Attachment #34732 for bug #60708

View | Details | Raw Unified | Return to bug 60708
Collapse All | Expand All




#include "ap_provider.h"
#include "ap_expr.h"

#include "mod_auth.h"
#include "mod_session.h"
#include "mod_request.h"

static int (*ap_session_load_fn) (request_rec * r, session_rec ** z) = NULL;
static apr_status_t (*ap_session_get_fn)(request_rec * r, session_rec * z,
        const char *key, const char **value) = NULL;
static apr_status_t (*ap_session_set_fn)(request_rec * r, session_rec * z,
        const char *key, const char *value) = NULL;
static int have_session = 0;


typedef struct {
    authn_provider_list *providers;
    char *dir; /* unused variable */
    int authoritative;
    int use_session;
    ap_expr_info_t *fakeuser;
    ap_expr_info_t *fakepass;
    const char *use_digest_algorithm;
    unsigned int fake_set:1,
                 use_digest_algorithm_set:1,
                 authoritative_set:1;
                 use_session_set:1;
} auth_basic_config_rec;

static void *create_auth_basic_dir_config(apr_pool_t *p, char *d)
{

                    base->authoritative;
    newconf->authoritative_set = overrides->authoritative_set
            || base->authoritative_set;

    newconf->use_session =
            overrides->use_session_set ? overrides->use_session :
                    base->use_session;
    newconf->use_session_set = overrides->use_session_set
            || base->use_session_set;

    newconf->fakeuser =
            overrides->fake_set ? overrides->fakeuser : base->fakeuser;
    newconf->fakepass =
            overrides->fake_set ? overrides->fakepass : base->fakepass;


    return NULL;
}

static const char *set_use_session(cmd_parms * cmd, void *config, int flag)
{
    auth_basic_config_rec *conf = (auth_basic_config_rec *) config;

    conf->use_session = flag;
    conf->use_session_set = 1;

    return NULL;
}

static const char *add_basic_fake(cmd_parms * cmd, void *config,
        const char *user, const char *pass)
{
    auth_basic_config_rec *conf = (auth_basic_config_rec *) config;

                    "specify the auth providers for a directory or location"),
    AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,
                 "Set to 'Off' to allow access control to be passed along to "
                 "lower modules if the UserID is not known to this module"),
    AP_INIT_FLAG("AuthBasicUseSession", set_use_session, NULL, OR_AUTHCFG,
                 "Set to 'On' to use session to cache user credentials."),
    AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
                  "Fake basic authentication using the given expressions for "
                  "username and password, 'off' to disable. Password defaults "
                  "to 'password' if missing."),

    note_basic_auth_failure(r);
    return OK;
}


static void init_session(request_rec *r)
{
    ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load);
    ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get);
    ap_session_set_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_set);

    if (ap_session_load_fn && ap_session_get_fn && ap_session_set_fn) {
        have_session = 1;
    } else {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Session not enabled: mod_session is not available");
    }

    return;
}

/**
 * Set user and pw in the session, delete them if NULL
 */
static void set_session_auth(request_rec * r,
                             const char *user, const char *pw)
{
    const char *realm = ap_auth_name(r);
    session_rec *z = NULL;

    ap_session_load_fn(r, &z);
    ap_session_set_fn(r, z,
                      apr_pstrcat(r->pool, realm, "-" MOD_SESSION_USER, NULL),
                      user);
    ap_session_set_fn(r, z,
                      apr_pstrcat(r->pool, realm, "-" MOD_SESSION_PW, NULL),
                      pw);

    return;

}

/**
 * Get the user and pw from the main request * notes table, if present.
 */
static apr_status_t get_session_auth(request_rec * r,
                                     const char **user, const char **pw)
{
    const char *realm = ap_auth_name(r);
    session_rec *z = NULL;

    ap_session_load_fn(r, &z);

    if (user)
        ap_session_get_fn(r, z,
                          apr_pstrcat(r->pool,
                                      realm, "-" MOD_SESSION_USER, NULL),
                          user);

    if (pw)
        ap_session_get_fn(r, z,
                          apr_pstrcat(r->pool,
                                      realm, "-" MOD_SESSION_PW, NULL),
                          pw);

    if (!*user || !*pw)
        return APR_EGENERAL;

    /* set the user, even though the user is unauthenticated at this point */
    if (user && *user)
        r->user = (char *) *user;

    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
                  "User %s authenticated from session",
                  user ? *user : "<null>");

    return APR_SUCCESS;
}

static int get_basic_auth(request_rec *r, const char **user,
                          const char **pw)
{
    const char *auth_line;

                      "need AuthName: %s", r->uri);
        return HTTP_INTERNAL_SERVER_ERROR;
    }

    if (conf->use_session && !have_session)
        init_session(r);

    r->ap_auth_type = (char*)current_auth;

    res = get_basic_auth(r, &sent_user, &sent_pw);
    if (res && conf->use_session && have_session) {
        /* try get the username and password from a session, if present */
        if (get_session_auth(r, &sent_user, &sent_pw) == APR_SUCCESS)
            res = OK;
    }

    if (res) {
        return res;
    }


        }
        return return_code;
    }

    /* Success, save username and password in session */
    if (conf->use_session && have_session)
        set_session_auth(r, sent_user, sent_pw);

    return OK;
}

/* If requested, create a fake basic authentication header for the benefit

Return to bug 60708

Lines 31-49 Link Here

(-)modules/aaa/mod_auth_basic.c.orig (+118 lines)
31	#include "ap_provider.h"	31	#include "ap_provider.h"
32	#include "ap_expr.h"	32	#include "ap_expr.h"
33		33
34	#include "mod_auth.h"	34	#include "mod_auth.h"
		35	#include "mod_session.h"
		36	#include "mod_request.h"
		37
		38	static int (ap_session_load_fn) (request_rec r, session_rec ** z) = NULL;
		39	static apr_status_t (ap_session_get_fn)(request_rec r, session_rec * z,
		40	const char key, const char *value) = NULL;
		41	static apr_status_t (ap_session_set_fn)(request_rec r, session_rec * z,
		42	const char key, const char value) = NULL;
		43	static int have_session = 0;
		44
35		45
36	typedef struct {	46	typedef struct {
37	authn_provider_list *providers;	47	authn_provider_list *providers;
38	char dir; / unused variable */	48	char dir; / unused variable */
39	int authoritative;	49	int authoritative;
		50	int use_session;
40	ap_expr_info_t *fakeuser;	51	ap_expr_info_t *fakeuser;
41	ap_expr_info_t *fakepass;	52	ap_expr_info_t *fakepass;
42	const char *use_digest_algorithm;	53	const char *use_digest_algorithm;
43	unsigned int fake_set:1,	54	unsigned int fake_set:1,
44	use_digest_algorithm_set:1,	55	use_digest_algorithm_set:1,
45	authoritative_set:1;	56	authoritative_set:1;
		57	use_session_set:1;
46	} auth_basic_config_rec;	58	} auth_basic_config_rec;
47		59
48	static void create_auth_basic_dir_config(apr_pool_t p, char *d)	60	static void create_auth_basic_dir_config(apr_pool_t p, char *d)
49	{	61	{
Lines 66-73 Link Here
66	base->authoritative;	78	base->authoritative;
67	newconf->authoritative_set = overrides->authoritative_set	79	newconf->authoritative_set = overrides->authoritative_set
68	\|\| base->authoritative_set;	80	\|\| base->authoritative_set;
69		81
		82	newconf->use_session =
		83	overrides->use_session_set ? overrides->use_session :
		84	base->use_session;
		85	newconf->use_session_set = overrides->use_session_set
		86	\|\| base->use_session_set;
		87
70	newconf->fakeuser =	88	newconf->fakeuser =
71	overrides->fake_set ? overrides->fakeuser : base->fakeuser;	89	overrides->fake_set ? overrides->fakeuser : base->fakeuser;
72	newconf->fakepass =	90	newconf->fakepass =
73	overrides->fake_set ? overrides->fakepass : base->fakepass;	91	overrides->fake_set ? overrides->fakepass : base->fakepass;
Lines 138-145 Link Here
138		156
139	return NULL;	157	return NULL;
140	}	158	}
141		159
		160	static const char set_use_session(cmd_parms cmd, void *config, int flag)
		161	{
		162	auth_basic_config_rec conf = (auth_basic_config_rec ) config;
		163
		164	conf->use_session = flag;
		165	conf->use_session_set = 1;
		166
		167	return NULL;
		168	}
		169
142	static const char add_basic_fake(cmd_parms cmd, void *config,	170	static const char add_basic_fake(cmd_parms cmd, void *config,
143	const char user, const char pass)	171	const char user, const char pass)
144	{	172	{
145	auth_basic_config_rec conf = (auth_basic_config_rec ) config;	173	auth_basic_config_rec conf = (auth_basic_config_rec ) config;
Lines 203-210 Link Here
203	"specify the auth providers for a directory or location"),	231	"specify the auth providers for a directory or location"),
204	AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,	232	AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,
205	"Set to 'Off' to allow access control to be passed along to "	233	"Set to 'Off' to allow access control to be passed along to "
206	"lower modules if the UserID is not known to this module"),	234	"lower modules if the UserID is not known to this module"),
		235	AP_INIT_FLAG("AuthBasicUseSession", set_use_session, NULL, OR_AUTHCFG,
		236	"Set to 'On' to use session to cache user credentials."),
207	AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,	237	AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
208	"Fake basic authentication using the given expressions for "	238	"Fake basic authentication using the given expressions for "
209	"username and password, 'off' to disable. Password defaults "	239	"username and password, 'off' to disable. Password defaults "
210	"to 'password' if missing."),	240	"to 'password' if missing."),
Lines 244-251 Link Here
244	note_basic_auth_failure(r);	274	note_basic_auth_failure(r);
245	return OK;	275	return OK;
246	}	276	}
247		277
		278
		279	static void init_session(request_rec *r)
		280	{
		281	ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load);
		282	ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get);
		283	ap_session_set_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_set);
		284
		285	if (ap_session_load_fn && ap_session_get_fn && ap_session_set_fn) {
		286	have_session = 1;
		287	} else {
		288	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
		289	"Session not enabled: mod_session is not available");
		290	}
		291
		292	return;
		293	}
		294
		295	/**
		296	* Set user and pw in the session, delete them if NULL
		297	*/
		298	static void set_session_auth(request_rec * r,
		299	const char user, const char pw)
		300	{
		301	const char *realm = ap_auth_name(r);
		302	session_rec *z = NULL;
		303
		304	ap_session_load_fn(r, &z);
		305	ap_session_set_fn(r, z,
		306	apr_pstrcat(r->pool, realm, "-" MOD_SESSION_USER, NULL),
		307	user);
		308	ap_session_set_fn(r, z,
		309	apr_pstrcat(r->pool, realm, "-" MOD_SESSION_PW, NULL),
		310	pw);
		311
		312	return;
		313
		314	}
		315
		316	/**
		317	* Get the user and pw from the main request * notes table, if present.
		318	*/
		319	static apr_status_t get_session_auth(request_rec * r,
		320	const char user, const char pw)
		321	{
		322	const char *realm = ap_auth_name(r);
		323	session_rec *z = NULL;
		324
		325	ap_session_load_fn(r, &z);
		326
		327	if (user)
		328	ap_session_get_fn(r, z,
		329	apr_pstrcat(r->pool,
		330	realm, "-" MOD_SESSION_USER, NULL),
		331	user);
		332
		333	if (pw)
		334	ap_session_get_fn(r, z,
		335	apr_pstrcat(r->pool,
		336	realm, "-" MOD_SESSION_PW, NULL),
		337	pw);
		338
		339	if (!user \|\| !pw)
		340	return APR_EGENERAL;
		341
342	/* set the user, even though the user is unauthenticated at this point */
343	if (user && *user)
344	r->user = (char ) user;
345
346	ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
347	"User %s authenticated from session",
348	user ? *user : "<null>");
349
350	return APR_SUCCESS;
351	}
352
248	static int get_basic_auth(request_rec r, const char *user,	353	static int get_basic_auth(request_rec r, const char *user,
249	const char **pw)	354	const char **pw)
250	{	355	{
251	const char *auth_line;	356	const char *auth_line;
Lines 311-321 Link Here
311	"need AuthName: %s", r->uri);	416	"need AuthName: %s", r->uri);
312	return HTTP_INTERNAL_SERVER_ERROR;	417	return HTTP_INTERNAL_SERVER_ERROR;
313	}	418	}
314		419
		420	if (conf->use_session && !have_session)
		421	init_session(r);
		422
315	r->ap_auth_type = (char*)current_auth;	423	r->ap_auth_type = (char*)current_auth;
316		424
317	res = get_basic_auth(r, &sent_user, &sent_pw);	425	res = get_basic_auth(r, &sent_user, &sent_pw);
		426	if (res && conf->use_session && have_session) {
		427	/* try get the username and password from a session, if present */
		428	if (get_session_auth(r, &sent_user, &sent_pw) == APR_SUCCESS)
		429	res = OK;
		430	}
		431
318	if (res) {	432	if (res) {
319	return res;	433	return res;
320	}	434	}
321		435
Lines 429-436 Link Here
429	}	543	}
430	return return_code;	544	return return_code;
431	}	545	}
432		546
		547	/* Success, save username and password in session */
		548	if (conf->use_session && have_session)
		549	set_session_auth(r, sent_user, sent_pw);
		550
433	return OK;	551	return OK;
434	}	552	}
435		553
436	/* If requested, create a fake basic authentication header for the benefit	554	/* If requested, create a fake basic authentication header for the benefit