[pubcookie-dev] CVS update: fox;
flavor_uwsecurid.c,2.8,2.9 index.cgi.c,1.139,1.140
mod_pubcookie.c,1.153,1.154
fox at washington.edu
fox at washington.edu
Wed Sep 1 14:13:38 PDT 2004
Update of /usr/local/cvsroot/webiso/pubcookie/src
In directory webiso-cvs.cac.washington.edu:/var/tmp/cvs-serv2818/webiso/pubcookie/src
Modified Files:
flavor_basic.c flavor_getcred.c flavor_uwsecurid.c index.cgi.c
mod_pubcookie.c
Log Message:
Fixing post method to pass extra credentials, i.e. K5 ticket,
to the application.
Note that, while the login server will break a too-long credential
into component parts, the module has never been programmed to
assemble such parts. I did not improve that, as the K5 credential
is only about 500 bytes and the block size is about 3900 bytes.
Index: webiso/pubcookie/src/flavor_basic.c
diff -c webiso/pubcookie/src/flavor_basic.c:1.63 webiso/pubcookie/src/flavor_basic.c:1.64
*** webiso/pubcookie/src/flavor_basic.c:1.63 Wed Aug 18 17:34:43 2004
--- webiso/pubcookie/src/flavor_basic.c Wed Sep 1 14:13:36 2004
***************
*** 13,19 ****
* will pass l->realm to the verifier and append it to the username when
* 'append_realm' is set
*
! * $Id: flavor_basic.c,v 1.63 2004/08/19 00:34:43 willey Exp $
*/
--- 13,19 ----
* will pass l->realm to the verifier and append it to the username when
* 'append_realm' is set
*
! * $Id: flavor_basic.c,v 1.64 2004/09/01 21:13:36 fox Exp $
*/
***************
*** 245,255 ****
}
if (need_clear_greq) {
! print_header(p, "Set-Cookie: %s=%s; domain=%s; path=/; secure\n",
! PBC_G_REQ_COOKIENAME,
! PBC_CLEAR_COOKIE,
! PBC_ENTRPRS_DOMAIN);
!
}
switch (reason) {
--- 245,251 ----
}
if (need_clear_greq) {
! add_app_cookie(PBC_G_REQ_COOKIENAME, PBC_CLEAR_COOKIE, NULL);
}
switch (reason) {
Index: webiso/pubcookie/src/flavor_getcred.c
diff -c webiso/pubcookie/src/flavor_getcred.c:1.29 webiso/pubcookie/src/flavor_getcred.c:1.30
*** webiso/pubcookie/src/flavor_getcred.c:1.29 Wed Apr 7 08:29:01 2004
--- webiso/pubcookie/src/flavor_getcred.c Wed Sep 1 14:13:36 2004
***************
*** 6,12 ****
/** @file flavor_getcred.c
* Getcred flavor
*
! * $Id: flavor_getcred.c,v 1.29 2004/04/07 15:29:01 jteaton Exp $
*/
--- 6,12 ----
/** @file flavor_getcred.c
* Getcred flavor
*
! * $Id: flavor_getcred.c,v 1.30 2004/09/01 21:13:36 fox Exp $
*/
***************
*** 342,364 ****
for (i = 0, j = 0;
i < strlen(out64) && j < PBC_TRANSCRED_MAX_COOKIES;
i += PBC_TRANSCRED_MAX_COOKIE_LENGTH, j++) {
strncpy(cookiestr, out64+i, PBC_TRANSCRED_MAX_COOKIE_LENGTH);
/* set cookie(s) */
! if (j == 0) {
! /* compatibality mode */
! print_header(p, "Set-Cookie: %s=%s; domain=%s; path=/; secure\n",
! PBC_CRED_TRANSFER_COOKIENAME,
! cookiestr,
! enterprise_domain(p));
! } else {
! /* set cookie(s) */
! print_header(p, "Set-Cookie: %s%d=%s; domain=%s; path=/; secure\n",
! PBC_CRED_TRANSFER_COOKIENAME,
! j,
! cookiestr,
! enterprise_domain(p));
}
}
if (j == PBC_TRANSCRED_MAX_COOKIES) {
--- 342,358 ----
for (i = 0, j = 0;
i < strlen(out64) && j < PBC_TRANSCRED_MAX_COOKIES;
i += PBC_TRANSCRED_MAX_COOKIE_LENGTH, j++) {
+ char *ckname;
strncpy(cookiestr, out64+i, PBC_TRANSCRED_MAX_COOKIE_LENGTH);
/* set cookie(s) */
! if (j == 0) ckname = PBC_CRED_TRANSFER_COOKIENAME;
! else {
! ckname = (char*) malloc(strlen(PBC_CRED_TRANSFER_COOKIENAME)+16);
! sprintf(ckname, "%s%d", PBC_CRED_TRANSFER_COOKIENAME, j);
}
+ add_app_cookie(ckname, cookiestr, NULL);
+ if (j) free(ckname);
}
if (j == PBC_TRANSCRED_MAX_COOKIES) {
Index: webiso/pubcookie/src/flavor_uwsecurid.c
diff -c webiso/pubcookie/src/flavor_uwsecurid.c:2.8 webiso/pubcookie/src/flavor_uwsecurid.c:2.9
*** webiso/pubcookie/src/flavor_uwsecurid.c:2.8 Fri Jul 30 18:01:24 2004
--- webiso/pubcookie/src/flavor_uwsecurid.c Wed Sep 1 14:13:36 2004
***************
*** 11,17 ****
*/
/*
! $Id: flavor_uwsecurid.c,v 2.8 2004/07/31 01:01:24 willey Exp $
*/
#ifdef HAVE_CONFIG_H
--- 11,17 ----
*/
/*
! $Id: flavor_uwsecurid.c,v 2.9 2004/09/01 21:13:36 fox Exp $
*/
#ifdef HAVE_CONFIG_H
***************
*** 469,479 ****
}
if (need_clear_greq) {
! print_header(p, "Set-Cookie: %s=%s; domain=%s; path=/; secure\n",
! PBC_G_REQ_COOKIENAME,
! PBC_CLEAR_COOKIE,
! PBC_ENTRPRS_DOMAIN);
!
}
/* get the config about whether to use static user fields */
--- 469,475 ----
}
if (need_clear_greq) {
! add_app_cookie(PBC_G_REQ_COOKIENAME, PBC_CLEAR_COOKIE, NULL);
}
/* get the config about whether to use static user fields */
Index: webiso/pubcookie/src/index.cgi.c
diff -c webiso/pubcookie/src/index.cgi.c:1.139 webiso/pubcookie/src/index.cgi.c:1.140
*** webiso/pubcookie/src/index.cgi.c:1.139 Mon Aug 23 15:05:47 2004
--- webiso/pubcookie/src/index.cgi.c Wed Sep 1 14:13:36 2004
***************
*** 6,12 ****
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.139 2004/08/23 22:05:47 willey Exp $
*/
#ifdef WITH_FCGI
--- 6,12 ----
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.140 2004/09/01 21:13:36 fox Exp $
*/
#ifdef WITH_FCGI
***************
*** 131,136 ****
--- 131,203 ----
/* do we want debugging? */
int debug;
+ /* Cookies are secure except for one exception */
+ #ifdef PORT80_TEST
+ static char *secure_cookie = "";
+ #else
+ static char *secure_cookie = "; secure";
+ #endif
+
+ /* Cookies to the app that may be sent via form are stored here. */
+ typedef struct {
+ char *name;
+ char *value;
+ char *exp;
+ } cookie_list_t;
+ cookie_list_t *cookie_list;
+ int n_cookie_list = 0;
+
+ void add_app_cookie(char *name, char *value, char *exp)
+ {
+ int i;
+ for (i=0;i<n_cookie_list;i++) {
+ if (!strcmp(cookie_list[i].name, name)) {
+ free(cookie_list[i].value);
+ if (cookie_list[i].exp) free(cookie_list[i].exp);
+ cookie_list[i].value = strdup(value);
+ cookie_list[n_cookie_list].exp = exp? strdup(exp): NULL;
+ return;
+ }
+ }
+ if (n_cookie_list) cookie_list = (cookie_list_t *)
+ realloc(cookie_list, sizeof(cookie_list_t)*(n_cookie_list+1));
+ else cookie_list = (cookie_list_t *) malloc(sizeof(cookie_list_t));
+ cookie_list[n_cookie_list].name = strdup(name);
+ cookie_list[n_cookie_list].value = strdup(value);
+ cookie_list[n_cookie_list].exp = exp? strdup(exp): NULL;
+ n_cookie_list++;
+ }
+ static void clear_app_cookies()
+ {
+ int i;
+ if (n_cookie_list) {
+ for (i=0;i<n_cookie_list;i++) {
+ free(cookie_list[i].name);
+ free(cookie_list[i].value);
+ if (cookie_list[i].exp) free(cookie_list[i].exp);
+ }
+ free(cookie_list);
+ n_cookie_list = 0;
+ }
+ }
+ static void send_app_cookies(pool *p)
+ {
+ int i;
+ char exp[128];
+
+ for (i=0;i<n_cookie_list;i++) {
+ if (cookie_list[i].exp) snprintf(exp, 127, "; expires=%s", cookie_list[i].exp);
+ else exp[0] = '\0';
+ print_header(p, "Set-Cookie: %s=%s; domain=%s; path=/%s%s\n",
+ cookie_list[i].name,
+ cookie_list[i].value,
+ enterprise_domain(p),
+ exp, secure_cookie);
+ }
+ clear_app_cookies();
+ }
+
+
/* These limit the number of requests a fastcgi-server will handle.
Have no effect on the standalone server. */
int cgi_count = 0;
***************
*** 675,686 ****
l_cookie,
login_host(p),
LOGIN_DIR,
! #ifdef PORT80_TEST
! ""
! #else
! "; secure"
! #endif
! );
if (l_cookie != NULL)
free(l_cookie);
--- 742,748 ----
l_cookie,
login_host(p),
LOGIN_DIR,
! secure_cookie);
if (l_cookie != NULL)
free(l_cookie);
***************
*** 704,717 ****
login_host(p),
LOGIN_DIR,
EARLIEST_EVER,
! #ifdef PORT80_TEST
! ""
! #else
! "; secure"
! #endif
! );
!
! return(PBC_OK);
}
--- 766,773 ----
login_host(p),
LOGIN_DIR,
EARLIEST_EVER,
! secure_cookie);
! return(PBC_OK);
}
***************
*** 721,738 ****
*/
int clear_greq_cookie(pool *p) {
! print_header(p, "Set-Cookie: %s=%s; domain=%s; path=/; expires=%s%s\n",
! PBC_G_REQ_COOKIENAME,
! PBC_CLEAR_COOKIE,
! enterprise_domain(p),
! EARLIEST_EVER,
! #ifdef PORT80_TEST
! ""
! #else
! "; secure"
! #endif
! );
!
return(PBC_OK);
}
--- 777,783 ----
*/
int clear_greq_cookie(pool *p) {
! add_app_cookie(PBC_G_REQ_COOKIENAME, PBC_CLEAR_COOKIE, EARLIEST_EVER);
return(PBC_OK);
}
***************
*** 2062,2072 ****
/* if we got a form multipart cookie, reset it */
if ( getenv("HTTP_COOKIE") && strstr(getenv("HTTP_COOKIE"),
PBC_FORM_MP_COOKIENAME) ) {
! print_header(p, "Set-Cookie: %s=%s; domain=%s; path=/; expires=%s\n",
! PBC_FORM_MP_COOKIENAME,
! PBC_CLEAR_COOKIE,
! enterprise_domain(p),
! EARLIEST_EVER);
}
switch(event) {
--- 2107,2113 ----
/* if we got a form multipart cookie, reset it */
if ( getenv("HTTP_COOKIE") && strstr(getenv("HTTP_COOKIE"),
PBC_FORM_MP_COOKIENAME) ) {
! add_app_cookie(PBC_FORM_MP_COOKIENAME, PBC_CLEAR_COOKIE, EARLIEST_EVER);
}
switch(event) {
***************
*** 2098,2103 ****
--- 2139,2145 ----
break;
}
+ send_app_cookies(p);
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_notok", "notok"),
"subtext", (subtext == NULL ? "<BR>" : subtext),
***************
*** 2116,2128 ****
PBC_PINIT_COOKIENAME,
PBC_SET,
login_host(p),
! #ifdef PORT80_TEST
! ""
! #else
! "; secure"
! #endif
! );
!
return(PBC_OK);
}
--- 2158,2164 ----
PBC_PINIT_COOKIENAME,
PBC_SET,
login_host(p),
! secure_cookie);
return(PBC_OK);
}
***************
*** 2133,2145 ****
PBC_CLEAR_COOKIE,
login_host(p),
EARLIEST_EVER,
! #ifdef PORT80_TEST
! ""
! #else
! "; secure"
! #endif
! );
!
return(PBC_OK);
}
--- 2169,2175 ----
PBC_CLEAR_COOKIE,
login_host(p),
EARLIEST_EVER,
! secure_cookie);
return(PBC_OK);
}
***************
*** 2404,2434 ****
}
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "created cookies l_res g_res\n");
if (l->relay_uri) pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
"This is a relay request from %s\n", l->relay_uri);
! /* create the http header line with the cookie */
! snprintf( g_set_cookie, sizeof(g_set_cookie)-1,
! #ifdef PORT80_TEST
! "Set-Cookie: %s=%s; domain=%s; path=/",
! #else
! "Set-Cookie: %s=%s; domain=%s; path=/; secure",
! #endif
! PBC_G_COOKIENAME,
! g_cookie,
! enterprise_domain(p));
!
snprintf( l_set_cookie, sizeof(l_set_cookie)-1,
! #ifdef PORT80_TEST
! "Set-Cookie: %s=%s; domain=%s; path=%s",
! #else
! "Set-Cookie: %s=%s; domain=%s; path=%s; secure",
! #endif
PBC_L_COOKIENAME,
l_cookie,
login_host(p),
! LOGIN_DIR);
/* whip up the url to send the browser back to */
if (!strcmp(l->fr, "NFR") )
--- 2434,2453 ----
}
pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "created cookies l_res g_res\n");
+ if (l->pinit==PBC_FALSE) add_app_cookie(PBC_G_COOKIENAME, g_cookie, NULL);
if (l->relay_uri) pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
"This is a relay request from %s\n", l->relay_uri);
! /* create the login cookie header*/
!
snprintf( l_set_cookie, sizeof(l_set_cookie)-1,
! "Set-Cookie: %s=%s; domain=%s; path=%s%s",
PBC_L_COOKIENAME,
l_cookie,
login_host(p),
! LOGIN_DIR,
! secure_cookie);
/* whip up the url to send the browser back to */
if (!strcmp(l->fr, "NFR") )
***************
*** 2465,2481 ****
redirect_final,
l->appsrv_err_string == NULL ? "(null)" : l->appsrv_err_string);
! /* now blat out the redirect page */
! if( l->pinit == PBC_FALSE ) { /* don't need a G cookie for a pinit */
! if (!l->relay_uri) print_header(p, "%s\n", g_set_cookie);
! } else {
! set_pinit_cookie(p);
! }
if (*l->user) print_header(p, "%s\n", l_set_cookie);
! clear_greq_cookie(p);
/* incase we have a relay */
if ( l->relay_uri ) {
print_html(p, "<HTML>");
print_html(p, "<body onLoad=\"document.relay.submit()\">\n");
print_html(p, "<form method=post action=\"%s\" name=relay>",
--- 2484,2497 ----
redirect_final,
l->appsrv_err_string == NULL ? "(null)" : l->appsrv_err_string);
! /* Send local cookies */
! if( l->pinit == PBC_TRUE ) set_pinit_cookie(p);
if (*l->user) print_header(p, "%s\n", l_set_cookie);
! if (!l->relay_uri) clear_greq_cookie(p);
/* incase we have a relay */
if ( l->relay_uri ) {
+ int i;
print_html(p, "<HTML>");
print_html(p, "<body onLoad=\"document.relay.submit()\">\n");
print_html(p, "<form method=post action=\"%s\" name=relay>",
***************
*** 2484,2493 ****
l->post_stuff?l->post_stuff:"");
print_html(p, "<input type=hidden name=get_args value=\"%s\">",
l->args?args_enc:"");
- print_html(p, "<input type=hidden name=pubcookie_g value=\"%s\">",
- g_cookie);
print_html(p, "<input type=hidden name=redirect_url value=\"%s\">",
redirect_dest);
/**
print_html(p, "<p align=center><input type=submit name=go value=\"Continue\">");
**/
--- 2500,2513 ----
l->post_stuff?l->post_stuff:"");
print_html(p, "<input type=hidden name=get_args value=\"%s\">",
l->args?args_enc:"");
print_html(p, "<input type=hidden name=redirect_url value=\"%s\">",
redirect_dest);
+ /* Add the 'cookies' */
+ for (i=0;i<n_cookie_list;i++) {
+ print_html(p, "<input type=hidden name=\"%s\" value=\"%s\">",
+ cookie_list[i].name, cookie_list[i].value);
+ }
+ clear_app_cookies(p);
/**
print_html(p, "<p align=center><input type=submit name=go value=\"Continue\">");
**/
***************
*** 2496,2501 ****
--- 2516,2522 ----
/* incase we have a post */
} else if ( l->post_stuff ) {
+ send_app_cookies(p);
/* cgiParseFormInput will extract the arguments from the post */
/* make them available to subsequent cgic calls */
if (cgiParseFormInput(l->post_stuff, strlen(l->post_stuff))
***************
*** 2596,2602 ****
print_html(p, "</BODY></HTML>\n");
}
else {
! /* non-post redirect area non-post redirect area */
/* the refresh header should go into the template as soon as it's*/
/* been tested */
--- 2617,2623 ----
print_html(p, "</BODY></HTML>\n");
}
else {
! send_app_cookies(p);
/* the refresh header should go into the template as soon as it's*/
/* been tested */
Index: webiso/pubcookie/src/mod_pubcookie.c
diff -c webiso/pubcookie/src/mod_pubcookie.c:1.153 webiso/pubcookie/src/mod_pubcookie.c:1.154
*** webiso/pubcookie/src/mod_pubcookie.c:1.153 Wed Aug 18 12:43:50 2004
--- webiso/pubcookie/src/mod_pubcookie.c Wed Sep 1 14:13:36 2004
***************
*** 6,12 ****
/** @file mod_pubcookie.c
* Apache pubcookie module
*
! * $Id: mod_pubcookie.c,v 1.153 2004/08/18 19:43:50 fox Exp $
*/
#define MAX_POST_DATA 2048 /* arbitrary */
--- 6,12 ----
/** @file mod_pubcookie.c
* Apache pubcookie module
*
! * $Id: mod_pubcookie.c,v 1.154 2004/09/01 21:13:36 fox Exp $
*/
#define MAX_POST_DATA 2048 /* arbitrary */
***************
*** 1883,1891 ****
/* save these creds in that file */
#ifdef APACHE2
apr_file_open(&f, krb5ccname,
! APR_CREATE|APR_WRITE|APR_TRUNCATE, 0644, p);
#else
f = ap_pfopen(p, krb5ccname, "w");
#endif
if (!f) {
ap_log_rerror(PC_LOG_ERR, r,
--- 1883,1893 ----
/* save these creds in that file */
#ifdef APACHE2
apr_file_open(&f, krb5ccname,
! APR_CREATE|APR_WRITE|APR_TRUNCATE,
! APR_UREAD|APR_UWRITE|APR_GREAD, p);
#else
f = ap_pfopen(p, krb5ccname, "w");
+ chmod(krb5ccname, S_IRUSR|S_IWUSR);
#endif
if (!f) {
ap_log_rerror(PC_LOG_ERR, r,
***************
*** 2858,2868 ****
pubcookie_server_rec *scfg;
pubcookie_dir_rec *cfg;
table *args = ap_make_table(r->pool, 5);
! const char *greply, *pdata;
char *arg;
const char *lenp = ap_table_get(r->headers_in, "Content-Length");
char *post_data;
! char *gr_cookie;
const char *r_url;
pool *p = r->pool;
--- 2860,2870 ----
pubcookie_server_rec *scfg;
pubcookie_dir_rec *cfg;
table *args = ap_make_table(r->pool, 5);
! const char *greply, *creply, *pdata;
char *arg;
const char *lenp = ap_table_get(r->headers_in, "Content-Length");
char *post_data;
! char *gr_cookie, *cr_cookie;
const char *r_url;
pool *p = r->pool;
***************
*** 2909,2922 ****
ap_send_http_header(r);
}
! gr_cookie = ap_psprintf(p,
! "%s=%s; domain=%s; path=/;%s",
PBC_G_COOKIENAME, greply,
PBC_ENTRPRS_DOMAIN,
secure_cookie);
- ap_table_add(r->headers_out, "Set-Cookie", gr_cookie);
ap_send_http_header(r);
--- 2911,2934 ----
ap_send_http_header(r);
}
! creply = ap_table_get(args, PBC_CRED_TRANSFER_COOKIENAME);
!
! /* Build the redirection */
!
! gr_cookie = ap_psprintf(p, "%s=%s; domain=%s; path=/;%s",
PBC_G_COOKIENAME, greply,
PBC_ENTRPRS_DOMAIN,
secure_cookie);
+ ap_table_add(r->headers_out, "Set-Cookie", gr_cookie);
+ if (creply) {
+ cr_cookie = ap_psprintf(p, "%s=%s; domain=%s; path=/;%s",
+ PBC_CRED_TRANSFER_COOKIENAME, creply,
+ PBC_ENTRPRS_DOMAIN,
+ secure_cookie);
+ ap_table_add(r->headers_out, "Set-Cookie", cr_cookie);
+ }
ap_send_http_header(r);
end of message
More information about the pubcookie-dev
mailing list