1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 * @brief Authentication and Authorization Extension for Apache
21 * @defgroup MOD_AUTH mod_auth
22 * @ingroup APACHE_MODS
25 #ifndef APACHE_MOD_AUTH_H
26 #define APACHE_MOD_AUTH_H
28 #include "apr_pools.h"
30 #include "apr_optional.h"
33 #include "http_config.h"
39 #define AUTHN_PROVIDER_GROUP "authn"
40 #define AUTHZ_PROVIDER_GROUP "authz"
41 #define AUTHN_PROVIDER_VERSION "0"
42 #define AUTHZ_PROVIDER_VERSION "0"
43 #define AUTHN_DEFAULT_PROVIDER "file"
45 #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
46 #define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name"
48 #define AUTHN_PREFIX "AUTHENTICATE_"
49 #define AUTHZ_PREFIX "AUTHORIZE_"
51 /** all of the requirements must be met */
55 /** any of the requirements must be met */
59 /** There are no applicable satisfy lines */
60 #ifndef SATISFY_NOSPEC
61 #define SATISFY_NOSPEC 2
78 AUTHZ_DENIED_NO_USER /* denied because r->user == NULL */
82 /* Given a username and password, expected to return AUTH_GRANTED
83 * if we can validate this user/password combination.
85 authn_status (*check_password)(request_rec *r, const char *user,
86 const char *password);
88 /* Given a user and realm, expected to return AUTH_USER_FOUND if we
89 * can find a md5 hash of 'user:realm:password'
91 authn_status (*get_realm_hash)(request_rec *r, const char *user,
92 const char *realm, char **rethash);
95 /* A linked-list of authn providers. */
96 typedef struct authn_provider_list authn_provider_list;
98 struct authn_provider_list {
99 const char *provider_name;
100 const authn_provider *provider;
101 authn_provider_list *next;
105 /* Given a request_rec, expected to return AUTHZ_GRANTED
106 * if we can authorize user access.
107 * @param r the request record
108 * @param require_line the argument to the authz provider
109 * @param parsed_require_line the value set by parse_require_line(), if any
111 authz_status (*check_authorization)(request_rec *r,
112 const char *require_line,
113 const void *parsed_require_line);
115 /** Check the syntax of a require line and optionally cache the parsed
116 * line. This function may be NULL.
117 * @param cmd the config directive
118 * @param require_line the argument to the authz provider
119 * @param parsed_require_line place to store parsed require_line for use by provider
120 * @return Error message or NULL on success
122 const char *(*parse_require_line)(cmd_parms *cmd, const char *require_line,
123 const void **parsed_require_line);
126 /* ap_authn_cache_store: Optional function for authn providers
127 * to enable cacheing their lookups with mod_authn_cache
128 * @param r The request rec
129 * @param module Module identifier
130 * @param user User name to authenticate
131 * @param realm Digest authn realm (NULL for basic authn)
132 * @param data The value looked up by the authn provider, to cache
134 APR_DECLARE_OPTIONAL_FN(void, ap_authn_cache_store,
135 (request_rec*, const char*, const char*,
136 const char*, const char*));