apache2/auth_cmds.c

   1 static const char *kerb_set_fail_slot(cmd_parms *cmd, void *struct_ptr,
   2                                                 const char *arg)
   3 {
   4         int offset = (int) (long) cmd->info;
   5         if (!strncasecmp(arg, "unauthorized", 12))
   6                 *(int *) ((char *)struct_ptr + offset) = HTTP_UNAUTHORIZED;
   7         else if (!strncasecmp(arg, "forbidden", 9))
   8                 *(int *) ((char *)struct_ptr + offset) = HTTP_FORBIDDEN;
   9         else if (!strncasecmp(arg, "declined", 8))
  10                 *(int *) ((char *)struct_ptr + offset) = DECLINED;
  11         else
  12                 return apr_pstrcat(cmd->pool, "KrbAuthFailStatus must be Forbidden, Unauthorized, or Declined.", NULL);
  13         return NULL;
  14 }
  15
  16 static const char *kerb_set_type_slot(cmd_parms *cmd, void *struct_ptr,
  17                                                 const char *arg)
  18 {
  19         int offset = (int) (long) cmd->info;
  20         if
  21 #ifdef KRB5
  22            (!strncasecmp(arg, "v5", 2))
  23                 *(char **) ((char *)struct_ptr + offset) = apr_pstrdup(cmd->pool, "KerberosV5");
  24         else if
  25 #endif /* KRB5 */
  26 #ifdef KRB4
  27            (!strncasecmp(arg, "v4", 2))
  28                 *(char **) ((char *)struct_ptr + offset) = apr_pstrdup(cmd->pool, "KerberosV4");
  29 #endif /* KRB4 */
  30 #if defined(KRB5) && defined(KRB4)
  31         else if
  32            (!strncasecmp(arg, "dualv5v4", 8))
  33                 *(char **) ((char *)struct_ptr + offset) = apr_pstrdup(cmd->pool, "KerberosDualV5V4");
  34         else if
  35            (!strncasecmp(arg, "dualv4v5", 8))
  36                 *(char **) ((char *)struct_ptr + offset) = apr_pstrdup(cmd->pool, "KerberosDualV4V5");
  37 #endif /* KRB5 && KRB4 */
  38         else
  39                 return "AuthKerberos must be V5, V4, DualV4V5, or DualV5V4.";
  40         return NULL;
  41 }
  42
  43 static const command_rec kerb_auth_cmds[] = {
  44         AP_INIT_TAKE1(
  45                 "AuthKerberos",
  46                 kerb_set_type_slot,
  47                 (void*)APR_XtOffsetOf(kerb_auth_config, krb_auth_type),
  48                 OR_AUTHCFG,
  49                 "Permit Kerberos auth without AuthType requirement."
  50         ),
  51
  52         AP_INIT_TAKE1(
  53                 "KrbFailStatus",
  54                 kerb_set_fail_slot,
  55                 (void*)APR_XtOffsetOf(kerb_auth_config, krb_fail_status),
  56                 OR_AUTHCFG,
  57                 "If auth fails, return status set here."
  58         ),
  59
  60         AP_INIT_FLAG(
  61                 "KrbAuthoritative",
  62                 ap_set_flag_slot,
  63                 (void*)APR_XtOffsetOf(kerb_auth_config, krb_authoritative),
  64                 OR_AUTHCFG,
  65                 "Refuse to pass request down to lower modules."
  66         ),
  67
  68         { NULL }
  69 };