+2002-09-02 Daniel Henninger <daniel@ncsu.edu>
+
+ * apache1/auth_cmds.c:
+ * apache2/auth_cmds.c:
+ Added flag parsing for options and finished up first two commands.
+
+ * apache1/auth_config.h:
+ * apache2/auth_config.h:
+ Added auth config struct.
+
+ * apache1/auth_user.c:
+ * apache2/auth_user.c:
+ Added fail_status and kerbauthtype functionality.
+
+ * apache1/dir_config.c:
+ * apache2/dir_config.c:
+ Added defaults for current flags.
+
+2002-09-01 Daniel Henninger <daniel@ncsu.edu>
+
+ * apache1/auth_cmds.c:
+ * apache2/auth_cmds.c:
+ Put together everything but flag parsing for the first batch of options.
+
2002-07-09 Daniel Henninger <daniel@ncsu.edu>
* apache1/auth_cmds.c:
+static const char *kerb_set_fail_slot(cmd_parms *cmd, char *struct_ptr,
+ char *arg)
+{
+ int offset = (int) (long) cmd->info;
+ if (!strncasecmp(arg, "unauthorized", 12))
+ *(int *) (struct_ptr + offset) = HTTP_UNAUTHORIZED;
+ else if (!strncasecmp(arg, "forbidden", 9))
+ *(int *) (struct_ptr + offset) = HTTP_FORBIDDEN;
+ else if (!strncasecmp(arg, "declined", 8))
+ *(int *) (struct_ptr + offset) = DECLINED;
+ else
+ return "KrbFailStatus must be Forbidden, Unauthorized, or Declined.";
+ return NULL;
+}
+
+static const char *kerb_set_type_slot(cmd_parms *cmd, char *struct_ptr,
+ char *arg)
+{
+ int offset = (int) (long) cmd->info;
+ if
+#ifdef KRB5
+ (!strncasecmp(arg, "v5", 2))
+ *(char **) (struct_ptr + offset) = "KerberosV5";
+ else if
+#endif /* KRB5 */
+#ifdef KRB4
+ (!strncasecmp(arg, "v4", 2))
+ *(char **) (struct_ptr + offset) = "KerberosV4";
+#endif /* KRB4 */
+ else if
+ (!strncasecmp(arg, "dualv5v4", 2))
+ *(char **) (struct_ptr + offset) = "KerberosDualV5V4";
+ else if
+ (!strncasecmp(arg, "dualv4v5", 2))
+ *(char **) (struct_ptr + offset) = "KerberosDualV4V5";
+#if defined(KRB4) && defined(KRB5)
+#endif /* KRB4 && KRB5 */
+ else
+ return "AuthKerberos must be V5 or V4.";
+ return NULL;
+}
+
command_rec kerb_auth_cmds[] = {
{
"AuthKerberos",
--- /dev/null
+typedef struct {
+ char *krb_auth_type;
+ int krb_fail_status;
+} kerb_auth_config;
(r->proxyreq == STD_PROXY)
? "Proxy-Authorization"
: "Authorization");
+ kerb_auth_config *conf =
+ (kerb_auth_config *)ap_get_module_config(r->per_dir_config,
+ &kerb_auth_module);
type = ap_auth_type(r);
if (type != NULL) {
#ifdef KRB5
- if (strncasecmp(type, "KerberosV5", 10) == 0) {
+ if ((strncasecmp(type, "KerberosV5", 10) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosV5", 10) == 0)) {
KerberosV5 = 1;
}
#endif /* KRB5 */
#ifdef KRB4
- if (strncasecmp(type, "KerberosV4", 10) == 0) {
+ if ((strncasecmp(type, "KerberosV4", 10) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosV4", 10) == 0)) {
KerberosV4 = 1;
}
#endif /* KRB4 */
#if defined(KRB5) && defined(KRB4)
- if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) {
+ if ((strncasecmp(type, "KerberosDualV5V4", 15) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosDualV5V4", 15) == 0)) {
KerberosV5 = 1;
KerberosV4 = 1;
}
- if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) {
+ if ((strncasecmp(type, "KerberosDualV4V5", 15) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosDualV4V5", 15) == 0)) {
KerberosV5 = 1;
KerberosV4 = 1;
KerberosV4first = 1;
retcode = OK;
}
else {
- retcode = HTTP_UNAUTHORIZED;
+ retcode = conf->krb_fail_status;
}
}
#endif /* KRB5 */
retcode = OK;
}
else {
- retcode = HTTP_UNAUTHORIZED;
+ retcode = conf->krb_fail_status;
}
}
#endif /* KRB4 */
retcode = OK;
}
else {
- retcode = HTTP_UNAUTHORIZED;
+ retcode = conf->krb_fail_status;
}
}
#endif /* KRB5 && KRB4 */
--- /dev/null
+static void *kerb_dir_config(pool *p, char *d)
+{
+ static void *rec;
+ rec = (void *) ap_pcalloc(p, sizeof(kerb_auth_config));
+ ((kerb_auth_config *)rec)->krb_fail_status = HTTP_UNAUTHORIZED;
+ ((kerb_auth_config *)rec)->krb_auth_type = ap_pstrdup(p, "None");
+ return rec;
+}
module kerb_auth_module = {
STANDARD_MODULE_STUFF,
NULL, /* initializer */
- NULL, /* dir config creater */
+ kerb_dir_config, /* dir config creater */
NULL, /* dir merger */
NULL, /* server config */
NULL, /* merge server config */
+static const char *kerb_set_fail_slot(cmd_parms *cmd, void *struct_ptr,
+ const char *arg)
+{
+ int offset = (int) (long) cmd->info;
+ if (!strncasecmp(arg, "unauthorized", 12))
+ *(int *) ((char *)struct_ptr + offset) = HTTP_UNAUTHORIZED;
+ else if (!strncasecmp(arg, "forbidden", 9))
+ *(int *) ((char *)struct_ptr + offset) = HTTP_FORBIDDEN;
+ else if (!strncasecmp(arg, "declined", 9))
+ *(int *) ((char *)struct_ptr + offset) = DECLINED;
+ else
+ return apr_pstrcat(cmd->pool, "KrbAuthFailStatus must be Forbidden, Unauthorized, or Declined.", NULL);
+ return NULL;
+}
+
+static const char *kerb_set_type_slot(cmd_parms *cmd, void *struct_ptr,
+ const char *arg)
+{
+ int offset = (int) (long) cmd->info;
+ if
+#ifdef KRB5
+ (!strncasecmp(arg, "v5", 2))
+ *(char **) ((char *)struct_ptr + offset) = "KerberosV5";
+ else if
+#endif /* KRB5 */
+#ifdef KRB4
+ (!strncasecmp(arg, "v4", 2))
+ *(char **) ((char *)struct_ptr + offset) = "KerberosV4";
+#endif /* KRB4 */
+#if defined(KRB5) && defined(KRB4)
+ else if
+ (!strncasecmp(arg, "dualv5v4", 8))
+ *(char **) ((char *)struct_ptr + offset) = "KerberosDualV5V4";
+ else if
+ (!strncasecmp(arg, "dualv4v5", 8))
+ *(char **) ((char *)struct_ptr + offset) = "KerberosDualV4V5";
+#endif /* KRB5 && KRB4 */
+ else
+ return "AuthKerberos must be V5, V4, DualV4V5, or DualV5V4.";
+ return NULL;
+}
+
static const command_rec kerb_auth_cmds[] = {
AP_INIT_TAKE1(
"AuthKerberos",
--- /dev/null
+typedef struct {
+ char *krb_auth_type;
+ int krb_fail_status;
+} kerb_auth_config;
int res; /* Response holder */
int retcode; /* Return code holder */
+ kerb_auth_config *conf =
+ (kerb_auth_config *)ap_get_module_config(r->per_dir_config,
+ &kerb_auth_module);
+
const char *auth_line = apr_table_get(r->headers_in,
(PROXYREQ_PROXY == r->proxyreq)
? "Proxy-Authorization"
if (type != NULL) {
#ifdef KRB5
- if (strncasecmp(type, "KerberosV5", 10) == 0) {
+ if ((strncasecmp(type, "KerberosV5", 10) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosV5", 10) == 0)) {
KerberosV5 = 1;
}
#endif /* KRB5 */
#ifdef KRB4
- if (strncasecmp(type, "KerberosV4", 10) == 0) {
+ if ((strncasecmp(type, "KerberosV4", 10) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosV4", 10) == 0)) {
KerberosV4 = 1;
}
#endif /* KRB4 */
#if defined(KRB5) && defined(KRB4)
- if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) {
+ if ((strncasecmp(type, "KerberosDualV5V4", 15) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosDualV5V4", 15) == 0)) {
KerberosV5 = 1;
KerberosV4 = 1;
}
- if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) {
+ if ((strncasecmp(type, "KerberosDualV4V5", 15) == 0) ||
+ (strncasecmp(conf->krb_auth_type, "KerberosDualV4V5", 15) == 0)) {
KerberosV5 = 1;
KerberosV4 = 1;
KerberosV4first = 1;
retcode = OK;
}
else {
- retcode = HTTP_UNAUTHORIZED;
+ retcode = conf->krb_fail_status;
}
}
#endif /* KRB5 */
retcode = OK;
}
else {
- retcode = HTTP_UNAUTHORIZED;
+ retcode = conf->krb_fail_status;
}
}
#endif /* KRB4 */
retcode = OK;
}
else {
- retcode = HTTP_UNAUTHORIZED;
+ retcode = conf->krb_fail_status;
}
}
#endif /* KRB5 && KRB4 */
--- /dev/null
+static void *kerb_dir_config(apr_pool_t *p, char *d)
+{
+ static void *rec;
+ rec = (void *) ap_pcalloc(p, sizeof(kerb_auth_config));
+ ((kerb_auth_config *)rec)->krb_fail_status = HTTP_UNAUTHORIZED;
+ ((kerb_auth_config *)rec)->krb_auth_type = apr_pstrdup(p, "None");
+ return rec;
+}
module AP_MODULE_DECLARE_DATA kerb_auth_module =
{
STANDARD20_MODULE_STUFF,
- NULL, /* dir config creater */
+ kerb_dir_config, /* dir config creater */
NULL, /* dir merger */
NULL, /* server config */
NULL, /* merge server config */
case $ac_api in
'apache1')
GENHEADERS="$GENHEADERS apache1/api_inc.h"
+ GENHEADERS="$GENHEADERS apache1/auth_config.h"
GENSOURCES="$GENSOURCES apache1/auth_user.c"
+ GENSOURCES="$GENSOURCES apache1/auth_cmds.c"
+ GENSOURCES="$GENSOURCES apache1/dir_config.c"
GENSOURCES="$GENSOURCES apache1/module.c"
;;
'apache2')
GENHEADERS="$GENHEADERS apache2/api_inc.h"
+ GENHEADERS="$GENHEADERS apache2/auth_config.h"
GENSOURCES="$GENSOURCES apache2/auth_user.c"
+ GENSOURCES="$GENSOURCES apache2/auth_cmds.c"
+ GENSOURCES="$GENSOURCES apache2/dir_config.c"
GENSOURCES="$GENSOURCES apache2/hooks.c"
GENSOURCES="$GENSOURCES apache2/module.c"
;;
case $ac_api in
'apache1')
GENHEADERS="$GENHEADERS apache1/api_inc.h"
+ GENHEADERS="$GENHEADERS apache1/auth_config.h"
GENSOURCES="$GENSOURCES apache1/auth_user.c"
+ GENSOURCES="$GENSOURCES apache1/auth_cmds.c"
+ GENSOURCES="$GENSOURCES apache1/dir_config.c"
GENSOURCES="$GENSOURCES apache1/module.c"
;;
'apache2')
GENHEADERS="$GENHEADERS apache2/api_inc.h"
+ GENHEADERS="$GENHEADERS apache2/auth_config.h"
GENSOURCES="$GENSOURCES apache2/auth_user.c"
+ GENSOURCES="$GENSOURCES apache2/auth_cmds.c"
+ GENSOURCES="$GENSOURCES apache2/dir_config.c"
GENSOURCES="$GENSOURCES apache2/hooks.c"
GENSOURCES="$GENSOURCES apache2/module.c"
;;