X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fsessions.c;h=c31a51ac95a11c507fffa248920936989cb3a634;hb=13a936819b2f77140b641357052c972681fb4efb;hp=71e9dd54428884b53eb2dd9a33cd7b4bec5ee757;hpb=83930b81b95c3dbb650e5878ec4ecacde7947733;p=mod_auth_gssapi.git diff --git a/src/sessions.c b/src/sessions.c index 71e9dd5..c31a51a 100644 --- a/src/sessions.c +++ b/src/sessions.c @@ -86,9 +86,9 @@ static GSSSessionData_t *decode_GSSSessionData(void *buf, size_t len) #define MAG_BEARER_KEY "MagBearerToken" -void mag_check_session(request_rec *req, - struct mag_config *cfg, struct mag_conn **conn) +void mag_check_session(struct mag_req_cfg *cfg, struct mag_conn **conn) { + request_rec *req = cfg->req; struct mag_conn *mc; apr_status_t rc; session_rec *sess = NULL; @@ -108,11 +108,8 @@ void mag_check_session(request_rec *req, mc = *conn; if (!mc) { - mc = apr_pcalloc(req->pool, sizeof(struct mag_conn)); - if (!mc) return; - - mc->parent = req->pool; - *conn = mc; + *conn = mc = mag_new_conn_ctx(req->pool); + mc->is_preserved = true; } rc = mag_session_get(req, sess, MAG_BEARER_KEY, &sessval); @@ -161,23 +158,24 @@ void mag_check_session(request_rec *req, expiration = gsessdata->expiration; if (expiration < time(NULL)) { /* credentials fully expired, return nothing */ + mc->established = false; goto done; } /* user name */ - mc->user_name = apr_pstrndup(mc->parent, + mc->user_name = apr_pstrndup(mc->pool, (char *)gsessdata->username.buf, gsessdata->username.size); if (!mc->user_name) goto done; /* gssapi name */ - mc->gss_name = apr_pstrndup(mc->parent, + mc->gss_name = apr_pstrndup(mc->pool, (char *)gsessdata->gssname.buf, gsessdata->gssname.size); if (!mc->gss_name) goto done; mc->basic_hash.length = gsessdata->basichash.size; - mc->basic_hash.value = apr_palloc(mc->parent, mc->basic_hash.length); + mc->basic_hash.value = apr_palloc(mc->pool, mc->basic_hash.length); memcpy(mc->basic_hash.value, gsessdata->basichash.buf, gsessdata->basichash.size); @@ -188,9 +186,9 @@ done: ASN_STRUCT_FREE(asn_DEF_GSSSessionData, gsessdata); } -void mag_attempt_session(request_rec *req, - struct mag_config *cfg, struct mag_conn *mc) +void mag_attempt_session(struct mag_req_cfg *cfg, struct mag_conn *mc) { + request_rec *req = cfg->req; session_rec *sess = NULL; struct databuf plainbuf = { 0 }; struct databuf cipherbuf = { 0 }; @@ -211,13 +209,8 @@ void mag_attempt_session(request_rec *req, if (!cfg->mag_skey) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, req, - "Session key not available, generating new one."); - rc = SEAL_KEY_CREATE(cfg->pool, &cfg->mag_skey, NULL); - if (rc != OK) { - ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, req, - "Failed to create sealing key!"); - return; - } + "Session key not available, aborting."); + return; } gsessdata.established = mc->established?1:0; @@ -279,10 +272,21 @@ static int mag_basic_hmac(struct seal_key *key, unsigned char *mac, return HMAC_BUFFER(key, &databuf, &hmacbuf); } -bool mag_basic_check(struct mag_config *cfg, struct mag_conn *mc, +static int mag_get_mac_size(struct mag_req_cfg *cfg) +{ + if (!cfg->mag_skey) { + ap_log_perror(APLOG_MARK, APLOG_INFO, 0, cfg->cfg->pool, + "Session key not available, aborting!"); + return 0; + } + + return get_mac_size(cfg->mag_skey); +} + +bool mag_basic_check(struct mag_req_cfg *cfg, struct mag_conn *mc, gss_buffer_desc user, gss_buffer_desc pwd) { - int mac_size = get_mac_size(cfg->mag_skey); + int mac_size = mag_get_mac_size(cfg); unsigned char mac[mac_size]; int ret, i, j; bool res = false; @@ -306,10 +310,10 @@ done: return res; } -void mag_basic_cache(struct mag_config *cfg, struct mag_conn *mc, +void mag_basic_cache(struct mag_req_cfg *cfg, struct mag_conn *mc, gss_buffer_desc user, gss_buffer_desc pwd) { - int mac_size = get_mac_size(cfg->mag_skey); + int mac_size = mag_get_mac_size(cfg); unsigned char mac[mac_size]; int ret; @@ -317,6 +321,6 @@ void mag_basic_cache(struct mag_config *cfg, struct mag_conn *mc, if (ret != 0) return; mc->basic_hash.length = mac_size; - mc->basic_hash.value = apr_palloc(mc->parent, mac_size); + mc->basic_hash.value = apr_palloc(mc->pool, mac_size); memcpy(mc->basic_hash.value, mac, mac_size); }