[pubcookie-dev] WEBISO CVS update: jteaton;
flavor.h,1.9.6.1,1.9.6.2 flavor_basic.c,1.42,1.42.4.1
flavor_getcred.c,1.19.4.1,1.19.4.2 index.cgi.c,1.109.2.1,1.109.2.2
index.cgi.h,1.42.4.1,1.42.4.2 keyclient.c,2.37.2.1,2.37.2.2
keyserver.c,2.39,2.39.2.1 libpubcookie.c,2.62.2.1,2.62.2.2
libpubcookie.h,1.40.2.1,1.40.2.2 mod_pubcookie.c,1.123.4.2,1.123.4.3
ntmpl.c,1.9,1.9.4.1 pbc_config.h,1.83,1.83.2.1 pbc_myconfig.c,1.35,1.35.2.1
pbc_path.h.in,2.7,2.7.2.1 security.h,1.8.4.1,1.8.4.2 verify.c,1.20,1.20.2.1
jeaton+ at andrew.cmu.edu
jeaton+ at andrew.cmu.edu
Tue Dec 16 14:01:28 PST 2003
Update of /usr/local/cvsroot/webiso/pubcookie/src
In directory webiso-cvs.cac.washington.edu:/var/tmp/cvs-serv13961/src
Modified Files:
Tag: security-context
config.h.in flavor.c flavor.h flavor_basic.c flavor_getcred.c
index.cgi.c index.cgi.h keyclient.c keyserver.c libpubcookie.c
libpubcookie.h mod_pubcookie.c ntmpl.c pbc_config.h
pbc_myconfig.c pbc_path.h.in security.h verify.c
Log Message:
meged in u.wash changes from trunk
Index: webiso/pubcookie/src/config.h.in
diff -c webiso/pubcookie/src/config.h.in:2.17 webiso/pubcookie/src/config.h.in:2.17.2.1
*** webiso/pubcookie/src/config.h.in:2.17 Thu Aug 7 11:44:16 2003
--- webiso/pubcookie/src/config.h.in Tue Dec 16 14:01:26 2003
***************
*** 10,15 ****
--- 10,18 ----
#undef ENABLE_LDAP
/* Define to 1 to support shadow verifiers */
+ #undef ENABLE_UWSECURID
+
+ /* Define to 1 to support shadow verifiers */
#undef ENABLE_SHADOW
/* Define to 1 if you have the <arpa/inet.h> header file. */
Index: webiso/pubcookie/src/flavor.c
diff -c webiso/pubcookie/src/flavor.c:1.11 webiso/pubcookie/src/flavor.c:1.11.4.1
*** webiso/pubcookie/src/flavor.c:1.11 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/flavor.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file flavor.c
* Flavor generic code
*
! * $Id: flavor.c,v 1.11 2003/07/03 04:25:21 willey Exp $
*/
--- 6,12 ----
/** @file flavor.c
* Flavor generic code
*
! * $Id: flavor.c,v 1.11.4.1 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 26,40 ****
#endif /* HAVE_DMALLOC_H */
extern struct login_flavor login_flavor_basic;
- /* extern struct login_flavor login_flavor_uwash; */
extern struct login_flavor login_flavor_getcred;
/**
*/
static struct login_flavor *flavors[] = {
&login_flavor_basic,
&login_flavor_getcred,
! /* &login_flavor_uwash, */
NULL
}; /*! list of available flavors */
--- 26,44 ----
#endif /* HAVE_DMALLOC_H */
extern struct login_flavor login_flavor_basic;
extern struct login_flavor login_flavor_getcred;
+ #ifdef ENABLE_UWSECURID
+ extern struct login_flavor login_flavor_uwsecurid;
+ #endif
/**
*/
static struct login_flavor *flavors[] = {
&login_flavor_basic,
&login_flavor_getcred,
! #ifdef ENABLE_UWSECURID
! &login_flavor_uwsecurid,
! #endif
NULL
}; /*! list of available flavors */
Index: webiso/pubcookie/src/flavor.h
diff -c webiso/pubcookie/src/flavor.h:1.9.6.1 webiso/pubcookie/src/flavor.h:1.9.6.2
*** webiso/pubcookie/src/flavor.h:1.9.6.1 Tue Dec 9 10:37:03 2003
--- webiso/pubcookie/src/flavor.h Tue Dec 16 14:01:26 2003
***************
*** 10,16 ****
* - the policy of when freerides are allowed
* - what the layout of the login page is, how login messages are printed.
*
! * $Id: flavor.h,v 1.9.6.1 2003/12/09 18:37:03 jteaton Exp $
*/
#ifndef INCLUDED_FLAVOR_H
--- 10,16 ----
* - the policy of when freerides are allowed
* - what the layout of the login page is, how login messages are printed.
*
! * $Id: flavor.h,v 1.9.6.2 2003/12/16 22:01:26 jteaton Exp $
*/
#ifndef INCLUDED_FLAVOR_H
Index: webiso/pubcookie/src/flavor_basic.c
diff -c webiso/pubcookie/src/flavor_basic.c:1.42 webiso/pubcookie/src/flavor_basic.c:1.42.4.1
*** webiso/pubcookie/src/flavor_basic.c:1.42 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/flavor_basic.c Tue Dec 16 14:01:26 2003
***************
*** 13,19 ****
* will pass l->realm to the verifier and append it to the username when
* 'append_realm' is set
*
! * $Id: flavor_basic.c,v 1.42 2003/07/03 04:25:21 willey Exp $
*/
--- 13,19 ----
* will pass l->realm to the verifier and append it to the username when
* 'append_realm' is set
*
! * $Id: flavor_basic.c,v 1.42.4.1 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 77,82 ****
--- 77,84 ----
#define FLB_LCOOKIE_ERROR 3
#define FLB_CACHE_CREDS_WRONG 4
#define FLB_PINIT 5
+ #define FLB_PLACE_HOLDER 6 /* for consistancy btwn flavors, why? */
+ #define FLB_LCOOKIE_EXPIRED 7
/* The beginning size for the hidden fields */
#define INIT_HIDDEN_SIZE 2048
***************
*** 183,264 ****
return reasonhtml;
}
! /* get the html for user field, static or dynamic */
! /* this really needs to be replaced by something from the template system */
! char * get_user_field(pool *p, const char * user_field_page, const char * user ){
! char *userfieldfile;
! const char *user_field_path = TMPL_FNAME;
! int userfilelen;
! int user_field_len;
! FILE * user_field_file;
! char * user_field_html;
int readlen;
char buf[PBC_1K];
! char * tok1;
! char * tok2;
! int user_len = ( user != NULL ? strlen(user) : 0 );
! pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "get_user_field: hello");
! userfilelen = strlen(user_field_path) + strlen("/") + strlen(user_field_page) + 1;
! userfieldfile = malloc( userfilelen * sizeof(char) );
! if ( snprintf( userfieldfile, userfilelen, "%s%s%s",
! user_field_path,
! user_field_path[strlen(user_field_path) - 1 ] == '/' ? "" : "/",
! user_field_page ) > userfilelen ) {
/* Need to do something, we would have overflowed. */
! abend(p, "user field filename overflow!\n");
}
! user_field_file = pbc_fopen(p, userfieldfile, "r" );
! if (user_field_file == NULL) {
! libpbc_abend(p, "Cannot open user field file %s", userfieldfile );
}
! user_field_len = file_size(p, user_field_file);
! if (user_field_len == 0)
return NULL;
! if ( user_field_len >= sizeof(buf) ) {
! libpbc_abend(p, "Need bigger buffer for reading user form field file, %D not big enough", sizeof(buf) );
}
! user_field_html = malloc( (user_field_len + 1) * sizeof( char ) + user_len );
! if ( user_field_html == NULL ) {
/* Out of memory! */
! libpbc_abend(p, "Out of memory allocating to user field file" );
}
! readlen = fread( buf, 1, user_field_len, user_field_file );
! if (readlen != user_field_len) {
! libpbc_abend(p, "read %d when expecting %d on user field file read.",
! readlen, user_field_len );
}
! pbc_fclose(p, user_field_file);
! free(userfieldfile);
! buf[user_field_len] = '\0';
! strcpy(user_field_html, buf);
! /* cheesy non-generic substitution for user field */
! /* chop up the strings */
! tok2 = strstr(strstr(buf, "%user%")+1, "%");
! tok1 = strstr(user_field_html, "%user%");
! /* piece them back together */
! strcpy(tok1, (user != NULL ? user : ""));
! strcpy(tok1+user_len, tok2+1);
! pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "get_user_field: goodbye: %s", user_field_html);
! return user_field_html;
}
--- 185,341 ----
return reasonhtml;
}
! /* get the html for user or password or whatever field, static or dynamic */
! char *flb_get_field_html(pool *p, const char *field_page, const char *contents)
! {
! char *field_html = NULL; /* net result */
! char *fieldfile;
! const char *field_path = TMPL_FNAME;
! int filelen;
! int field_len;
! FILE *field_file;
int readlen;
char buf[PBC_1K];
! char *start = NULL;
! char *end = NULL;
! int len = ( contents != NULL ? strlen(contents) : 0 );
! char func[] = "flb_get_field_html";
! pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "%s: hello", func);
! filelen = strlen(field_path) + strlen("/") + strlen(field_page) + 1;
! fieldfile = malloc( filelen *sizeof(char) );
! if ( snprintf( fieldfile, filelen, "%s%s%s",
! field_path,
! field_path[strlen(field_path) - 1 ] == '/' ? "" : "/",
! field_page ) > filelen ) {
/* Need to do something, we would have overflowed. */
! abend(p, "field filename overflow!\n");
}
! field_file = pbc_fopen(p, fieldfile, "r" );
! if (field_file == NULL) {
! libpbc_abend(p, "Cannot open field file %s", fieldfile );
}
! field_len = file_size(p, field_file);
! if (field_len == 0)
return NULL;
! if ( field_len >= sizeof(buf) ) {
! libpbc_abend(p, "Need bigger buffer for reading form field file, %D not big enough", sizeof(buf) );
}
! field_html = malloc( (field_len + 1) * sizeof( char ) + len );
! if ( field_html == NULL ) {
/* Out of memory! */
! libpbc_abend(p, "Out of memory allocating to field file" );
}
! readlen = fread( buf, 1, field_len, field_file );
! if (readlen != field_len) {
! libpbc_abend(p, "read %d when expecting %d on field file read.",
! readlen, field_len );
}
! pbc_fclose(p, field_file);
! if (fieldfile != NULL)
! free(fieldfile);
!
! buf[field_len] = '\0';
! strcpy(field_html, buf);
!
! /* if there is a substiturion to be made, make it */
! while ( strstr(buf, "%contents%") != NULL ) {
! /* cheesy non-generic substitution for field */
! /* chop up the strings */
! end = strstr(strstr(buf, "%contents%")+1, "%");
! start = strstr(field_html, "%contents%");
!
! /* piece them back together */
! strcpy(start, (contents != NULL ? contents : ""));
! strcpy(start+len, end+1);
!
! strncpy(buf, field_html, PBC_1K);
! }
!
! pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "%s: goodbye: %s",
! func, field_html);
!
! return field_html;
! }
!
! /* figure out what html to use for user field */
! char *flb_get_user_field(pool *p, login_rec *l, login_rec *c, int reason)
! {
! char func[] = "flb_get_user_field";
! const char *loser = (l != NULL && l->user != NULL ? l->user
! : (c != NULL ? c->user : NULL));
! const char *static_config = libpbc_config_getstring(p, "static_user_field",
! STATIC_USER_FIELD_KIND);
! char *user_field_html;
!
! if ( strcmp(static_config, STATIC_USER_FIELD_KIND) == 0 ) {
! if ( c != NULL && c->user != NULL & reason == FLB_REAUTH ||
! c != NULL && c->user != NULL & reason == FLB_CACHE_CREDS_WRONG ||
! l->user != NULL && l->ride_free_creds == PBC_BASIC_CRED_ID ) {
! user_field_html = flb_get_field_html(p, libpbc_config_getstring(p,
! "tmpl_login_user_static",
! "login_user_static" ), loser);
! l->hide_user = PBC_TRUE;
! }
! else {
! user_field_html = flb_get_field_html(p, libpbc_config_getstring(p,
! "tmpl_login_user_form_field",
! "login_user_form_field" ), loser);
! l->hide_user = PBC_FALSE;
! }
! }
! else if ( strcmp(static_config, STATIC_USER_FIELD_FASCIST) == 0 ) {
! if ( c != NULL && c->user != NULL ||
! l->user != NULL && l->ride_free_creds == PBC_BASIC_CRED_ID ) {
! user_field_html = flb_get_field_html(p, libpbc_config_getstring(p,
! "tmpl_login_user_static",
! "login_user_static" ), loser);
! l->hide_user = PBC_TRUE;
! }
! else {
! user_field_html = flb_get_field_html(p, libpbc_config_getstring(p,
! "tmpl_login_user_form_field",
! "login_user_form_field" ), loser);
! l->hide_user = PBC_FALSE;
! }
! }
! else { /* STATIC_USER_FIELD_NEVER */
! user_field_html = flb_get_field_html(p, libpbc_config_getstring(p,
! "tmpl_login_user_form_field",
! "login_user_form_field" ), loser);
! l->hide_user = PBC_FALSE;
! }
! return(user_field_html);
! }
! /* get the html for user field, static or dynamic */
! char *flb_get_hidden_user_field(pool *p, login_rec *l, login_rec *c, int reason)
! {
! const char *loser = (l != NULL && l->user != NULL ? l->user
! : (c != NULL ? c->user : NULL));
! if ( l != NULL && l->hide_user == PBC_TRUE )
! return(flb_get_field_html(p, libpbc_config_getstring(p,
! "tmpl_login_user_hidden",
! "login_user_hidden" ), loser));
! else
! return(NULL);
}
***************
*** 271,286 ****
char message_out[1024];
const char * reasonpage = NULL;
! char * hidden_fields = NULL;
int hidden_len = 0;
int hidden_needed_len = INIT_HIDDEN_SIZE;
! char * getcred_hidden = NULL;
! char * reason_html = NULL;
! char * user_field = NULL;
char now[64];
! pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "print_login_page: hello");
/* set the cookies */
if (need_clear_login) {
--- 348,364 ----
char message_out[1024];
const char * reasonpage = NULL;
! char *hidden_fields = NULL;
int hidden_len = 0;
int hidden_needed_len = INIT_HIDDEN_SIZE;
! char *getcred_hidden = NULL;
! char *reason_html = NULL;
! char *user_field = NULL;
! char *hidden_user = NULL;
char now[64];
! pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "print_login_page: hello reason: %d", reason);
/* set the cookies */
if (need_clear_login) {
***************
*** 302,308 ****
switch (reason) {
case FLB_BAD_AUTH:
! reasonpage = libpbc_config_getstring(p, "tmpl_login_bad_auth",
"login_bad_auth" );
break;
case FLB_REAUTH:
--- 380,393 ----
switch (reason) {
case FLB_BAD_AUTH:
! /* username will be static and prefilled use a different bad
! auth message, one without comments about the username */
! /* left the default file the same only config key is different */
! if( c != NULL && c->user != NULL )
! reasonpage = libpbc_config_getstring(p, "tmpl_login_bad_auth_static_user",
! "login_bad_auth" );
! else
! reasonpage = libpbc_config_getstring(p, "tmpl_login_bad_auth",
"login_bad_auth" );
break;
case FLB_REAUTH:
***************
*** 317,322 ****
--- 402,411 ----
reasonpage = libpbc_config_getstring(p, "tmpl_login_pinit",
"login_pinit" );
break;
+ case FLB_LCOOKIE_EXPIRED:
+ reasonpage = libpbc_config_getstring(p, "tmpl_login_expired",
+ "login_expired" );
+ break;
case FLB_LCOOKIE_ERROR:
default:
reasonpage = libpbc_config_getstring(p, "tmpl_login_nolcookie",
***************
*** 427,443 ****
snprintf(now, sizeof(now), "%d", time(NULL));
! /* if it's a reauth then the user field can't be changed */
! if ( reason == FLB_REAUTH && l->user != NULL )
! user_field = get_user_field(p,
! libpbc_config_getstring(p, "tmpl_login_user_static",
! "login_user_static" ),
! l->user);
! else
! user_field = get_user_field(p,
! libpbc_config_getstring(p, "tmpl_login_user_form_field",
! "login_user_form_field" ),
! l->user != NULL ? l->user : (c != NULL ? c->user : NULL));
/* Display the login form. */
ntmpl_print_html(p, TMPL_FNAME,
--- 516,526 ----
snprintf(now, sizeof(now), "%d", time(NULL));
! /* what should the user field look like? */
! user_field = flb_get_user_field(p, l, c, reason);
!
! /* if the user field should be hidden */
! hidden_user = flb_get_hidden_user_field(p, l, c, reason);
/* Display the login form. */
ntmpl_print_html(p, TMPL_FNAME,
***************
*** 445,450 ****
--- 528,534 ----
"loginuri", PBC_LOGIN_URI,
"message", reason_html != NULL ? reason_html : "",
"curtime", now,
+ "hiddenuser", hidden_user != NULL ? hidden_user : "",
"hiddenfields", hidden_fields,
"user_field", user_field != NULL ? user_field : "",
"getcredhidden", getcred_hidden != NULL ? getcred_hidden : "",
***************
*** 461,466 ****
--- 545,553 ----
if (reason_html != NULL)
free( reason_html );
+ if (hidden_user != NULL)
+ free( hidden_user );
+
if (hidden_fields != NULL)
free( hidden_fields );
***************
*** 481,491 ****
if authentication has succeeded, no output is generated and it returns
LOGIN_OK.
*/
! static login_result process_basic(pool *p, login_rec *l, login_rec *c,
const char **errstr)
{
struct credentials *creds = NULL;
struct credentials **credsp = NULL;
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "process_basic: hello\n" );
--- 568,580 ----
if authentication has succeeded, no output is generated and it returns
LOGIN_OK.
*/
! static login_result process_basic(pool *p, securit_context *context,
! login_rec *l, login_rec *c,
const char **errstr)
{
struct credentials *creds = NULL;
struct credentials **credsp = NULL;
+ int also_allow_cred = 0;
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "process_basic: hello\n" );
***************
*** 505,510 ****
--- 594,602 ----
return LOGIN_ERR;
}
+ /* allow flavor basic to honor login cookies from other flavors */
+ also_allow_cred = libpbc_config_getint(p, "basic_also_accepts", 0) + 48;
+
/* choices, choices */
/* index.cgi is responsible for extracting replies to the prompts
***************
*** 534,544 ****
if (debug) {
/* xxx log realm */
pbc_log_activity(p, PBC_LOG_AUDIT,
! "authentication successful for %s\n", l->user );
}
/* authn succeeded! */
/* xxx modify 'l' accordingly ? */
/* optionally stick @REALM into the username */
--- 626,644 ----
if (debug) {
/* xxx log realm */
pbc_log_activity(p, PBC_LOG_AUDIT,
! "Authentication success: %s IP: %s type: %c\n",
! l->user,
! (cgiRemoteAddr == NULL ? "(null)" : cgiRemoteAddr),
! l->creds);
}
/* authn succeeded! */
+ /* set the create time */
+ l->create_ts = time(NULL);
+ if( c != NULL )
+ c->create_ts = time(NULL);
+
/* xxx modify 'l' accordingly ? */
/* optionally stick @REALM into the username */
***************
*** 563,569 ****
int outlen;
char *out64;
! if (!libpbc_mk_priv(p, NULL, creds->str, creds->sz,
&outbuf, &outlen)) {
/* save for later */
out64 = malloc(outlen * 4 / 3 + 20);
--- 663,669 ----
int outlen;
char *out64;
! if (!libpbc_mk_priv(p, context, NULL, creds->str, creds->sz,
&outbuf, &outlen)) {
/* save for later */
out64 = malloc(outlen * 4 / 3 + 20);
***************
*** 604,610 ****
*errstr);
/* make sure 'l' reflects that */
! l->user = NULL; /* in case wrong username */
print_login_page(p, l, c, FLB_BAD_AUTH);
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
--- 704,713 ----
*errstr);
/* make sure 'l' reflects that */
!
! if ( ! libpbc_config_getswitch(p, "retain_username_on_failed_authn", 0)) {
! l->user = NULL; /* in case wrong username */
! }
print_login_page(p, l, c, FLB_BAD_AUTH);
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
***************
*** 629,642 ****
"process_basic: login in progress, goodbye\n" );
return LOGIN_INPROGRESS;
! /* l->check_error will be set whenever we couldn't decode the
! login cookie, including (for example) when the login cookie
! has expired. */
} else if (l->check_error) {
*errstr = l->check_error;
pbc_log_activity(p, PBC_LOG_ERROR, "flavor_basic: %s", *errstr);
! print_login_page(p, l, c, FLB_LCOOKIE_ERROR);
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
"process_basic: login in progress, goodbye\n" );
return LOGIN_INPROGRESS;
--- 732,750 ----
"process_basic: login in progress, goodbye\n" );
return LOGIN_INPROGRESS;
! /* l->check_error will be set whenever the l cookie isn't valid
! including (for example) when the login cookie has expired.
! */
} else if (l->check_error) {
*errstr = l->check_error;
pbc_log_activity(p, PBC_LOG_ERROR, "flavor_basic: %s", *errstr);
!
! if ( strcmp(l->check_error, "expired") == 0 )
! print_login_page(p, l, c, FLB_LCOOKIE_EXPIRED);
! else
! print_login_page(p, l, c, FLB_LCOOKIE_ERROR);
!
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
"process_basic: login in progress, goodbye\n" );
return LOGIN_INPROGRESS;
***************
*** 649,655 ****
abort();
/* make sure the login cookie represents credentials for this flavor */
! } else if (c->creds != PBC_BASIC_CRED_ID) {
*errstr = "cached credentials wrong flavor";
pbc_log_activity(p, PBC_LOG_ERROR, "flavor_basic: %s", *errstr);
--- 757,763 ----
abort();
/* make sure the login cookie represents credentials for this flavor */
! } else if (c->creds != PBC_BASIC_CRED_ID && c->creds != also_allow_cred) {
*errstr = "cached credentials wrong flavor";
pbc_log_activity(p, PBC_LOG_ERROR, "flavor_basic: %s", *errstr);
***************
*** 660,668 ****
} else { /* valid login cookie */
pbc_log_activity(p, PBC_LOG_AUDIT,
! "flavor_basic: free ride user: %s", l->user);
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
! "process_basic: free ride, goodbye\n" );
return LOGIN_OK;
}
}
--- 768,776 ----
} else { /* valid login cookie */
pbc_log_activity(p, PBC_LOG_AUDIT,
! "flavor_basic: L cookie valid user: %s", l->user);
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
! "process_basic: L cookie valid, goodbye\n" );
return LOGIN_OK;
}
}
Index: webiso/pubcookie/src/flavor_getcred.c
diff -c webiso/pubcookie/src/flavor_getcred.c:1.19.4.1 webiso/pubcookie/src/flavor_getcred.c:1.19.4.2
*** webiso/pubcookie/src/flavor_getcred.c:1.19.4.1 Tue Dec 9 10:37:03 2003
--- webiso/pubcookie/src/flavor_getcred.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file flavor_getcred.c
* Getcred flavor
*
! * $Id: flavor_getcred.c,v 1.19.4.1 2003/12/09 18:37:03 jteaton Exp $
*/
--- 6,12 ----
/** @file flavor_getcred.c
* Getcred flavor
*
! * $Id: flavor_getcred.c,v 1.19.4.2 2003/12/16 22:01:26 jteaton Exp $
*/
Index: webiso/pubcookie/src/index.cgi.c
diff -c webiso/pubcookie/src/index.cgi.c:1.109.2.1 webiso/pubcookie/src/index.cgi.c:1.109.2.2
*** webiso/pubcookie/src/index.cgi.c:1.109.2.1 Tue Dec 9 10:37:03 2003
--- webiso/pubcookie/src/index.cgi.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.109.2.1 2003/12/09 18:37:03 jteaton Exp $
*/
#ifdef HAVE_CONFIG_H
--- 6,12 ----
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.109.2.2 2003/12/16 22:01:26 jteaton Exp $
*/
#ifdef HAVE_CONFIG_H
***************
*** 375,390 ****
*/
void init_login_rec(pool *p, login_rec *r)
{
! r->alterable_username = PBC_FALSE;
! r->first_kiss = NULL;
r->appsrv_err = NULL;
r->appsrv_err_string = NULL;
r->expire_ts = PBC_FALSE;
! r->pinit = PBC_FALSE;
r->reply = PBC_FALSE;
r->pre_sess_tok = 0;
!
r->flavor_extension = NULL;
}
/*
--- 375,414 ----
*/
void init_login_rec(pool *p, login_rec *r)
{
!
! r->args = NULL;
! r->uri = NULL;
! r->host = NULL;
! r->method = NULL;
! r->version = NULL;
! r->appid = NULL;
! r->appsrvid = NULL;
! r->fr = NULL;
! r->user = NULL;
! r->realm = NULL;
! r->pass = NULL;
! r->pass2 = NULL;
! r->post_stuff = NULL;
! r->real_hostname = NULL;
r->appsrv_err = NULL;
r->appsrv_err_string = NULL;
+ r->file = NULL;
+ r->flag = NULL;
+ r->referer = NULL;
r->expire_ts = PBC_FALSE;
! r->duration = 0;
! r->first_kiss = NULL;
r->reply = PBC_FALSE;
+ r->alterable_username = PBC_FALSE;
+ r->pinit = PBC_FALSE;
r->pre_sess_tok = 0;
! r->check_error = NULL;
r->flavor_extension = NULL;
+
+ r->creds = PBC_CREDS_NONE;
+ r->creds_from_greq = PBC_CREDS_NONE;
+ r->ride_free_creds = PBC_CREDS_NONE;
+
}
/*
***************
*** 492,503 ****
{
char *ptr;
int word_start = 0;
! int trim2amp = libpbc_config_getswitch(p,
! "trim_username_to_ampersand", 1);
ptr = in;
while(*ptr) {
! if ( trim2amp ) /* allow things like email addresses or principals */
if(*ptr == '@')
*ptr = '\0';
--- 516,527 ----
{
char *ptr;
int word_start = 0;
! int trim2atsign = libpbc_config_getswitch(p,
! "trim_username_to_atsign", 1);
ptr = in;
while(*ptr) {
! if ( trim2atsign ) /* allow things like email addresses or principals */
if(*ptr == '@')
*ptr = '\0';
***************
*** 556,567 ****
user = c->user;
}
! l_res = create_cookie( p, sectext, urluser =url_encode(p, user),
urlappsrvid = url_encode(p, "expired"),
urlappid = url_encode(p, "expired"),
PBC_COOKIE_TYPE_L,
PBC_CREDS_NONE,
23,
time(NULL),
l_cookie,
NULL, /* sending it to myself */
--- 580,592 ----
user = c->user;
}
! l_res = create_cookie( p, sectext, urluser = url_encode(p, user),
urlappsrvid = url_encode(p, "expired"),
urlappid = url_encode(p, "expired"),
PBC_COOKIE_TYPE_L,
PBC_CREDS_NONE,
23,
+ 0,
time(NULL),
l_cookie,
NULL, /* sending it to myself */
***************
*** 618,624 ****
/**
* clears login cookie
- * depreciated we now expire login cookies
*/
int clear_login_cookie(pool *p) {
--- 643,648 ----
***************
*** 670,677 ****
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "load_login_rec: hello\n");
/* only created by the login cgi */
! l->next_securid = get_int_arg(p, PBC_GETVAR_NEXT_SECURID, 0);
! l->first_kiss = get_string_arg(p, PBC_GETVAR_FIRST_KISS, NO_NEWLINES_FUNC);
/* make sure the username is a username */
if((l->user = get_string_arg(p, PBC_GETVAR_USER, NO_NEWLINES_FUNC)))
--- 694,700 ----
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "load_login_rec: hello\n");
/* only created by the login cgi */
! l->first_kiss = get_string_arg(p, PBC_GETVAR_FIRST_KISS, NO_NEWLINES_FUNC);
/* make sure the username is a username */
if((l->user = get_string_arg(p, PBC_GETVAR_USER, NO_NEWLINES_FUNC)))
***************
*** 886,891 ****
--- 909,915 ----
}
if (get_cookie(p, PBC_G_REQ_COOKIENAME, cookie, PBC_4K-1) == PBC_FAIL ) {
+ pbc_free(p, cookie);
return(NULL);
}
***************
*** 1091,1097 ****
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,"compute_l_expire: hello");
! if( (l->duration = get_kiosk_duration(p, l)) == PBC_FALSE )
l->duration =
libpbc_config_getint(p, "default_l_expire",DEFAULT_LOGIN_EXPIRE);
--- 1115,1121 ----
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,"compute_l_expire: hello");
! if((l->duration==0) && (l->duration=get_kiosk_duration(p, l))==PBC_FALSE)
l->duration =
libpbc_config_getint(p, "default_l_expire",DEFAULT_LOGIN_EXPIRE);
***************
*** 1234,1251 ****
NULL);
}
else {
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_still_weblogin",
"logout_still_weblogin"),
! "user",
(c == NULL || c->user == NULL ? "unknown" : c->user),
NULL);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_time_remaining",
"logout_time_remaining"),
! "remaining",
! time_remaining_text(p, c),
NULL);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_postscript_still_weblogin",
"logout_postscript_still_weblogin"),
--- 1258,1276 ----
NULL);
}
else {
+ const char *remaining = time_remaining_text(p, c);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_still_weblogin",
"logout_still_weblogin"),
! "contents",
(c == NULL || c->user == NULL ? "unknown" : c->user),
NULL);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_time_remaining",
"logout_time_remaining"),
! "remaining", remaining,
NULL);
+ pbc_free(p, (char *)remaining);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_postscript_still_weblogin",
"logout_postscript_still_weblogin"),
***************
*** 1273,1278 ****
--- 1298,1311 ----
libpbc_config_getstring(p, "tmpl_logout_weblogin",
"logout_weblogin"),
NULL);
+
+ if( c && c->user)
+ ntmpl_print_html(p, TMPL_FNAME,
+ libpbc_config_getstring(p, "tmpl_logout_still_known",
+ "logout_still_known"),
+ "contents", c->user,
+ NULL);
+
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_postscript_still_others",
"logout_postscript_still_others"),
***************
*** 1283,1289 ****
NULL);
}
else if( logout_action == LOGOUT_ACTION_CLEAR_L_NO_APP ) {
! expire_login_cookie(p, sectext, l, c);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_part1",
"logout_part1"),
--- 1316,1322 ----
NULL);
}
else if( logout_action == LOGOUT_ACTION_CLEAR_L_NO_APP ) {
! clear_login_cookie(p);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_part1",
"logout_part1"),
***************
*** 1369,1375 ****
if(logout_prog != NULL && uri != NULL &&
strcasecmp(logout_prog, uri) == 0 ) {
! logout(p, sectext, l, c, LOGOUT_ACTION_CLEAR_L_NO_APP);
do_output(p);
if (uri != NULL)
free(uri);
--- 1402,1408 ----
if(logout_prog != NULL && uri != NULL &&
strcasecmp(logout_prog, uri) == 0 ) {
! logout(p, l, c, LOGOUT_ACTION_CLEAR_L_NO_APP);
do_output(p);
if (uri != NULL)
free(uri);
***************
*** 1392,1397 ****
--- 1425,1431 ----
void login_status_page(pool *p, login_rec *c)
{
char *refresh_line = NULL;
+ const char *remaining = time_remaining_text(p, c);
int refresh_needed_len = STATUS_INIT_SIZE;
int refresh_len = 0;
int delay = get_int_arg(p, "countdown", 0);
***************
*** 1419,1430 ****
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_status", "status"),
"refresh", refresh_line != NULL ? refresh_line : "",
! "user", (c == NULL || c->user == NULL ? "unknown" : c->user),
! "remaining", time_remaining_text(p, c),
NULL
);
if (refresh_line != NULL)
! free(refresh_line);
}
/**
--- 1453,1467 ----
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_status", "status"),
"refresh", refresh_line != NULL ? refresh_line : "",
! "contents", (c == NULL || c->user == NULL ? "unknown" : c->user),
! "remaining", remaining,
NULL
);
+
+ if (remaining != NULL)
+ pbc_free(p, (char *)remaining);
if (refresh_line != NULL)
! pbc_free(p,refresh_line);
}
/**
***************
*** 1508,1513 ****
--- 1545,1551 ----
using apache, here we just pass a void pointer */
security_context *sectext; /* to hold all of the certs for a transaction */
+
libpbc_config_init(p, NULL, "logincgi");
debug = libpbc_config_getint(p, "debug", 0);
pbc_log_init(p, "pubcookie login server", NULL, NULL, NULL);
***************
*** 1522,1528 ****
mirrorfile = libpbc_config_getstring(p, "mirrorfile", NULL);
! libpbc_pubcookie_init(p §ext);
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "cgiMain() done initializing...\n");
--- 1560,1566 ----
mirrorfile = libpbc_config_getstring(p, "mirrorfile", NULL);
! libpbc_pubcookie_init(p, §ext);
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "cgiMain() done initializing...\n");
***************
*** 1563,1568 ****
--- 1601,1609 ----
"delay", REFRESH,
NULL);
+ if ( redirect_final != NULL )
+ pbc_free(p, redirect_final);
+
goto done;
}
#endif
***************
*** 1588,1593 ****
--- 1629,1639 ----
l->uri == NULL ? "(null)" : l->uri,
l->appsrv_err_string == NULL ? "(null)" : l->appsrv_err_string);
+ /* use the userid in the cookie if none in the form */
+ if ( l->user == NULL && c != NULL && c->user != NULL ) {
+ l->user = strdup(c->user);
+ }
+
/* check the user agent */
if (!check_user_agent(p)) {
pbc_log_activity(p, PBC_LOG_AUDIT,
***************
*** 1639,1646 ****
do_output(p);
! if (l != NULL)
pbc_free(p, l);
return(0);
--- 1685,1777 ----
do_output(p);
! if (c != NULL) {
! if (c->args != NULL)
! pbc_free(p, c->args);
! if (c->uri != NULL)
! pbc_free(p, c->uri);
! if (c->host != NULL)
! pbc_free(p, c->host);
! if (c->method != NULL)
! pbc_free(p, c->method);
! if (c->version != NULL)
! pbc_free(p, c->version);
! if (c->appid != NULL)
! pbc_free(p, c->appid);
! if (c->appsrvid != NULL)
! pbc_free(p, c->appsrvid);
! if (c->fr != NULL)
! pbc_free(p, c->fr);
! if (c->user != NULL)
! pbc_free(p, c->user);
! if (c->realm != NULL)
! pbc_free(p, c->realm);
! if (c->pass != NULL)
! pbc_free(p, c->pass);
! if (c->pass2 != NULL)
! pbc_free(p, c->pass2);
! if (c->post_stuff != NULL)
! pbc_free(p, c->post_stuff);
! if (c->real_hostname != NULL)
! pbc_free(p, c->real_hostname);
! if (c->appsrv_err != NULL)
! pbc_free(p, c->appsrv_err);
! if (c->appsrv_err_string != NULL)
! pbc_free(p, c->appsrv_err_string);
! if (c->file != NULL)
! pbc_free(p, c->file);
! if (c->flag != NULL)
! pbc_free(p, c->flag);
! if (c->referer != NULL)
! pbc_free(p, c->referer);
! if (c->first_kiss != NULL)
! pbc_free(p, c->first_kiss);
! pbc_free(p, c);
! }
!
! if (l != NULL) {
! if (l->args != NULL)
! pbc_free(p, l->args);
! if (l->uri != NULL)
! pbc_free(p, l->uri);
! if (l->host != NULL)
! pbc_free(p, l->host);
! if (l->method != NULL)
! pbc_free(p, l->method);
! if (l->version != NULL)
! pbc_free(p, l->version);
! if (l->appid != NULL)
! pbc_free(p, l->appid);
! if (l->appsrvid != NULL)
! pbc_free(p, l->appsrvid);
! if (l->fr != NULL)
! pbc_free(p, l->fr);
! if (l->user != NULL)
! pbc_free(p, l->user);
! if (l->realm != NULL)
! pbc_free(p, l->realm);
! if (l->pass != NULL)
! pbc_free(p, l->pass);
! if (l->pass2 != NULL)
! pbc_free(p, l->pass2);
! if (l->post_stuff != NULL)
! pbc_free(p, l->post_stuff);
! if (l->real_hostname != NULL)
! pbc_free(p, l->real_hostname);
! if (l->appsrv_err != NULL)
! pbc_free(p, l->appsrv_err);
! if (l->appsrv_err_string != NULL)
! pbc_free(p, l->appsrv_err_string);
! if (l->file != NULL)
! pbc_free(p, l->file);
! if (l->flag != NULL)
! pbc_free(p, l->flag);
! if (l->referer != NULL)
! pbc_free(p, l->referer);
! if (l->first_kiss != NULL)
! pbc_free(p, l->first_kiss);
pbc_free(p, l);
+ }
return(0);
***************
*** 1657,1663 ****
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "check_l_cookie: hello\n");
! if (c == NULL)
c = verify_unload_login_cookie(p, sectext, l);
if (c == NULL)
--- 1788,1794 ----
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "check_l_cookie: hello\n");
! if (c == NULL )
c = verify_unload_login_cookie(p, sectext, l);
if (c == NULL)
***************
*** 1834,1840 ****
int pinit_response(pool *p, login_rec *l, login_rec *c)
{
!
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "pinit_response: hello");
clear_pinit_cookie(p);
--- 1965,1972 ----
int pinit_response(pool *p, login_rec *l, login_rec *c)
{
! const char *remaining = time_remaining_text(p, c);
!
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "pinit_response: hello");
clear_pinit_cookie(p);
***************
*** 1846,1863 ****
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_welcome_back",
"welcome_back"),
! "user", (c == NULL || c->user == NULL ? "unknown" : c->user),
NULL);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_time_remaining",
"logout_time_remaining"),
"remaining",
! time_remaining_text(p, c),
NULL);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_pinit_response2",
"pinit_response2"),
NULL);
return(PBC_OK);
}
--- 1978,1998 ----
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_welcome_back",
"welcome_back"),
! "contents", (c == NULL || c->user == NULL ? "unknown" : c->user),
NULL);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_logout_time_remaining",
"logout_time_remaining"),
"remaining",
! remaining,
NULL);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_pinit_response2",
"pinit_response2"),
NULL);
+
+ pbc_free(p, (char *)remaining);
+
return(PBC_OK);
}
***************
*** 1894,1899 ****
--- 2029,2053 ----
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
"cookie_test: cookies: %s", cookies);
+ /* Make sure the granting source is authorized */
+ if (l->host) {
+ char *th = strdup(l->host);
+ char *thc;
+ if (thc=strchr(th,':')) *thc = '\0';
+ if (!libpbc_test_crypt_key(p, th)) {
+ ntmpl_print_html(p, TMPL_FNAME,
+ libpbc_config_getstring(p, "tmpl_login_unauth_grant",
+ "login_unauth_grant"),
+ NULL);
+ clear_greq_cookie(p);
+ pbc_free(p,th);
+ pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
+ "cookie_test: not authorized (%s)\n", l->host);
+ return (PBC_FAIL);
+ }
+ pbc_free(p,th);
+ }
+
/* we don't currently handle form-multipart */
/* the formmultipart cookie is set by the module */
if ( strstr(cookies, PBC_FORM_MP_COOKIENAME) ) {
***************
*** 1916,1922 ****
strstr(cookies, cleared_g_req) != NULL ) {
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
"cookie_test: no g_req or empty g_req");
! pinit(p, sectext, l, c);
return(PBC_FAIL);
}
--- 2070,2076 ----
strstr(cookies, cleared_g_req) != NULL ) {
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,
"cookie_test: no g_req or empty g_req");
! pinit(p, l, c);
return(PBC_FAIL);
}
***************
*** 2065,2077 ****
/* the login cookie is encoded as having passed 'creds', which is what
the flavor verified. */
! l_res = create_cookie( p, sectext,
user = url_encode(p, l->user),
appsrvid = url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
PBC_COOKIE_TYPE_L,
l->creds,
0,
(c == NULL || c->expire_ts < time(NULL)
? compute_l_expire(p, l)
: c->expire_ts),
--- 2219,2232 ----
/* the login cookie is encoded as having passed 'creds', which is what
the flavor verified. */
! l_res = create_cookie( p, sectext,
user = url_encode(p, l->user),
appsrvid = url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
PBC_COOKIE_TYPE_L,
l->creds,
0,
+ (c != NULL ? c->create_ts : 0),
(c == NULL || c->expire_ts < time(NULL)
? compute_l_expire(p, l)
: c->expire_ts),
***************
*** 2090,2103 ****
LOGIN_OK, we tell the application that it's desire for 'creds_from_greq'
was successful. */
! g_res = create_cookie(p, sectext,
! user = url_encode(p, l->user),
appsrvid =url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
PBC_COOKIE_TYPE_G,
l->creds_from_greq,
l->pre_sess_tok,
0,
g_cookie,
l->host,
PBC_4K);
--- 2245,2258 ----
LOGIN_OK, we tell the application that it's desire for 'creds_from_greq'
was successful. */
! g_res = create_cookie(p, sectext, user = url_encode(p, l->user),
appsrvid =url_encode(p, l->appsrvid),
appid = url_encode(p, l->appid),
PBC_COOKIE_TYPE_G,
l->creds_from_greq,
l->pre_sess_tok,
0,
+ 0,
g_cookie,
l->host,
PBC_4K);
***************
*** 2221,2234 ****
/* of elements in the first, and only, form. */
print_html(p, "<BODY BGCOLOR=\"white\">");
- print_html(p, "<center>");
- print_table_start(p);
- print_html(p, "<tr><td align=\"LEFT\">\n");
-
- print_html(p, "<form method=\"POST\" action=\"%s\" ", redirect_final);
- print_html(p, "enctype=\"application/x-www-form-urlencoded\" ");
- print_html(p, "name=\"query\">\n");
-
cur = cgiFormEntryFirst;
while (cur) {
/* in the perl version we had to make sure we were getting */
--- 2376,2381 ----
***************
*** 2266,2293 ****
cur = next;
} /* while cur */
-
- print_html(p, "</td></tr>\n");
- print_uwnetid_logo(p);
- print_html(p, "<P>");
- print_html(p, "%s\n", PBC_POST_NO_JS_TEXT);
- print_html(p, "</td></tr></table>\n");
-
- /* put submit at the bottom so it looks better and */
- if (submit_value )
- print_html(p, "<input type=\"submit\" name=\"submit\" value=\'%s\'>\n", submit_value);
- else
- print_html(p, "<input type=\"submit\" value=\"%s\">\n",
- PBC_POST_NO_JS_BUTTON);
-
- print_html(p, "</form>\n");
-
/* depending on whether-or-not there is a SUBMIT field in the form */
/* use the correct javascript to autosubmit the POST */
/* this should probably be upgraded to only look for submits as */
/* field names, not anywhere else */
! print_html(p, "<script type=\"text/javascript\" language=\"javascript\
! "><!--\n");
post_stuff_lower = strdup(l->post_stuff);
for(ptr=post_stuff_lower; *ptr != '\0'; ptr++)
*ptr = tolower(*ptr);
--- 2413,2424 ----
cur = next;
} /* while cur */
/* depending on whether-or-not there is a SUBMIT field in the form */
/* use the correct javascript to autosubmit the POST */
/* this should probably be upgraded to only look for submits as */
/* field names, not anywhere else */
! print_html(p, "<script type=\"text/javascript\" language=\"javascript\"><!--\n");
!
post_stuff_lower = strdup(l->post_stuff);
for(ptr=post_stuff_lower; *ptr != '\0'; ptr++)
*ptr = tolower(*ptr);
***************
*** 2296,2302 ****
else
print_html(p, "document.query.submit");
! print_html(p, "\n// --></script>\n");
print_html(p, "<center>");
print_table_start(p);
--- 2427,2433 ----
else
print_html(p, "document.query.submit");
! print_html(p, "\">\n");
print_html(p, "<center>");
print_table_start(p);
***************
*** 2306,2311 ****
--- 2437,2458 ----
print_html(p, "enctype=\"application/x-www-form-urlencoded\" ");
print_html(p, "name=\"query\">\n");
+
+
+ print_html(p, "</td></tr>\n");
+ print_uwnetid_logo(p);
+ print_html(p, "<P>");
+ print_html(p, "%s\n", PBC_POST_NO_JS_TEXT);
+ print_html(p, "</td></tr></table>\n");
+
+ /* put submit at the bottom so it looks better and */
+ if (submit_value )
+ print_html(p, "<input type=\"submit\" name=\"submit\" value=\'%s\'>\n", submit_value);
+ else
+ print_html(p, "<input type=\"submit\" value=\"%s\">\n",
+ PBC_POST_NO_JS_BUTTON);
+
+ print_html(p, "</form>\n");
print_copyright(p);
print_html(p, "</center>");
print_html(p, "</BODY></HTML>\n");
***************
*** 2337,2343 ****
/* fills in the login_rec from the form submit and granting request */
login_rec *get_query(pool *p)
{
! login_rec *l = malloc(sizeof(login_rec));
char *g_req;
char *g_req_clear = NULL;
struct timeval t;
--- 2484,2490 ----
/* fills in the login_rec from the form submit and granting request */
login_rec *get_query(pool *p)
{
! login_rec *l = pbc_malloc(p, sizeof(login_rec));
char *g_req;
char *g_req_clear = NULL;
struct timeval t;
***************
*** 2427,2435 ****
pbc_log_activity(p, PBC_LOG_AUDIT, "get_query: from login appsrvid: %s\n",
l->appsrvid == NULL ? "(null)" : l->appsrvid
);
- pbc_log_activity(p, PBC_LOG_AUDIT,
- "get_query: from login next_securid: %d\n",
- l->next_securid);
pbc_log_activity(p, PBC_LOG_AUDIT, "get_query: from login first_kiss: %d\n",
(int)l->first_kiss);
pbc_log_activity(p, PBC_LOG_AUDIT,
--- 2574,2579 ----
***************
*** 2456,2462 ****
abend(p, "out of memory");
/* get the login cookie */
! if ((get_cookie(p, PBC_L_COOKIENAME, cookie, PBC_4K-1)) == PBC_FAIL ) {
if (cookie != NULL)
free(cookie);
return( (login_rec *) NULL );
--- 2600,2607 ----
abend(p, "out of memory");
/* get the login cookie */
! if ( (get_cookie(p, PBC_L_COOKIENAME, cookie, PBC_4K-1) == PBC_FAIL) ||
! !strcmp(cookie, PBC_CLEAR_COOKIE) ) {
if (cookie != NULL)
free(cookie);
return( (login_rec *) NULL );
***************
*** 2469,2491 ****
/* Done with cookie */
if (cookie != NULL)
! free(cookie);
if (!cookie_data) {
return((login_rec *)NULL);
}
! new->user = (char *) (*cookie_data).broken.user;
! new->version = (char *) (*cookie_data).broken.version;
new->type = (*cookie_data).broken.type;
new->creds = (*cookie_data).broken.creds;
new->pre_sess_token = (*cookie_data).broken.pre_sess_token;
! new->appsrvid = (char *) (*cookie_data).broken.appsrvid;
! new->appid = (char *) (*cookie_data).broken.appid;
new->create_ts = (*cookie_data).broken.create_ts;
new->expire_ts = (*cookie_data).broken.last_ts;
/* xxx login cookie extension data */
if (check_l_cookie_expire(p, new, t=time(NULL)) == PBC_FAIL)
new->alterable_username = PBC_TRUE;
--- 2614,2638 ----
/* Done with cookie */
if (cookie != NULL)
! pbc_free(p, cookie);
if (!cookie_data) {
return((login_rec *)NULL);
}
! new->user = strdup((*cookie_data).broken.user);
! new->version = strdup((*cookie_data).broken.version);
new->type = (*cookie_data).broken.type;
new->creds = (*cookie_data).broken.creds;
new->pre_sess_token = (*cookie_data).broken.pre_sess_token;
! new->appsrvid = strdup((*cookie_data).broken.appsrvid);
! new->appid = strdup((*cookie_data).broken.appid);
new->create_ts = (*cookie_data).broken.create_ts;
new->expire_ts = (*cookie_data).broken.last_ts;
/* xxx login cookie extension data */
+ pbc_free(p, cookie_data);
+
if (check_l_cookie_expire(p, new, t=time(NULL)) == PBC_FAIL)
new->alterable_username = PBC_TRUE;
***************
*** 2505,2510 ****
--- 2652,2658 ----
char type,
char creds,
int pre_sess_tok,
+ time_t create,
time_t expire,
char *cookie,
const char *host,
***************
*** 2518,2523 ****
--- 2666,2672 ----
char *cookie_local = NULL;
char *peer = NULL;
char *ptr = NULL;
+ int ret = PBC_FAIL;
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "create_cookie: hello\n");
***************
*** 2549,2558 ****
}
}
cookie_local = (char *)
! libpbc_get_cookie_with_expire(p, sectext,
! user, type, creds, pre_sess_tok,
! expire, appsrvid, appid, peer);
if (peer != NULL)
free(peer);
--- 2698,2710 ----
}
}
+ /* if this is an update use the old time stamp */
+ if ( create == 0 )
+ create = time(NULL);
+
cookie_local = (char *)
! libpbc_get_cookie_with_expire(p, sectext, user, type, creds, pre_sess_tok,
! create, expire, appsrvid, appid, peer);
if (peer != NULL)
free(peer);
***************
*** 2563,2572 ****
strncpy (cookie, cookie_local, max);
/* dynamically allocated by libpbc_get_cookie_with_expire(p) */
free(cookie_local);
}
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "create_cookie: goodbye\n" );
! return (PBC_OK);
}
--- 2715,2725 ----
strncpy (cookie, cookie_local, max);
/* dynamically allocated by libpbc_get_cookie_with_expire(p) */
free(cookie_local);
+ ret = PBC_OK;
}
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "create_cookie: goodbye\n" );
! return (ret);
}
Index: webiso/pubcookie/src/index.cgi.h
diff -c webiso/pubcookie/src/index.cgi.h:1.42.4.1 webiso/pubcookie/src/index.cgi.h:1.42.4.2
*** webiso/pubcookie/src/index.cgi.h:1.42.4.1 Tue Dec 9 10:37:04 2003
--- webiso/pubcookie/src/index.cgi.h Tue Dec 16 14:01:26 2003
***************
*** 4,10 ****
*/
/*
! $Id: index.cgi.h,v 1.42.4.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef PUBCOOKIE_LOGIN_CGI
--- 4,10 ----
*/
/*
! $Id: index.cgi.h,v 1.42.4.2 2003/12/16 22:01:26 jteaton Exp $
*/
#ifndef PUBCOOKIE_LOGIN_CGI
***************
*** 37,42 ****
--- 37,43 ----
char *appsrvid;
char *fr;
char *user;
+ int hide_user;
char *realm;
char *pass;
char *pass2;
***************
*** 51,57 ****
time_t create_ts;
time_t expire_ts;
int pre_sess_token;
- int next_securid;
int session_reauth;
int duration;
char *first_kiss;
--- 52,57 ----
***************
*** 99,106 ****
void clear_error(pool *,const char *, const char *);
void print_uwnetid_logo(pool *);
login_rec *verify_unload_login_cookie (pool *, security_context *, login_rec *);
! int create_cookie(pool *, security_context *, char *, char *, char *, char,
! char, int, time_t, char *, const char *host, int);
int get_cookie(pool *p, char *name, char *result, int max);
login_rec *get_query(pool *);
char *check_login(pool *, login_rec *, login_rec *);
--- 99,106 ----
void clear_error(pool *,const char *, const char *);
void print_uwnetid_logo(pool *);
login_rec *verify_unload_login_cookie (pool *, security_context *, login_rec *);
! int create_cookie(pool *, security_context *, char *, char *, char *, char, char, int, time_t,
! time_t, char *, const char *host, int);
int get_cookie(pool *p, char *name, char *result, int max);
login_rec *get_query(pool *);
char *check_login(pool *, login_rec *, login_rec *);
Index: webiso/pubcookie/src/keyclient.c
diff -c webiso/pubcookie/src/keyclient.c:2.37.2.1 webiso/pubcookie/src/keyclient.c:2.37.2.2
*** webiso/pubcookie/src/keyclient.c:2.37.2.1 Tue Dec 9 10:37:04 2003
--- webiso/pubcookie/src/keyclient.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file keyclient.c
* Key administration tool for clients
*
! * $Id: keyclient.c,v 2.37.2.1 2003/12/09 18:37:04 jteaton Exp $
*/
--- 6,12 ----
/** @file keyclient.c
* Key administration tool for clients
*
! * $Id: keyclient.c,v 2.37.2.2 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 109,114 ****
--- 109,115 ----
printf(" -K <URI> : base URL of key management server\n");
printf(" -C <cert file> : CA cert to use for client verification\n");
printf(" -D <ca dir> : directory of trusted CAs, hashed OpenSSL-style\n");
+ printf(" -1 : permit <hostname>\n");
exit(1);
}
***************
*** 148,153 ****
--- 149,155 ----
crypt_stuff c_stuff;
const char *hostname;
int newkeyp;
+ int permit;
X509 *server_cert;
const char *keyfile;
const char *certfile;
***************
*** 182,188 ****
libpbc_config_init(p, NULL, "keyclient");
pbc_log_init(p, "keyclient", NULL, NULL, NULL);
! libpbc_pubcookie_init(p, context);
keyfile = libpbc_config_getstring(p, "ssl_key_file", "server.pem");
certfile = libpbc_config_getstring(p, "ssl_cert_file", "server.pem");
cafile = libpbc_config_getstring(p, "ssl_ca_file", NULL);
--- 184,190 ----
libpbc_config_init(p, NULL, "keyclient");
pbc_log_init(p, "keyclient", NULL, NULL, NULL);
! libpbc_pubcookie_init(p, &context);
keyfile = libpbc_config_getstring(p, "ssl_key_file", "server.pem");
certfile = libpbc_config_getstring(p, "ssl_cert_file", "server.pem");
cafile = libpbc_config_getstring(p, "ssl_ca_file", NULL);
***************
*** 191,197 ****
hostname = NULL;
newkeyp = 1;
! while ((c = getopt(argc, argv, "apc:k:C:D:nudH:L:K:")) != -1) {
switch (c) {
case 'a':
filetype = SSL_FILETYPE_ASN1;
--- 193,200 ----
hostname = NULL;
newkeyp = 1;
! permit = 0;
! while ((c = getopt(argc, argv, "01apc:k:C:D:nudH:L:K:")) != -1) {
switch (c) {
case 'a':
filetype = SSL_FILETYPE_ASN1;
***************
*** 247,252 ****
--- 250,267 ----
keymgturi = strdup(optarg);
break;
+ case '0':
+ /* deny access to a cn */
+ newkeyp = -1;
+ permit = -1;
+ break;
+
+ case '1':
+ /* permit access to a cn */
+ newkeyp = -1;
+ permit = 1;
+ break;
+
case '?':
default:
usage();
***************
*** 386,392 ****
str = X509_NAME_oneline (X509_get_subject_name (mycert),0,0);
hostname = extract_cn(str);
if (hostname) {
! /* warn if hostname != get_my_hostname(p, context) */
if (strcasecmp(hostname, get_my_hostname(p, context))) {
fprintf(stderr, "warning: certificate name (%s) doesn't match"
" my hostname (%s)\n", hostname, get_my_hostname(p, context));
--- 401,407 ----
str = X509_NAME_oneline (X509_get_subject_name (mycert),0,0);
hostname = extract_cn(str);
if (hostname) {
! /* warn if hostname != get_my_hostname(p) */
if (strcasecmp(hostname, get_my_hostname(p, context))) {
fprintf(stderr, "warning: certificate name (%s) doesn't match"
" my hostname (%s)\n", hostname, get_my_hostname(p, context));
***************
*** 402,418 ****
if (newkeyp == -1) {
char enckey[PBC_DES_KEY_BUF * 2];
! if (libpbc_get_crypt_key(p, &c_stuff, hostname) != PBC_OK) {
fprintf(stderr, "couldn't retrieve key\r\n");
exit(1);
! }
! libpbc_base64_encode(p, c_stuff.key_a, (unsigned char *) enckey, PBC_DES_KEY_BUF);
! /* we're uploading! */
! snprintf(buf, sizeof(buf),
"GET %s?genkey=put?setkey=%s;%s\r\n\r\n",
keymgturi, hostname, enckey);
} else {
snprintf(buf, sizeof(buf),
"GET %s?genkey=%s HTTP/1.0\r\n\r\n", keymgturi,
--- 417,440 ----
if (newkeyp == -1) {
char enckey[PBC_DES_KEY_BUF * 2];
! if (permit) {
! snprintf(buf, sizeof(buf),
! "GET %s?genkey=%s?setkey=%s;\r\n\r\n",
! keymgturi, (permit<0?"deny":"permit"), hostname);
!
! } else {
! if (libpbc_get_crypt_key(p, &c_stuff, hostname) != PBC_OK) {
fprintf(stderr, "couldn't retrieve key\r\n");
exit(1);
! }
! libpbc_base64_encode(p, c_stuff.key_a, (unsigned char *) enckey, PBC_DES_KEY_BUF);
! /* we're uploading! */
! snprintf(buf, sizeof(buf),
"GET %s?genkey=put?setkey=%s;%s\r\n\r\n",
keymgturi, hostname, enckey);
+ }
} else {
snprintf(buf, sizeof(buf),
"GET %s?genkey=%s HTTP/1.0\r\n\r\n", keymgturi,
Index: webiso/pubcookie/src/keyserver.c
diff -c webiso/pubcookie/src/keyserver.c:2.39 webiso/pubcookie/src/keyserver.c:2.39.2.1
*** webiso/pubcookie/src/keyserver.c:2.39 Wed Nov 26 14:18:43 2003
--- webiso/pubcookie/src/keyserver.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file keyserver.c
* Server side of key management structure
*
! * $Id: keyserver.c,v 2.39 2003/11/26 22:18:43 willey Exp $
*/
--- 6,12 ----
/** @file keyserver.c
* Server side of key management structure
*
! * $Id: keyserver.c,v 2.39.2.1 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 146,152 ****
NOOP,
GENKEY,
SETKEY,
! FETCHKEY
};
/**
--- 146,153 ----
NOOP,
GENKEY,
SETKEY,
! FETCHKEY,
! PERMIT
};
/**
***************
*** 287,292 ****
--- 288,294 ----
* do the keyserver operation
* @param peer the name of the client that's connected to us
* @param op the operation to perform, one of:
+ * PERMIT - authorize a keyserver client
* GENKEY - generate a new key for peer
* SETKEY - key from friend login server
* FETCHKEY - peer requests it's key
***************
*** 299,304 ****
--- 301,309 ----
char buf[4 * PBC_DES_KEY_BUF];
crypt_stuff c_stuff;
pool *p = NULL;
+ int dokeyret = 0;
+ char *thepeer;
+ char *thekey64;
/* no HTML headers for me */
myprintf("\r\n");
***************
*** 311,323 ****
}
switch (op) {
case GENKEY:
{
/* 'peer' has asked us to generate a new key */
assert(newkey == NULL);
! pbc_log_activity(p, PBC_LOG_AUDIT, "generating a new key for %s",
! peer);
if (libpbc_generate_crypt_key(p, peer) < 0) {
myprintf("NO generate_new_key() failed\r\n");
--- 316,389 ----
}
switch (op) {
+ case PERMIT:
+ {
+ /* 'peer' has asked us to authorize a new CN (newkey) */
+ if(check_access_list(peer) == PBC_FAIL ) {
+ myprintf("NO you (%s) are not authorized to authorize\r\n",
+ peer);
+ pbc_log_activity(p, PBC_LOG_ERROR,
+ "operation not allowed: %s", peer);
+ return(1);
+ }
+
+ /* find <cn>;<test> */
+ thepeer = strdup(newkey);
+ thekey64 = strchr(thepeer, ';');
+ if (!thekey64) {
+ myprintf("NO bad form for authorize\r\n");
+ /* xxx log */
+ return(1);
+ }
+ *thekey64++ = '\0';
+
+ if (libpbc_test_crypt_key(p, thepeer) == PBC_OK) {
+ myprintf("OK already authorized\r\n");
+ pbc_log_activity(p, PBC_LOG_ERROR,
+ "already authorized");
+ return(1);
+ }
+
+ /* if just a test, return now */
+ if (!strncmp(thekey64, "test", 4)) {
+ myprintf("NO server is not authorized\r\n");
+ pbc_log_activity(p, PBC_LOG_ERROR,
+ "test - not yet");
+ return(1);
+ }
+
+
+ pbc_log_activity(p, PBC_LOG_AUDIT,
+ "authorizing %s", thepeer);
+
+ if (libpbc_generate_crypt_key(p, thepeer) != PBC_OK) {
+ myprintf("NO generate_new_key() failed\r\n");
+ pbc_log_activity(p, PBC_LOG_ERROR,
+ "generate_new_key() failed");
+ return(1);
+ }
+
+ /* push the new key to the other login servers */
+ pushkey(thepeer);
+
+ dokeyret = 0; /* don't return the key to this client */
+ break;
+ }
+
case GENKEY:
{
/* 'peer' has asked us to generate a new key */
+ if(libpbc_test_crypt_key(p, peer) == PBC_FAIL ) {
+ myprintf("NO you (%s) are not authorized for keys\r\n",
+ peer);
+ pbc_log_activity(p, PBC_LOG_ERROR,
+ "operation not allowed: %s", peer);
+ return(1);
+ }
assert(newkey == NULL);
! pbc_log_activity(p, PBC_LOG_AUDIT,
! "generating a new key for %s", peer);
if (libpbc_generate_crypt_key(p, peer) < 0) {
myprintf("NO generate_new_key() failed\r\n");
***************
*** 330,335 ****
--- 396,402 ----
/* push the new key to the other login servers */
pushkey(peer);
+ dokeyret = 1;
break;
}
***************
*** 395,400 ****
--- 462,468 ----
/* noop; we always return the new key */
assert(newkey == NULL);
+ dokeyret = 1;
break;
case NOOP:
***************
*** 404,417 ****
break;
}
! /* return the key */
! if (libpbc_get_crypt_key(p, &c_stuff, (char *) peer) != PBC_OK) {
! myprintf("NO couldn't retrieve key\r\n");
! return 1;
! }
!
! /* now give the key back to the application */
! libpbc_base64_encode(p, c_stuff.key_a, (unsigned char *) buf, PBC_DES_KEY_BUF);
myprintf("OK %s\r\n", buf);
fflush(stdout);
--- 472,487 ----
break;
}
! if (dokeyret) {
! /* return the key */
! if (libpbc_get_crypt_key(p, &c_stuff, (char *) peer) != PBC_OK) {
! myprintf("NO couldn't retrieve key\r\n");
! return 1;
! }
!
! /* now give the key back to the application */
! libpbc_base64_encode(p, c_stuff.key_a, (unsigned char *) buf, PBC_DES_KEY_BUF);
! } else buf[0] = '\0';
myprintf("OK %s\r\n", buf);
fflush(stdout);
***************
*** 629,634 ****
--- 699,708 ----
else if (*ptr == '?' && !strncmp(ptr+1, "genkey=put", 10)) {
op = SETKEY;
+ }
+
+ else if (*ptr == '?' && !strncmp(ptr+1, "genkey=permit", 10)) {
+ op = PERMIT;
}
/* look for 'setkey' */
Index: webiso/pubcookie/src/libpubcookie.c
diff -c webiso/pubcookie/src/libpubcookie.c:2.62.2.1 webiso/pubcookie/src/libpubcookie.c:2.62.2.2
*** webiso/pubcookie/src/libpubcookie.c:2.62.2.1 Tue Dec 9 10:37:04 2003
--- webiso/pubcookie/src/libpubcookie.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file libpubcookie.c
* Core pubcookie library
*
! * $Id: libpubcookie.c,v 2.62.2.1 2003/12/09 18:37:04 jteaton Exp $
*/
--- 6,12 ----
/** @file libpubcookie.c
* Core pubcookie library
*
! * $Id: libpubcookie.c,v 2.62.2.2 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 149,154 ****
--- 149,156 ----
if (!strcasecmp(name, "webiso") ||
!strcasecmp(name, "webiso-vanilla")) {
return PBC_BASIC_CRED_ID; /* flavor_basic */
+ } else if (!strcasecmp(name, "uwsecurid")) {
+ return PBC_UWSECURID_CRED_ID; /* flavor_uwsecurid */
} else if (!strcasecmp(name, "webiso-getcred")) {
return PBC_GETCRED_CRED_ID; /* flavor_getcred */
} else {
***************
*** 286,292 ****
unsigned char buf[sizeof(pid_t)];
pid_t pid;
! /* pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "libpbc_pubcookie_init\n"); */
pid = getpid();
memcpy(buf, &pid, sizeof(pid_t));
libpbc_augment_rand_state(p, buf, sizeof(pid));
--- 288,294 ----
unsigned char buf[sizeof(pid_t)];
pid_t pid;
! pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "libpbc_pubcookie_init\n");
pid = getpid();
memcpy(buf, &pid, sizeof(pid_t));
libpbc_augment_rand_state(p, buf, sizeof(pid));
***************
*** 297,306 ****
exit(1);
}
#else
! return FALSE;
! }
!
! return TRUE;
#endif
}
--- 299,307 ----
exit(1);
}
#else
! return FALSE;
! }
! return TRUE;
#endif
}
***************
*** 369,376 ****
* @param buf a buffer of at least 1024 characters which gets the filename
* @return always succeeds
*/
! static void make_crypt_keyfile(pool *p,
! const char *peername, char *buf)
{
#ifdef WIN32
char SystemRootBuff[MAX_PATH+1];
--- 370,376 ----
* @param buf a buffer of at least 1024 characters which gets the filename
* @return always succeeds
*/
! static void make_crypt_keyfile(pool *p, const char *peername, char *buf)
{
#ifdef WIN32
char SystemRootBuff[MAX_PATH+1];
***************
*** 471,476 ****
--- 471,495 ----
return PBC_OK;
}
+ /* */
+ int libpbc_test_crypt_key(pool *p, const char *peer)
+ {
+ FILE *fp;
+ char keyfile[1024];
+
+ /* pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "libpbc_test_crypt_key\n"); */
+
+ make_crypt_keyfile(p, peer, keyfile);
+
+ if( ! (fp = pbc_fopen(p, keyfile, "rb")) ) {
+ return PBC_FAIL;
+ }
+
+ pbc_fclose(p, fp);
+
+ return PBC_OK;
+ }
+
unsigned char *libpbc_stringify_seg(pool *p, unsigned char *start, unsigned char *seg, unsigned len)
{
int seg_len;
***************
*** 572,577 ****
--- 591,597 ----
unsigned char type,
unsigned char creds,
int pre_sess_token,
+ time_t create,
time_t expire,
unsigned char *appsrvid,
unsigned char *appid)
***************
*** 584,590 ****
(*cookie_data).broken.type = type;
(*cookie_data).broken.creds = creds;
(*cookie_data).broken.pre_sess_token = pre_sess_token;
! (*cookie_data).broken.create_ts = time(NULL);
(*cookie_data).broken.last_ts = expire;
strncpy((char *)(*cookie_data).broken.appsrvid, (const char *)appsrvid, PBC_APPSRV_ID_LEN-1);
strncpy((char *)(*cookie_data).broken.appid, (const char *)appid, PBC_APP_ID_LEN-1);
--- 604,610 ----
(*cookie_data).broken.type = type;
(*cookie_data).broken.creds = creds;
(*cookie_data).broken.pre_sess_token = pre_sess_token;
! (*cookie_data).broken.create_ts = create;
(*cookie_data).broken.last_ts = expire;
strncpy((char *)(*cookie_data).broken.appsrvid, (const char *)appsrvid, PBC_APPSRV_ID_LEN-1);
strncpy((char *)(*cookie_data).broken.appid, (const char *)appid, PBC_APP_ID_LEN-1);
***************
*** 601,609 ****
* @param peer the peer this cookie is destined for (NULL for myself)
* @returns a pointer to a newly malloc()ed base64 string
*/
! unsigned char *libpbc_sign_bundle_cookie(pool *p, security_context *context,
! unsigned char *cookie_string,
! const char *peer)
{
unsigned char *cookie;
char *out;
--- 621,628 ----
* @param peer the peer this cookie is destined for (NULL for myself)
* @returns a pointer to a newly malloc()ed base64 string
*/
! unsigned char *libpbc_sign_bundle_cookie(pool *p, security_context *context, unsigned char *cookie_string,
! const char *peer)
{
unsigned char *cookie;
char *out;
***************
*** 643,650 ****
/* */
/* for now we use the last_ts field in login cookie as expire_ts */
/* this is the call used for creating G and S cookies */
! unsigned char *libpbc_get_cookie(pool *p, security_context *context,
! unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
--- 662,668 ----
/* */
/* for now we use the last_ts field in login cookie as expire_ts */
/* this is the call used for creating G and S cookies */
! unsigned char *libpbc_get_cookie(pool *p, security_context *context, unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
***************
*** 653,664 ****
const char *peer)
{
! return(libpbc_get_cookie_with_expire(p, context,
! user,
type,
creds,
pre_sess_token,
time(NULL),
appsrvid,
appid,
peer));
--- 671,682 ----
const char *peer)
{
! return(libpbc_get_cookie_with_expire(p, context, user,
type,
creds,
pre_sess_token,
time(NULL),
+ time(NULL),
appsrvid,
appid,
peer));
***************
*** 672,682 ****
/* the overleading of last_ts with expire_ts is ugly but we're */
/* going to reframe the library interfaces anyway and this will */
/* be treated better then. */
! unsigned char *libpbc_get_cookie_with_expire(pool *p, security_context *context,
unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
time_t expire,
unsigned char *appsrvid,
unsigned char *appid,
--- 690,702 ----
/* the overleading of last_ts with expire_ts is ugly but we're */
/* going to reframe the library interfaces anyway and this will */
/* be treated better then. */
! unsigned char *libpbc_get_cookie_with_expire(pool *p,
! security_context *context,
unsigned char *user,
unsigned char type,
unsigned char creds,
int pre_sess_token,
+ time_t create,
time_t expire,
unsigned char *appsrvid,
unsigned char *appid,
***************
*** 694,700 ****
cookie_data = libpbc_init_cookie_data(p);
libpbc_populate_cookie_data(p, cookie_data, user, type, creds,
! pre_sess_token, expire, appsrvid, appid);
cookie_string = libpbc_stringify_cookie_data(p, cookie_data);
pbc_free(p, cookie_data);
--- 714,720 ----
cookie_data = libpbc_init_cookie_data(p);
libpbc_populate_cookie_data(p, cookie_data, user, type, creds,
! pre_sess_token, create, expire, appsrvid, appid);
cookie_string = libpbc_stringify_cookie_data(p, cookie_data);
pbc_free(p, cookie_data);
***************
*** 710,717 ****
/* */
/* deal with unbundling a cookie */
/* */
! pbc_cookie_data *libpbc_unbundle_cookie(pool *p, security_context *context,
! char *in, const char *peer)
{
pbc_cookie_data *cookie_data;
char *plain;
--- 730,736 ----
/* */
/* deal with unbundling a cookie */
/* */
! pbc_cookie_data *libpbc_unbundle_cookie(pool *p, security_context *context, char *in, const char *peer)
{
pbc_cookie_data *cookie_data;
char *plain;
***************
*** 739,746 ****
}
if (plainlen != sizeof(pbc_cookie_data)) {
! pbc_log_activity(p, PBC_LOG_ERROR, "libpbc_unbundle_cookie: cookie wrong size: %d != %d\n",
! plainlen, sizeof(pbc_cookie_data));
return 0;
}
--- 758,764 ----
}
if (plainlen != sizeof(pbc_cookie_data)) {
! pbc_log_activity(p, PBC_LOG_ERROR, "libpbc_unbundle_cookie: cookie wrong size: %d != %d\n", plainlen, sizeof(pbc_cookie_data));
return 0;
}
***************
*** 760,765 ****
--- 778,785 ----
(*cookie_data).broken.create_ts = ntohl((*cookie_data).broken.create_ts);
(*cookie_data).broken.pre_sess_token = ntohl((*cookie_data).broken.pre_sess_token);
+ pbc_free(p, buf);
+
return cookie_data;
}
***************
*** 769,776 ****
/* takes a cookie_data structure, updates the time, signs and packages up */
/* the cookie to be sent back into the world */
/* */
! unsigned char *libpbc_update_lastts(pool *p, security_context *context,
! pbc_cookie_data *cookie_data,
const char *peer)
{
unsigned char *cookie_string;
--- 789,795 ----
/* takes a cookie_data structure, updates the time, signs and packages up */
/* the cookie to be sent back into the world */
/* */
! unsigned char *libpbc_update_lastts(pool *p, security_context *context, pbc_cookie_data *cookie_data,
const char *peer)
{
unsigned char *cookie_string;
Index: webiso/pubcookie/src/libpubcookie.h
diff -c webiso/pubcookie/src/libpubcookie.h:1.40.2.1 webiso/pubcookie/src/libpubcookie.h:1.40.2.2
*** webiso/pubcookie/src/libpubcookie.h:1.40.2.1 Tue Dec 9 10:37:04 2003
--- webiso/pubcookie/src/libpubcookie.h Tue Dec 16 14:01:26 2003
***************
*** 4,10 ****
*/
/*
! $Id: libpubcookie.h,v 1.40.2.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef PUBCOOKIE_LIB
--- 4,10 ----
*/
/*
! $Id: libpubcookie.h,v 1.40.2.2 2003/12/16 22:01:26 jteaton Exp $
*/
#ifndef PUBCOOKIE_LIB
***************
*** 42,49 ****
int libpbc_get_crypt_key(pool *p, crypt_stuff *c_stuff, const char *peer);
! unsigned char *libpbc_get_cookie(pool *p, security_context *,
! unsigned char *,
unsigned char,
unsigned char,
int,
--- 42,48 ----
int libpbc_get_crypt_key(pool *p, crypt_stuff *c_stuff, const char *peer);
! unsigned char *libpbc_get_cookie(pool *p, security_context *, unsigned char *,
unsigned char,
unsigned char,
int,
***************
*** 57,68 ****
unsigned char,
int,
time_t,
unsigned char *,
unsigned char *,
const char *peer);
pbc_cookie_data *libpbc_unbundle_cookie(pool *p, security_context *, char *,
const char *peer);
! unsigned char *libpbc_update_lastts(pool *p, security_context *, pbc_cookie_data *,
const char *peer);
md_context_plus *libpbc_sign_init(pool *p, char *);
#ifdef WIN32
--- 56,69 ----
unsigned char,
int,
time_t,
+ time_t,
unsigned char *,
unsigned char *,
const char *peer);
pbc_cookie_data *libpbc_unbundle_cookie(pool *p, security_context *, char *,
const char *peer);
! unsigned char *libpbc_update_lastts(pool *p, security_context *,
! pbc_cookie_data *,
const char *peer);
md_context_plus *libpbc_sign_init(pool *p, char *);
#ifdef WIN32
***************
*** 91,96 ****
--- 92,104 ----
* @return PBC_OK for success, PBC_FAIL for failure
*/
int libpbc_set_crypt_key(pool *p, const char *key, const char *peer);
+
+ /**
+ * tests for presence of the keyfile for 'peer' (key permission)
+ * @param peer the certificate name of the peer
+ * @return PBC_OK for existance, PBC_FAIL for not
+ */
+ int libpbc_test_crypt_key(pool *p, const char *peer);
char *libpbc_time_string(pool *p, time_t);
void *libpbc_abend(pool *p, const char *,...);
Index: webiso/pubcookie/src/mod_pubcookie.c
diff -c webiso/pubcookie/src/mod_pubcookie.c:1.123.4.2 webiso/pubcookie/src/mod_pubcookie.c:1.123.4.3
*** webiso/pubcookie/src/mod_pubcookie.c:1.123.4.2 Tue Dec 16 12:20:34 2003
--- webiso/pubcookie/src/mod_pubcookie.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file mod_pubcookie.c
* Apache pubcookie module
*
! * $Id: mod_pubcookie.c,v 1.123.4.2 2003/12/16 20:20:34 jteaton Exp $
*/
--- 6,12 ----
/** @file mod_pubcookie.c
* Apache pubcookie module
*
! * $Id: mod_pubcookie.c,v 1.123.4.3 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 342,348 ****
cookie = libpbc_update_lastts(r->pool, scfg->sectext, cfg->cookie_data, NULL);
} else {
/* create a brand new cookie, initialized with the present time */
! cookie = libpbc_get_cookie(r->pool, scfg->sectext,
(unsigned char *)r->connection->user,
PBC_COOKIE_TYPE_S,
cfg->creds,
--- 342,349 ----
cookie = libpbc_update_lastts(r->pool, scfg->sectext, cfg->cookie_data, NULL);
} else {
/* create a brand new cookie, initialized with the present time */
! cookie = libpbc_get_cookie(r->pool,
! scfg->sectext,
(unsigned char *)r->connection->user,
PBC_COOKIE_TYPE_S,
cfg->creds,
***************
*** 826,832 ****
/* make the pre-session cookie */
! pre_s = (char *) libpbc_get_cookie(p, scfg->sectext,
(unsigned char *) "presesuser",
PBC_COOKIE_TYPE_PRE_S,
PBC_CREDS_NONE,
--- 827,834 ----
/* make the pre-session cookie */
! pre_s = (char *) libpbc_get_cookie(p,
! scfg->sectext,
(unsigned char *) "presesuser",
PBC_COOKIE_TYPE_PRE_S,
PBC_CREDS_NONE,
***************
*** 885,891 ****
ap_rprintf(r, "%s", PBC_POST_NO_JS_HTML4);
ap_rprintf(r, "%s", PBC_POST_NO_JS_BUTTON);
ap_rprintf(r, "%s", PBC_POST_NO_JS_HTML5);
- ap_rprintf(r, "%s", PBC_HTML_COPYRIGHT);
ap_rprintf(r, "%s", PBC_POST_NO_JS_HTML6);
}
else {
--- 887,892 ----
***************
*** 1006,1018 ****
}
static void pubcookie_init(server_rec *main_s, pool *p) {
! server_rec *s;
pubcookie_server_rec *scfg;
char *fname;
/* initialize each virtual server */
/* some of the code should be pulled out of the loop */
! for (s = mains; s != NULL; s=s->next) {
scfg = (pubcookie_server_rec *) ap_get_module_config(s->module_config,
&pubcookie_module);
--- 1007,1019 ----
}
static void pubcookie_init(server_rec *main_s, pool *p) {
! server_rec *s;
pubcookie_server_rec *scfg;
char *fname;
/* initialize each virtual server */
/* some of the code should be pulled out of the loop */
! for (s = main_s; s != NULL; s=s->next) {
scfg = (pubcookie_server_rec *) ap_get_module_config(s->module_config,
&pubcookie_module);
***************
*** 1029,1035 ****
exit(1);
}
- /* JEATON - remove this? */
if (ap_table_get(scfg->configlist, "ssl_key_file") == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_NOERRNO, s,
"PubCookieSessionKeyFile configuration directive must be set!");
--- 1030,1035 ----
***************
*** 1040,1046 ****
"PubCookieSessionCertFile configuration directive must be set!");
exit(1);
}
- /* JEATON - end remove this */
/* old config way */
/* libpbc_config_init(p, NULL, "mod_pubcookie"); */
--- 1040,1045 ----
***************
*** 1054,1066 ****
&libpbc_apacheconfig_getstring,
&libpbc_apacheconfig_getswitch);
- /* JEATON - remove this? */
if (ap_table_get(scfg->configlist, "granting_cert_file") == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG|APLOG_NOERRNO, s,
"PubCookieGrantingCertFile configuration directive not set, using %s/%s",
PBC_KEY_DIR, "pubcookie_granting.cert");
}
- /* JEATON - end remove this */
/* libpubcookie initialization */
--- 1053,1063 ----
***************
*** 1129,1135 ****
scfg->configlist = ap_overlay_tables(p, nscfg->configlist,
pscfg->configlist);
-
return (void *)scfg;
}
--- 1126,1131 ----
***************
*** 1157,1173 ****
cfg->end_session = ncfg->end_session ?
ncfg->end_session : pcfg->end_session;
- cfg->strip_realm = ncfg->strip_realm ?
- ncfg->strip_realm : pcfg->strip_realm;
-
- if (ncfg->accept_realms) {
- cfg->accept_realms = ap_pstrdup(p, ncfg->accept_realms);
- } else if (pcfg->accept_realms) {
- cfg->accept_realms = ap_pstrdup(p, pcfg->accept_realms);
- } else {
- cfg->accept_realms = NULL;
- }
-
if (pcfg->addl_requests) {
if (ncfg->addl_requests) {
cfg->addl_requests = (unsigned char *) ap_pstrcat(p, pcfg->addl_requests,
--- 1153,1158 ----
***************
*** 1179,1184 ****
--- 1164,1180 ----
cfg->addl_requests = ncfg->addl_requests;
}
+ cfg->strip_realm = ncfg->strip_realm ?
+ ncfg->strip_realm : pcfg->strip_realm;
+
+ if (ncfg->accept_realms) {
+ cfg->accept_realms = ap_pstrdup(p, ncfg->accept_realms);
+ } else if (pcfg->accept_realms) {
+ cfg->accept_realms = ap_pstrdup(p, pcfg->accept_realms);
+ } else {
+ cfg->accept_realms = NULL;
+ }
+
return (void *) cfg;
}
***************
*** 1214,1219 ****
--- 1210,1216 ----
scfg = (pubcookie_server_rec *)ap_get_module_config(r->server->module_config,
&pubcookie_module);
+
if( (cookie = get_cookie(r, PBC_PRE_S_COOKIENAME)) == NULL )
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
"get_pre_s_from_cookie: no pre_s cookie, uri: %s\n",
***************
*** 1255,1269 ****
scfg = (pubcookie_server_rec *) ap_get_module_config(r->server->module_config,
&pubcookie_module);
! /* stash the server_rec away so the get_config callbacks know
! which virtual server they are running under
this uses a global variable, and will definately break under apache2 */
libpbc_apacheconfig_storeglobal(scfg);
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
- "pubcookie_user: hello, uri: %s auth_type: %s", r->uri, ap_auth_type(r));
-
/* get defaults for unset args */
pubcookie_dir_defaults(cfg);
pubcookie_server_defaults(scfg);
--- 1252,1266 ----
scfg = (pubcookie_server_rec *) ap_get_module_config(r->server->module_config,
&pubcookie_module);
! ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
! "pubcookie_user: hello, uri: %s auth_type: %s", r->uri, ap_auth_type(r));
!
! /* stash the server_rec away so the get_config callbacks know
! which virtual server they are running under
this uses a global variable, and will definately break under apache2 */
libpbc_apacheconfig_storeglobal(scfg);
/* get defaults for unset args */
pubcookie_dir_defaults(cfg);
pubcookie_server_defaults(scfg);
***************
*** 1492,1498 ****
}
}
}
-
if( libpbc_check_exp(p, (*cookie_data).broken.create_ts, PBC_GRANTING_EXPIRE) == PBC_FAIL ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
--- 1489,1494 ----
Index: webiso/pubcookie/src/ntmpl.c
diff -c webiso/pubcookie/src/ntmpl.c:1.9 webiso/pubcookie/src/ntmpl.c:1.9.4.1
*** webiso/pubcookie/src/ntmpl.c:1.9 Wed Jul 2 21:25:21 2003
--- webiso/pubcookie/src/ntmpl.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file ntmpl.c
* Template library
*
! * $Id: ntmpl.c,v 1.9 2003/07/03 04:25:21 willey Exp $
*/
--- 6,12 ----
/** @file ntmpl.c
* Template library
*
! * $Id: ntmpl.c,v 1.9.4.1 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 50,55 ****
--- 50,56 ----
/* hmm, bad place for this prototype. */
extern FILE *htmlout;
+ extern FILE *mirror;
/*
* return the length of the passed file in bytes or 0 if we cant tell
***************
*** 73,79 ****
static char *get_file_template(pool *p, const char * fpath, const char *fname)
{
char *templatefile;
! char *template;
long len, readlen;
FILE *tmpl_file;
--- 74,80 ----
static char *get_file_template(pool *p, const char * fpath, const char *fname)
{
char *templatefile;
! char *template = NULL;
long len, readlen;
FILE *tmpl_file;
***************
*** 84,97 ****
pbc_log_activity(p, PBC_LOG_ERROR,
"unable to malloc %d bytes for template filename %s",
len, fname);
! return NULL;
}
if ( snprintf(templatefile, len, "%s%s%s", fpath,
fpath[strlen(fpath) - 1 ] == '/' ? "" : "/",
fname) > len) {
pbc_log_activity(p, PBC_LOG_ERROR,
"template filename overflow");
! return NULL;
}
--- 85,98 ----
pbc_log_activity(p, PBC_LOG_ERROR,
"unable to malloc %d bytes for template filename %s",
len, fname);
! goto done;
}
if ( snprintf(templatefile, len, "%s%s%s", fpath,
fpath[strlen(fpath) - 1 ] == '/' ? "" : "/",
fname) > len) {
pbc_log_activity(p, PBC_LOG_ERROR,
"template filename overflow");
! goto done;
}
***************
*** 99,110 ****
if (tmpl_file == NULL) {
pbc_log_activity(p, PBC_LOG_ERROR, "cant open template file %s",
templatefile);
return NULL;
}
len=file_size(tmpl_file);
if (len==0) {
! return NULL;
}
template = (char *) malloc((len+1) * sizeof (char));
--- 100,113 ----
if (tmpl_file == NULL) {
pbc_log_activity(p, PBC_LOG_ERROR, "cant open template file %s",
templatefile);
+ template = NULL;
+ goto done;
return NULL;
}
len=file_size(tmpl_file);
if (len==0) {
! goto done;
}
template = (char *) malloc((len+1) * sizeof (char));
***************
*** 112,118 ****
pbc_log_activity(p, PBC_LOG_ERROR,
"unable to malloc %d bytes for template file %s",
len+1, fname);
! return NULL;
}
*template=0;
--- 115,121 ----
pbc_log_activity(p, PBC_LOG_ERROR,
"unable to malloc %d bytes for template file %s",
len+1, fname);
! goto done;
}
*template=0;
***************
*** 122,133 ****
"read %d bytes when expecting %d for template file %s",
readlen, len, fname);
pbc_free(p, template);
! return NULL;
}
template[len]=0;
pbc_fclose(p, tmpl_file);
return template;
}
/**
--- 125,145 ----
"read %d bytes when expecting %d for template file %s",
readlen, len, fname);
pbc_free(p, template);
! template = NULL;
! goto done;
}
template[len]=0;
+
pbc_fclose(p, tmpl_file);
+
+ done:
+
+ if(templatefile != NULL)
+ pbc_free(p, templatefile);
+
return template;
+
}
/**
***************
*** 156,161 ****
--- 168,175 ----
/* look for the next possible substitution */
while ((percent = strchr(t, '%')) != NULL) {
fwrite(t, percent - t, 1, htmlout);
+ if( mirror != NULL)
+ fwrite(t, percent - t, 1, mirror);
/* look to see if this is a legitimate candidate for substitution */
for (i = 1; percent[i] && (i < sizeof(candidate) - 1); i++) {
***************
*** 184,194 ****
--- 198,212 ----
if (attr != NULL && subst != NULL) {
/* we found a match; print that out instead */
fputs(subst, htmlout);
+ if( mirror != NULL)
+ fputs(subst, mirror);
/* move to the trailing % */
percent = strchr(percent + 1, '%');
} else {
/* false alarm, not a substitution */
fputc('%', htmlout);
+ if( mirror != NULL)
+ fputc('%', mirror);
}
/* skip after the % */
t = percent + 1;
***************
*** 196,201 ****
--- 214,221 ----
/* print out everything from the last % on */
fputs(t, htmlout);
+ if( mirror != NULL)
+ fputs(t, mirror);
pbc_free(p, template);
}
Index: webiso/pubcookie/src/pbc_config.h
diff -c webiso/pubcookie/src/pbc_config.h:1.83 webiso/pubcookie/src/pbc_config.h:1.83.2.1
*** webiso/pubcookie/src/pbc_config.h:1.83 Wed Nov 26 14:19:23 2003
--- webiso/pubcookie/src/pbc_config.h Tue Dec 16 14:01:26 2003
***************
*** 4,10 ****
*/
/*
! $Id: pbc_config.h,v 1.83 2003/11/26 22:19:23 willey Exp $
*/
#ifndef PUBCOOKIE_CONFIG
--- 4,10 ----
*/
/*
! $Id: pbc_config.h,v 1.83.2.1 2003/12/16 22:01:26 jteaton Exp $
*/
#ifndef PUBCOOKIE_CONFIG
***************
*** 152,161 ****
<INPUT TYPE=\"SUBMIT\" NAME=\"submit\" VALUE=\""
/* button text (PBC_POST_NO_JS_BUTTON) */
#define PBC_POST_NO_JS_HTML5 "\">\n </FORM>\n"
- /* copyright (PBC_HTML_COPYRIGHT) */
#define PBC_POST_NO_JS_HTML6 "</CENTER>\n </BODY></HTML>\n"
- #define PBC_HTML_COPYRIGHT "<P><address>© 1999 University of Washington</address><P>\n"
#define PBC_POST_NO_JS_BUTTON "Click here to continue"
#define PBC_WEBISO_LOGO "images/login.gif"
--- 152,159 ----
***************
*** 188,194 ****
#define PBC_GETVAR_LOGOUT_ACTION "logout_action"
/* added previously but only now as defines March 2002 */
#define PBC_GETVAR_FIRST_KISS "first_kiss"
- #define PBC_GETVAR_NEXT_SECURID "next_securid"
#define PBC_GETVAR_USER "user"
#define PBC_GETVAR_REALM "realm"
#define PBC_GETVAR_PASS "pass"
--- 186,191 ----
***************
*** 206,211 ****
--- 203,219 ----
*/
#define PBC_CREDS_NONE '0'
+ /* never make the username field static */
+ #define STATIC_USER_FIELD_NEVER "never"
+ /* allow the use to change the username field if the login
+ cookie is expired to 'logged out
+ */
+ #define STATIC_USER_FIELD_KIND "kind"
+ /* username field is static whenever there is a login cookie
+ with a username available
+ */
+ #define STATIC_USER_FIELD_FASCIST "always"
+
#define PBC_COOKIE_TYPE_NONE '0'
#define PBC_COOKIE_TYPE_G '1'
#define PBC_COOKIE_TYPE_S '2'
***************
*** 214,219 ****
--- 222,228 ----
#define PBC_BASIC_CRED_ID '1'
#define PBC_GETCRED_CRED_ID '2'
+ #define PBC_UWSECURID_CRED_ID '3'
/* macros to support older version of apache */
Index: webiso/pubcookie/src/pbc_myconfig.c
diff -c webiso/pubcookie/src/pbc_myconfig.c:1.35 webiso/pubcookie/src/pbc_myconfig.c:1.35.2.1
*** webiso/pubcookie/src/pbc_myconfig.c:1.35 Fri Sep 26 15:27:02 2003
--- webiso/pubcookie/src/pbc_myconfig.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file pbc_myconfig.c
* Runtime configuration
*
! * $Id: pbc_myconfig.c,v 1.35 2003/09/26 22:27:02 ryanc Exp $
*/
--- 6,12 ----
/** @file pbc_myconfig.c
* Runtime configuration
*
! * $Id: pbc_myconfig.c,v 1.35.2.1 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 57,62 ****
--- 57,63 ----
# define EX_OSERR 71
#endif /* HAVE_SYSEXITS_H */
+ #include "pbc_logging.h"
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif
***************
*** 168,174 ****
libpbc_abend( p, "Option key suddenly became NULL! Somebody fudged a pointer!" );
}
if ( *key == configlist[opt].key[0] &&
! !strcmp(key, configlist[opt].key))
return configlist[opt].value;
}
return def;
--- 169,175 ----
libpbc_abend( p, "Option key suddenly became NULL! Somebody fudged a pointer!" );
}
if ( *key == configlist[opt].key[0] &&
! !strcasecmp(key, configlist[opt].key))
return configlist[opt].value;
}
return def;
***************
*** 348,357 ****
{
char **v;
int c;
! libpbc_myconfig_init((argc > 1) ? argv[1] : "myconf", NULL);
! v = libpbc_myconfig_getlist("foo");
if (v) {
c = 0;
while (v[c]) {
--- 349,359 ----
{
char **v;
int c;
+ pool *p = NULL;
! libpbc_myconfig_init(p, (argc > 1) ? argv[1] : "myconf", NULL);
! v = libpbc_myconfig_getlist(p, "foo");
if (v) {
c = 0;
while (v[c]) {
Index: webiso/pubcookie/src/pbc_path.h.in
diff -c webiso/pubcookie/src/pbc_path.h.in:2.7 webiso/pubcookie/src/pbc_path.h.in:2.7.2.1
*** webiso/pubcookie/src/pbc_path.h.in:2.7 Thu Jul 10 12:06:40 2003
--- webiso/pubcookie/src/pbc_path.h.in Tue Dec 16 14:01:26 2003
***************
*** 9,15 ****
* So that we can just #include this file instead of having to
* worry about shell escapes and whatnot.
*
! * $Id: pbc_path.h.in,v 2.7 2003/07/10 19:06:40 willey Exp $
*/
--- 9,15 ----
* So that we can just #include this file instead of having to
* worry about shell escapes and whatnot.
*
! * $Id: pbc_path.h.in,v 2.7.2.1 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 31,37 ****
#define TMPL_FNAME (libpbc_config_getstring(p, "template_root", "@prefix@/login_templates"))
/* suffix for seperate config files for components */
! #define PBC_SUBCONFIG (libpbc_config_getstring(p, "pbc_subconfig", ".conf"))
/* file to get the list of ok browsers from */
#define OK_BROWSERS_FILE (libpbc_config_getstring(p, "ok_browsers", "@prefix@/ok_browsers"))
--- 31,37 ----
#define TMPL_FNAME (libpbc_config_getstring(p, "template_root", "@prefix@/login_templates"))
/* suffix for seperate config files for components */
! #define PBC_SUBCONFIG (libpbc_config_getstring(p, "subconfig_suffix", ".conf"))
/* file to get the list of ok browsers from */
#define OK_BROWSERS_FILE (libpbc_config_getstring(p, "ok_browsers", "@prefix@/ok_browsers"))
Index: webiso/pubcookie/src/security.h
diff -c webiso/pubcookie/src/security.h:1.8.4.1 webiso/pubcookie/src/security.h:1.8.4.2
*** webiso/pubcookie/src/security.h:1.8.4.1 Tue Dec 9 10:37:04 2003
--- webiso/pubcookie/src/security.h Tue Dec 16 14:01:26 2003
***************
*** 4,10 ****
*/
/*
! $Id: security.h,v 1.8.4.1 2003/12/09 18:37:04 jteaton Exp $
*/
#ifndef INCLUDED_SECURITY_H
--- 4,10 ----
*/
/*
! $Id: security.h,v 1.8.4.2 2003/12/16 22:01:26 jteaton Exp $
*/
#ifndef INCLUDED_SECURITY_H
***************
*** 19,24 ****
--- 19,26 ----
*/
struct security_context_s;
typedef struct security_context_s security_context;
+
+ static void make_crypt_keyfile(pool *p, const char *peername, char *buf);
/**
* initializes the security subsystem.
Index: webiso/pubcookie/src/verify.c
diff -c webiso/pubcookie/src/verify.c:1.20 webiso/pubcookie/src/verify.c:1.20.2.1
*** webiso/pubcookie/src/verify.c:1.20 Tue Sep 23 17:48:48 2003
--- webiso/pubcookie/src/verify.c Tue Dec 16 14:01:26 2003
***************
*** 6,12 ****
/** @file verify.c
* Verifier base stuff
*
! * $Id: verify.c,v 1.20 2003/09/24 00:48:48 willey Exp $
*/
--- 6,12 ----
/** @file verify.c
* Verifier base stuff
*
! * $Id: verify.c,v 1.20.2.1 2003/12/16 22:01:26 jteaton Exp $
*/
***************
*** 45,50 ****
--- 45,51 ----
extern verifier alwaystrue_verifier;
extern verifier shadow_verifier;
extern verifier fork_verifier;
+ extern verifier uwsecurid_verifier;
/* verifiers that we actually compiled */
static verifier *verifiers[] = {
***************
*** 54,59 ****
--- 55,61 ----
&alwaystrue_verifier,
&shadow_verifier,
&fork_verifier,
+ &uwsecurid_verifier,
NULL
};
***************
*** 101,107 ****
exit(1);
}
! r = v->v(argv[2], argv[3],
argc > 4 ? argv[5] : NULL,
argc > 3 ? argv[4] : NULL,
&creds, &errstr);
--- 103,110 ----
exit(1);
}
! /* first arg is pool */
! r = v->v(NULL, argv[2], argv[3],
argc > 4 ? argv[5] : NULL,
argc > 3 ? argv[4] : NULL,
&creds, &errstr);
***************
*** 126,132 ****
printf("\n"
"attempting to get imap/cyrus.andrew.cmu.edu credential...\n");
! if (!v->cred_derive(creds, "vtest", "imap/cyrus.andrew.cmu.edu",
&newcreds) &&
newcreds) {
printf("got newcreds, size %d:\n", newcreds->sz);
--- 129,135 ----
printf("\n"
"attempting to get imap/cyrus.andrew.cmu.edu credential...\n");
! if (!v->cred_derive(NULL, creds, "vtest", "imap/cyrus.andrew.cmu.edu",
&newcreds) &&
newcreds) {
printf("got newcreds, size %d:\n", newcreds->sz);
end of message
More information about the pubcookie-dev
mailing list