/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.
*/
/* * Security options etc. * * Module derived from code originally written by Rob McCool *
*/
static authn_status authn_alias_check_password(request_rec *r, constchar *user, constchar *password)
{ /* Look up the provider alias in the alias list */ /* Get the dir_config and call ap_Merge_per_dir_configs() */ /* Call the real provider->check_password() function */ /* return the result of the above function call */
/* If we found the alias provider in the list, then merge the directory
configurations and call the real provider */ if (prvdraliasrec) {
r->per_dir_config = ap_merge_per_dir_configs(r->pool, orig_dir_config,
prvdraliasrec->sec_auth);
ret = prvdraliasrec->provider->check_password(r,user,password);
r->per_dir_config = orig_dir_config;
}
}
return ret;
}
static authn_status authn_alias_get_realm_hash(request_rec *r, constchar *user, constchar *realm, char **rethash)
{ /* Look up the provider alias in the alias list */ /* Get the dir_config and call ap_Merge_per_dir_configs() */ /* Call the real provider->get_realm_hash() function */ /* return the result of the above function call */
/* If we found the alias provider in the list, then merge the directory
configurations and call the real provider */ if (prvdraliasrec) {
r->per_dir_config = ap_merge_per_dir_configs(r->pool, orig_dir_config,
prvdraliasrec->sec_auth);
ret = prvdraliasrec->provider->get_realm_hash(r,user,realm,rethash);
r->per_dir_config = orig_dir_config;
}
}
/* Only per-server directive we have is GLOBAL_ONLY */ staticvoid *merge_authn_alias_svr_config(apr_pool_t *p, void *basev, void *overridesv)
{ return basev;
}
/* Pull the real provider name and the alias name from the block header */
provider_name = ap_getword_conf(cmd->pool, &args);
provider_alias = ap_getword_conf(cmd->pool, &args);
if (strcasecmp(provider_name, provider_alias) == 0) { return apr_pstrcat(cmd->pool, "The alias provider name must be different from the base provider name.", NULL);
}
/* Look up the alias provider to make sure that it hasn't already been registered. */
provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP, provider_alias,
AUTHN_PROVIDER_VERSION); if (provider) { return apr_pstrcat(cmd->pool, "The alias provider ", provider_alias, " has already be registered previously as either a base provider or an alias provider.",
NULL);
}
/* walk the subsection configuration to get the per_dir config that we will
merge just before the real provider is called. */
cmd->override = OR_AUTHCFG | ACCESS_CONF;
errmsg = ap_walk_config(cmd->directive->first_child, cmd, new_auth_config);
cmd->override = old_overrides;
if (!provider) { /* by the time they use it, the provider should be loaded and
registered with us. */ return apr_psprintf(cmd->pool, "Unknown Authn provider: %s",
provider_name);
}
/* Save off the new directory config along with the original provider name
and function pointer data */
prvdraliasrec->sec_auth = new_auth_config;
prvdraliasrec->provider_name = provider_name;
prvdraliasrec->provider_alias = provider_alias;
prvdraliasrec->provider = provider;
apr_hash_set(authcfg->alias_rec, provider_alias, APR_HASH_KEY_STRING, prvdraliasrec);
/* Register the fake provider so that we get called first */
ap_register_auth_provider(cmd->pool, AUTHN_PROVIDER_GROUP,
provider_alias, AUTHN_PROVIDER_VERSION,
provider->get_realm_hash ?
&authn_alias_provider :
&authn_alias_provider_nodigest,
AP_AUTH_INTERNAL_PER_CONF);
}
return errmsg;
}
/* * Load an authorisation realm into our location configuration, applying the * usual rules that apply to realms.
*/ staticconstchar *set_authname(cmd_parms *cmd, void *mconfig, constchar *word1)
{
authn_core_dir_conf *aconfig = (authn_core_dir_conf *)mconfig; constchar *expr_err = NULL;
if (conf->ap_auth_name) {
name = ap_expr_str_exec(r, conf->ap_auth_name, &err); if (err) {
ap_log_rerror(
APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, APLOGNO(02835) "AuthName expression could not be evaluated: %s", err); return NULL;
}
return ap_escape_quotes(r->pool, name);
}
return NULL;
}
staticconst command_rec authn_cmds[] =
{
AP_INIT_TAKE1("AuthType", set_authtype, NULL, OR_AUTHCFG, "an HTTP authorization type (e.g., \"Basic\")"),
AP_INIT_TAKE1("AuthName", set_authname, NULL, OR_AUTHCFG, "the authentication realm (e.g. \"Members Only\")"),
AP_INIT_RAW_ARGS(", authaliassection, NULL, RSRC_CONF, "container for grouping an authentication provider's " "directives under a provider alias"),
{NULL}
};
staticint authenticate_no_user(request_rec *r)
{ /* if there isn't an AuthType, then assume that no authentication
is required so return OK */ if (!ap_auth_type(r)) { return OK;
}
/* there's an AuthType configured, but no authentication module * loaded to support it
*/
ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, APLOGNO(01796) "AuthType %s configured without corresponding module",
ap_auth_type(r));
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
