From: jadestorm Date: Tue, 3 Sep 2002 01:31:27 +0000 (+0000) Subject: Added support for fail_status and authkerberos options. X-Git-Tag: Development-5.0.alpha1~1 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=c9ff1f3d5f6b9046f446b65ca3e7a67ed715d27e;hp=7868b10fa2dfd80469184d8b450d561482cf9114;p=mod_auth_kerb.git Added support for fail_status and authkerberos options. --- diff --git a/ChangeLog b/ChangeLog index 523dc3f..a98b99a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,27 @@ +2002-09-02 Daniel Henninger + + * apache1/auth_cmds.c: + * apache2/auth_cmds.c: + Added flag parsing for options and finished up first two commands. + + * apache1/auth_config.h: + * apache2/auth_config.h: + Added auth config struct. + + * apache1/auth_user.c: + * apache2/auth_user.c: + Added fail_status and kerbauthtype functionality. + + * apache1/dir_config.c: + * apache2/dir_config.c: + Added defaults for current flags. + +2002-09-01 Daniel Henninger + + * apache1/auth_cmds.c: + * apache2/auth_cmds.c: + Put together everything but flag parsing for the first batch of options. + 2002-07-09 Daniel Henninger * apache1/auth_cmds.c: diff --git a/apache1/auth_cmds.c b/apache1/auth_cmds.c index f1d5014..c59a752 100644 --- a/apache1/auth_cmds.c +++ b/apache1/auth_cmds.c @@ -1,3 +1,45 @@ +static const char *kerb_set_fail_slot(cmd_parms *cmd, char *struct_ptr, + char *arg) +{ + int offset = (int) (long) cmd->info; + if (!strncasecmp(arg, "unauthorized", 12)) + *(int *) (struct_ptr + offset) = HTTP_UNAUTHORIZED; + else if (!strncasecmp(arg, "forbidden", 9)) + *(int *) (struct_ptr + offset) = HTTP_FORBIDDEN; + else if (!strncasecmp(arg, "declined", 8)) + *(int *) (struct_ptr + offset) = DECLINED; + else + return "KrbFailStatus must be Forbidden, Unauthorized, or Declined."; + return NULL; +} + +static const char *kerb_set_type_slot(cmd_parms *cmd, char *struct_ptr, + char *arg) +{ + int offset = (int) (long) cmd->info; + if +#ifdef KRB5 + (!strncasecmp(arg, "v5", 2)) + *(char **) (struct_ptr + offset) = "KerberosV5"; + else if +#endif /* KRB5 */ +#ifdef KRB4 + (!strncasecmp(arg, "v4", 2)) + *(char **) (struct_ptr + offset) = "KerberosV4"; +#endif /* KRB4 */ + else if + (!strncasecmp(arg, "dualv5v4", 2)) + *(char **) (struct_ptr + offset) = "KerberosDualV5V4"; + else if + (!strncasecmp(arg, "dualv4v5", 2)) + *(char **) (struct_ptr + offset) = "KerberosDualV4V5"; +#if defined(KRB4) && defined(KRB5) +#endif /* KRB4 && KRB5 */ + else + return "AuthKerberos must be V5 or V4."; + return NULL; +} + command_rec kerb_auth_cmds[] = { { "AuthKerberos", diff --git a/apache1/auth_config.h b/apache1/auth_config.h new file mode 100644 index 0000000..554586e --- /dev/null +++ b/apache1/auth_config.h @@ -0,0 +1,4 @@ +typedef struct { + char *krb_auth_type; + int krb_fail_status; +} kerb_auth_config; diff --git a/apache1/auth_user.c b/apache1/auth_user.c index b6a0dbf..d46c6f9 100644 --- a/apache1/auth_user.c +++ b/apache1/auth_user.c @@ -13,29 +13,36 @@ int kerb_authenticate_user(request_rec *r) { (r->proxyreq == STD_PROXY) ? "Proxy-Authorization" : "Authorization"); + kerb_auth_config *conf = + (kerb_auth_config *)ap_get_module_config(r->per_dir_config, + &kerb_auth_module); type = ap_auth_type(r); if (type != NULL) { #ifdef KRB5 - if (strncasecmp(type, "KerberosV5", 10) == 0) { + if ((strncasecmp(type, "KerberosV5", 10) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosV5", 10) == 0)) { KerberosV5 = 1; } #endif /* KRB5 */ #ifdef KRB4 - if (strncasecmp(type, "KerberosV4", 10) == 0) { + if ((strncasecmp(type, "KerberosV4", 10) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosV4", 10) == 0)) { KerberosV4 = 1; } #endif /* KRB4 */ #if defined(KRB5) && defined(KRB4) - if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) { + if ((strncasecmp(type, "KerberosDualV5V4", 15) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosDualV5V4", 15) == 0)) { KerberosV5 = 1; KerberosV4 = 1; } - if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) { + if ((strncasecmp(type, "KerberosDualV4V5", 15) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosDualV4V5", 15) == 0)) { KerberosV5 = 1; KerberosV4 = 1; KerberosV4first = 1; @@ -74,7 +81,7 @@ int kerb_authenticate_user(request_rec *r) { retcode = OK; } else { - retcode = HTTP_UNAUTHORIZED; + retcode = conf->krb_fail_status; } } #endif /* KRB5 */ @@ -85,7 +92,7 @@ int kerb_authenticate_user(request_rec *r) { retcode = OK; } else { - retcode = HTTP_UNAUTHORIZED; + retcode = conf->krb_fail_status; } } #endif /* KRB4 */ @@ -96,7 +103,7 @@ int kerb_authenticate_user(request_rec *r) { retcode = OK; } else { - retcode = HTTP_UNAUTHORIZED; + retcode = conf->krb_fail_status; } } #endif /* KRB5 && KRB4 */ diff --git a/apache1/dir_config.c b/apache1/dir_config.c new file mode 100644 index 0000000..54ba60d --- /dev/null +++ b/apache1/dir_config.c @@ -0,0 +1,8 @@ +static void *kerb_dir_config(pool *p, char *d) +{ + static void *rec; + rec = (void *) ap_pcalloc(p, sizeof(kerb_auth_config)); + ((kerb_auth_config *)rec)->krb_fail_status = HTTP_UNAUTHORIZED; + ((kerb_auth_config *)rec)->krb_auth_type = ap_pstrdup(p, "None"); + return rec; +} diff --git a/apache1/module.c b/apache1/module.c index d513b9d..e7a0825 100644 --- a/apache1/module.c +++ b/apache1/module.c @@ -1,7 +1,7 @@ module kerb_auth_module = { STANDARD_MODULE_STUFF, NULL, /* initializer */ - NULL, /* dir config creater */ + kerb_dir_config, /* dir config creater */ NULL, /* dir merger */ NULL, /* server config */ NULL, /* merge server config */ diff --git a/apache2/auth_cmds.c b/apache2/auth_cmds.c index 7209294..7ac3f73 100644 --- a/apache2/auth_cmds.c +++ b/apache2/auth_cmds.c @@ -1,3 +1,45 @@ +static const char *kerb_set_fail_slot(cmd_parms *cmd, void *struct_ptr, + const char *arg) +{ + int offset = (int) (long) cmd->info; + if (!strncasecmp(arg, "unauthorized", 12)) + *(int *) ((char *)struct_ptr + offset) = HTTP_UNAUTHORIZED; + else if (!strncasecmp(arg, "forbidden", 9)) + *(int *) ((char *)struct_ptr + offset) = HTTP_FORBIDDEN; + else if (!strncasecmp(arg, "declined", 9)) + *(int *) ((char *)struct_ptr + offset) = DECLINED; + else + return apr_pstrcat(cmd->pool, "KrbAuthFailStatus must be Forbidden, Unauthorized, or Declined.", NULL); + return NULL; +} + +static const char *kerb_set_type_slot(cmd_parms *cmd, void *struct_ptr, + const char *arg) +{ + int offset = (int) (long) cmd->info; + if +#ifdef KRB5 + (!strncasecmp(arg, "v5", 2)) + *(char **) ((char *)struct_ptr + offset) = "KerberosV5"; + else if +#endif /* KRB5 */ +#ifdef KRB4 + (!strncasecmp(arg, "v4", 2)) + *(char **) ((char *)struct_ptr + offset) = "KerberosV4"; +#endif /* KRB4 */ +#if defined(KRB5) && defined(KRB4) + else if + (!strncasecmp(arg, "dualv5v4", 8)) + *(char **) ((char *)struct_ptr + offset) = "KerberosDualV5V4"; + else if + (!strncasecmp(arg, "dualv4v5", 8)) + *(char **) ((char *)struct_ptr + offset) = "KerberosDualV4V5"; +#endif /* KRB5 && KRB4 */ + else + return "AuthKerberos must be V5, V4, DualV4V5, or DualV5V4."; + return NULL; +} + static const command_rec kerb_auth_cmds[] = { AP_INIT_TAKE1( "AuthKerberos", diff --git a/apache2/auth_config.h b/apache2/auth_config.h new file mode 100644 index 0000000..554586e --- /dev/null +++ b/apache2/auth_config.h @@ -0,0 +1,4 @@ +typedef struct { + char *krb_auth_type; + int krb_fail_status; +} kerb_auth_config; diff --git a/apache2/auth_user.c b/apache2/auth_user.c index ff3c76a..444fa9b 100644 --- a/apache2/auth_user.c +++ b/apache2/auth_user.c @@ -9,6 +9,10 @@ int kerb_authenticate_user(request_rec *r) { int res; /* Response holder */ int retcode; /* Return code holder */ + kerb_auth_config *conf = + (kerb_auth_config *)ap_get_module_config(r->per_dir_config, + &kerb_auth_module); + const char *auth_line = apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" @@ -18,24 +22,28 @@ int kerb_authenticate_user(request_rec *r) { if (type != NULL) { #ifdef KRB5 - if (strncasecmp(type, "KerberosV5", 10) == 0) { + if ((strncasecmp(type, "KerberosV5", 10) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosV5", 10) == 0)) { KerberosV5 = 1; } #endif /* KRB5 */ #ifdef KRB4 - if (strncasecmp(type, "KerberosV4", 10) == 0) { + if ((strncasecmp(type, "KerberosV4", 10) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosV4", 10) == 0)) { KerberosV4 = 1; } #endif /* KRB4 */ #if defined(KRB5) && defined(KRB4) - if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) { + if ((strncasecmp(type, "KerberosDualV5V4", 15) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosDualV5V4", 15) == 0)) { KerberosV5 = 1; KerberosV4 = 1; } - if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) { + if ((strncasecmp(type, "KerberosDualV4V5", 15) == 0) || + (strncasecmp(conf->krb_auth_type, "KerberosDualV4V5", 15) == 0)) { KerberosV5 = 1; KerberosV4 = 1; KerberosV4first = 1; @@ -75,7 +83,7 @@ int kerb_authenticate_user(request_rec *r) { retcode = OK; } else { - retcode = HTTP_UNAUTHORIZED; + retcode = conf->krb_fail_status; } } #endif /* KRB5 */ @@ -87,7 +95,7 @@ int kerb_authenticate_user(request_rec *r) { retcode = OK; } else { - retcode = HTTP_UNAUTHORIZED; + retcode = conf->krb_fail_status; } } #endif /* KRB4 */ @@ -99,7 +107,7 @@ int kerb_authenticate_user(request_rec *r) { retcode = OK; } else { - retcode = HTTP_UNAUTHORIZED; + retcode = conf->krb_fail_status; } } #endif /* KRB5 && KRB4 */ diff --git a/apache2/dir_config.c b/apache2/dir_config.c new file mode 100644 index 0000000..aa15d9c --- /dev/null +++ b/apache2/dir_config.c @@ -0,0 +1,8 @@ +static void *kerb_dir_config(apr_pool_t *p, char *d) +{ + static void *rec; + rec = (void *) ap_pcalloc(p, sizeof(kerb_auth_config)); + ((kerb_auth_config *)rec)->krb_fail_status = HTTP_UNAUTHORIZED; + ((kerb_auth_config *)rec)->krb_auth_type = apr_pstrdup(p, "None"); + return rec; +} diff --git a/apache2/module.c b/apache2/module.c index a846a0c..d11f95f 100644 --- a/apache2/module.c +++ b/apache2/module.c @@ -1,7 +1,7 @@ module AP_MODULE_DECLARE_DATA kerb_auth_module = { STANDARD20_MODULE_STUFF, - NULL, /* dir config creater */ + kerb_dir_config, /* dir config creater */ NULL, /* dir merger */ NULL, /* server config */ NULL, /* merge server config */ diff --git a/configure b/configure index 282218f..5320388 100755 --- a/configure +++ b/configure @@ -1442,12 +1442,18 @@ GENSOURCES="" case $ac_api in 'apache1') GENHEADERS="$GENHEADERS apache1/api_inc.h" + GENHEADERS="$GENHEADERS apache1/auth_config.h" GENSOURCES="$GENSOURCES apache1/auth_user.c" + GENSOURCES="$GENSOURCES apache1/auth_cmds.c" + GENSOURCES="$GENSOURCES apache1/dir_config.c" GENSOURCES="$GENSOURCES apache1/module.c" ;; 'apache2') GENHEADERS="$GENHEADERS apache2/api_inc.h" + GENHEADERS="$GENHEADERS apache2/auth_config.h" GENSOURCES="$GENSOURCES apache2/auth_user.c" + GENSOURCES="$GENSOURCES apache2/auth_cmds.c" + GENSOURCES="$GENSOURCES apache2/dir_config.c" GENSOURCES="$GENSOURCES apache2/hooks.c" GENSOURCES="$GENSOURCES apache2/module.c" ;; diff --git a/configure.in b/configure.in index a70b811..dcb2b9e 100644 --- a/configure.in +++ b/configure.in @@ -290,12 +290,18 @@ GENSOURCES="" case $ac_api in 'apache1') GENHEADERS="$GENHEADERS apache1/api_inc.h" + GENHEADERS="$GENHEADERS apache1/auth_config.h" GENSOURCES="$GENSOURCES apache1/auth_user.c" + GENSOURCES="$GENSOURCES apache1/auth_cmds.c" + GENSOURCES="$GENSOURCES apache1/dir_config.c" GENSOURCES="$GENSOURCES apache1/module.c" ;; 'apache2') GENHEADERS="$GENHEADERS apache2/api_inc.h" + GENHEADERS="$GENHEADERS apache2/auth_config.h" GENSOURCES="$GENSOURCES apache2/auth_user.c" + GENSOURCES="$GENSOURCES apache2/auth_cmds.c" + GENSOURCES="$GENSOURCES apache2/dir_config.c" GENSOURCES="$GENSOURCES apache2/hooks.c" GENSOURCES="$GENSOURCES apache2/module.c" ;;