*/
#include "apr_strings.h"
-#include "apr_md5.h"
-#include "apr_lib.h"
+#include "apr_lib.h" /* for apr_password_validate */
#include "ap_config.h"
#include "httpd.h"
#include "http_protocol.h"
#include "http_request.h"
-typedef struct auth_config_struct {
+
+typedef struct {
char *auth_pwfile;
char *auth_grpfile;
int auth_authoritative;
static void *create_auth_dir_config(apr_pool_t *p, char *d)
{
- auth_config_rec *sec =
- (auth_config_rec *) apr_pcalloc(p, sizeof(auth_config_rec));
- sec->auth_pwfile = NULL; /* just to illustrate the default really */
- sec->auth_grpfile = NULL; /* unless you have a broken HP cc */
- sec->auth_authoritative = 1; /* keep the fortress secure by default */
- return sec;
+ auth_config_rec *conf = apr_pcalloc(p, sizeof(*conf));
+
+ conf->auth_pwfile = NULL; /* just to illustrate the default really */
+ conf->auth_grpfile = NULL; /* unless you have a broken HP cc */
+ conf->auth_authoritative = 1; /* keep the fortress secure by default */
+ return conf;
}
static const char *set_auth_slot(cmd_parms *cmd, void *offset, const char *f,
static int authenticate_basic_user(request_rec *r)
{
- auth_config_rec *sec =
- (auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_module);
+ auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_module);
const char *sent_pw;
char *real_pw;
apr_status_t invalid_pw;
if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
return res;
- if (!sec->auth_pwfile)
+ if (!conf->auth_pwfile)
return DECLINED;
- if (!(real_pw = get_pw(r, r->user, sec->auth_pwfile))) {
- if (!(sec->auth_authoritative))
+ if (!(real_pw = get_pw(r, r->user, conf->auth_pwfile))) {
+ if (!(conf->auth_authoritative))
return DECLINED;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"user %s not found: %s", r->user, r->uri);
static int check_user_access(request_rec *r)
{
- auth_config_rec *sec =
- (auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_module);
+ auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_module);
char *user = r->user;
int m = r->method_number;
int method_restricted = 0;
return (OK);
reqs = (require_line *) reqs_arr->elts;
- if (sec->auth_grpfile)
- grpstatus = groups_for_user(r->pool, user, sec->auth_grpfile);
+ if (conf->auth_grpfile)
+ grpstatus = groups_for_user(r->pool, user, conf->auth_grpfile);
else
grpstatus = NULL;
if (apr_table_get(grpstatus, w))
return OK;
}
- } else if (sec->auth_authoritative) {
+ } else if (conf->auth_authoritative) {
/* if we aren't authoritative, any require directive could be
* valid even if we don't grok it. However, if we are
* authoritative, we can warn the user they did something wrong.
if (!method_restricted)
return OK;
- if (!(sec->auth_authoritative))
+ if (!(conf->auth_authoritative))
return DECLINED;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
*
*/
+#include "apr_strings.h"
+
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
-#include "http_protocol.h"
#include "http_request.h"
-#include "apr_strings.h"
-#define APR_WANT_STRFUNC
-#include "apr_want.h"
+#include "http_protocol.h"
+
typedef struct anon_auth {
char *password;
} anon_auth_config_rec;
+
static void *create_anon_auth_dir_config(apr_pool_t *p, char *d)
{
- anon_auth_config_rec *sec = (anon_auth_config_rec *)
- apr_pcalloc(p, sizeof(anon_auth_config_rec));
-
- if (!sec)
- return NULL; /* no memory... */
+ anon_auth_config_rec *conf = apr_pcalloc(p, sizeof(*conf));
/* just to illustrate the defaults really. */
- sec->anon_auth_passwords = NULL;
-
- sec->anon_auth_nouserid = 0;
- sec->anon_auth_logemail = 1;
- sec->anon_auth_verifyemail = 0;
- sec->anon_auth_mustemail = 1;
- sec->anon_auth_authoritative = 0;
- return sec;
+ conf->anon_auth_passwords = NULL;
+
+ conf->anon_auth_nouserid = 0;
+ conf->anon_auth_logemail = 1;
+ conf->anon_auth_verifyemail = 0;
+ conf->anon_auth_mustemail = 1;
+ conf->anon_auth_authoritative = 0;
+ return conf;
}
static const char *anon_set_passwd_flag(cmd_parms *cmd,
- void *dummy, int arg)
+ void *my_config, int arg)
{
- anon_auth_config_rec *sec = dummy;
- sec->anon_auth_mustemail = arg;
+ anon_auth_config_rec *conf = my_config;
+ conf->anon_auth_mustemail = arg;
return NULL;
}
static const char *anon_set_userid_flag(cmd_parms *cmd,
- void *dummy, int arg)
+ void *my_config, int arg)
{
- anon_auth_config_rec *sec = dummy;
- sec->anon_auth_nouserid = arg;
+ anon_auth_config_rec *conf = my_config;
+ conf->anon_auth_nouserid = arg;
return NULL;
}
static const char *anon_set_logemail_flag(cmd_parms *cmd,
- void *dummy, int arg)
+ void *my_config, int arg)
{
- anon_auth_config_rec *sec = dummy;
- sec->anon_auth_logemail = arg;
+ anon_auth_config_rec *conf = my_config;
+ conf->anon_auth_logemail = arg;
return NULL;
}
static const char *anon_set_verifyemail_flag(cmd_parms *cmd,
- void *dummy, int arg)
+ void *my_config, int arg)
{
- anon_auth_config_rec *sec = dummy;
- sec->anon_auth_verifyemail = arg;
+ anon_auth_config_rec *conf = my_config;
+ conf->anon_auth_verifyemail = arg;
return NULL;
}
static const char *anon_set_authoritative_flag(cmd_parms *cmd,
- void *dummy, int arg)
+ void *my_config, int arg)
{
- anon_auth_config_rec *sec = dummy;
- sec->anon_auth_authoritative = arg;
+ anon_auth_config_rec *conf = my_config;
+ conf->anon_auth_authoritative = arg;
return NULL;
}
static const char *anon_set_string_slots(cmd_parms *cmd,
- void *dummy, const char *arg)
+ void *my_config, const char *arg)
{
- anon_auth_config_rec *sec = dummy;
+ anon_auth_config_rec *conf = my_config;
anon_auth *first;
if (!(*arg))
return "Anonymous string cannot be empty, use Anonymous_NoUserId instead";
/* squeeze in a record */
- first = sec->anon_auth_passwords;
+ first = conf->anon_auth_passwords;
- if (!(sec->anon_auth_passwords = apr_palloc(cmd->pool, sizeof(anon_auth))) ||
- !(sec->anon_auth_passwords->password = apr_pstrdup(cmd->pool, arg)))
+ if (!(conf->anon_auth_passwords = apr_palloc(cmd->pool, sizeof(anon_auth))) ||
+ !(conf->anon_auth_passwords->password = apr_pstrdup(cmd->pool, arg)))
return "Failed to claim memory for an anonymous password...";
/* and repair the next */
- sec->anon_auth_passwords->next = first;
+ conf->anon_auth_passwords->next = first;
return NULL;
}
static int anon_authenticate_basic_user(request_rec *r)
{
- anon_auth_config_rec *sec =
- (anon_auth_config_rec *) ap_get_module_config(r->per_dir_config,
- &auth_anon_module);
+ anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_anon_module);
const char *sent_pw;
int res = DECLINED;
return res;
/* Ignore if we are not configured */
- if (!sec->anon_auth_passwords)
+ if (!conf->anon_auth_passwords)
return DECLINED;
/* Do we allow an empty userID and/or is it the magic one
*/
- if ((!(r->user[0])) && (sec->anon_auth_nouserid)) {
+ if ((!(r->user[0])) && (conf->anon_auth_nouserid)) {
res = OK;
}
else {
- anon_auth *p = sec->anon_auth_passwords;
+ anon_auth *p = conf->anon_auth_passwords;
res = DECLINED;
while ((res == DECLINED) && (p != NULL)) {
if (!(strcasecmp(r->user, p->password)))
/* username is OK */
(res == OK)
/* password been filled out ? */
- && ((!sec->anon_auth_mustemail) || strlen(sent_pw))
+ && ((!conf->anon_auth_mustemail) || strlen(sent_pw))
/* does the password look like an email address ? */
- && ((!sec->anon_auth_verifyemail)
+ && ((!conf->anon_auth_verifyemail)
|| ((strpbrk("@", sent_pw) != NULL)
&& (strpbrk(".", sent_pw) != NULL)))) {
- if (sec->anon_auth_logemail && ap_is_initial_req(r)) {
+ if (conf->anon_auth_logemail && ap_is_initial_req(r)) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, APR_SUCCESS, r,
"Anonymous: Passwd <%s> Accepted",
sent_pw ? sent_pw : "\'none\'");
return OK;
}
else {
- if (sec->anon_auth_authoritative) {
+ if (conf->anon_auth_authoritative) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, APR_SUCCESS, r,
"Anonymous: Authoritative, Passwd <%s> not accepted",
sent_pw ? sent_pw : "\'none\'");
{
#ifdef NOTYET
conn_rec *c = r->connection;
- anon_auth_config_rec *sec =
- (anon_auth_config_rec *) ap_get_module_config(r->per_dir_config,
- &auth_anon_module);
+ anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_anon_module);
- if (!sec->anon_auth)
+ if (!conf->anon_auth)
return DECLINED;
- if (strcasecmp(r->connection->user, sec->anon_auth))
+ if (strcasecmp(r->connection->user, conf->anon_auth))
return DECLINED;
return OK;
* no control is passed along.
*/
+#include "apr_lib.h"
+
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
#include "ap_config.h"
#include "httpd.h"
#include "http_config.h"
#include "http_log.h"
#include "http_protocol.h"
#include "http_request.h" /* for ap_hook_(check_user_id | auth_check) */
-#include "apr_lib.h"
-#define APR_WANT_STRFUNC
-#include "apr_want.h"
+
#ifdef HAVE_DB_H
#include <db.h>
#endif
static void *create_db_auth_dir_config(apr_pool_t *p, char *d)
{
- db_auth_config_rec *sec
- = (db_auth_config_rec *) apr_pcalloc(p, sizeof(db_auth_config_rec));
- sec->auth_dbpwfile = NULL;
- sec->auth_dbgrpfile = NULL;
- sec->auth_dbauthoritative = 1; /* fortress is secure by default */
- return sec;
+ db_auth_config_rec *conf = apr_pcalloc(p, sizeof(*conf));
+
+ conf->auth_dbpwfile = NULL;
+ conf->auth_dbgrpfile = NULL;
+ conf->auth_dbauthoritative = 1; /* fortress is secure by default */
+ return conf;
}
static const char *set_db_slot(cmd_parms *cmd, void *offset, const char *f, const char *t)
static int db_authenticate_basic_user(request_rec *r)
{
- db_auth_config_rec *sec =
- (db_auth_config_rec *) ap_get_module_config(r->per_dir_config,
- &auth_db_module);
+ db_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_db_module);
const char *sent_pw;
char *real_pw, *colon_pw;
apr_status_t invalid_pw;
if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
return res;
- if (!sec->auth_dbpwfile) {
+ if (!conf->auth_dbpwfile) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
- "DB file %s not found", sec->auth_dbpwfile);
+ "DB file %s not found", conf->auth_dbpwfile);
return DECLINED;
}
- if (!(real_pw = get_db_pw(r, r->user, sec->auth_dbpwfile))) {
- if (!(sec->auth_dbauthoritative))
+ if (!(real_pw = get_db_pw(r, r->user, conf->auth_dbpwfile))) {
+ if (!(conf->auth_dbauthoritative))
return DECLINED;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"DB user %s not found: %s", r->user, r->filename);
static int db_check_auth(request_rec *r)
{
- db_auth_config_rec *sec =
- (db_auth_config_rec *) ap_get_module_config(r->per_dir_config,
- &auth_db_module);
+ db_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_db_module);
char *user = r->user;
int m = r->method_number;
const char *t;
char *w;
- if (!sec->auth_dbgrpfile)
+ if (!conf->auth_dbgrpfile)
return DECLINED;
if (!reqs_arr)
return DECLINED;
t = reqs[x].requirement;
w = ap_getword_white(r->pool, &t);
- if (!strcmp(w, "group") && sec->auth_dbgrpfile) {
+ if (!strcmp(w, "group") && conf->auth_dbgrpfile) {
const char *orig_groups, *groups;
char *v;
- if (!(groups = get_db_grp(r, user, sec->auth_dbgrpfile))) {
- if (!(sec->auth_dbauthoritative))
+ if (!(groups = get_db_grp(r, user, conf->auth_dbgrpfile))) {
+ if (!(conf->auth_dbauthoritative))
return DECLINED;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"user %s not in DB group file %s: %s",
- user, sec->auth_dbgrpfile, r->filename);
+ user, conf->auth_dbgrpfile, r->filename);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
static void register_hooks(apr_pool_t *p)
{
- ap_hook_check_user_id(db_authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE);
- ap_hook_auth_checker(db_check_auth,NULL,NULL,APR_HOOK_MIDDLE);
+ ap_hook_check_user_id(db_authenticate_basic_user, NULL, NULL,
+ APR_HOOK_MIDDLE);
+ ap_hook_auth_checker(db_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
}
module auth_db_module =
* no control is passed along.
*/
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/
#include "apr_lib.h"
+
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include <ndbm.h>
#endif
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/
+
+
/*
* Module definition information - the part between the -START and -END
* lines below is used by Configure. This could be stored in a separate
static void *create_dbm_auth_dir_config(apr_pool_t *p, char *d)
{
- dbm_auth_config_rec *sec
- = (dbm_auth_config_rec *) apr_pcalloc(p, sizeof(dbm_auth_config_rec));
+ dbm_auth_config_rec *conf = apr_pcalloc(p, sizeof(*conf));
- sec->auth_dbmpwfile = NULL;
- sec->auth_dbmgrpfile = NULL;
- sec->auth_dbmauthoritative = 1; /* fortress is secure by default */
+ conf->auth_dbmpwfile = NULL;
+ conf->auth_dbmgrpfile = NULL;
+ conf->auth_dbmauthoritative = 1; /* fortress is secure by default */
- return sec;
+ return conf;
}
-static const char *set_dbm_slot(cmd_parms *cmd, void *offset, const char *f, const char *t)
+static const char *set_dbm_slot(cmd_parms *cmd, void *offset,
+ const char *f, const char *t)
{
if (!t || strcmp(t, "dbm"))
return DECLINE_CMD;
static int dbm_authenticate_basic_user(request_rec *r)
{
- dbm_auth_config_rec *sec =
- (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
- &auth_dbm_module);
+ dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_dbm_module);
const char *sent_pw;
char *real_pw, *colon_pw;
apr_status_t invalid_pw;
if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
return res;
- if (!sec->auth_dbmpwfile)
+ if (!conf->auth_dbmpwfile)
return DECLINED;
- if (!(real_pw = get_dbm_pw(r, r->user, sec->auth_dbmpwfile))) {
- if (!(sec->auth_dbmauthoritative))
+ if (!(real_pw = get_dbm_pw(r, r->user, conf->auth_dbmpwfile))) {
+ if (!(conf->auth_dbmauthoritative))
return DECLINED;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"DBM user %s not found: %s", r->user, r->filename);
static int dbm_check_auth(request_rec *r)
{
- dbm_auth_config_rec *sec =
- (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
- &auth_dbm_module);
+ dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_dbm_module);
char *user = r->user;
int m = r->method_number;
const char *t;
char *w;
- if (!sec->auth_dbmgrpfile)
+ if (!conf->auth_dbmgrpfile)
return DECLINED;
if (!reqs_arr)
return DECLINED;
t = reqs[x].requirement;
w = ap_getword_white(r->pool, &t);
- if (!strcmp(w, "group") && sec->auth_dbmgrpfile) {
+ if (!strcmp(w, "group") && conf->auth_dbmgrpfile) {
const char *orig_groups, *groups;
char *v;
- if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
- if (!(sec->auth_dbmauthoritative))
+ if (!(groups = get_dbm_grp(r, user, conf->auth_dbmgrpfile))) {
+ if (!(conf->auth_dbmauthoritative))
return DECLINED;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"user %s not in DBM group file %s: %s",
- user, sec->auth_dbmgrpfile, r->filename);
+ user, conf->auth_dbmgrpfile, r->filename);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
static void register_hooks(apr_pool_t *p)
{
- ap_hook_check_user_id(dbm_authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_check_user_id(dbm_authenticate_basic_user, NULL, NULL,
+ APR_HOOK_MIDDLE);
ap_hook_auth_checker(dbm_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
}
projects / apache / commitdiff