#include "apr_strings.h"#include "apr_md5.h"#include "apr_lib.h"#include "apr_base64.h"#include "apr_want.h"#include "ap_config.h"#include "httpd.h"#include "http_config.h"#include "http_core.h"#include "http_log.h"#include "http_protocol.h"#include "http_request.h"#include "ap_provider.h"#include "mod_auth.h"Go to the source code of this file.
Classes | |
| struct | auth_basic_config_rec |
Defines | |
| #define | APR_WANT_STRFUNC |
Functions | |
| static void * | create_auth_basic_dir_config (apr_pool_t *p, char *d) |
| static const char * | add_authn_provider (cmd_parms *cmd, void *config, const char *arg) |
| static void | note_basic_auth_failure (request_rec *r) |
| static int | get_basic_auth (request_rec *r, const char **user, const char **pw) |
| static int | authenticate_basic_user (request_rec *r) |
| static void | register_hooks (apr_pool_t *p) |
Variables | |
| static const command_rec | auth_basic_cmds [] |
| module AP_MODULE_DECLARE_DATA | auth_basic_module |
|
|
Definition at line 21 of file mod_auth_basic.c. |
|
||||||||||||||||
|
Definition at line 52 of file mod_auth_basic.c. References apr_pcalloc, AUTHN_PROVIDER_GROUP, authn_provider::check_password, conf, last, authn_provider_list::next, NULL, cmd_parms_struct::pool, authn_provider_list::provider, authn_provider_list::provider_name, and auth_basic_config_rec::providers. 00054 { 00055 auth_basic_config_rec *conf = (auth_basic_config_rec*)config; 00056 authn_provider_list *newp; 00057 00058 newp = apr_pcalloc(cmd->pool, sizeof(authn_provider_list)); 00059 newp->provider_name = apr_pstrdup(cmd->pool, arg); 00060 00061 /* lookup and cache the actual provider now */ 00062 newp->provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP, 00063 newp->provider_name, "0"); 00064 00065 if (newp->provider == NULL) { 00066 /* by the time they use it, the provider should be loaded and 00067 registered with us. */ 00068 return apr_psprintf(cmd->pool, 00069 "Unknown Authn provider: %s", 00070 newp->provider_name); 00071 } 00072 00073 if (!newp->provider->check_password) { 00074 /* if it doesn't provide the appropriate function, reject it */ 00075 return apr_psprintf(cmd->pool, 00076 "The '%s' Authn provider doesn't support " 00077 "Basic Authentication", newp->provider_name); 00078 } 00079 00080 /* Add it to the list now. */ 00081 if (!conf->providers) { 00082 conf->providers = newp; 00083 } 00084 else { 00085 authn_provider_list *last = conf->providers; 00086 00087 while (last->next) { 00088 last = last->next; 00089 } 00090 last->next = newp; 00091 } 00092 00093 return NULL; 00094 }
|
|
|
Definition at line 176 of file mod_auth_basic.c. References request_rec::ap_auth_type, ap_get_module_config, APLOG_ERR, APLOG_MARK, auth_basic_module, AUTH_DENIED, AUTH_GENERAL_ERROR, AUTH_GRANTED, AUTH_USER_NOT_FOUND, AUTHN_DEFAULT_PROVIDER, AUTHN_PROVIDER_GROUP, AUTHN_PROVIDER_NAME_NOTE, auth_basic_config_rec::authoritative, authn_provider::check_password, conf, DECLINED, get_basic_auth(), HTTP_INTERNAL_SERVER_ERROR, HTTP_UNAUTHORIZED, authn_provider_list::next, note_basic_auth_failure(), request_rec::notes, OK, request_rec::per_dir_config, authn_provider_list::provider, provider, authn_provider_list::provider_name, auth_basic_config_rec::providers, res, strcasecmp(), and request_rec::uri. Referenced by register_hooks(). 00177 { 00178 auth_basic_config_rec *conf = ap_get_module_config(r->per_dir_config, 00179 &auth_basic_module); 00180 const char *sent_user, *sent_pw, *current_auth; 00181 int res; 00182 authn_status auth_result; 00183 authn_provider_list *current_provider; 00184 00185 /* Are we configured to be Basic auth? */ 00186 current_auth = ap_auth_type(r); 00187 if (!current_auth || strcasecmp(current_auth, "Basic")) { 00188 return DECLINED; 00189 } 00190 00191 /* We need an authentication realm. */ 00192 if (!ap_auth_name(r)) { 00193 ap_log_rerror(APLOG_MARK, APLOG_ERR, 00194 0, r, "need AuthName: %s", r->uri); 00195 return HTTP_INTERNAL_SERVER_ERROR; 00196 } 00197 00198 r->ap_auth_type = "Basic"; 00199 00200 res = get_basic_auth(r, &sent_user, &sent_pw); 00201 if (res) { 00202 return res; 00203 } 00204 00205 current_provider = conf->providers; 00206 do { 00207 const authn_provider *provider; 00208 00209 /* For now, if a provider isn't set, we'll be nice and use the file 00210 * provider. 00211 */ 00212 if (!current_provider) { 00213 provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP, 00214 AUTHN_DEFAULT_PROVIDER, "0"); 00215 00216 if (!provider || !provider->check_password) { 00217 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 00218 "No Authn provider configured"); 00219 auth_result = AUTH_GENERAL_ERROR; 00220 break; 00221 } 00222 apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, AUTHN_DEFAULT_PROVIDER); 00223 } 00224 else { 00225 provider = current_provider->provider; 00226 apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, current_provider->provider_name); 00227 } 00228 00229 00230 auth_result = provider->check_password(r, sent_user, sent_pw); 00231 00232 apr_table_unset(r->notes, AUTHN_PROVIDER_NAME_NOTE); 00233 00234 /* Something occured. Stop checking. */ 00235 if (auth_result != AUTH_USER_NOT_FOUND) { 00236 break; 00237 } 00238 00239 /* If we're not really configured for providers, stop now. */ 00240 if (!conf->providers) { 00241 break; 00242 } 00243 00244 current_provider = current_provider->next; 00245 } while (current_provider); 00246 00247 if (auth_result != AUTH_GRANTED) { 00248 int return_code; 00249 00250 /* If we're not authoritative, then any error is ignored. */ 00251 if (!(conf->authoritative) && auth_result != AUTH_DENIED) { 00252 return DECLINED; 00253 } 00254 00255 switch (auth_result) { 00256 case AUTH_DENIED: 00257 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 00258 "user %s: authentication failure for \"%s\": " 00259 "Password Mismatch", 00260 sent_user, r->uri); 00261 return_code = HTTP_UNAUTHORIZED; 00262 break; 00263 case AUTH_USER_NOT_FOUND: 00264 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 00265 "user %s not found: %s", sent_user, r->uri); 00266 return_code = HTTP_UNAUTHORIZED; 00267 break; 00268 case AUTH_GENERAL_ERROR: 00269 default: 00270 /* We'll assume that the module has already said what its error 00271 * was in the logs. 00272 */ 00273 return_code = HTTP_INTERNAL_SERVER_ERROR; 00274 break; 00275 } 00276 00277 /* If we're returning 403, tell them to try again. */ 00278 if (return_code == HTTP_UNAUTHORIZED) { 00279 note_basic_auth_failure(r); 00280 } 00281 return return_code; 00282 } 00283 00284 return OK; 00285 }
|
|
||||||||||||
|
Definition at line 41 of file mod_auth_basic.c. References apr_pcalloc, and conf. 00042 { 00043 auth_basic_config_rec *conf = apr_pcalloc(p, sizeof(*conf)); 00044 00045 conf->dir = d; 00046 /* Any failures are fatal. */ 00047 conf->authoritative = 1; 00048 00049 return conf; 00050 }
|
|
||||||||||||||||
|
Definition at line 129 of file mod_auth_basic.c. References APLOG_ERR, APLOG_MARK, apr_isspace, request_rec::headers_in, HTTP_UNAUTHORIZED, length, note_basic_auth_failure(), OK, request_rec::pool, request_rec::proxyreq, PROXYREQ_PROXY, strcasecmp(), request_rec::uri, and request_rec::user. Referenced by authenticate_basic_user(). 00131 { 00132 const char *auth_line; 00133 char *decoded_line; 00134 int length; 00135 00136 /* Get the appropriate header */ 00137 auth_line = apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) 00138 ? "Proxy-Authorization" 00139 : "Authorization"); 00140 00141 if (!auth_line) { 00142 note_basic_auth_failure(r); 00143 return HTTP_UNAUTHORIZED; 00144 } 00145 00146 if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) { 00147 /* Client tried to authenticate using wrong auth scheme */ 00148 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 00149 "client used wrong authentication scheme: %s", r->uri); 00150 note_basic_auth_failure(r); 00151 return HTTP_UNAUTHORIZED; 00152 } 00153 00154 /* Skip leading spaces. */ 00155 while (apr_isspace(*auth_line)) { 00156 auth_line++; 00157 } 00158 00159 decoded_line = apr_palloc(r->pool, apr_base64_decode_len(auth_line) + 1); 00160 length = apr_base64_decode(decoded_line, auth_line); 00161 /* Null-terminate the string. */ 00162 decoded_line[length] = '\0'; 00163 00164 *user = ap_getword_nulls(r->pool, (const char**)&decoded_line, ':'); 00165 *pw = decoded_line; 00166 00167 /* set the user, even though the user is unauthenticated at this point */ 00168 r->user = (char *) *user; 00169 00170 return OK; 00171 }
|
|
|
Definition at line 120 of file mod_auth_basic.c. References request_rec::err_headers_out, NULL, request_rec::pool, request_rec::proxyreq, and PROXYREQ_PROXY. Referenced by authenticate_basic_user(), and get_basic_auth(). 00121 { 00122 apr_table_setn(r->err_headers_out, 00123 (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" 00124 : "WWW-Authenticate", 00125 apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), 00126 "\"", NULL)); 00127 }
|
|
|
Definition at line 287 of file mod_auth_basic.c. References APR_HOOK_MIDDLE, authenticate_basic_user(), and NULL. 00288 { 00289 ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); 00290 }
|
|
|
Initial value:
{
AP_INIT_ITERATE("AuthBasicProvider", add_authn_provider, NULL, OR_AUTHCFG,
"specify the auth providers for a directory or location"),
AP_INIT_FLAG("AuthBasicAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_basic_config_rec, authoritative),
OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module"),
{NULL}
}
Definition at line 96 of file mod_auth_basic.c. |
|
|
Initial value:
{
STANDARD20_MODULE_STUFF,
create_auth_basic_dir_config,
NULL,
NULL,
NULL,
auth_basic_cmds,
register_hooks
}
Definition at line 292 of file mod_auth_basic.c. Referenced by authenticate_basic_user(). |