From: jadestorm Date: Thu, 29 May 2003 14:54:31 +0000 (+0000) Subject: Removed apache 1 separate source tree. X-Git-Tag: v5.0-rc1~37 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mod_auth_kerb.cvs%2F.git;a=commitdiff_plain;h=b5fd517555f92d49a220429b9827e2f5199d4c06 Removed apache 1 separate source tree. --- diff --git a/apache1/api_inc.h b/apache1/api_inc.h deleted file mode 100644 index e46d662..0000000 --- a/apache1/api_inc.h +++ /dev/null @@ -1,8 +0,0 @@ -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" - -module kerb_auth_module; diff --git a/apache1/auth_cmds.c b/apache1/auth_cmds.c deleted file mode 100644 index d2c00ab..0000000 --- a/apache1/auth_cmds.c +++ /dev/null @@ -1,170 +0,0 @@ -static const char *kerb_set_fail_slot(cmd_parms *cmd, char *struct_ptr, - char *arg) -{ - int offset = (int) (long) cmd->info; - if (!strncasecmp(arg, "unauthorized", 12)) - *(int *) (struct_ptr + offset) = HTTP_UNAUTHORIZED; - else if (!strncasecmp(arg, "forbidden", 9)) - *(int *) (struct_ptr + offset) = HTTP_FORBIDDEN; - else if (!strncasecmp(arg, "declined", 8)) - *(int *) (struct_ptr + offset) = DECLINED; - else - return "KrbFailStatus must be Forbidden, Unauthorized, or Declined."; - return NULL; -} - -static const char *kerb_set_type_slot(cmd_parms *cmd, char *struct_ptr, - char *arg) -{ - int offset = (int) (long) cmd->info; - if -#ifdef KRB5 - (!strncasecmp(arg, "v5", 2)) - *(char **) (struct_ptr + offset) = ap_pstrdup(cmd->pool, "KerberosV5"); - else if -#endif /* KRB5 */ -#ifdef KRB4 - (!strncasecmp(arg, "v4", 2)) - *(char **) (struct_ptr + offset) = ap_pstrdup(cmd->pool, "KerberosV4"); -#endif /* KRB4 */ - else if - (!strncasecmp(arg, "dualv5v4", 2)) - *(char **) (struct_ptr + offset) = ap_pstrdup(cmd->pool, "KerberosDualV5V4"); - else if - (!strncasecmp(arg, "dualv4v5", 2)) - *(char **) (struct_ptr + offset) = ap_pstrdup(cmd->pool, "KerberosDualV4V5"); -#if defined(KRB4) && defined(KRB5) -#endif /* KRB4 && KRB5 */ - else - return "AuthKerberos must be V5 or V4."; - return NULL; -} - -command_rec kerb_auth_cmds[] = { - { - "AuthKerberos", - kerb_set_type_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_auth_type), - OR_AUTHCFG, - TAKE1, - "Permit Kerberos auth without AuthType requirement." - }, - -#ifdef KRB4 - { - "Krb4Srvtab", - ap_set_file_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_4_srvtab), - RSRC_CONF & ACCESS_CONF, - TAKE1, - "Location of Kerberos V4 srvtab file." - }, -#endif /* KRB4 */ - -#ifdef KRB5 - { - "Krb5Keytab", - ap_set_file_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_5_keytab), - RSRC_CONF & ACCESS_CONF, - TAKE1, - "Location of Kerberos V5 keytab file." - }, -#endif /* KRB5 */ - - { - "KrbAuthoritative", - ap_set_flag_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_authoritative), - OR_AUTHCFG, - FLAG, - "Refuse to pass request down to lower modules." - }, - - { - "KrbDefaultRealm", - ap_set_string_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_default_realm), - OR_AUTHCFG, - TAKE1, - "Default realm to authenticate users against." - }, - - { - "KrbFailStatus", - kerb_set_fail_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_fail_status), - OR_AUTHCFG, - TAKE1, - "If auth fails, return status set here." - }, - - { - "KrbForceInstance", - ap_set_string_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_force_instance), - OR_AUTHCFG, - TAKE1, - "Force authentication against an instance specified here." - }, - -#ifdef KRB5 - { - "KrbForwardable", - ap_set_flag_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_forwardable), - OR_AUTHCFG, - FLAG, - "Credentials retrieved will be flagged as forwardable." - }, -#endif /* KRB5 */ - - { - "KrbLifetime", - ap_set_string_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_lifetime), - OR_AUTHCFG, - TAKE1, - "Lifetime of tickets retrieved." - }, - -#ifdef KRB5 - { - "KrbRenewable", - ap_set_string_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_renewable), - OR_AUTHCFG, - TAKE1, - "Credentials retrieved will be renewable for this length." - }, -#endif /* KRB5 */ - - { - "KrbSaveCredentials", - ap_set_flag_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_save_credentials), - OR_AUTHCFG, - FLAG, - "Save and store credentials/tickets retrieved during auth." - }, - - { - "KrbSaveTickets", - ap_set_flag_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_save_credentials), - OR_AUTHCFG, - FLAG, - "Alias for KrbSaveCredentials." - }, - - { - "KrbTmpdir", - ap_set_string_slot, - (void*)XtOffsetOf(kerb_auth_config, krb_tmp_dir), - OR_AUTHCFG, - TAKE1, - "Path to store ticket files and such in." - }, - - { NULL } -}; diff --git a/apache1/auth_config.h b/apache1/auth_config.h deleted file mode 100644 index 9e0da47..0000000 --- a/apache1/auth_config.h +++ /dev/null @@ -1,22 +0,0 @@ -typedef struct { - char *krb_auth_type; -#ifdef KRB4 - char *krb_4_srvtab; -#endif /* KRB4 */ -#ifdef KRB5 - char *krb_5_keytab; -#endif /* KRB5 */ - int krb_authoritative; - char *krb_default_realm; - int krb_fail_status; - char *krb_force_instance; -#ifdef KRB5 - int krb_forwardable; -#endif /* KRB5 */ - char *krb_lifetime; -#ifdef KRB5 - char *krb_renewable; -#endif /* KRB5 */ - int krb_save_credentials; - char *krb_tmp_dir; -} kerb_auth_config; diff --git a/apache1/auth_user.c b/apache1/auth_user.c deleted file mode 100644 index d46c6f9..0000000 --- a/apache1/auth_user.c +++ /dev/null @@ -1,112 +0,0 @@ -int kerb_authenticate_user(request_rec *r) { - const char *name; /* AuthName specified */ - const char *type; /* AuthType specified */ - int KerberosV5 = 0; /* Kerberos V5 check enabled */ - int KerberosV4 = 0; /* Kerberos V4 check enabled */ - int KerberosV4first = 0; /* Kerberos V4 check first */ - const char *sent_pw; /* Password sent by browser */ - int res; /* Response holder */ - int retcode; /* Return code holder */ - const char *t; /* Decoded auth_line */ - const char *authtype; /* AuthType to send back to browser */ - const char *auth_line = ap_table_get(r->headers_in, - (r->proxyreq == STD_PROXY) - ? "Proxy-Authorization" - : "Authorization"); - kerb_auth_config *conf = - (kerb_auth_config *)ap_get_module_config(r->per_dir_config, - &kerb_auth_module); - - type = ap_auth_type(r); - - if (type != NULL) { -#ifdef KRB5 - if ((strncasecmp(type, "KerberosV5", 10) == 0) || - (strncasecmp(conf->krb_auth_type, "KerberosV5", 10) == 0)) { - KerberosV5 = 1; - } -#endif /* KRB5 */ - -#ifdef KRB4 - if ((strncasecmp(type, "KerberosV4", 10) == 0) || - (strncasecmp(conf->krb_auth_type, "KerberosV4", 10) == 0)) { - KerberosV4 = 1; - } -#endif /* KRB4 */ - -#if defined(KRB5) && defined(KRB4) - if ((strncasecmp(type, "KerberosDualV5V4", 15) == 0) || - (strncasecmp(conf->krb_auth_type, "KerberosDualV5V4", 15) == 0)) { - KerberosV5 = 1; - KerberosV4 = 1; - } - - if ((strncasecmp(type, "KerberosDualV4V5", 15) == 0) || - (strncasecmp(conf->krb_auth_type, "KerberosDualV4V5", 15) == 0)) { - KerberosV5 = 1; - KerberosV4 = 1; - KerberosV4first = 1; - } -#endif /* KRB5 && KRB4 */ - } - - if (!KerberosV4 && !KerberosV5) { - return DECLINED; - } - - name = ap_auth_name(r); - if (!name) { - ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, - "need AuthName: %s", r->uri); - return HTTP_INTERNAL_SERVER_ERROR; - } - - if (!auth_line) { - ap_table_set(r->err_headers_out, "WWW-Authenticate", - ap_pstrcat(r->pool, "Basic realm=\"", name, "\"", NULL)); - return HTTP_UNAUTHORIZED; - } - - type = ap_getword_white(r->pool, &auth_line); - t = ap_pbase64decode(r->pool, auth_line); - r->connection->user = ap_getword_nulls(r->pool, &t, ':'); - r->connection->ap_auth_type = "Kerberos"; - sent_pw = ap_getword_white(r->pool, &t); - - retcode = DECLINED; - -#ifdef KRB5 - if (KerberosV5 && !KerberosV4first && retcode != OK) { - if (kerb5_password_validate(r->connection->user, sent_pw)) { - retcode = OK; - } - else { - retcode = conf->krb_fail_status; - } - } -#endif /* KRB5 */ - -#ifdef KRB4 - if (KerberosV4 && retcode != OK) { - if (kerb4_password_validate(r->connection->user, sent_pw)) { - retcode = OK; - } - else { - retcode = conf->krb_fail_status; - } - } -#endif /* KRB4 */ - -#if defined(KRB5) && defined(KRB4) - if (KerberosV5 && KerberosV4first && retcode != OK) { - if (kerb5_password_validate(r->connection->user, sent_pw)) { - retcode = OK; - } - else { - retcode = conf->krb_fail_status; - } - } -#endif /* KRB5 && KRB4 */ - - return retcode; -} diff --git a/apache1/dir_config.c b/apache1/dir_config.c deleted file mode 100644 index 9b0af79..0000000 --- a/apache1/dir_config.c +++ /dev/null @@ -1,9 +0,0 @@ -static void *kerb_dir_config(pool *p, char *d) -{ - static void *rec; - rec = (void *) ap_pcalloc(p, sizeof(kerb_auth_config)); - ((kerb_auth_config *)rec)->krb_fail_status = HTTP_UNAUTHORIZED; - ((kerb_auth_config *)rec)->krb_authoritative = 0; - ((kerb_auth_config *)rec)->krb_auth_type = ap_pstrdup(p, "None"); - return rec; -} diff --git a/apache1/module.c b/apache1/module.c deleted file mode 100644 index fadaae3..0000000 --- a/apache1/module.c +++ /dev/null @@ -1,28 +0,0 @@ -module MODULE_VAR_EXPORT kerb_auth_module = { - STANDARD_MODULE_STUFF, - NULL, /* module initializer */ - kerb_dir_config, /* per-directory config creator */ - NULL, /* per-directory config merger */ - NULL, /* per-server config creator */ - NULL, /* per-server config merger */ - kerb_auth_cmds, /* command table */ - NULL, /* [ 9] content handlers */ - NULL, /* [ 2] URI-to-filename translation */ - kerb_authenticate_user, /* [ 5] check/validate user_id */ - kerb_check_user_access, /* [ 6] check user_id is valid *here* */ - NULL, /* [ 4] check access by host address */ - NULL, /* [ 7] MIME type checker/setter */ - NULL, /* [ 8] fixups */ - NULL, /* [10] logger */ - NULL, /* [ 3] header parser */ - NULL, /* process initialization */ - NULL, /* process exit/cleanup */ - NULL /* [ 1] post read_request handling */ -#ifdef EAPI - , /* EAPI Additions */ - NULL, /* EAPI add module */ - NULL, /* EAPI remove module */ - NULL, /* EAPI rewrite command */ - NULL /* EAPI new connection */ -#endif /* EAPI */ -};