From fc218ced9dc919fc8cc88dda8d06ed736e4b0768 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@openidc.com>
Date: Sun, 25 Feb 2024 17:01:55 +0100
Subject: [PATCH] complete encapsulation of curl functions/includes in http.c

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
---
 src/config.c           |  6 ++----
 src/http.c             | 36 ++++++++++++++++++++++++++++++++++++
 src/http.h             | 12 ++++++++++++
 src/mod_auth_openidc.c |  2 +-
 src/parse.c            | 36 ++----------------------------------
 5 files changed, 53 insertions(+), 39 deletions(-)

diff --git a/src/config.c b/src/config.c
index 5ab72e20..a5520ca1 100644
--- a/src/config.c
+++ b/src/config.c
@@ -48,8 +48,6 @@
 
 // clang-format on
 
-#include <curl/curl.h>
-
 #define OPENSSL_THREAD_DEFINES
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -2518,7 +2516,7 @@ static apr_status_t oidc_cleanup_parent(void *data) {
 #endif /* (OPENSSL_VERSION_NUMBER < 0x10100000) && defined (OPENSSL_THREADS) && APR_HAS_THREADS */
 
 	EVP_cleanup();
-	curl_global_cleanup();
+	oidc_http_cleanup();
 
 	ap_log_error(APLOG_MARK, APLOG_INFO, 0, (server_rec *)data, "%s - shutdown", NAMEVERSION);
 
@@ -2566,7 +2564,7 @@ static int oidc_post_config(apr_pool_t *pool, apr_pool_t *p1, apr_pool_t *p2, se
 #endif
 	);
 
-	curl_global_init(CURL_GLOBAL_ALL);
+	oidc_http_init();
 
 #if ((OPENSSL_VERSION_NUMBER < 0x10100000) && defined(OPENSSL_THREADS) && APR_HAS_THREADS)
 	ssl_num_locks = CRYPTO_num_locks();
diff --git a/src/http.c b/src/http.c
index 83b909c0..c0dde485 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1040,3 +1040,39 @@ void oidc_http_set_chunked_cookie(request_rec *r, const char *cookieName, const
 			     apr_psprintf(r->pool, "%d", chunkCountValue), expires, ext);
 	oidc_http_set_cookie(r, cookieName, "", expires, ext);
 }
+
+char **oidc_http_proxy_auth_options(void) {
+	static char *options[] = {OIDC_HTTP_PROXY_AUTH_BASIC,
+				  OIDC_HTTP_PROXY_AUTH_DIGEST,
+				  OIDC_HTTP_PROXY_AUTH_NTLM,
+				  OIDC_HTTP_PROXY_AUTH_ANY,
+#ifdef CURLAUTH_NEGOTIATE
+				  OIDC_HTTP_PROXY_AUTH_NEGOTIATE,
+#endif
+				  NULL};
+	return options;
+}
+
+unsigned long oidc_http_proxy_s2auth(const char *arg) {
+	if (_oidc_strcmp(arg, OIDC_HTTP_PROXY_AUTH_BASIC) == 0)
+		return CURLAUTH_BASIC;
+	if (_oidc_strcmp(arg, OIDC_HTTP_PROXY_AUTH_DIGEST) == 0)
+		return CURLAUTH_DIGEST;
+	if (_oidc_strcmp(arg, OIDC_HTTP_PROXY_AUTH_NTLM) == 0)
+		return CURLAUTH_NTLM;
+	if (_oidc_strcmp(arg, OIDC_HTTP_PROXY_AUTH_ANY) == 0)
+		return CURLAUTH_ANY;
+#ifdef CURLAUTH_NEGOTIATE
+	if (_oidc_strcmp(arg, OIDC_HTTP_PROXY_AUTH_NEGOTIATE) == 0)
+		return CURLAUTH_NEGOTIATE;
+#endif
+	return CURLAUTH_NONE;
+}
+
+void oidc_http_init(void) {
+	curl_global_init(CURL_GLOBAL_ALL);
+}
+
+void oidc_http_cleanup(void) {
+	curl_global_cleanup();
+}
diff --git a/src/http.h b/src/http.h
index e37f476f..b2983aaf 100644
--- a/src/http.h
+++ b/src/http.h
@@ -98,6 +98,12 @@ typedef struct oidc_http_timeout_t {
 	apr_time_t retry_interval;
 } oidc_http_timeout_t;
 
+#define OIDC_HTTP_PROXY_AUTH_BASIC "basic"
+#define OIDC_HTTP_PROXY_AUTH_DIGEST "digest"
+#define OIDC_HTTP_PROXY_AUTH_NTLM "ntlm"
+#define OIDC_HTTP_PROXY_AUTH_ANY "any"
+#define OIDC_HTTP_PROXY_AUTH_NEGOTIATE "negotiate"
+
 typedef struct oidc_http_outgoing_proxy_t {
 	const char *host_port;
 	const char *username_password;
@@ -163,4 +169,10 @@ char *oidc_http_get_chunked_cookie(request_rec *r, const char *cookieName, int c
 void oidc_http_set_chunked_cookie(request_rec *r, const char *cookieName, const char *cookieValue, apr_time_t expires,
 				  int chunkSize, const char *ext);
 
+char **oidc_http_proxy_auth_options(void);
+unsigned long oidc_http_proxy_s2auth(const char *arg);
+
+void oidc_http_init(void);
+void oidc_http_cleanup(void);
+
 #endif /* MOD_AUTH_OPENIDC_HTTP_H_ */
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
index 08c8343f..a9eeeafe 100644
--- a/src/mod_auth_openidc.c
+++ b/src/mod_auth_openidc.c
@@ -4769,7 +4769,7 @@ module AP_MODULE_DECLARE_DATA auth_openidc_module = {
 	oidc_create_dir_config,
 	oidc_merge_dir_config,
 	oidc_create_server_config,
-    oidc_merge_server_config,
+	oidc_merge_server_config,
 	oidc_config_cmds,
 	oidc_register_hooks
 };
diff --git a/src/parse.c b/src/parse.c
index c67d7b4e..9cd05aab 100644
--- a/src/parse.c
+++ b/src/parse.c
@@ -43,8 +43,6 @@
  * @Author: Hans Zandbelt - hans.zandbelt@openidc.com
  */
 
-#include <curl/curl.h>
-
 #include "mod_auth_openidc.h"
 
 /*
@@ -1249,41 +1247,11 @@ const char *oidc_parse_x_forwarded_headers(apr_pool_t *pool, const char *arg, ap
 	return NULL;
 }
 
-#define OIDC_PROXY_AUTH_BASIC "basic"
-#define OIDC_PROXY_AUTH_DIGEST "digest"
-#define OIDC_PROXY_AUTH_NTLM "ntlm"
-#define OIDC_PROXY_AUTH_ANY "any"
-#ifdef CURLAUTH_NEGOTIATE
-#define OIDC_PROXY_AUTH_NEGOTIATE "negotiate"
-#endif
-
 const char *oidc_parse_outgoing_proxy_auth_type(apr_pool_t *pool, const char *arg, unsigned long *auth_type) {
-	static char *options[] = {OIDC_PROXY_AUTH_BASIC,
-				  OIDC_PROXY_AUTH_DIGEST,
-				  OIDC_PROXY_AUTH_NTLM,
-				  OIDC_PROXY_AUTH_ANY,
-#ifdef CURLAUTH_NEGOTIATE
-				  OIDC_PROXY_AUTH_NEGOTIATE,
-#endif
-				  NULL};
-	const char *rv = oidc_valid_string_option(pool, arg, options);
+	const char *rv = oidc_valid_string_option(pool, arg, oidc_http_proxy_auth_options());
 	if (rv != NULL)
 		return rv;
-
-	if (_oidc_strcmp(arg, OIDC_PROXY_AUTH_BASIC) == 0) {
-		*auth_type = CURLAUTH_BASIC;
-	} else if (_oidc_strcmp(arg, OIDC_PROXY_AUTH_DIGEST) == 0) {
-		*auth_type = CURLAUTH_DIGEST;
-	} else if (_oidc_strcmp(arg, OIDC_PROXY_AUTH_NTLM) == 0) {
-		*auth_type = CURLAUTH_NTLM;
-	} else if (_oidc_strcmp(arg, OIDC_PROXY_AUTH_ANY) == 0) {
-		*auth_type = CURLAUTH_ANY;
-#ifdef CURLAUTH_NEGOTIATE
-	} else if (_oidc_strcmp(arg, OIDC_PROXY_AUTH_NEGOTIATE) == 0) {
-		*auth_type = CURLAUTH_NEGOTIATE;
-#endif
-	}
-
+	*auth_type = oidc_http_proxy_s2auth(arg);
 	return NULL;
 }