Changes with Apache 2.3.7
+ *) core: Introduce note_auth_failure hook to allow modules to add support
+ for additional auth types. This makes ap_note_auth_failure() work with
+ mod_auth_digest again. PR 48807. [Stefan Fritsch]
+
*) socache modules: return APR_NOTFOUND when a lookup is not found [Nick Kew]
*) mod_authn_cache: new module [Nick Kew]
* 20100625.0 (2.3.7-dev) Add 'userctx' to socache iterator callback prototype
* 20100630.0 (2.3.7-dev) make module_levels vector of char instead of int
* 20100701.0 (2.3.7-dev) re-order struct members to improve alignment
+ * 20100701.1 (2.3.7-dev) add note_auth_failure hook
*/
#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20100701
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
/**
* Setup the output headers so that the client knows how to authenticate
- * itself the next time, if an authentication request failed. This function
- * works for both basic and digest authentication
+ * itself the next time, if an authentication request failed.
* @param r The current request
*/
AP_DECLARE(void) ap_note_auth_failure(request_rec *r);
/**
- * Setup the output headers so that the client knows how to authenticate
- * itself the next time, if an authentication request failed. This function
- * works only for basic authentication
- * @param r The current request
+ * @deprecated @see ap_note_auth_failure
*/
AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r);
/**
- * Setup the output headers so that the client knows how to authenticate
- * itself the next time, if an authentication request failed. This function
- * works only for digest authentication
- * @param r The current request
+ * @deprecated @see ap_note_auth_failure
*/
AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r);
+/**
+ * This hook allows modules to add support for a specific auth type to
+ * ap_note_auth_failure
+ * @param r the current request
+ * @param auth_type the configured auth_type
+ * @return OK, DECLINED
+ */
+AP_DECLARE_HOOK(int, note_auth_failure, (request_rec *r, const char *auth_type))
+
/**
* Get the password from the request headers
* @param r The current request
"\"", NULL));
}
+static int hook_note_basic_auth_failure(request_rec *r, const char *auth_type)
+{
+ if (strcasecmp(auth_type, "Basic"))
+ return DECLINED;
+
+ note_basic_auth_failure(r);
+ return OK;
+}
+
static int get_basic_auth(request_rec *r, const char **user,
const char **pw)
{
{
ap_hook_check_authn(authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE,
AP_AUTH_INTERNAL_PER_CONF);
+ ap_hook_note_auth_failure(hook_note_basic_auth_failure, NULL, NULL,
+ APR_HOOK_MIDDLE);
}
AP_DECLARE_MODULE(auth_basic) =
}
+static int hook_note_digest_auth_failure(request_rec *r, const char *auth_type)
+{
+ request_rec *mainreq;
+ digest_header_rec *resp;
+ digest_config_rec *conf;
+
+ if (strcasecmp(auth_type, "Digest"))
+ return DECLINED;
+
+ /* get the client response and mark */
+
+ mainreq = r;
+ while (mainreq->main != NULL) {
+ mainreq = mainreq->main;
+ }
+ while (mainreq->prev != NULL) {
+ mainreq = mainreq->prev;
+ }
+ resp = (digest_header_rec *) ap_get_module_config(mainreq->request_config,
+ &auth_digest_module);
+ resp->needed_auth = 1;
+
+
+ /* get our conf */
+
+ conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config,
+ &auth_digest_module);
+
+ note_digest_auth_failure(r, conf, resp, 0);
+
+ return OK;
+}
+
/*
* Authorization header verification code
AP_AUTH_INTERNAL_PER_CONF);
ap_hook_fixups(add_auth_info, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_note_auth_failure(hook_note_digest_auth_failure, NULL, NULL,
+ APR_HOOK_MIDDLE);
+
}
AP_DECLARE_MODULE(auth_digest) =
}
}
+static int hook_note_cookie_auth_failure(request_rec * r,
+ const char *auth_type)
+{
+ if (strcasecmp(auth_type, "form"))
+ return DECLINED;
+
+ note_cookie_auth_failure(r);
+ return OK;
+}
+
/**
* Set the auth username and password into the main request
* notes table.
ap_hook_handler(authenticate_form_login_handler, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_handler(authenticate_form_logout_handler, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_handler(authenticate_form_redirect_handler, NULL, NULL, APR_HOOK_MIDDLE);
+
+ ap_hook_note_auth_failure(hook_note_cookie_auth_failure, NULL, NULL,
+ APR_HOOK_MIDDLE);
}
AP_DECLARE_MODULE(auth_form) =
r->user, r->uri);
/* If we're returning 403, tell them to try again. */
- /* XXX: ap_note_auth_failure is currently broken */
- /*ap_note_auth_failure(r);*/
+ ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
APR_HOOK_LINK(log_transaction)
APR_HOOK_LINK(http_scheme)
APR_HOOK_LINK(default_port)
+ APR_HOOK_LINK(note_auth_failure)
)
AP_DECLARE_DATA ap_filter_rec_t *ap_old_write_func = NULL;
{
const char *type = ap_auth_type(r);
if (type) {
- if (!strcasecmp(type, "Basic"))
- ap_note_basic_auth_failure(r);
- else if (!strcasecmp(type, "Digest"))
- ap_note_digest_auth_failure(r);
+ ap_run_note_auth_failure(r, type);
}
else {
ap_log_rerror(APLOG_MARK, APLOG_ERR,
AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r)
{
- const char *type = ap_auth_type(r);
-
- /* if there is no AuthType configure or it is something other than
- * Basic, let ap_note_auth_failure() deal with it
- */
- if (!type || strcasecmp(type, "Basic"))
- ap_note_auth_failure(r);
- else
- apr_table_setn(r->err_headers_out,
- (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate"
- : "WWW-Authenticate",
- apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r),
- "\"", NULL));
+ ap_note_auth_failure(r);
}
AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r)
{
- apr_table_setn(r->err_headers_out,
- (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate"
- : "WWW-Authenticate",
- apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\""
- "%" APR_UINT64_T_HEX_FMT "\"",
- ap_auth_name(r), (apr_uint64_t)r->request_time));
+ ap_note_auth_failure(r);
}
AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
}
if (!auth_line) {
- ap_note_basic_auth_failure(r);
+ ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
/* Client tried to authenticate using wrong auth scheme */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client used wrong authentication scheme: %s", r->uri);
- ap_note_basic_auth_failure(r);
+ ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
(const request_rec *r), (r), NULL)
AP_IMPLEMENT_HOOK_RUN_FIRST(unsigned short,default_port,
(const request_rec *r), (r), 0)
+AP_IMPLEMENT_HOOK_RUN_FIRST(int, note_auth_failure,
+ (request_rec *r, const char *auth_type),
+ (r, auth_type), DECLINED)
projects / apache / commitdiff