From: Bradley Nicholes Date: Fri, 6 Jan 2006 16:45:07 +0000 (+0000) Subject: Merge mod_authn_alias into mod_authn_core X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa3163af4d8f26249431009a6ccfa4d33da9b9ae;p=thirdparty%2Fapache%2Fhttpd.git Merge mod_authn_alias into mod_authn_core git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@366526 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/aaa/config.m4 b/modules/aaa/config.m4 index 921c7e3e8a2..f7c01303a40 100644 --- a/modules/aaa/config.m4 +++ b/modules/aaa/config.m4 @@ -18,9 +18,6 @@ dnl - and just in case all of the above punt; a default handler to dnl keep the bad guys out. APACHE_MODULE(authn_default, authentication backstopper, , , yes) -dnl Provider alias module. -APACHE_MODULE(authn_alias, auth provider alias, , , no) - dnl General Authentication modules; module which implements the dnl non-authn module specific directives. dnl diff --git a/modules/aaa/mod_authn_core.c b/modules/aaa/mod_authn_core.c index 9aec8511c0f..0c5e9d27a2b 100644 --- a/modules/aaa/mod_authn_core.c +++ b/modules/aaa/mod_authn_core.c @@ -27,6 +27,7 @@ #define APR_WANT_BYTEFUNC #include "apr_want.h" +#define CORE_PRIVATE #include "ap_config.h" #include "httpd.h" #include "http_core.h" @@ -34,6 +35,7 @@ #include "http_log.h" #include "http_request.h" #include "http_protocol.h" +#include "ap_provider.h" #include "mod_auth.h" @@ -55,6 +57,18 @@ typedef struct { char *ap_auth_name; } authn_core_dir_conf; +typedef struct provider_alias_rec { + char *provider_name; + char *provider_alias; + ap_conf_vector_t *sec_auth; + const authn_provider *provider; +} provider_alias_rec; + +typedef struct authn_alias_srv_conf { + apr_hash_t *alias_rec; +} authn_alias_srv_conf; + + module AP_MODULE_DECLARE_DATA authn_core_module; static void *create_authn_core_dir_config(apr_pool_t *p, char *dummy) @@ -88,6 +102,153 @@ static void *merge_authn_core_dir_config(apr_pool_t *a, void *basev, void *newv) return (void*)conf; } +static authn_status authn_alias_check_password(request_rec *r, const char *user, + const char *password) +{ + /* Look up the provider alias in the alias list */ + /* Get the the dir_config and call ap_Merge_per_dir_configs() */ + /* Call the real provider->check_password() function */ + /* return the result of the above function call */ + + const char *provider_name = apr_table_get(r->notes, AUTHN_PROVIDER_NAME_NOTE); + authn_status ret = AUTH_USER_NOT_FOUND; + authn_alias_srv_conf *authcfg = + (authn_alias_srv_conf *)ap_get_module_config(r->server->module_config, + &authn_alias_module); + + if (provider_name) { + provider_alias_rec *prvdraliasrec = apr_hash_get(authcfg->alias_rec, + provider_name, APR_HASH_KEY_STRING); + ap_conf_vector_t *orig_dir_config = r->per_dir_config; + + /* If we found the alias provider in the list, then merge the directory + configurations and call the real provider */ + if (prvdraliasrec) { + r->per_dir_config = ap_merge_per_dir_configs(r->pool, orig_dir_config, + prvdraliasrec->sec_auth); + ret = prvdraliasrec->provider->check_password(r,user,password); + r->per_dir_config = orig_dir_config; + } + } + + return ret; +} + +static authn_status authn_alias_get_realm_hash(request_rec *r, const char *user, + const char *realm, char **rethash) +{ + /* Look up the provider alias in the alias list */ + /* Get the the dir_config and call ap_Merge_per_dir_configs() */ + /* Call the real provider->get_realm_hash() function */ + /* return the result of the above function call */ + + const char *provider_name = apr_table_get(r->notes, AUTHN_PROVIDER_NAME_NOTE); + authn_status ret = AUTH_USER_NOT_FOUND; + authn_alias_srv_conf *authcfg = + (authn_alias_srv_conf *)ap_get_module_config(r->server->module_config, + &authn_alias_module); + + if (provider_name) { + provider_alias_rec *prvdraliasrec = apr_hash_get(authcfg->alias_rec, + provider_name, APR_HASH_KEY_STRING); + ap_conf_vector_t *orig_dir_config = r->per_dir_config; + + /* If we found the alias provider in the list, then merge the directory + configurations and call the real provider */ + if (prvdraliasrec) { + r->per_dir_config = ap_merge_per_dir_configs(r->pool, orig_dir_config, + prvdraliasrec->sec_auth); + ret = prvdraliasrec->provider->get_realm_hash(r,user,realm,rethash); + r->per_dir_config = orig_dir_config; + } + } + + return ret; +} + +static void *create_authn_alias_svr_config(apr_pool_t *p, server_rec *s) +{ + + authn_alias_srv_conf *authcfg; + + authcfg = (authn_alias_srv_conf *) apr_pcalloc(p, sizeof(authn_alias_srv_conf)); + authcfg->alias_rec = apr_hash_make(p); + + return (void *) authcfg; +} + +static const authn_provider authn_alias_provider = +{ + &authn_alias_check_password, + &authn_alias_get_realm_hash, +}; + +static const char *authaliassection(cmd_parms *cmd, void *mconfig, const char *arg) +{ + int old_overrides = cmd->override; + const char *endp = ap_strrchr_c(arg, '>'); + const char *args; + char *provider_alias; + char *provider_name; + const char *errmsg; + ap_conf_vector_t *new_auth_config = ap_create_per_dir_config(cmd->pool); + authn_alias_srv_conf *authcfg = + (authn_alias_srv_conf *)ap_get_module_config(cmd->server->module_config, + &authn_alias_module); + + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + + if (endp == NULL) { + return apr_pstrcat(cmd->pool, cmd->cmd->name, + "> directive missing closing '>'", NULL); + } + + args = apr_pstrndup(cmd->pool, arg, endp - arg); + + if (!args[0]) { + return apr_pstrcat(cmd->pool, cmd->cmd->name, + "> directive requires additional arguments", NULL); + } + + /* Pull the real provider name and the alias name from the block header */ + provider_name = ap_getword_conf(cmd->pool, &args); + provider_alias = ap_getword_conf(cmd->pool, &args); + + if (!provider_name[0] || !provider_alias[0]) { + return apr_pstrcat(cmd->pool, cmd->cmd->name, + "> directive requires additional arguments", NULL); + } + + /* walk the subsection configuration to get the per_dir config that we will + merge just before the real provider is called. */ + cmd->override = OR_ALL|ACCESS_CONF; + errmsg = ap_walk_config(cmd->directive->first_child, cmd, new_auth_config); + + if (!errmsg) { + provider_alias_rec *prvdraliasrec = apr_pcalloc(cmd->pool, sizeof(provider_alias_rec)); + const authn_provider *provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP, provider_name,"0"); + + /* Save off the new directory config along with the original provider name + and function pointer data */ + prvdraliasrec->sec_auth = new_auth_config; + prvdraliasrec->provider_name = provider_name; + prvdraliasrec->provider_alias = provider_alias; + prvdraliasrec->provider = provider; + apr_hash_set(authcfg->alias_rec, provider_alias, APR_HASH_KEY_STRING, prvdraliasrec); + + /* Register the fake provider so that we get called first */ + ap_register_provider(cmd->pool, AUTHN_PROVIDER_GROUP, provider_alias, "0", + &authn_alias_provider); + } + + cmd->override = old_overrides; + + return errmsg; +} + /* * Load an authorisation realm into our location configuration, applying the * usual rules that apply to realms. @@ -129,6 +290,9 @@ static const command_rec authn_cmds[] = "An HTTP authorization type (e.g., \"Basic\")"), AP_INIT_TAKE1("AuthName", set_authname, NULL, OR_AUTHCFG, "The authentication realm (e.g. \"Members Only\")"), + AP_INIT_RAW_ARGS("