---

Authentication

Files
file	authenticate.c
file	authenticate.h
Modules
Ticket Validation
Defines
#define	URLBUFSIZE   4096
#define	USERBUFSIZE   20
#define	COOKIENAME   "MODCASID"
#define	COOKIENAME_SECURE   "MODCASIDS"
#define	COOKIEPATH   "/"
Functions
char *	get_service (request_rec *r, char *buf, int buflen)
char *	get_ticket (request_rec *r)
int	check_individual_cookie (void *msg_buf, char *key, char *value)
char *	get_netid_from_cookies (request_rec *r)
void	send_cookie (char *ticket, request_rec *r)
void	create_and_send_new_ticket (request_rec *r)
int	cas_check_user_id (request_rec *r)

---

Define Documentation

#define COOKIENAME   "MODCASID"

Name of insecure cookies

#define COOKIENAME_SECURE   "MODCASIDS"

Name of secure cookies

#define COOKIEPATH   "/"

Path used when sending cookies

#define URLBUFSIZE   4096

Size allocated to read the URLs

#define USERBUFSIZE   20

size allocated to read NetIDs

---

Function Documentation

int cas_check_user_id (  request_rec *  r  )

Handles CAS authentication. Note: Redirects to CAS if we can't authenticate the user, and expects a ticket back. Sets r->user with a validated user. Operates only when the AuthType is set to "CAS." Once past this point, we never directly return DECLINED; we return success with OK and, if we can't authenticate the user, merely redirect to the CAS with HTTP_MOVED_TEMPORARILY. On error, we return HTTP_INTERNAL_SERVER_ERROR. If we return OK, no other modules are supposed to handle this request during the "check user" phase. Parameters: r  the request. Returns: DECLINED when the module is not concerned OK when the user has been authenticated HTTP_INTERNAL_SERVER_ERROR on error (should not happen) HTTP_MOVED_TEPORARILY when redirecting to the CAS server

int check_individual_cookie (  void *  msg_buf, char *  key, char *  value )  [static]

A support function for get_netid_from_cookies, used by apr_table_do to handle individual cookies. Parameters: msg_buf  store our "insecure" status. key  not used (always "Cookie"). value  the value of the Cookie: header entry. Note: There may be multiple "Cookie" headers in the request that we receive, so we can't just use ap_table_get.)

void create_and_send_new_ticket (  request_rec *  r  )  [static]

Creates and sends a cookie holding a new ticket, which we add to the ticket cache under the appropriate NetID. Parameters: r  the request.

char* get_netid_from_cookies (  request_rec *  r  )  [static]

Tries to get the NetID from the request's headers. Parameters: r  the request. Note: Walks through the given request's headers, reading all cookies that can correspond to tickets and checking them against our ticket cache. Returns: the corresponding NetID if found, NULL otherwise.

char* get_service (  request_rec *  r, char *  buf, int  buflen )  [static]

Fills buf with the 'service' portion of the URL requested. Parameters: r  the request. buf  an already allocated buffer to store the service. buflen  the place allocated for buf. Note: The function returns the entire URL minus any trailing '&ticket=', if present. The URL is determined here, heuristically, from the request record. Returns: NULL if buf isn't large enough to fit the entire URL, the URL otherwise.

char* get_ticket (  request_rec *  r  )  [static]

Returns the 'ticket' portion of the URL requested. Parameters: r  the request. Note: This consists of everything following '&ticket=' in the logical full URL. Returns: NULL if no "ticket" parameter was specified, a pointer to the ticket string otherwise.

void send_cookie (  char *  ticket, request_rec *  r )  [static]

Sets a cookie corresponding to a particular ticket in the given request's response headers. This is a support function for create_and_send_new_ticket(). Parameters: ticket  the ticket used to build the cookie value. r  the request. Note: Uses the given configuration record to determine whether the ticket can be sent back to non-SSL URLs.

---