bx509d: Set Content-Type and Cache-Control
This commit is contained in:
Nicolas Williams
49
kdc/bx509d.c
49
kdc/bx509d.c
@@ -213,8 +213,8 @@ static const char *cache_dir;
|
|||||||
static char *impersonation_key_fn;
|
static char *impersonation_key_fn;
|
||||||
|
|
||||||
static krb5_error_code resp(struct bx509_request_desc *, int,
|
static krb5_error_code resp(struct bx509_request_desc *, int,
|
||||||
enum MHD_ResponseMemoryMode, const void *, size_t,
|
enum MHD_ResponseMemoryMode, const char *,
|
||||||
const char *);
|
const void *, size_t, const char *);
|
||||||
static krb5_error_code bad_req(struct bx509_request_desc *, krb5_error_code, int,
|
static krb5_error_code bad_req(struct bx509_request_desc *, krb5_error_code, int,
|
||||||
const char *, ...)
|
const char *, ...)
|
||||||
HEIMDAL_PRINTF_ATTRIBUTE((__printf__, 4, 5));
|
HEIMDAL_PRINTF_ATTRIBUTE((__printf__, 4, 5));
|
||||||
@@ -421,6 +421,7 @@ static krb5_error_code
|
|||||||
resp(struct bx509_request_desc *r,
|
resp(struct bx509_request_desc *r,
|
||||||
int http_status_code,
|
int http_status_code,
|
||||||
enum MHD_ResponseMemoryMode rmmode,
|
enum MHD_ResponseMemoryMode rmmode,
|
||||||
|
const char *content_type,
|
||||||
const void *body,
|
const void *body,
|
||||||
size_t bodylen,
|
size_t bodylen,
|
||||||
const char *token)
|
const char *token)
|
||||||
@@ -437,7 +438,9 @@ resp(struct bx509_request_desc *r,
|
|||||||
rmmode);
|
rmmode);
|
||||||
if (response == NULL)
|
if (response == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
if (http_status_code == MHD_HTTP_UNAUTHORIZED) {
|
mret = MHD_add_response_header(response, MHD_HTTP_HEADER_CACHE_CONTROL,
|
||||||
|
"no-store, max-age=0");
|
||||||
|
if (mret == MHD_YES && http_status_code == MHD_HTTP_UNAUTHORIZED) {
|
||||||
mret = MHD_add_response_header(response,
|
mret = MHD_add_response_header(response,
|
||||||
MHD_HTTP_HEADER_WWW_AUTHENTICATE,
|
MHD_HTTP_HEADER_WWW_AUTHENTICATE,
|
||||||
"Bearer");
|
"Bearer");
|
||||||
@@ -445,7 +448,7 @@ resp(struct bx509_request_desc *r,
|
|||||||
mret = MHD_add_response_header(response,
|
mret = MHD_add_response_header(response,
|
||||||
MHD_HTTP_HEADER_WWW_AUTHENTICATE,
|
MHD_HTTP_HEADER_WWW_AUTHENTICATE,
|
||||||
"Negotiate");
|
"Negotiate");
|
||||||
} else if (http_status_code == MHD_HTTP_TEMPORARY_REDIRECT) {
|
} else if (mret == MHD_YES && http_status_code == MHD_HTTP_TEMPORARY_REDIRECT) {
|
||||||
const char *redir;
|
const char *redir;
|
||||||
|
|
||||||
/* XXX Move this */
|
/* XXX Move this */
|
||||||
@@ -458,7 +461,12 @@ resp(struct bx509_request_desc *r,
|
|||||||
MHD_HTTP_HEADER_AUTHORIZATION,
|
MHD_HTTP_HEADER_AUTHORIZATION,
|
||||||
token);
|
token);
|
||||||
}
|
}
|
||||||
if (mret != MHD_NO)
|
if (mret == MHD_YES && content_type) {
|
||||||
|
mret = MHD_add_response_header(response,
|
||||||
|
MHD_HTTP_HEADER_CONTENT_TYPE,
|
||||||
|
content_type);
|
||||||
|
}
|
||||||
|
if (mret == MHD_YES)
|
||||||
mret = MHD_queue_response(r->connection, http_status_code, response);
|
mret = MHD_queue_response(r->connection, http_status_code, response);
|
||||||
MHD_destroy_response(response);
|
MHD_destroy_response(response);
|
||||||
return mret == MHD_NO ? -1 : 0;
|
return mret == MHD_NO ? -1 : 0;
|
||||||
@@ -486,7 +494,7 @@ bad_reqv(struct bx509_request_desc *r,
|
|||||||
krb5_log_msg(r->context, logfac, 1, NULL, "Out of memory");
|
krb5_log_msg(r->context, logfac, 1, NULL, "Out of memory");
|
||||||
audit_trail(r, code);
|
audit_trail(r, code);
|
||||||
return resp(r, http_status_code, MHD_RESPMEM_PERSISTENT,
|
return resp(r, http_status_code, MHD_RESPMEM_PERSISTENT,
|
||||||
fmt, strlen(fmt), NULL);
|
NULL, fmt, strlen(fmt), NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (code) {
|
if (code) {
|
||||||
@@ -511,13 +519,12 @@ bad_reqv(struct bx509_request_desc *r,
|
|||||||
if (ret == -1 || msg == NULL) {
|
if (ret == -1 || msg == NULL) {
|
||||||
if (context)
|
if (context)
|
||||||
krb5_log_msg(r->context, logfac, 1, NULL, "Out of memory");
|
krb5_log_msg(r->context, logfac, 1, NULL, "Out of memory");
|
||||||
return resp(r, MHD_HTTP_SERVICE_UNAVAILABLE,
|
return resp(r, MHD_HTTP_SERVICE_UNAVAILABLE, MHD_RESPMEM_PERSISTENT,
|
||||||
MHD_RESPMEM_PERSISTENT,
|
NULL, "Out of memory", sizeof("Out of memory") - 1, NULL);
|
||||||
"Out of memory", sizeof("Out of memory") - 1, NULL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = resp(r, http_status_code, MHD_RESPMEM_MUST_COPY,
|
ret = resp(r, http_status_code, MHD_RESPMEM_MUST_COPY,
|
||||||
msg, strlen(msg), NULL);
|
NULL, msg, strlen(msg), NULL);
|
||||||
free(formatted);
|
free(formatted);
|
||||||
free(msg);
|
free(msg);
|
||||||
return ret == -1 ? -1 : code;
|
return ret == -1 ? -1 : code;
|
||||||
@@ -609,8 +616,8 @@ good_bx509(struct bx509_request_desc *r)
|
|||||||
"from PKIX store");
|
"from PKIX store");
|
||||||
|
|
||||||
(void) gettimeofday(&r->tv_end, NULL);
|
(void) gettimeofday(&r->tv_end, NULL);
|
||||||
ret = resp(r, MHD_HTTP_OK, MHD_RESPMEM_MUST_COPY, body, bodylen,
|
ret = resp(r, MHD_HTTP_OK, MHD_RESPMEM_MUST_COPY, "application/x-pem-file",
|
||||||
NULL);
|
body, bodylen, NULL);
|
||||||
free(body);
|
free(body);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -1443,8 +1450,8 @@ bad_req_gss(struct bx509_request_desc *r,
|
|||||||
if (major == GSS_S_BAD_NAME || major == GSS_S_BAD_NAMETYPE)
|
if (major == GSS_S_BAD_NAME || major == GSS_S_BAD_NAMETYPE)
|
||||||
http_status_code = MHD_HTTP_BAD_REQUEST;
|
http_status_code = MHD_HTTP_BAD_REQUEST;
|
||||||
|
|
||||||
ret = resp(r, http_status_code, MHD_RESPMEM_MUST_COPY, msg, strlen(msg),
|
ret = resp(r, http_status_code, MHD_RESPMEM_MUST_COPY, NULL,
|
||||||
NULL);
|
msg, strlen(msg), NULL);
|
||||||
free(msg);
|
free(msg);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -1660,10 +1667,11 @@ bnegotiate(struct bx509_request_desc *r)
|
|||||||
/* Look ma', Negotiate as an OAuth-like token system! */
|
/* Look ma', Negotiate as an OAuth-like token system! */
|
||||||
if (r->redir)
|
if (r->redir)
|
||||||
ret = resp(r, MHD_HTTP_TEMPORARY_REDIRECT, MHD_RESPMEM_PERSISTENT,
|
ret = resp(r, MHD_HTTP_TEMPORARY_REDIRECT, MHD_RESPMEM_PERSISTENT,
|
||||||
"", 0, nego_tok);
|
NULL, "", 0, nego_tok);
|
||||||
else
|
else
|
||||||
ret = resp(r, MHD_HTTP_OK, MHD_RESPMEM_MUST_COPY, nego_tok,
|
ret = resp(r, MHD_HTTP_OK, MHD_RESPMEM_MUST_COPY,
|
||||||
nego_toksz, NULL);
|
"application/x-negotiate-token", nego_tok, nego_toksz,
|
||||||
|
NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
free(nego_tok);
|
free(nego_tok);
|
||||||
@@ -1784,7 +1792,8 @@ get_tgt(struct bx509_request_desc *r)
|
|||||||
return bad_503(r, ret, "Could not get TGT");
|
return bad_503(r, ret, "Could not get TGT");
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = resp(r, MHD_HTTP_OK, MHD_RESPMEM_MUST_COPY, body, bodylen, NULL);
|
ret = resp(r, MHD_HTTP_OK, MHD_RESPMEM_MUST_COPY,
|
||||||
|
"application/x-krb5-ccache", body, bodylen, NULL);
|
||||||
free(body);
|
free(body);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -1793,8 +1802,8 @@ static krb5_error_code
|
|||||||
health(const char *method, struct bx509_request_desc *r)
|
health(const char *method, struct bx509_request_desc *r)
|
||||||
{
|
{
|
||||||
if (strcmp(method, "HEAD") == 0)
|
if (strcmp(method, "HEAD") == 0)
|
||||||
return resp(r, MHD_HTTP_OK, MHD_RESPMEM_PERSISTENT, "", 0, NULL);
|
return resp(r, MHD_HTTP_OK, MHD_RESPMEM_PERSISTENT, NULL, "", 0, NULL);
|
||||||
return resp(r, MHD_HTTP_OK, MHD_RESPMEM_PERSISTENT,
|
return resp(r, MHD_HTTP_OK, MHD_RESPMEM_PERSISTENT, NULL,
|
||||||
"To determine the health of the service, use the /bx509 "
|
"To determine the health of the service, use the /bx509 "
|
||||||
"end-point.\n",
|
"end-point.\n",
|
||||||
sizeof("To determine the health of the service, use the "
|
sizeof("To determine the health of the service, use the "
|
||||||
|
|||||||
Reference in New Issue
Block a user