rpms / mod_auth_openidc

Clone
Source Code
GIT

Blame SOURCES/0007-set-boundaries-on-min-and-max-values-on-number-of-pa.patch

c7 c7-beta c8-beta-stream-2.3 c8-stream-2.3 c8s-stream-2.3 c9 c9-beta
  1.   06debe8bc74e9ae3c3370f03acd744967f9a22a1
  2.   SOURCES
  3.   0007-set-boundaries-on-min-and-max-values-on-number-of-pa.patch
Blob History Raw
5b8408 
From 284537dfc0585e08cfc0702c89b241d8986c7236 Mon Sep 17 00:00:00 2001
5b8408 
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
5b8408 
Date: Fri, 3 Aug 2018 12:22:45 +0200
5b8408 
Subject: [PATCH 07/11] set boundaries on min and max values on number of
5b8408 
 parallel state cookies
5b8408
5b8408 
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
5b8408 
(cherry picked from commit b8c53d7e0439f190afe0c6eeb2e2e12e881c65ac)
5b8408 
---
5b8408 
 src/config.c | 17 ++++++++++++++++-
5b8408 
 src/parse.c  | 31 +++++++++++++++++++++++++++++++
5b8408 
 src/parse.h  |  2 ++
5b8408 
 3 files changed, 49 insertions(+), 1 deletion(-)
5b8408
5b8408 
diff --git a/src/config.c b/src/config.c
5b8408 
index 2fd63ea..c793818 100644
5b8408 
--- a/src/config.c
5b8408 
+++ b/src/config.c
5b8408 
@@ -997,6 +997,21 @@ static const char *oidc_set_client_auth_bearer_token(cmd_parms *cmd,
5b8408 
 	return NULL;
5b8408 
 }
5b8408
5b8408 
+/*
5b8408 
+ * set the maximun number of parallel state cookies
5b8408 
+ */
5b8408 
+static const char *oidc_set_max_number_of_state_cookies(cmd_parms *cmd,
5b8408 
+		void *struct_ptr, const char *arg) {
5b8408 
+	oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(
5b8408 
+			cmd->server->module_config, &auth_openidc_module);
5b8408 
+	const char *rv = oidc_parse_max_number_of_state_cookies(cmd->pool, arg,
5b8408 
+			&cfg->max_number_of_state_cookies);
5b8408 
+	return OIDC_CONFIG_DIR_RV(cmd, rv);
5b8408 
+}
5b8408 
+
5b8408 
+/*
5b8408 
+ * return the maximun number of parallel state cookies
5b8408 
+ */
5b8408 
 int oidc_cfg_max_number_of_state_cookies(oidc_cfg *cfg) {
5b8408 
 	if (cfg->max_number_of_state_cookies == OIDC_CONFIG_POS_INT_UNSET)
5b8408 
 		return OIDC_DEFAULT_MAX_NUMBER_OF_STATE_COOKIES;
5b8408 
@@ -2642,7 +2657,7 @@ const command_rec oidc_config_cmds[] = {
5b8408 
 				RSRC_CONF,
5b8408 
 				"Time to live in seconds for state parameter (cq. interval in which the authorization request and the corresponding response need to be completed)."),
5b8408 
 		AP_INIT_TAKE1(OIDCStateMaxNumberOfCookies,
5b8408 
-				oidc_set_int_slot,
5b8408 
+				oidc_set_max_number_of_state_cookies,
5b8408 
 				(void*)APR_OFFSETOF(oidc_cfg, max_number_of_state_cookies),
5b8408 
 				RSRC_CONF,
5b8408 
 				"Maximun number of parallel state cookies i.e. outstanding authorization requests."),
5b8408 
diff --git a/src/parse.c b/src/parse.c
5b8408 
index 9d3763c..0f986fd 100644
5b8408 
--- a/src/parse.c
5b8408 
+++ b/src/parse.c
5b8408 
@@ -530,6 +530,28 @@ const char *oidc_valid_session_max_duration(apr_pool_t *pool, int v) {
5b8408 
 	return NULL;
5b8408 
 }
5b8408
5b8408 
+#define OIDC_MAX_NUMBER_OF_STATE_COOKIES_MIN  0
5b8408 
+#define OIDC_MAX_NUMBER_OF_STATE_COOKIES_MAX  255
5b8408 
+
5b8408 
+/*
5b8408 
+ * check the maximum number of parallel state cookies
5b8408 
+ */
5b8408 
+const char *oidc_valid_max_number_of_state_cookies(apr_pool_t *pool, int v) {
5b8408 
+	if (v == 0) {
5b8408 
+		return NULL;
5b8408 
+	}
5b8408 
+	if (v < OIDC_MAX_NUMBER_OF_STATE_COOKIES_MIN) {
5b8408 
+		return apr_psprintf(pool, "maximum must not be less than %d",
5b8408 
+				OIDC_MAX_NUMBER_OF_STATE_COOKIES_MIN);
5b8408 
+	}
5b8408 
+	if (v > OIDC_MAX_NUMBER_OF_STATE_COOKIES_MAX) {
5b8408 
+		return apr_psprintf(pool, "maximum must not be greater than %d",
5b8408 
+				OIDC_MAX_NUMBER_OF_STATE_COOKIES_MAX);
5b8408 
+	}
5b8408 
+	return NULL;
5b8408 
+}
5b8408 
+
5b8408 
+
5b8408 
 /*
5b8408 
  * parse a session max duration value from the provided string
5b8408 
  */
5b8408 
@@ -1218,3 +1240,12 @@ const char *oidc_parse_auth_request_method(apr_pool_t *pool, const char *arg,
5b8408
5b8408 
 	return NULL;
5b8408 
 }
5b8408 
+
5b8408 
+/*
5b8408 
+ * parse the maximum number of parallel state cookies
5b8408 
+ */
5b8408 
+const char *oidc_parse_max_number_of_state_cookies(apr_pool_t *pool,
5b8408 
+		const char *arg, int *int_value) {
5b8408 
+	return oidc_parse_int_valid(pool, arg, int_value,
5b8408 
+			oidc_valid_max_number_of_state_cookies);
5b8408 
+}
5b8408 
diff --git a/src/parse.h b/src/parse.h
5b8408 
index 853e98f..6355db4 100644
5b8408 
--- a/src/parse.h
5b8408 
+++ b/src/parse.h
5b8408 
@@ -90,6 +90,7 @@ const char *oidc_valid_userinfo_refresh_interval(apr_pool_t *pool, int v);
5b8408 
 const char *oidc_valid_userinfo_token_method(apr_pool_t *pool, const char *arg);
5b8408 
 const char *oidc_valid_token_binding_policy(apr_pool_t *pool, const char *arg);
5b8408 
 const char *oidc_valid_auth_request_method(apr_pool_t *pool, const char *arg);
5b8408 
+const char *oidc_valid_max_number_of_state_cookies(apr_pool_t *pool, int v);
5b8408
5b8408 
 const char *oidc_parse_int(apr_pool_t *pool, const char *arg, int *int_value);
5b8408 
 const char *oidc_parse_boolean(apr_pool_t *pool, const char *arg, int *bool_value);
5b8408 
@@ -116,6 +117,7 @@ const char *oidc_parse_info_hook_data(apr_pool_t *pool, const char *arg, apr_has
5b8408 
 const char *oidc_parse_token_binding_policy(apr_pool_t *pool, const char *arg, int *int_value);
5b8408 
 const char *oidc_token_binding_policy2str(apr_pool_t *pool, int v);
5b8408 
 const char *oidc_parse_auth_request_method(apr_pool_t *pool, const char *arg, int *method);
5b8408 
+const char *oidc_parse_max_number_of_state_cookies(apr_pool_t *pool, const char *arg, int *int_value);
5b8408
5b8408 
 typedef const char *(*oidc_valid_int_function_t)(apr_pool_t *, int);
5b8408 
 typedef const char *(*oidc_valid_function_t)(apr_pool_t *, const char *);
5b8408 
--
5b8408 
2.26.2
5b8408

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation