add outgoing_proxy option to verify context

correct remote_user debug printout; release 1.4.3.1

Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>

Author: zandbelt

ChangeLog

@@ -1,3 +1,8 @@
+10/21/2021
+- add outgoing_proxy option to verify context
+- correct remote_user debug printout
+- release 1.4.3.1
+
 06/21/2021
 - printout remote username claim when not found, for debugging purposes
 

configure.ac

@@ -1,4 +1,4 @@
-AC_INIT([liboauth2],[1.4.4-dev],[hans.zandbelt@zmartzone.eu])
+AC_INIT([liboauth2],[1.4.3.1],[hans.zandbelt@zmartzone.eu])
 
 AM_INIT_AUTOMAKE([foreign no-define subdir-objects])
 AC_CONFIG_MACRO_DIR([m4])

src/jose.c

@@ -606,12 +606,14 @@ bool oauth2_jose_hash2s(oauth2_log_t *log, const char *digest, const char *src,
 
 _OAUTH2_CFG_CTX_INIT_START(oauth2_uri_ctx)
 ctx->endpoint = NULL;
+ctx->outgoing_proxy = NULL;
 ctx->cache = NULL;
 ctx->expiry_s = OAUTH2_CFG_UINT_UNSET;
 _OAUTH2_CFG_CTX_INIT_END
 
 _OAUTH2_CFG_CTX_CLONE_START(oauth2_uri_ctx)
 dst->endpoint = oauth2_cfg_endpoint_clone(log, src->endpoint);
+dst->outgoing_proxy = oauth2_strdup(src->outgoing_proxy);
 dst->cache = src->cache;
 dst->expiry_s = src->expiry_s;
 _OAUTH2_CFG_CTX_CLONE_END
@@ -1739,6 +1741,11 @@ char *oauth2_jose_options_uri_ctx(oauth2_log_t *log, const char *value,
 	ctx->endpoint = oauth2_cfg_endpoint_init(log);
 	rv = oauth2_cfg_set_endpoint(log, ctx->endpoint, value, params, prefix);
 
+	key = oauth2_stradd(NULL, prefix, ".", "outgoing_proxy");
+	ctx->outgoing_proxy =
+	    oauth2_strdup(oauth2_nv_list_get(log, params, key));
+	oauth2_mem_free(key);
+
 	key = oauth2_stradd(NULL, prefix, ".", "cache");
 	ctx->cache =
 	    oauth2_cache_obtain(log, oauth2_nv_list_get(log, params, key));
@@ -2022,6 +2029,8 @@ char *oauth2_jose_resolve_from_uri(oauth2_log_t *log, oauth2_uri_ctx_t *uri_ctx,
 		oauth2_http_call_ctx_ssl_verify_set(
 		    log, ctx,
 		    oauth2_cfg_endpoint_get_ssl_verify(uri_ctx->endpoint));
+		oauth2_http_call_ctx_outgoing_proxy_set(
+		    log, ctx, uri_ctx->outgoing_proxy);
 
 		rc = oauth2_http_get(
 		    log, oauth2_cfg_endpoint_get_url(uri_ctx->endpoint), NULL,

src/jose_int.h

@@ -40,6 +40,7 @@ typedef struct oauth2_jose_jwk_list_t {
 
 typedef struct oauth2_uri_ctx_t {
 	oauth2_cfg_endpoint_t *endpoint;
+	char *outgoing_proxy;
 	oauth2_cache_t *cache;
 	oauth2_time_t expiry_s;
 } oauth2_uri_ctx_t;

src/server/apache.c

@@ -731,7 +731,7 @@ bool oauth2_apache_set_request_user(oauth2_cfg_target_pass_t *target_pass,
 	    apr_pstrdup(ctx->r->pool, json_string_value(remote_user));
 
 	oauth2_debug(ctx->log, "set user to \"%s\" based on claim: %s=%s",
-		     ctx->r->user, claim, remote_user);
+		     ctx->r->user, claim, json_string_value(remote_user));
 
 	// TODO: more flexibility and or regular expressions?