httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerenkra...@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_auth.h mod_auth_basic.c mod_auth_digest.c
Date Wed, 18 Sep 2002 01:05:25 GMT
jerenkrantz    2002/09/17 18:05:25

  Modified:    modules/aaa mod_auth.h mod_auth_basic.c mod_auth_digest.c
  Log:
  Add ability to use multiple providers for basic and digest authentication.
  
  The syntax is:
  
  AuthBasicProvider file dbm
  AuthUserFile conf/basic-user
  AuthDBMUserFile conf/basic-user-dbm
  
  Revision  Changes    Path
  1.4       +9 -0      httpd-2.0/modules/aaa/mod_auth.h
  
  Index: mod_auth.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth.h,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -u -r1.3 -r1.4
  --- mod_auth.h	13 Sep 2002 21:55:31 -0000	1.3
  +++ mod_auth.h	18 Sep 2002 01:05:25 -0000	1.4
  @@ -106,6 +106,15 @@
                                      const char *realm, char **rethash);
   } authn_provider;
   
  +/* A linked-list of authn providers. */
  +typedef struct authn_provider_list authn_provider_list;
  +
  +struct authn_provider_list {
  +    const char *provider_name;
  +    const authn_provider *provider;
  +    authn_provider_list *next;
  +};
  +
   AAA_DECLARE(void) authn_register_provider(apr_pool_t *p, const char *name,
                                            const authn_provider *provider);
   AAA_DECLARE(const authn_provider *) authn_lookup_provider(const char *name);
  
  
  
  1.5       +60 -23    httpd-2.0/modules/aaa/mod_auth_basic.c
  
  Index: mod_auth_basic.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_basic.c,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -u -r1.4 -r1.5
  --- mod_auth_basic.c	10 Sep 2002 14:40:46 -0000	1.4
  +++ mod_auth_basic.c	18 Sep 2002 01:05:25 -0000	1.5
  @@ -74,8 +74,7 @@
   #include "mod_auth.h"
   
   typedef struct {
  -    const char *provider_name;
  -    const authn_provider *provider;
  +    authn_provider_list *providers;
       char *dir;
       int authoritative;
   } auth_basic_config_rec;
  @@ -95,29 +94,46 @@
                                         const char *arg)
   {
       auth_basic_config_rec *conf = (auth_basic_config_rec*)config;
  +    authn_provider_list *newp;
  +    const char *provider_name;
   
       if (strcasecmp(arg, "on") == 0) {
  -        conf->provider_name = AUTHN_DEFAULT_PROVIDER;
  +        provider_name = AUTHN_DEFAULT_PROVIDER;
       }
       else if (strcasecmp(arg, "off") == 0) {
  -        conf->provider_name = NULL;
  -        conf->provider = NULL;
  +        /* Clear all configured providers and return. */
  +        conf->providers = NULL;
  +        return NULL;
       }
       else {
  -        conf->provider_name = apr_pstrdup(cmd->pool, arg);
  +        provider_name = apr_pstrdup(cmd->pool, arg);
  +    }
  +
  +    newp = apr_pcalloc(cmd->pool, sizeof(authn_provider_list));
  +    newp->provider_name = provider_name;
  +
  +    /* lookup and cache the actual provider now */
  +    newp->provider = authn_lookup_provider(newp->provider_name);
  +
  +    if (newp->provider == NULL) {
  +        /* by the time they use it, the provider should be loaded and
  +           registered with us. */
  +        return apr_psprintf(cmd->pool,
  +                            "Unknown Authn provider: %s",
  +                            newp->provider_name);
  +    }
  +
  +    /* Add it to the list now. */
  +    if (!conf->providers) {
  +        conf->providers = newp;
       }
  +    else {
  +        authn_provider_list *last = conf->providers;
   
  -    if (conf->provider_name != NULL) {
  -        /* lookup and cache the actual provider now */
  -        conf->provider = authn_lookup_provider(conf->provider_name);
  -
  -        if (conf->provider == NULL) {
  -            /* by the time they use it, the provider should be loaded and
  -               registered with us. */
  -            return apr_psprintf(cmd->pool,
  -                                "Unknown Authn provider: %s",
  -                                conf->provider_name);
  +        while (last->next) {
  +            last = last->next;
           }
  +        last->next = newp;
       }
   
       return NULL;
  @@ -207,6 +223,7 @@
       const char *sent_user, *sent_pw, *current_auth;
       int res;
       authn_status auth_result;
  +    authn_provider_list *current_provider;
   
       /* Are we configured to be Basic auth? */
       current_auth = ap_auth_type(r);
  @@ -228,15 +245,35 @@
           return res;
       }
   
  -    /* For now, if a provider isn't set, we'll be nice and use the file
  -     * provider.
  -     */
  -    if (!conf->provider) {
  -        conf->provider = authn_lookup_provider(AUTHN_DEFAULT_PROVIDER);
  -    }
  +    current_provider = conf->providers;
  +    do {
  +        const authn_provider *provider;
  +
  +        /* For now, if a provider isn't set, we'll be nice and use the file
  +         * provider.
  +         */
  +        if (!current_provider) {
  +            provider = authn_lookup_provider(AUTHN_DEFAULT_PROVIDER);
  +        }
  +        else {
  +            provider = current_provider->provider;
  +        }
   
  -    auth_result = conf->provider->check_password(r, sent_user, sent_pw);
  +        auth_result = provider->check_password(r, sent_user, sent_pw);
  +
  +        /* Access is granted.  Stop checking. */
  +        if (auth_result == AUTH_GRANTED) {
  +            break;
  +        }
  +
  +        /* If we're not really configured for providers, stop now. */
  +        if (!conf->providers) {
  +            break;
  +        }
   
  +        current_provider = current_provider->next;
  +    } while (current_provider);
  +    
       if (auth_result != AUTH_GRANTED) {
           int return_code;
   
  
  
  
  1.71      +66 -32    httpd-2.0/modules/aaa/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_digest.c,v
  retrieving revision 1.70
  retrieving revision 1.71
  diff -u -u -r1.70 -r1.71
  --- mod_auth_digest.c	10 Sep 2002 06:57:02 -0000	1.70
  +++ mod_auth_digest.c	18 Sep 2002 01:05:25 -0000	1.71
  @@ -131,8 +131,7 @@
   
   typedef struct digest_config_struct {
       const char  *dir_name;
  -    const char *provider_name;
  -    const authn_provider *provider;
  +    authn_provider_list *providers;
       const char  *realm;
       char **qop_list;
       apr_sha1_ctx_t  nonce_ctx;
  @@ -486,29 +485,46 @@
                                         const char *arg)
   {
       digest_config_rec *conf = (digest_config_rec*)config;
  -
  +    authn_provider_list *newp;
  +    const char *provider_name;
  +    
       if (strcasecmp(arg, "on") == 0) {
  -        conf->provider_name = AUTHN_DEFAULT_PROVIDER;
  +        provider_name = AUTHN_DEFAULT_PROVIDER;
       }
       else if (strcasecmp(arg, "off") == 0) {
  -        conf->provider_name = NULL;
  -        conf->provider = NULL;
  +        /* Clear all configured providers and return. */
  +        conf->providers = NULL; 
  +        return NULL;
       }
       else {
  -        conf->provider_name = apr_pstrdup(cmd->pool, arg);
  +        provider_name = apr_pstrdup(cmd->pool, arg);
  +    }
  +
  +    newp = apr_pcalloc(cmd->pool, sizeof(authn_provider_list));
  +    newp->provider_name = provider_name;
  +
  +    /* lookup and cache the actual provider now */
  +    newp->provider = authn_lookup_provider(newp->provider_name);
  +
  +    if (newp->provider == NULL) {
  +       /* by the time they use it, the provider should be loaded and
  +           registered with us. */
  +        return apr_psprintf(cmd->pool,
  +                            "Unknown Authn provider: %s",
  +                            newp->provider_name);
       }
   
  -    if (conf->provider_name != NULL) {
  -        /* lookup and cache the actual provider now */
  -        conf->provider = authn_lookup_provider(conf->provider_name);
  -
  -        if (conf->provider == NULL) {
  -            /* by the time they use it, the provider should be loaded and
  -               registered with us. */
  -            return apr_psprintf(cmd->pool,
  -                                "Unknown Authn provider: %s",
  -                                conf->provider_name);
  +    /* Add it to the list now. */
  +    if (!conf->providers) {
  +        conf->providers = newp;
  +    }
  +    else {
  +        authn_provider_list *last = conf->providers;
  +
  +        while (last->next) {
  +            last = last->next;
           }
  +        last->next = newp;
       }
   
       return NULL;
  @@ -1447,23 +1463,45 @@
   {
       authn_status auth_result;
       char *password;
  +    authn_provider_list *current_provider;
   
  -    /* To be nice, if we make it this far and we don't have a provider set,
  -     * we'll use the default provider.
  -     */
  -    if (!conf->provider) {
  -        conf->provider = authn_lookup_provider(AUTHN_DEFAULT_PROVIDER);
  -    }
  +    current_provider = conf->providers;
  +    do {
  +        const authn_provider *provider;
   
  -    /* We expect the password to be md5 hash of user:realm:password */
  -    auth_result = conf->provider->get_realm_hash(r, user, conf->realm,
  -                                                 &password);
  +        /* For now, if a provider isn't set, we'll be nice and use the file
  +         * provider.
  +         */
  +        if (!current_provider) {
  +            provider = authn_lookup_provider(AUTHN_DEFAULT_PROVIDER);
  +        }
  +        else {
  +            provider = current_provider->provider;
  +        }
  +
  +        /* We expect the password to be md5 hash of user:realm:password */
  +        auth_result = provider->get_realm_hash(r, user, conf->realm,
  +                                               &password);
  +
  +        /* User is found.  Stop checking. */
  +        if (auth_result == AUTH_USER_FOUND) {
  +            break;
  +        }
  +
  +        /* If we're not really configured for providers, stop now. */
  +        if (!conf->providers) {
  +           break;
  +        }
  +
  +        current_provider = current_provider->next;
  +    } while (current_provider);
   
       if (auth_result != AUTH_USER_FOUND) {
           return NULL;
       }
  -
  -    return password;
  +    else {
  +        return password;
  +    }
   }
   
   static int check_nc(const request_rec *r, const digest_header_rec *resp,
  @@ -1820,10 +1858,6 @@
                         resp->algorithm, r->uri);
           note_digest_auth_failure(r, conf, resp, 0);
           return HTTP_UNAUTHORIZED;
  -    }
  -
  -    if (!conf->provider) {
  -        return DECLINED;
       }
   
       if (!(conf->ha1 = get_hash(r, r->user, conf))) {
  
  
  

Mime
View raw message