mod_auth_openidc/SOURCES/0007-set-boundaries-on-min-and-max-values-on-number-of-pa.patch

119 lines
4.5 KiB
Diff
Raw Normal View History

From 284537dfc0585e08cfc0702c89b241d8986c7236 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Fri, 3 Aug 2018 12:22:45 +0200
Subject: [PATCH 07/11] set boundaries on min and max values on number of
parallel state cookies
Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
(cherry picked from commit b8c53d7e0439f190afe0c6eeb2e2e12e881c65ac)
---
src/config.c | 17 ++++++++++++++++-
src/parse.c | 31 +++++++++++++++++++++++++++++++
src/parse.h | 2 ++
3 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/src/config.c b/src/config.c
index 2fd63ea..c793818 100644
--- a/src/config.c
+++ b/src/config.c
@@ -997,6 +997,21 @@ static const char *oidc_set_client_auth_bearer_token(cmd_parms *cmd,
return NULL;
}
+/*
+ * set the maximun number of parallel state cookies
+ */
+static const char *oidc_set_max_number_of_state_cookies(cmd_parms *cmd,
+ void *struct_ptr, const char *arg) {
+ oidc_cfg *cfg = (oidc_cfg *) ap_get_module_config(
+ cmd->server->module_config, &auth_openidc_module);
+ const char *rv = oidc_parse_max_number_of_state_cookies(cmd->pool, arg,
+ &cfg->max_number_of_state_cookies);
+ return OIDC_CONFIG_DIR_RV(cmd, rv);
+}
+
+/*
+ * return the maximun number of parallel state cookies
+ */
int oidc_cfg_max_number_of_state_cookies(oidc_cfg *cfg) {
if (cfg->max_number_of_state_cookies == OIDC_CONFIG_POS_INT_UNSET)
return OIDC_DEFAULT_MAX_NUMBER_OF_STATE_COOKIES;
@@ -2642,7 +2657,7 @@ const command_rec oidc_config_cmds[] = {
RSRC_CONF,
"Time to live in seconds for state parameter (cq. interval in which the authorization request and the corresponding response need to be completed)."),
AP_INIT_TAKE1(OIDCStateMaxNumberOfCookies,
- oidc_set_int_slot,
+ oidc_set_max_number_of_state_cookies,
(void*)APR_OFFSETOF(oidc_cfg, max_number_of_state_cookies),
RSRC_CONF,
"Maximun number of parallel state cookies i.e. outstanding authorization requests."),
diff --git a/src/parse.c b/src/parse.c
index 9d3763c..0f986fd 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -530,6 +530,28 @@ const char *oidc_valid_session_max_duration(apr_pool_t *pool, int v) {
return NULL;
}
+#define OIDC_MAX_NUMBER_OF_STATE_COOKIES_MIN 0
+#define OIDC_MAX_NUMBER_OF_STATE_COOKIES_MAX 255
+
+/*
+ * check the maximum number of parallel state cookies
+ */
+const char *oidc_valid_max_number_of_state_cookies(apr_pool_t *pool, int v) {
+ if (v == 0) {
+ return NULL;
+ }
+ if (v < OIDC_MAX_NUMBER_OF_STATE_COOKIES_MIN) {
+ return apr_psprintf(pool, "maximum must not be less than %d",
+ OIDC_MAX_NUMBER_OF_STATE_COOKIES_MIN);
+ }
+ if (v > OIDC_MAX_NUMBER_OF_STATE_COOKIES_MAX) {
+ return apr_psprintf(pool, "maximum must not be greater than %d",
+ OIDC_MAX_NUMBER_OF_STATE_COOKIES_MAX);
+ }
+ return NULL;
+}
+
+
/*
* parse a session max duration value from the provided string
*/
@@ -1218,3 +1240,12 @@ const char *oidc_parse_auth_request_method(apr_pool_t *pool, const char *arg,
return NULL;
}
+
+/*
+ * parse the maximum number of parallel state cookies
+ */
+const char *oidc_parse_max_number_of_state_cookies(apr_pool_t *pool,
+ const char *arg, int *int_value) {
+ return oidc_parse_int_valid(pool, arg, int_value,
+ oidc_valid_max_number_of_state_cookies);
+}
diff --git a/src/parse.h b/src/parse.h
index 853e98f..6355db4 100644
--- a/src/parse.h
+++ b/src/parse.h
@@ -90,6 +90,7 @@ const char *oidc_valid_userinfo_refresh_interval(apr_pool_t *pool, int v);
const char *oidc_valid_userinfo_token_method(apr_pool_t *pool, const char *arg);
const char *oidc_valid_token_binding_policy(apr_pool_t *pool, const char *arg);
const char *oidc_valid_auth_request_method(apr_pool_t *pool, const char *arg);
+const char *oidc_valid_max_number_of_state_cookies(apr_pool_t *pool, int v);
const char *oidc_parse_int(apr_pool_t *pool, const char *arg, int *int_value);
const char *oidc_parse_boolean(apr_pool_t *pool, const char *arg, int *bool_value);
@@ -116,6 +117,7 @@ const char *oidc_parse_info_hook_data(apr_pool_t *pool, const char *arg, apr_has
const char *oidc_parse_token_binding_policy(apr_pool_t *pool, const char *arg, int *int_value);
const char *oidc_token_binding_policy2str(apr_pool_t *pool, int v);
const char *oidc_parse_auth_request_method(apr_pool_t *pool, const char *arg, int *method);
+const char *oidc_parse_max_number_of_state_cookies(apr_pool_t *pool, const char *arg, int *int_value);
typedef const char *(*oidc_valid_int_function_t)(apr_pool_t *, int);
typedef const char *(*oidc_valid_function_t)(apr_pool_t *, const char *);
--
2.26.2