Skip to content

Commit

Permalink
use clang-format-17 for code formatting
Browse files Browse the repository at this point in the history
reformat all code

Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
zandbelt committed Nov 27, 2023
1 parent 474a78c commit 71e551c
Show file tree
Hide file tree
Showing 29 changed files with 6,365 additions and 8,433 deletions.
8 changes: 8 additions & 0 deletions .clang-format
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
BasedOnStyle: LLVM
ColumnLimit: 120
IndentWidth: 8
UseTab: Always
BreakBeforeBraces: Attach
AllowShortIfStatementsOnASingleLine: false
IndentCaseLabels: false
AllowShortFunctionsOnASingleLine: None
3 changes: 3 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
11/27/2023
- use clang-format-17 for code formatting and reformat all code

11/23/2023
- add iat and exp claims to request object; closes #1137
- bump to 2.4.15rc6
Expand Down
3 changes: 3 additions & 0 deletions Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,6 @@ TESTS = test/test
check_PROGRAMS = test/test
test_test_SOURCES = test/test.c test/stub.c
test_test_CFLAGS = ${AM_CFLAGS} -fPIC

clang-format:
clang-format -style=file -i `find . -name *.[ch]`
93 changes: 38 additions & 55 deletions src/authz.c
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,7 @@
#include "mod_auth_openidc.h"
#include "pcre_subst.h"

static apr_byte_t oidc_authz_match_value(request_rec *r, const char *spec_c,
const json_t *val, const char *key) {
static apr_byte_t oidc_authz_match_value(request_rec *r, const char *spec_c, const json_t *val, const char *key) {

const json_t *elem = NULL;
int i = 0;
Expand Down Expand Up @@ -91,8 +90,7 @@ static apr_byte_t oidc_authz_match_value(request_rec *r, const char *spec_c,

} else if (json_is_boolean(elem)) {

if (_oidc_strcmp((json_is_true(elem) ? "true" : "false"),
spec_c) == 0)
if (_oidc_strcmp((json_is_true(elem) ? "true" : "false"), spec_c) == 0)
return TRUE;

} else if (json_is_integer(elem)) {
Expand All @@ -102,16 +100,13 @@ static apr_byte_t oidc_authz_match_value(request_rec *r, const char *spec_c,

} else {

oidc_warn(r,
"unhandled in-array JSON object type [%d] for key \"%s\"",
elem->type, (const char* ) key);
oidc_warn(r, "unhandled in-array JSON object type [%d] for key \"%s\"", elem->type,
(const char *)key);
}

}

} else {
oidc_warn(r, "unhandled JSON object type [%d] for key \"%s\"",
val->type, (const char* ) key);
oidc_warn(r, "unhandled JSON object type [%d] for key \"%s\"", val->type, (const char *)key);
}

return FALSE;
Expand All @@ -136,8 +131,8 @@ static apr_byte_t oidc_authz_match_expression(request_rec *r, const char *spec_c

error_str = NULL;
/* PCRE-compare the string value against the expression */
if (oidc_pcre_exec(r->pool, preg, json_string_value(val), (int) _oidc_strlen(json_string_value(val)), &error_str)
> 0) {
if (oidc_pcre_exec(r->pool, preg, json_string_value(val), (int)_oidc_strlen(json_string_value(val)),
&error_str) > 0) {
oidc_debug(r, "value \"%s\" matched regex \"%s\"", json_string_value(val), spec_c);
rc = TRUE;
goto end;
Expand All @@ -156,9 +151,10 @@ static apr_byte_t oidc_authz_match_expression(request_rec *r, const char *spec_c

error_str = NULL;
/* PCRE-compare the string value against the expression */
if (oidc_pcre_exec(r->pool, preg, json_string_value(elem), (int) _oidc_strlen(json_string_value(elem)), &error_str)
> 0) {
oidc_debug(r, "array value \"%s\" matched regex \"%s\"", json_string_value(elem), spec_c);
if (oidc_pcre_exec(r->pool, preg, json_string_value(elem),
(int)_oidc_strlen(json_string_value(elem)), &error_str) > 0) {
oidc_debug(r, "array value \"%s\" matched regex \"%s\"",
json_string_value(elem), spec_c);
rc = TRUE;
goto end;
} else if (error_str) {
Expand All @@ -180,8 +176,7 @@ static apr_byte_t oidc_authz_match_expression(request_rec *r, const char *spec_c
/*
* see if a the Require value matches with a set of provided claims
*/
apr_byte_t oidc_authz_match_claim(request_rec *r, const char *const attr_spec,
json_t *claims) {
apr_byte_t oidc_authz_match_claim(request_rec *r, const char *const attr_spec, json_t *claims) {

const char *key;
json_t *val;
Expand All @@ -197,7 +192,7 @@ apr_byte_t oidc_authz_match_claim(request_rec *r, const char *const attr_spec,
key = json_object_iter_key(iter);
val = json_object_iter_value(iter);

oidc_debug(r, "evaluating key \"%s\"", (const char* ) key);
oidc_debug(r, "evaluating key \"%s\"", (const char *)key);

const char *attr_c = key;
const char *spec_c = attr_spec;
Expand Down Expand Up @@ -233,24 +228,18 @@ apr_byte_t oidc_authz_match_claim(request_rec *r, const char *const attr_spec,
spec_c++;

if (json_is_object(val)) {
oidc_debug(r,
"attribute chunk matched, evaluating children of key: \"%s\".",
key);
return oidc_authz_match_claim(r, spec_c,
json_object_get(claims, key));
oidc_debug(r, "attribute chunk matched, evaluating children of key: \"%s\".", key);
return oidc_authz_match_claim(r, spec_c, json_object_get(claims, key));
} else if (json_is_array(val)) {
oidc_debug(r,
"attribute chunk matched, evaluating array values of key: \"%s\".",
key);
return oidc_authz_match_value(r, spec_c,
json_object_get(claims, key), key);
oidc_debug(r, "attribute chunk matched, evaluating array values of key: \"%s\".", key);
return oidc_authz_match_value(r, spec_c, json_object_get(claims, key), key);
} else {
oidc_warn(r,
"\"%s\" matched, and child nodes or array values should be evaluated, but value is not an object or array.",
key);
"\"%s\" matched, and child nodes or array values should be evaluated, but "
"value is not an object or array.",
key);
return FALSE;
}

}

iter = json_object_iter_next(claims, iter);
Expand All @@ -264,15 +253,14 @@ apr_byte_t oidc_authz_match_claim(request_rec *r, const char *const attr_spec,
/*
* see if a the Require value matches a configured expression
*/
apr_byte_t oidc_authz_match_claims_expr(request_rec *r,
const char *const attr_spec, json_t *claims) {
apr_byte_t oidc_authz_match_claims_expr(request_rec *r, const char *const attr_spec, json_t *claims) {
apr_byte_t rv = FALSE;
const char *str = NULL;

oidc_debug(r, "enter: '%s'", attr_spec);

str = oidc_util_jq_filter(r, oidc_util_encode_json_object(r, claims,
JSON_PRESERVE_ORDER | JSON_COMPACT), attr_spec);
str = oidc_util_jq_filter(r, oidc_util_encode_json_object(r, claims, JSON_PRESERVE_ORDER | JSON_COMPACT),
attr_spec);
rv = (_oidc_strcmp(str, "true") == 0);

return rv;
Expand All @@ -286,11 +274,9 @@ static void oidc_authz_error_add(request_rec *r, const char *msg) {
const char *envvar = NULL;
if (r->subprocess_env != NULL) {
envvar = apr_table_get(r->subprocess_env, OIDC_AUTHZ_ERROR);
oidc_debug(r, "adding %s to environment variable %s=%s", msg,
OIDC_AUTHZ_ERROR, envvar);
oidc_debug(r, "adding %s to environment variable %s=%s", msg, OIDC_AUTHZ_ERROR, envvar);
apr_table_set(r->subprocess_env, OIDC_AUTHZ_ERROR,
apr_psprintf(r->pool, "%s%s%s", envvar ? envvar : "",
envvar ? "," : "", msg ? msg : ""));
apr_psprintf(r->pool, "%s%s%s", envvar ? envvar : "", envvar ? "," : "", msg ? msg : ""));
}
}

Expand All @@ -299,8 +285,7 @@ static void oidc_authz_error_add(request_rec *r, const char *msg) {
/*
* Apache <2.4 authorization routine: match the claims from the authenticated user against the Require primitive
*/
int oidc_authz_worker22(request_rec *r, json_t *claims,
const require_line * const reqs, int nelts) {
int oidc_authz_worker22(request_rec *r, json_t *claims, const require_line *const reqs, int nelts) {
const int m = r->method_number;
const char *token;
const char *requirement;
Expand Down Expand Up @@ -357,7 +342,8 @@ int oidc_authz_worker22(request_rec *r, json_t *claims,

if (match_claim_fn(r, token, claims) == TRUE) {

/* if *any* claim matches, then authorization has succeeded and all of the others are ignored */
/* if *any* claim matches, then authorization has succeeded and all of the others are
* ignored */
oidc_debug(r, "require claim/expr '%s' matched", token);
return OK;
}
Expand All @@ -371,15 +357,16 @@ int oidc_authz_worker22(request_rec *r, json_t *claims,
oidc_debug(r, "no claim/expr statements found, not performing authz");
return DECLINED;
}
/* if there was a "Require claim", but no actual claims, that's cause to warn the admin of an iffy configuration */
/* if there was a "Require claim", but no actual claims, that's cause to warn the admin of an iffy configuration
*/
if (count_oauth_claims == 0) {
oidc_warn(r,
"'require claim/expr' missing specification(s) in configuration, declining");
oidc_warn(r, "'require claim/expr' missing specification(s) in configuration, declining");
return DECLINED;
}

/* log the event, also in Apache speak */
oidc_debug(r, "authorization denied for require claims (0/%d): '%s'", nelts, nelts > 0 ? reqs[0].requirement : "(none)");
oidc_debug(r, "authorization denied for require claims (0/%d): '%s'", nelts,
nelts > 0 ? reqs[0].requirement : "(none)");

ap_note_auth_failure(r);

Expand All @@ -391,9 +378,8 @@ int oidc_authz_worker22(request_rec *r, json_t *claims,
/*
* Apache >=2.4 authorization routine: match the claims from the authenticated user against the Require primitive
*/
authz_status oidc_authz_worker24(request_rec *r, json_t *claims,
const char *require_args, const void *parsed_require_args,
oidc_authz_match_claim_fn_type match_claim_fn) {
authz_status oidc_authz_worker24(request_rec *r, json_t *claims, const char *require_args,
const void *parsed_require_args, oidc_authz_match_claim_fn_type match_claim_fn) {

int count_oauth_claims = 0;
const char *t, *w, *err = NULL;
Expand All @@ -410,8 +396,7 @@ authz_status oidc_authz_worker24(request_rec *r, json_t *claims,
if (expr) {
t = ap_expr_str_exec(r, expr, &err);
if (err) {
oidc_error(r, "could not evaluate expression '%s': %s",
require_args, err);
oidc_error(r, "could not evaluate expression '%s': %s", require_args, err);
return AUTHZ_DENIED;
}
} else {
Expand All @@ -435,12 +420,10 @@ authz_status oidc_authz_worker24(request_rec *r, json_t *claims,

/* if there wasn't anything after the Require claims directive... */
if (count_oauth_claims == 0) {
oidc_warn(r,
"'require claim/expr' missing specification(s) in configuration, denying");
oidc_warn(r, "'require claim/expr' missing specification(s) in configuration, denying");
}

oidc_debug(r, "could not match require claim expression '%s'",
require_args);
oidc_debug(r, "could not match require claim expression '%s'", require_args);
oidc_authz_error_add(r, require_args);

return AUTHZ_DENIED;
Expand Down
71 changes: 36 additions & 35 deletions src/cache/cache.h
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,12 @@
#include <apr_shm.h>
#include <httpd.h>

typedef void* (*oidc_cache_cfg_create)(apr_pool_t *pool);
typedef void *(*oidc_cache_cfg_create)(apr_pool_t *pool);
typedef int (*oidc_cache_post_config_function)(server_rec *s);
typedef int (*oidc_cache_child_init_function)(apr_pool_t *p, server_rec *s);
typedef apr_byte_t (*oidc_cache_get_function)(request_rec *r,
const char *section, const char *key, char **value);
typedef apr_byte_t (*oidc_cache_set_function)(request_rec *r,
const char *section, const char *key, const char *value,
apr_time_t expiry);
typedef apr_byte_t (*oidc_cache_get_function)(request_rec *r, const char *section, const char *key, char **value);
typedef apr_byte_t (*oidc_cache_set_function)(request_rec *r, const char *section, const char *key, const char *value,
apr_time_t expiry);
typedef int (*oidc_cache_destroy_function)(server_rec *s);

typedef struct oidc_cache_t {
Expand All @@ -78,32 +76,28 @@ typedef struct oidc_cache_mutex_t {
apr_byte_t is_parent;
} oidc_cache_mutex_t;

oidc_cache_mutex_t* oidc_cache_mutex_create(apr_pool_t *pool, apr_byte_t global);
apr_byte_t oidc_cache_mutex_post_config(server_rec *s, oidc_cache_mutex_t *m,
const char *type);
apr_status_t oidc_cache_mutex_child_init(apr_pool_t *p, server_rec *s,
oidc_cache_mutex_t *m);
oidc_cache_mutex_t *oidc_cache_mutex_create(apr_pool_t *pool, apr_byte_t global);
apr_byte_t oidc_cache_mutex_post_config(server_rec *s, oidc_cache_mutex_t *m, const char *type);
apr_status_t oidc_cache_mutex_child_init(apr_pool_t *p, server_rec *s, oidc_cache_mutex_t *m);
apr_byte_t oidc_cache_mutex_lock(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m);
apr_byte_t oidc_cache_mutex_unlock(apr_pool_t *pool, server_rec *s, oidc_cache_mutex_t *m);
apr_byte_t oidc_cache_mutex_destroy(server_rec *s, oidc_cache_mutex_t *m);

apr_byte_t oidc_cache_get(request_rec *r, const char *section, const char *key,
char **value);
apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key,
const char *value, apr_time_t expiry);

#define OIDC_CACHE_SECTION_SESSION "s"
#define OIDC_CACHE_SECTION_NONCE "n"
#define OIDC_CACHE_SECTION_JWKS "j"
#define OIDC_CACHE_SECTION_ACCESS_TOKEN "a"
#define OIDC_CACHE_SECTION_REFRESH_TOKEN "e"
#define OIDC_CACHE_SECTION_PROVIDER "p"
#define OIDC_CACHE_SECTION_OAUTH_PROVIDER "o"
#define OIDC_CACHE_SECTION_JTI "t"
#define OIDC_CACHE_SECTION_REQUEST_URI "r"
#define OIDC_CACHE_SECTION_SID "d"
#define OIDC_CACHE_SECTION_USERINFO_SJWT "u"
#define OIDC_CACHE_SECTION_JQ_FILTER "q"
apr_byte_t oidc_cache_get(request_rec *r, const char *section, const char *key, char **value);
apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key, const char *value, apr_time_t expiry);

#define OIDC_CACHE_SECTION_SESSION "s"
#define OIDC_CACHE_SECTION_NONCE "n"
#define OIDC_CACHE_SECTION_JWKS "j"
#define OIDC_CACHE_SECTION_ACCESS_TOKEN "a"
#define OIDC_CACHE_SECTION_REFRESH_TOKEN "e"
#define OIDC_CACHE_SECTION_PROVIDER "p"
#define OIDC_CACHE_SECTION_OAUTH_PROVIDER "o"
#define OIDC_CACHE_SECTION_JTI "t"
#define OIDC_CACHE_SECTION_REQUEST_URI "r"
#define OIDC_CACHE_SECTION_SID "d"
#define OIDC_CACHE_SECTION_USERINFO_SJWT "u"
#define OIDC_CACHE_SECTION_JQ_FILTER "q"

// TODO: now every section occupies the same space; we may want to differentiate
// according to section-based size, at least for the shm backend
Expand All @@ -124,15 +118,22 @@ apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key,
#define oidc_cache_set_session(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_SESSION, key, value, expiry)
#define oidc_cache_set_nonce(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_NONCE, key, value, expiry)
#define oidc_cache_set_jwks(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_JWKS, key, value, expiry)
#define oidc_cache_set_access_token(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_ACCESS_TOKEN, key, value, expiry)
#define oidc_cache_set_refresh_token(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_REFRESH_TOKEN, key, value, expiry)
#define oidc_cache_set_provider(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_PROVIDER, key, value, expiry)
#define oidc_cache_set_oauth_provider(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_OAUTH_PROVIDER, key, value, expiry)
#define oidc_cache_set_access_token(r, key, value, expiry) \
oidc_cache_set(r, OIDC_CACHE_SECTION_ACCESS_TOKEN, key, value, expiry)
#define oidc_cache_set_refresh_token(r, key, value, expiry) \
oidc_cache_set(r, OIDC_CACHE_SECTION_REFRESH_TOKEN, key, value, expiry)
#define oidc_cache_set_provider(r, key, value, expiry) \
oidc_cache_set(r, OIDC_CACHE_SECTION_PROVIDER, key, value, expiry)
#define oidc_cache_set_oauth_provider(r, key, value, expiry) \
oidc_cache_set(r, OIDC_CACHE_SECTION_OAUTH_PROVIDER, key, value, expiry)
#define oidc_cache_set_jti(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_JTI, key, value, expiry)
#define oidc_cache_set_request_uri(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_REQUEST_URI, key, value, expiry)
#define oidc_cache_set_request_uri(r, key, value, expiry) \
oidc_cache_set(r, OIDC_CACHE_SECTION_REQUEST_URI, key, value, expiry)
#define oidc_cache_set_sid(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_SID, key, value, expiry)
#define oidc_cache_set_signed_jwt(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_USERINFO_SJWT, key, value, expiry)
#define oidc_cache_set_jq_filter(r, key, value, expiry) oidc_cache_set(r, OIDC_CACHE_SECTION_JQ_FILTER, key, value, expiry)
#define oidc_cache_set_signed_jwt(r, key, value, expiry) \
oidc_cache_set(r, OIDC_CACHE_SECTION_USERINFO_SJWT, key, value, expiry)
#define oidc_cache_set_jq_filter(r, key, value, expiry) \
oidc_cache_set(r, OIDC_CACHE_SECTION_JQ_FILTER, key, value, expiry)

extern oidc_cache_t oidc_cache_file;
extern oidc_cache_t oidc_cache_shm;
Expand Down
Loading

0 comments on commit 71e551c

Please sign in to comment.