Attachment #34733 for bug #60708

View | Details | Raw Unified | Return to bug 60708
Collapse All | Expand All




#include "ap_provider.h"
#include "ap_expr.h"

#include "mod_auth.h"
#include "mod_session.h"
#include "mod_request.h"

static int (*ap_session_load_fn) (request_rec * r, session_rec ** z) = NULL;
static apr_status_t (*ap_session_get_fn)(request_rec * r, session_rec * z,
        const char *key, const char **value) = NULL;
static apr_status_t (*ap_session_set_fn)(request_rec * r, session_rec * z,
        const char *key, const char *value) = NULL;
static int have_session = 0;


typedef struct {
    authn_provider_list *providers;
    char *dir; /* unused variable */
    int authoritative;
    int use_session;
    ap_expr_info_t *fakeuser;
    ap_expr_info_t *fakepass;
    const char *use_digest_algorithm;
    int fake_set:1;
    int use_digest_algorithm_set:1;
    int authoritative_set:1;
    int use_session_set:1;
} auth_basic_config_rec;

static void *create_auth_basic_dir_config(apr_pool_t *p, char *d)
{

                    base->authoritative;
    newconf->authoritative_set = overrides->authoritative_set
            || base->authoritative_set;

    newconf->use_session =
            overrides->use_session_set ? overrides->use_session :
                    base->use_session;
    newconf->use_session_set = overrides->use_session_set
            || base->use_session_set;

    newconf->fakeuser =
            overrides->fake_set ? overrides->fakeuser : base->fakeuser;
    newconf->fakepass =
            overrides->fake_set ? overrides->fakepass : base->fakepass;


    return NULL;
}

static const char *set_use_session(cmd_parms * cmd, void *config, int flag)
{
    auth_basic_config_rec *conf = (auth_basic_config_rec *) config;

    conf->use_session = flag;
    conf->use_session_set = 1;

    return NULL;
}

static const char *add_basic_fake(cmd_parms * cmd, void *config,
        const char *user, const char *pass)
{
    auth_basic_config_rec *conf = (auth_basic_config_rec *) config;

                    "specify the auth providers for a directory or location"),
    AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,
                 "Set to 'Off' to allow access control to be passed along to "
                 "lower modules if the UserID is not known to this module"),
    AP_INIT_FLAG("AuthBasicUseSession", set_use_session, NULL, OR_AUTHCFG,
                 "Set to 'On' to use session to cache user credentials."),
    AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
                  "Fake basic authentication using the given expressions for "
                  "username and password, 'off' to disable. Password defaults "
                  "to 'password' if missing."),

    note_basic_auth_failure(r);
    return OK;
}


static void init_session(request_rec *r)
{
    ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load);
    ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get);
    ap_session_set_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_set);

    if (ap_session_load_fn && ap_session_get_fn && ap_session_set_fn) {
        have_session = 1;
    } else {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                      "Session not enabled: mod_session is not available");
    }

    return;
}

/**
 * Set user and pw in the session, delete them if NULL
 */
static void set_session_auth(request_rec * r,
                             const char *user, const char *pw)
{
    const char *realm = ap_auth_name(r);
    session_rec *z = NULL;

    ap_session_load_fn(r, &z);
    ap_session_set_fn(r, z,
                      apr_pstrcat(r->pool, realm, "-" MOD_SESSION_USER, NULL),
                      user);
    ap_session_set_fn(r, z,
                      apr_pstrcat(r->pool, realm, "-" MOD_SESSION_PW, NULL),
                      pw);

    return;

}

/**
 * Get the user and pw from the main request * notes table, if present.
 */
static apr_status_t get_session_auth(request_rec * r,
                                     const char **user, const char **pw)
{
    const char *realm = ap_auth_name(r);
    session_rec *z = NULL;

    ap_session_load_fn(r, &z);

    if (user)
        ap_session_get_fn(r, z,
                          apr_pstrcat(r->pool,
                                      realm, "-" MOD_SESSION_USER, NULL),
                          user);

    if (pw)
        ap_session_get_fn(r, z,
                          apr_pstrcat(r->pool,
                                      realm, "-" MOD_SESSION_PW, NULL),
                          pw);

    if (!*user || !*pw)
        return APR_EGENERAL;

    /* set the user, even though the user is unauthenticated at this point */
    if (user && *user)
        r->user = (char *) *user;

    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
                  "User %s authenticated from session",
                  user ? *user : "<null>");

    return APR_SUCCESS;
}

static int get_basic_auth(request_rec *r, const char **user,
                          const char **pw)
{
    const char *auth_line;

                      "need AuthName: %s", r->uri);
        return HTTP_INTERNAL_SERVER_ERROR;
    }

    if (conf->use_session && !have_session)
        init_session(r);

    r->ap_auth_type = (char*)current_auth;

    res = get_basic_auth(r, &sent_user, &sent_pw);
    if (res && conf->use_session && have_session) {
        /* try get the username and password from a session, if present */
        if (get_session_auth(r, &sent_user, &sent_pw) == APR_SUCCESS)
            res = OK;
    }

    if (res) {
        return res;
    }


        }
        return return_code;
    }

    /* Success, save username and password in session */
    if (conf->use_session && have_session)
        set_session_auth(r, sent_user, sent_pw);

    return OK;
}

/* If requested, create a fake basic authentication header for the benefit

Return to bug 60708

Lines 31-49 Link Here

(-)modules/aaa/mod_auth_basic.c.orig (+118 lines)
31	#include "ap_provider.h"	31	#include "ap_provider.h"
32	#include "ap_expr.h"	32	#include "ap_expr.h"
33		33
34	#include "mod_auth.h"	34	#include "mod_auth.h"
		35	#include "mod_session.h"
		36	#include "mod_request.h"
		37
		38	static int (ap_session_load_fn) (request_rec r, session_rec ** z) = NULL;
		39	static apr_status_t (ap_session_get_fn)(request_rec r, session_rec * z,
		40	const char key, const char *value) = NULL;
		41	static apr_status_t (ap_session_set_fn)(request_rec r, session_rec * z,
		42	const char key, const char value) = NULL;
		43	static int have_session = 0;
		44
35		45
36	typedef struct {	46	typedef struct {
37	authn_provider_list *providers;	47	authn_provider_list *providers;
38	char dir; / unused variable */	48	char dir; / unused variable */
39	int authoritative;	49	int authoritative;
		50	int use_session;
40	ap_expr_info_t *fakeuser;	51	ap_expr_info_t *fakeuser;
41	ap_expr_info_t *fakepass;	52	ap_expr_info_t *fakepass;
42	const char *use_digest_algorithm;	53	const char *use_digest_algorithm;
43	int fake_set:1;	54	int fake_set:1;
44	int use_digest_algorithm_set:1;	55	int use_digest_algorithm_set:1;
45	int authoritative_set:1;	56	int authoritative_set:1;
		57	int use_session_set:1;
46	} auth_basic_config_rec;	58	} auth_basic_config_rec;
47		59
48	static void create_auth_basic_dir_config(apr_pool_t p, char *d)	60	static void create_auth_basic_dir_config(apr_pool_t p, char *d)
49	{	61	{
Lines 66-73 Link Here
66	base->authoritative;	78	base->authoritative;
67	newconf->authoritative_set = overrides->authoritative_set	79	newconf->authoritative_set = overrides->authoritative_set
68	\|\| base->authoritative_set;	80	\|\| base->authoritative_set;
69		81
		82	newconf->use_session =
		83	overrides->use_session_set ? overrides->use_session :
		84	base->use_session;
		85	newconf->use_session_set = overrides->use_session_set
		86	\|\| base->use_session_set;
		87
70	newconf->fakeuser =	88	newconf->fakeuser =
71	overrides->fake_set ? overrides->fakeuser : base->fakeuser;	89	overrides->fake_set ? overrides->fakeuser : base->fakeuser;
72	newconf->fakepass =	90	newconf->fakepass =
73	overrides->fake_set ? overrides->fakepass : base->fakepass;	91	overrides->fake_set ? overrides->fakepass : base->fakepass;
Lines 138-145 Link Here
138		156
139	return NULL;	157	return NULL;
140	}	158	}
141		159
		160	static const char set_use_session(cmd_parms cmd, void *config, int flag)
		161	{
		162	auth_basic_config_rec conf = (auth_basic_config_rec ) config;
		163
		164	conf->use_session = flag;
		165	conf->use_session_set = 1;
		166
		167	return NULL;
		168	}
		169
142	static const char add_basic_fake(cmd_parms cmd, void *config,	170	static const char add_basic_fake(cmd_parms cmd, void *config,
143	const char user, const char pass)	171	const char user, const char pass)
144	{	172	{
145	auth_basic_config_rec conf = (auth_basic_config_rec ) config;	173	auth_basic_config_rec conf = (auth_basic_config_rec ) config;
Lines 207-214 Link Here
207	"specify the auth providers for a directory or location"),	235	"specify the auth providers for a directory or location"),
208	AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,	236	AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,
209	"Set to 'Off' to allow access control to be passed along to "	237	"Set to 'Off' to allow access control to be passed along to "
210	"lower modules if the UserID is not known to this module"),	238	"lower modules if the UserID is not known to this module"),
		239	AP_INIT_FLAG("AuthBasicUseSession", set_use_session, NULL, OR_AUTHCFG,
		240	"Set to 'On' to use session to cache user credentials."),
211	AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,	241	AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
212	"Fake basic authentication using the given expressions for "	242	"Fake basic authentication using the given expressions for "
213	"username and password, 'off' to disable. Password defaults "	243	"username and password, 'off' to disable. Password defaults "
214	"to 'password' if missing."),	244	"to 'password' if missing."),
Lines 248-255 Link Here
248	note_basic_auth_failure(r);	278	note_basic_auth_failure(r);
249	return OK;	279	return OK;
250	}	280	}
251		281
		282
		283	static void init_session(request_rec *r)
		284	{
		285	ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load);
		286	ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get);
		287	ap_session_set_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_set);
		288
		289	if (ap_session_load_fn && ap_session_get_fn && ap_session_set_fn) {
		290	have_session = 1;
		291	} else {
		292	ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
		293	"Session not enabled: mod_session is not available");
		294	}
		295
		296	return;
		297	}
		298
		299	/**
		300	* Set user and pw in the session, delete them if NULL
		301	*/
		302	static void set_session_auth(request_rec * r,
		303	const char user, const char pw)
		304	{
		305	const char *realm = ap_auth_name(r);
		306	session_rec *z = NULL;
		307
		308	ap_session_load_fn(r, &z);
		309	ap_session_set_fn(r, z,
		310	apr_pstrcat(r->pool, realm, "-" MOD_SESSION_USER, NULL),
		311	user);
		312	ap_session_set_fn(r, z,
		313	apr_pstrcat(r->pool, realm, "-" MOD_SESSION_PW, NULL),
		314	pw);
		315
		316	return;
		317
		318	}
		319
		320	/**
		321	* Get the user and pw from the main request * notes table, if present.
		322	*/
		323	static apr_status_t get_session_auth(request_rec * r,
		324	const char user, const char pw)
		325	{
		326	const char *realm = ap_auth_name(r);
		327	session_rec *z = NULL;
		328
		329	ap_session_load_fn(r, &z);
		330
		331	if (user)
		332	ap_session_get_fn(r, z,
		333	apr_pstrcat(r->pool,
		334	realm, "-" MOD_SESSION_USER, NULL),
		335	user);
		336
		337	if (pw)
		338	ap_session_get_fn(r, z,
		339	apr_pstrcat(r->pool,
		340	realm, "-" MOD_SESSION_PW, NULL),
		341	pw);
		342
		343	if (!user \|\| !pw)
		344	return APR_EGENERAL;
		345
346	/* set the user, even though the user is unauthenticated at this point */
347	if (user && *user)
348	r->user = (char ) user;
349
350	ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
351	"User %s authenticated from session",
352	user ? *user : "<null>");
353
354	return APR_SUCCESS;
355	}
356
252	static int get_basic_auth(request_rec r, const char *user,	357	static int get_basic_auth(request_rec r, const char *user,
253	const char **pw)	358	const char **pw)
254	{	359	{
255	const char *auth_line;	360	const char *auth_line;
Lines 315-325 Link Here
315	"need AuthName: %s", r->uri);	420	"need AuthName: %s", r->uri);
316	return HTTP_INTERNAL_SERVER_ERROR;	421	return HTTP_INTERNAL_SERVER_ERROR;
317	}	422	}
318		423
		424	if (conf->use_session && !have_session)
		425	init_session(r);
		426
319	r->ap_auth_type = (char*)current_auth;	427	r->ap_auth_type = (char*)current_auth;
320		428
321	res = get_basic_auth(r, &sent_user, &sent_pw);	429	res = get_basic_auth(r, &sent_user, &sent_pw);
		430	if (res && conf->use_session && have_session) {
		431	/* try get the username and password from a session, if present */
		432	if (get_session_auth(r, &sent_user, &sent_pw) == APR_SUCCESS)
		433	res = OK;
		434	}
		435
322	if (res) {	436	if (res) {
323	return res;	437	return res;
324	}	438	}
325		439
Lines 430-437 Link Here
430	}	544	}
431	return return_code;	545	return return_code;
432	}	546	}
433		547
		548	/* Success, save username and password in session */
		549	if (conf->use_session && have_session)
		550	set_session_auth(r, sent_user, sent_pw);
		551
434	return OK;	552	return OK;
435	}	553	}
436		554
437	/* If requested, create a fake basic authentication header for the benefit	555	/* If requested, create a fake basic authentication header for the benefit