Lines 31-49
Link Here
|
31 |
#include "ap_provider.h" |
31 |
#include "ap_provider.h" |
32 |
#include "ap_expr.h" |
32 |
#include "ap_expr.h" |
33 |
|
33 |
|
34 |
#include "mod_auth.h" |
34 |
#include "mod_auth.h" |
|
|
35 |
#include "mod_session.h" |
36 |
#include "mod_request.h" |
37 |
|
38 |
static int (*ap_session_load_fn) (request_rec * r, session_rec ** z) = NULL; |
39 |
static apr_status_t (*ap_session_get_fn)(request_rec * r, session_rec * z, |
40 |
const char *key, const char **value) = NULL; |
41 |
static apr_status_t (*ap_session_set_fn)(request_rec * r, session_rec * z, |
42 |
const char *key, const char *value) = NULL; |
43 |
static int have_session = 0; |
44 |
|
35 |
|
45 |
|
36 |
typedef struct { |
46 |
typedef struct { |
37 |
authn_provider_list *providers; |
47 |
authn_provider_list *providers; |
38 |
char *dir; /* unused variable */ |
48 |
char *dir; /* unused variable */ |
39 |
int authoritative; |
49 |
int authoritative; |
|
|
50 |
int use_session; |
40 |
ap_expr_info_t *fakeuser; |
51 |
ap_expr_info_t *fakeuser; |
41 |
ap_expr_info_t *fakepass; |
52 |
ap_expr_info_t *fakepass; |
42 |
const char *use_digest_algorithm; |
53 |
const char *use_digest_algorithm; |
43 |
int fake_set:1; |
54 |
int fake_set:1; |
44 |
int use_digest_algorithm_set:1; |
55 |
int use_digest_algorithm_set:1; |
45 |
int authoritative_set:1; |
56 |
int authoritative_set:1; |
|
|
57 |
int use_session_set:1; |
46 |
} auth_basic_config_rec; |
58 |
} auth_basic_config_rec; |
47 |
|
59 |
|
48 |
static void *create_auth_basic_dir_config(apr_pool_t *p, char *d) |
60 |
static void *create_auth_basic_dir_config(apr_pool_t *p, char *d) |
49 |
{ |
61 |
{ |
Lines 66-73
Link Here
|
66 |
base->authoritative; |
78 |
base->authoritative; |
67 |
newconf->authoritative_set = overrides->authoritative_set |
79 |
newconf->authoritative_set = overrides->authoritative_set |
68 |
|| base->authoritative_set; |
80 |
|| base->authoritative_set; |
69 |
|
81 |
|
|
|
82 |
newconf->use_session = |
83 |
overrides->use_session_set ? overrides->use_session : |
84 |
base->use_session; |
85 |
newconf->use_session_set = overrides->use_session_set |
86 |
|| base->use_session_set; |
87 |
|
70 |
newconf->fakeuser = |
88 |
newconf->fakeuser = |
71 |
overrides->fake_set ? overrides->fakeuser : base->fakeuser; |
89 |
overrides->fake_set ? overrides->fakeuser : base->fakeuser; |
72 |
newconf->fakepass = |
90 |
newconf->fakepass = |
73 |
overrides->fake_set ? overrides->fakepass : base->fakepass; |
91 |
overrides->fake_set ? overrides->fakepass : base->fakepass; |
Lines 138-145
Link Here
|
138 |
|
156 |
|
139 |
return NULL; |
157 |
return NULL; |
140 |
} |
158 |
} |
141 |
|
159 |
|
|
|
160 |
static const char *set_use_session(cmd_parms * cmd, void *config, int flag) |
161 |
{ |
162 |
auth_basic_config_rec *conf = (auth_basic_config_rec *) config; |
163 |
|
164 |
conf->use_session = flag; |
165 |
conf->use_session_set = 1; |
166 |
|
167 |
return NULL; |
168 |
} |
169 |
|
142 |
static const char *add_basic_fake(cmd_parms * cmd, void *config, |
170 |
static const char *add_basic_fake(cmd_parms * cmd, void *config, |
143 |
const char *user, const char *pass) |
171 |
const char *user, const char *pass) |
144 |
{ |
172 |
{ |
145 |
auth_basic_config_rec *conf = (auth_basic_config_rec *) config; |
173 |
auth_basic_config_rec *conf = (auth_basic_config_rec *) config; |
Lines 207-214
Link Here
|
207 |
"specify the auth providers for a directory or location"), |
235 |
"specify the auth providers for a directory or location"), |
208 |
AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG, |
236 |
AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG, |
209 |
"Set to 'Off' to allow access control to be passed along to " |
237 |
"Set to 'Off' to allow access control to be passed along to " |
210 |
"lower modules if the UserID is not known to this module"), |
238 |
"lower modules if the UserID is not known to this module"), |
|
|
239 |
AP_INIT_FLAG("AuthBasicUseSession", set_use_session, NULL, OR_AUTHCFG, |
240 |
"Set to 'On' to use session to cache user credentials."), |
211 |
AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG, |
241 |
AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG, |
212 |
"Fake basic authentication using the given expressions for " |
242 |
"Fake basic authentication using the given expressions for " |
213 |
"username and password, 'off' to disable. Password defaults " |
243 |
"username and password, 'off' to disable. Password defaults " |
214 |
"to 'password' if missing."), |
244 |
"to 'password' if missing."), |
Lines 248-255
Link Here
|
248 |
note_basic_auth_failure(r); |
278 |
note_basic_auth_failure(r); |
249 |
return OK; |
279 |
return OK; |
250 |
} |
280 |
} |
251 |
|
281 |
|
|
|
282 |
|
283 |
static void init_session(request_rec *r) |
284 |
{ |
285 |
ap_session_load_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_load); |
286 |
ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get); |
287 |
ap_session_set_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_set); |
288 |
|
289 |
if (ap_session_load_fn && ap_session_get_fn && ap_session_set_fn) { |
290 |
have_session = 1; |
291 |
} else { |
292 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
293 |
"Session not enabled: mod_session is not available"); |
294 |
} |
295 |
|
296 |
return; |
297 |
} |
298 |
|
299 |
/** |
300 |
* Set user and pw in the session, delete them if NULL |
301 |
*/ |
302 |
static void set_session_auth(request_rec * r, |
303 |
const char *user, const char *pw) |
304 |
{ |
305 |
const char *realm = ap_auth_name(r); |
306 |
session_rec *z = NULL; |
307 |
|
308 |
ap_session_load_fn(r, &z); |
309 |
ap_session_set_fn(r, z, |
310 |
apr_pstrcat(r->pool, realm, "-" MOD_SESSION_USER, NULL), |
311 |
user); |
312 |
ap_session_set_fn(r, z, |
313 |
apr_pstrcat(r->pool, realm, "-" MOD_SESSION_PW, NULL), |
314 |
pw); |
315 |
|
316 |
return; |
317 |
|
318 |
} |
319 |
|
320 |
/** |
321 |
* Get the user and pw from the main request * notes table, if present. |
322 |
*/ |
323 |
static apr_status_t get_session_auth(request_rec * r, |
324 |
const char **user, const char **pw) |
325 |
{ |
326 |
const char *realm = ap_auth_name(r); |
327 |
session_rec *z = NULL; |
328 |
|
329 |
ap_session_load_fn(r, &z); |
330 |
|
331 |
if (user) |
332 |
ap_session_get_fn(r, z, |
333 |
apr_pstrcat(r->pool, |
334 |
realm, "-" MOD_SESSION_USER, NULL), |
335 |
user); |
336 |
|
337 |
if (pw) |
338 |
ap_session_get_fn(r, z, |
339 |
apr_pstrcat(r->pool, |
340 |
realm, "-" MOD_SESSION_PW, NULL), |
341 |
pw); |
342 |
|
343 |
if (!*user || !*pw) |
344 |
return APR_EGENERAL; |
345 |
|
346 |
/* set the user, even though the user is unauthenticated at this point */ |
347 |
if (user && *user) |
348 |
r->user = (char *) *user; |
349 |
|
350 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
351 |
"User %s authenticated from session", |
352 |
user ? *user : "<null>"); |
353 |
|
354 |
return APR_SUCCESS; |
355 |
} |
356 |
|
252 |
static int get_basic_auth(request_rec *r, const char **user, |
357 |
static int get_basic_auth(request_rec *r, const char **user, |
253 |
const char **pw) |
358 |
const char **pw) |
254 |
{ |
359 |
{ |
255 |
const char *auth_line; |
360 |
const char *auth_line; |
Lines 315-325
Link Here
|
315 |
"need AuthName: %s", r->uri); |
420 |
"need AuthName: %s", r->uri); |
316 |
return HTTP_INTERNAL_SERVER_ERROR; |
421 |
return HTTP_INTERNAL_SERVER_ERROR; |
317 |
} |
422 |
} |
318 |
|
423 |
|
|
|
424 |
if (conf->use_session && !have_session) |
425 |
init_session(r); |
426 |
|
319 |
r->ap_auth_type = (char*)current_auth; |
427 |
r->ap_auth_type = (char*)current_auth; |
320 |
|
428 |
|
321 |
res = get_basic_auth(r, &sent_user, &sent_pw); |
429 |
res = get_basic_auth(r, &sent_user, &sent_pw); |
|
|
430 |
if (res && conf->use_session && have_session) { |
431 |
/* try get the username and password from a session, if present */ |
432 |
if (get_session_auth(r, &sent_user, &sent_pw) == APR_SUCCESS) |
433 |
res = OK; |
434 |
} |
435 |
|
322 |
if (res) { |
436 |
if (res) { |
323 |
return res; |
437 |
return res; |
324 |
} |
438 |
} |
325 |
|
439 |
|
Lines 430-437
Link Here
|
430 |
} |
544 |
} |
431 |
return return_code; |
545 |
return return_code; |
432 |
} |
546 |
} |
433 |
|
547 |
|
|
|
548 |
/* Success, save username and password in session */ |
549 |
if (conf->use_session && have_session) |
550 |
set_session_auth(r, sent_user, sent_pw); |
551 |
|
434 |
return OK; |
552 |
return OK; |
435 |
} |
553 |
} |
436 |
|
554 |
|
437 |
/* If requested, create a fake basic authentication header for the benefit |
555 |
/* If requested, create a fake basic authentication header for the benefit |