Added support for fail_status and authkerberos options.

diff --git a/ChangeLog b/ChangeLog
index 523dc3f..a98b99a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,27 @@
+2002-09-02  Daniel Henninger  <daniel@ncsu.edu>
+
+       * apache1/auth_cmds.c:
+       * apache2/auth_cmds.c:
+       Added flag parsing for options and finished up first two commands.
+
+       * apache1/auth_config.h:
+       * apache2/auth_config.h:
+       Added auth config struct.
+
+       * apache1/auth_user.c:
+       * apache2/auth_user.c:
+       Added fail_status and kerbauthtype functionality.
+
+       * apache1/dir_config.c:
+       * apache2/dir_config.c:
+       Added defaults for current flags.
+
+2002-09-01  Daniel Henninger  <daniel@ncsu.edu>
+
+       * apache1/auth_cmds.c:
+       * apache2/auth_cmds.c:
+       Put together everything but flag parsing for the first batch of options.
+
 2002-07-09  Daniel Henninger  <daniel@ncsu.edu>
 
        * apache1/auth_cmds.c:

diff --git a/apache1/auth_cmds.c b/apache1/auth_cmds.c
index f1d5014..c59a752 100644 (file)
--- a/apache1/auth_cmds.c
+++ b/apache1/auth_cmds.c
@@ -1,3 +1,45 @@
+static const char *kerb_set_fail_slot(cmd_parms *cmd, char *struct_ptr,
+                                       char *arg)
+{
+       int offset = (int) (long) cmd->info;
+       if (!strncasecmp(arg, "unauthorized", 12))
+               *(int *) (struct_ptr + offset) = HTTP_UNAUTHORIZED;
+       else if (!strncasecmp(arg, "forbidden", 9))
+               *(int *) (struct_ptr + offset) = HTTP_FORBIDDEN;
+       else if (!strncasecmp(arg, "declined", 8))
+               *(int *) (struct_ptr + offset) = DECLINED;
+       else
+               return "KrbFailStatus must be Forbidden, Unauthorized, or Declined.";
+       return NULL;
+}
+
+static const char *kerb_set_type_slot(cmd_parms *cmd, char *struct_ptr,
+                                       char *arg)
+{
+       int offset = (int) (long) cmd->info;
+       if
+#ifdef KRB5
+          (!strncasecmp(arg, "v5", 2))
+               *(char **) (struct_ptr + offset) = "KerberosV5";
+       else if
+#endif /* KRB5 */
+#ifdef KRB4
+          (!strncasecmp(arg, "v4", 2))
+               *(char **) (struct_ptr + offset) = "KerberosV4";
+#endif /* KRB4 */
+       else if
+          (!strncasecmp(arg, "dualv5v4", 2))
+               *(char **) (struct_ptr + offset) = "KerberosDualV5V4";
+       else if
+          (!strncasecmp(arg, "dualv4v5", 2))
+               *(char **) (struct_ptr + offset) = "KerberosDualV4V5";
+#if defined(KRB4) && defined(KRB5)
+#endif /* KRB4 && KRB5 */
+       else
+               return "AuthKerberos must be V5 or V4.";
+       return NULL;
+}
+
 command_rec kerb_auth_cmds[] = {
        {
                "AuthKerberos",

diff --git a/apache1/auth_config.h b/apache1/auth_config.h
new file mode 100644 (file)
index 0000000..554586e
--- /dev/null
+++ b/apache1/auth_config.h
@@ -0,0 +1,4 @@
+typedef struct {
+       char *krb_auth_type;
+       int krb_fail_status;
+} kerb_auth_config;

diff --git a/apache1/auth_user.c b/apache1/auth_user.c
index b6a0dbf..d46c6f9 100644 (file)
--- a/apache1/auth_user.c
+++ b/apache1/auth_user.c
@@ -13,29 +13,36 @@ int kerb_authenticate_user(request_rec *r) {
                                        (r->proxyreq == STD_PROXY)
                                                ? "Proxy-Authorization"
                                                : "Authorization");
+       kerb_auth_config *conf =
+               (kerb_auth_config *)ap_get_module_config(r->per_dir_config,
+                                       &kerb_auth_module);
 
        type = ap_auth_type(r);
 
        if (type != NULL) {
 #ifdef KRB5
-               if (strncasecmp(type, "KerberosV5", 10) == 0) {
+               if ((strncasecmp(type, "KerberosV5", 10) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosV5", 10) == 0)) {
                        KerberosV5 = 1;
                }
 #endif /* KRB5 */
 
 #ifdef KRB4
-               if (strncasecmp(type, "KerberosV4", 10) == 0) {
+               if ((strncasecmp(type, "KerberosV4", 10) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosV4", 10) == 0)) {
                        KerberosV4 = 1;
                }
 #endif /* KRB4 */
 
 #if defined(KRB5) && defined(KRB4)
-               if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) {
+               if ((strncasecmp(type, "KerberosDualV5V4", 15) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosDualV5V4", 15) == 0)) {
                        KerberosV5 = 1;
                        KerberosV4 = 1;
                }
 
-               if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) {
+               if ((strncasecmp(type, "KerberosDualV4V5", 15) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosDualV4V5", 15) == 0)) {
                        KerberosV5 = 1;
                        KerberosV4 = 1;
                        KerberosV4first = 1;
@@ -74,7 +81,7 @@ int kerb_authenticate_user(request_rec *r) {
                        retcode = OK;
                }
                else {
-                       retcode = HTTP_UNAUTHORIZED;
+                       retcode = conf->krb_fail_status;
                }
        }
 #endif /* KRB5 */
@@ -85,7 +92,7 @@ int kerb_authenticate_user(request_rec *r) {
                        retcode = OK;
                }
                else {
-                       retcode = HTTP_UNAUTHORIZED;
+                       retcode = conf->krb_fail_status;
                }
        }
 #endif /* KRB4 */
@@ -96,7 +103,7 @@ int kerb_authenticate_user(request_rec *r) {
                        retcode = OK;
                }
                else {
-                       retcode = HTTP_UNAUTHORIZED;
+                       retcode = conf->krb_fail_status;
                }
        }
 #endif /* KRB5 && KRB4 */

diff --git a/apache1/dir_config.c b/apache1/dir_config.c
new file mode 100644 (file)
index 0000000..54ba60d
--- /dev/null
+++ b/apache1/dir_config.c
@@ -0,0 +1,8 @@
+static void *kerb_dir_config(pool *p, char *d)
+{
+       static void *rec;
+       rec = (void *) ap_pcalloc(p, sizeof(kerb_auth_config));
+       ((kerb_auth_config *)rec)->krb_fail_status = HTTP_UNAUTHORIZED;
+       ((kerb_auth_config *)rec)->krb_auth_type = ap_pstrdup(p, "None");
+       return rec;
+}

diff --git a/apache1/module.c b/apache1/module.c
index d513b9d..e7a0825 100644 (file)
--- a/apache1/module.c
+++ b/apache1/module.c
@@ -1,7 +1,7 @@
 module kerb_auth_module = {
        STANDARD_MODULE_STUFF,
        NULL,                           /* initializer */
-       NULL,                           /* dir config creater */
+       kerb_dir_config,                /* dir config creater */
        NULL,                           /* dir merger */
        NULL,                           /* server config */
        NULL,                           /* merge server config */

diff --git a/apache2/auth_cmds.c b/apache2/auth_cmds.c
index 7209294..7ac3f73 100644 (file)
--- a/apache2/auth_cmds.c
+++ b/apache2/auth_cmds.c
@@ -1,3 +1,45 @@
+static const char *kerb_set_fail_slot(cmd_parms *cmd, void *struct_ptr,
+                                               const char *arg)
+{
+       int offset = (int) (long) cmd->info;
+       if (!strncasecmp(arg, "unauthorized", 12))
+               *(int *) ((char *)struct_ptr + offset) = HTTP_UNAUTHORIZED;
+       else if (!strncasecmp(arg, "forbidden", 9))
+               *(int *) ((char *)struct_ptr + offset) = HTTP_FORBIDDEN;
+       else if (!strncasecmp(arg, "declined", 9))
+               *(int *) ((char *)struct_ptr + offset) = DECLINED;
+       else
+               return apr_pstrcat(cmd->pool, "KrbAuthFailStatus must be Forbidden, Unauthorized, or Declined.", NULL);
+       return NULL;
+}
+
+static const char *kerb_set_type_slot(cmd_parms *cmd, void *struct_ptr,
+                                               const char *arg)
+{
+       int offset = (int) (long) cmd->info;
+       if
+#ifdef KRB5
+          (!strncasecmp(arg, "v5", 2))
+               *(char **) ((char *)struct_ptr + offset) = "KerberosV5";
+       else if
+#endif /* KRB5 */
+#ifdef KRB4
+          (!strncasecmp(arg, "v4", 2))
+               *(char **) ((char *)struct_ptr + offset) = "KerberosV4";
+#endif /* KRB4 */
+#if defined(KRB5) && defined(KRB4)
+       else if
+          (!strncasecmp(arg, "dualv5v4", 8))
+               *(char **) ((char *)struct_ptr + offset) = "KerberosDualV5V4";
+       else if
+          (!strncasecmp(arg, "dualv4v5", 8))
+               *(char **) ((char *)struct_ptr + offset) = "KerberosDualV4V5";
+#endif /* KRB5 && KRB4 */
+       else
+               return "AuthKerberos must be V5, V4, DualV4V5, or DualV5V4.";
+       return NULL;
+}
+
 static const command_rec kerb_auth_cmds[] = {
        AP_INIT_TAKE1(
                "AuthKerberos",

diff --git a/apache2/auth_config.h b/apache2/auth_config.h
new file mode 100644 (file)
index 0000000..554586e
--- /dev/null
+++ b/apache2/auth_config.h
@@ -0,0 +1,4 @@
+typedef struct {
+       char *krb_auth_type;
+       int krb_fail_status;
+} kerb_auth_config;

diff --git a/apache2/auth_user.c b/apache2/auth_user.c
index ff3c76a..444fa9b 100644 (file)
--- a/apache2/auth_user.c
+++ b/apache2/auth_user.c
@@ -9,6 +9,10 @@ int kerb_authenticate_user(request_rec *r) {
        int res;                        /* Response holder */
        int retcode;                    /* Return code holder */
 
+       kerb_auth_config *conf =
+               (kerb_auth_config *)ap_get_module_config(r->per_dir_config,
+                                       &kerb_auth_module);
+
        const char *auth_line = apr_table_get(r->headers_in,
                                        (PROXYREQ_PROXY == r->proxyreq)
                                                ? "Proxy-Authorization"
@@ -18,24 +22,28 @@ int kerb_authenticate_user(request_rec *r) {
 
        if (type != NULL) {
 #ifdef KRB5
-               if (strncasecmp(type, "KerberosV5", 10) == 0) {
+               if ((strncasecmp(type, "KerberosV5", 10) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosV5", 10) == 0)) {
                        KerberosV5 = 1;
                }
 #endif /* KRB5 */
 
 #ifdef KRB4
-               if (strncasecmp(type, "KerberosV4", 10) == 0) {
+               if ((strncasecmp(type, "KerberosV4", 10) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosV4", 10) == 0)) {
                        KerberosV4 = 1;
                }
 #endif /* KRB4 */
 
 #if defined(KRB5) && defined(KRB4)
-               if (strncasecmp(type, "KerberosDualV5V4", 15) == 0) {
+               if ((strncasecmp(type, "KerberosDualV5V4", 15) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosDualV5V4", 15) == 0)) {
                        KerberosV5 = 1;
                        KerberosV4 = 1;
                }
 
-               if (strncasecmp(type, "KerberosDualV4V5", 15) == 0) {
+               if ((strncasecmp(type, "KerberosDualV4V5", 15) == 0) ||
+                   (strncasecmp(conf->krb_auth_type, "KerberosDualV4V5", 15) == 0)) {
                        KerberosV5 = 1;
                        KerberosV4 = 1;
                        KerberosV4first = 1;
@@ -75,7 +83,7 @@ int kerb_authenticate_user(request_rec *r) {
                        retcode = OK;
                }
                else {
-                       retcode = HTTP_UNAUTHORIZED;
+                       retcode = conf->krb_fail_status;
                }
        }
 #endif /* KRB5 */
@@ -87,7 +95,7 @@ int kerb_authenticate_user(request_rec *r) {
                        retcode = OK;
                }
                else {
-                       retcode = HTTP_UNAUTHORIZED;
+                       retcode = conf->krb_fail_status;
                }
        }
 #endif /* KRB4 */
@@ -99,7 +107,7 @@ int kerb_authenticate_user(request_rec *r) {
                        retcode = OK;
                }
                else {
-                       retcode = HTTP_UNAUTHORIZED;
+                       retcode = conf->krb_fail_status;
                }
        }
 #endif /* KRB5 && KRB4 */

diff --git a/apache2/dir_config.c b/apache2/dir_config.c
new file mode 100644 (file)
index 0000000..aa15d9c
--- /dev/null
+++ b/apache2/dir_config.c
@@ -0,0 +1,8 @@
+static void *kerb_dir_config(apr_pool_t *p, char *d)
+{
+       static void *rec;
+       rec = (void *) ap_pcalloc(p, sizeof(kerb_auth_config));
+       ((kerb_auth_config *)rec)->krb_fail_status = HTTP_UNAUTHORIZED;
+       ((kerb_auth_config *)rec)->krb_auth_type = apr_pstrdup(p, "None");
+       return rec;
+}

diff --git a/apache2/module.c b/apache2/module.c
index a846a0c..d11f95f 100644 (file)
--- a/apache2/module.c
+++ b/apache2/module.c
@@ -1,7 +1,7 @@
 module AP_MODULE_DECLARE_DATA kerb_auth_module =
 {
        STANDARD20_MODULE_STUFF,
-       NULL,                           /* dir config creater */
+       kerb_dir_config,                /* dir config creater */
        NULL,                           /* dir merger */
        NULL,                           /* server config */
        NULL,                           /* merge server config */

diff --git a/configure b/configure
index 282218f..5320388 100755 (executable)
--- a/configure
+++ b/configure
@@ -1442,12 +1442,18 @@ GENSOURCES=""
 case $ac_api in
        'apache1')
                GENHEADERS="$GENHEADERS apache1/api_inc.h"
+               GENHEADERS="$GENHEADERS apache1/auth_config.h"
                GENSOURCES="$GENSOURCES apache1/auth_user.c"
+               GENSOURCES="$GENSOURCES apache1/auth_cmds.c"
+               GENSOURCES="$GENSOURCES apache1/dir_config.c"
                GENSOURCES="$GENSOURCES apache1/module.c"
                ;;
        'apache2')
                GENHEADERS="$GENHEADERS apache2/api_inc.h"
+               GENHEADERS="$GENHEADERS apache2/auth_config.h"
                GENSOURCES="$GENSOURCES apache2/auth_user.c"
+               GENSOURCES="$GENSOURCES apache2/auth_cmds.c"
+               GENSOURCES="$GENSOURCES apache2/dir_config.c"
                GENSOURCES="$GENSOURCES apache2/hooks.c"
                GENSOURCES="$GENSOURCES apache2/module.c"
                ;;

diff --git a/configure.in b/configure.in
index a70b811..dcb2b9e 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -290,12 +290,18 @@ GENSOURCES=""
 case $ac_api in
        'apache1')
                GENHEADERS="$GENHEADERS apache1/api_inc.h"
+               GENHEADERS="$GENHEADERS apache1/auth_config.h"
                GENSOURCES="$GENSOURCES apache1/auth_user.c"
+               GENSOURCES="$GENSOURCES apache1/auth_cmds.c"
+               GENSOURCES="$GENSOURCES apache1/dir_config.c"
                GENSOURCES="$GENSOURCES apache1/module.c"
                ;;
        'apache2')
                GENHEADERS="$GENHEADERS apache2/api_inc.h"
+               GENHEADERS="$GENHEADERS apache2/auth_config.h"
                GENSOURCES="$GENSOURCES apache2/auth_user.c"
+               GENSOURCES="$GENSOURCES apache2/auth_cmds.c"
+               GENSOURCES="$GENSOURCES apache2/dir_config.c"
                GENSOURCES="$GENSOURCES apache2/hooks.c"
                GENSOURCES="$GENSOURCES apache2/module.c"
                ;;