(&ctx, EVP_md5());
EVP_VerifyUpdate(&ctx, buf, len);
r = EVP_VerifyFinal(&ctx, (unsigned char *) sigbuf, siglen,
! peer ? g_pub : sess_pub);
if (!r) {
/* xxx log openssl error */
--- 809,815 ----
EVP_VerifyInit(&ctx, EVP_md5());
EVP_VerifyUpdate(&ctx, buf, len);
r = EVP_VerifyFinal(&ctx, (unsigned char *) sigbuf, siglen,
! peer ? context->g_pub : context->sess_pub);
if (!r) {
/* xxx log openssl error */
end of message
- Previous message: [pubcookie-dev] Pubcookei cvs back
- Next message: [pubcookie-dev] WEBISO CVS update: jteaton;
index.cgi.c,1.109,1.109.2.1 index.cgi.h,1.42,1.42.4.1
keyclient.c,2.37,2.37.2.1 libpubcookie.c,2.62,2.62.2.1
libpubcookie.h,1.40,1.40.2.1 mod_pubcookie.c,1.123,1.123.4.1
mod_pubcookie.h,2.4,2.4.4.1 pubcookie
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the pubcookie-dev
mailing list