httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1468581 - in /httpd/httpd/trunk: docs/manual/mod/mod_auth_basic.xml modules/aaa/mod_auth_basic.c
Date Tue, 16 Apr 2013 20:01:23 GMT
Author: minfrin
Date: Tue Apr 16 20:01:22 2013
New Revision: 1468581

URL: http://svn.apache.org/r1468581
Log:
mod_auth_basic: Allow AuthBasicFake to be switched off for an URL space.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml
    httpd/httpd/trunk/modules/aaa/mod_auth_basic.c

Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml?rev=1468581&r1=1468580&r2=1468581&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml Tue Apr 16 20:01:22 2013
@@ -113,7 +113,7 @@ lower level modules</description>
 <name>AuthBasicFake</name>
 <description>Fake basic authentication using the given expressions for
 username and password</description>
-<syntax>AuthBasicFake username password</syntax>
+<syntax>AuthBasicFake off|username [password]</syntax>
 <default>none</default>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
@@ -127,6 +127,10 @@ username and password</description>
     which allows both the username and password to be set based on
     request parameters.</p>
 
+    <p>If the password is not specified, the default value "password"
+    will be used. To disable fake basic authentication for an URL
+    space, specify "AuthBasicFake off".</p>
+
     <p>In this example, we pass a fixed username and password to a
     backend server.</p>
 
@@ -147,7 +151,7 @@ username and password</description>
     <example><title>Certificate Example</title>
     <highlight language="config">
 &lt;Location /secure&gt;
-    AuthBasicFake %{SSL_CLIENT_S_DN_Email} password
+    AuthBasicFake %{SSL_CLIENT_S_DN_Email}
 &lt;/Location&gt;
     </highlight>
     </example>
@@ -165,6 +169,14 @@ username and password</description>
     </highlight>
     </example>
 
+    <example><title>Exclusion Example</title>
+    <highlight language="config">
+&lt;Location /public&gt;
+    AuthBasicFake off
+&lt;/Location&gt;
+    </highlight>
+    </example>
+
 </usage>
 </directivesynopsis>
 

Modified: httpd/httpd/trunk/modules/aaa/mod_auth_basic.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_basic.c?rev=1468581&r1=1468580&r2=1468581&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_auth_basic.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_auth_basic.c Tue Apr 16 20:01:22 2013
@@ -130,26 +130,47 @@ static const char *set_authoritative(cmd
     return NULL;
 }
 
-static const char *add_basic_fake(cmd_parms * cmd, void *config, const char *user, const
char *pass)
+static const char *add_basic_fake(cmd_parms * cmd, void *config,
+        const char *user, const char *pass)
 {
     auth_basic_config_rec *conf = (auth_basic_config_rec *) config;
     const char *err;
 
-    conf->fakeuser = ap_expr_parse_cmd(cmd, user, AP_EXPR_FLAG_STRING_RESULT,
-                                        &err, NULL);
-    if (err) {
-        return apr_psprintf(cmd->pool,
-                            "Could not parse fake username expression '%s': %s",
-                            user, err);
+    if (!strcasecmp(user, "off")) {
+
+        conf->fakeuser = NULL;
+        conf->fakepass = NULL;
+        conf->fake_set = 1;
+
     }
-    conf->fakepass = ap_expr_parse_cmd(cmd, pass, AP_EXPR_FLAG_STRING_RESULT,
-                                        &err, NULL);
-    if (err) {
-        return apr_psprintf(cmd->pool,
-                            "Could not parse fake password expression '%s': %s",
-                            user, err);
+    else {
+
+        /* if password is unspecified, set it to the fixed string "password" to
+         * be compatible with the behaviour of mod_ssl.
+         */
+        if (!pass) {
+            pass = "password";
+        }
+
+        conf->fakeuser =
+                ap_expr_parse_cmd(cmd, user, AP_EXPR_FLAG_STRING_RESULT,
+                        &err, NULL);
+        if (err) {
+            return apr_psprintf(cmd->pool,
+                    "Could not parse fake username expression '%s': %s", user,
+                    err);
+        }
+        conf->fakepass =
+                ap_expr_parse_cmd(cmd, pass, AP_EXPR_FLAG_STRING_RESULT,
+                        &err, NULL);
+        if (err) {
+            return apr_psprintf(cmd->pool,
+                    "Could not parse fake password expression '%s': %s", user,
+                    err);
+        }
+        conf->fake_set = 1;
+
     }
-    conf->fake_set = 1;
 
     return NULL;
 }
@@ -161,9 +182,10 @@ static const command_rec auth_basic_cmds
     AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,
                  "Set to 'Off' to allow access control to be passed along to "
                  "lower modules if the UserID is not known to this module"),
-    AP_INIT_TAKE2("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
+    AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
                   "Fake basic authentication using the given expressions for "
-                  "username and password"),
+                  "username and password, 'off' to disable. Password defaults "
+                  "to 'password' if missing."),
     {NULL}
 };
 
@@ -365,7 +387,7 @@ static int authenticate_basic_fake(reque
     auth_basic_config_rec *conf = ap_get_module_config(r->per_dir_config,
                                                        &auth_basic_module);
 
-    if (!conf->fake_set) {
+    if (!conf->fakeuser) {
         return DECLINED;
     }
 



Mime
View raw message