summaryrefslogtreecommitdiff
path: root/apache1x
diff options
context:
space:
mode:
Diffstat (limited to 'apache1x')
-rw-r--r--apache1x/mod_httpauth.c215
1 files changed, 110 insertions, 105 deletions
diff --git a/apache1x/mod_httpauth.c b/apache1x/mod_httpauth.c
index fae668e..39cdd8d 100644
--- a/apache1x/mod_httpauth.c
+++ b/apache1x/mod_httpauth.c
@@ -8,6 +8,7 @@
#include <ap_alloc.h>
#include "sock_any.h"
+#include "stringx.h"
#define DEFAULT_PORT 8020
@@ -17,9 +18,9 @@ typedef struct httpauth_context
{
const char* socketname;
int socket;
- const char* method;
int types;
- char* authtypes;
+ const char* method;
+ const char* domain;
pool* child_pool;
}
httpauth_context_t;
@@ -68,7 +69,7 @@ static const char* set_socket(cmd_parms* cmd, void* config, const char* val)
static const char* set_method(cmd_parms* cmd, void* config, const char* val)
{
httpauth_context_t* conf = (httpauth_context_t*)config;
- conf->method = ap_pstrdup(cmd->pool, val);
+ conf->method = val;
return NULL;
}
@@ -96,6 +97,13 @@ static const char* set_types(cmd_parms* cmd, void* config, const char* val)
return NULL;
}
+static const char* set_domain(cmd_parms* cmd, void* config, const char* val)
+{
+ httpauth_context_t* conf = (httpauth_context_t*)config;
+ conf->domain = trim_space(ap_pstrdup(cmd->pool, val));
+ return NULL;
+}
+
static const command_rec httpauth_cmds[] =
{
{ "HttpAuthSocket", set_socket, NULL, OR_AUTHCFG, TAKE1,
@@ -104,6 +112,8 @@ static const command_rec httpauth_cmds[] =
"The method that httpauthd should use to authenticate" },
{ "HttpAuthTypes", set_types, NULL, OR_AUTHCFG, ITERATE,
"The types of authentiction allowed (Basic, Digest, NTLM ...)" },
+ { "HttpAuthDigestDomain", set_domain, NULL, OR_AUTHCFG, RAW_ARGS,
+ "The domain for which digest authentication is relevant" },
{ NULL, NULL, NULL, 0, 0, NULL }
};
@@ -111,32 +121,6 @@ static const command_rec httpauth_cmds[] =
* Socket handling code
*/
-const char* trim_start(const char* data)
-{
- while(*data && ap_isspace(*data))
- ++data;
- return data;
-}
-
-char* trim_end(char* data)
-{
- char* t = data + strlen(data);
-
- while(t > data && ap_isspace(*(t - 1)))
- {
- t--;
- *t = 0;
- }
-
- return data;
-}
-
-char* trim_space(char* data)
-{
- data = (char*)trim_start(data);
- return trim_end(data);
-}
-
void read_junk(httpauth_context_t* ctx, request_rec* r)
{
char buf[16];
@@ -280,6 +264,13 @@ int read_response(httpauth_context_t* ctx, request_rec* r,
if(code)
*code = c;
+ if(c >= 400)
+ {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+ "httpauth: received error from httpauthd: %d %s", c, line);
+ return -1;
+ }
+
/* Get the second response code if we're a 200 */
if(c == 200)
{
@@ -296,7 +287,9 @@ int read_response(httpauth_context_t* ctx, request_rec* r,
*ccode = c;
}
- *details = trim_space(line);
+ if(details)
+ *details = trim_space(line);
+
return 0;
}
@@ -416,6 +409,46 @@ void disconnect_socket(httpauth_context_t* ctx, server_rec* s)
}
}
+int write_data(httpauth_context_t* ctx, server_rec* s, const char* data)
+{
+ int r;
+
+ if(ctx->socket == -1)
+ {
+ ap_log_error(APLOG_MARK, APLOG_ERR, s,
+ "httpauth: Socket to httpauthd daemon closed. Can't write data.");
+ return -1;
+ }
+
+ while(*data != 0)
+ {
+ r = write(ctx->socket, data, strlen(data));
+
+ if(r > 0)
+ data += r;
+
+ else if(r == -1)
+ {
+ if(errno == EAGAIN)
+ continue;
+
+ /* The other end closed. no message */
+ if(errno == EPIPE)
+ disconnect_socket(ctx, s);
+
+ else
+ ap_log_error(APLOG_MARK, APLOG_ERR, s,
+ "httpauth: Couldn't write data to daemon");
+
+ errno = 0;
+ return -1;
+ }
+ }
+
+ errno = 0;
+ return 0;
+}
+
int connect_socket(httpauth_context_t* ctx, request_rec* r)
{
struct sockaddr_any sany;
@@ -468,97 +501,76 @@ int connect_httpauth(httpauth_context_t* ctx, request_rec* r)
if(read_response(ctx, r, &code, NULL, &details) == -1)
goto finally;
- if(code >= 400)
+ if(code != 100)
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
- "httpauth: received error from httpauthd: %d", code);
+ "httpauth: protocol error (Expected 100, got %d)", code);
goto finally;
}
- if(code != 100)
+ /* Check theversion number */
+ details = trim_space(details);
+
+ if(strcmp(details, "HTTPAUTH/1.0") != 0)
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
- "httpauth: protocol error (Expected 100, got %d)", code);
+ "httpauth: Daemon speaking incompatible protocol version: %s", details);
goto finally;
}
- /*
- * Not pretty code :) In order to keep from parsing up
- * the whole available types string that we get from the
- * client, and keeping an array etc... we just make sure
- * that the auth type requested is in the string, and
- * it's on word boundaries.
- */
-
- t = ap_strcasestr(details, ctx->method);
- if(t)
+ /* Send our method */
+ if(ctx->method)
{
- /* Make sure we're at a parse mark */
- if(t == details || ap_isspace(*(t - 1)))
- {
- /* Make sure end is at a parse mark */
- t += strlen(ctx->method);
- if(!*t || ap_isspace(*t))
- {
- ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
- "httpauth: connected to daemon (methods: %s)", details);
+ t = ap_pstrcat(r->pool, "SET Method ", ctx->method, "\n", NULL);
- /* We're cool! */
- ret = 0;
- goto finally;
- }
- }
- }
+ if(write_data(ctx, r->server, t) == -1)
+ goto finally;
- ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
- "httpauth: The configured method '%s' is not provided by httpauthd: %s",
- ctx->method, details);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, r,
+ "httpauth: sent method to daemon: %s", t);
-finally:
- if(ret == -1)
- disconnect_socket(ctx, r->server);
+ if(read_response(ctx, r, &code, NULL, NULL) == -1)
+ goto finally;
- return ret;
-}
-
-int write_data(httpauth_context_t* ctx, server_rec* s, const char* data)
-{
- int r;
-
- if(ctx->socket == -1)
- {
- ap_log_error(APLOG_MARK, APLOG_ERR, s,
- "httpauth: Socket to httpauthd daemon closed. Can't write data.");
- return -1;
+ if(code != 202)
+ {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+ "httpauth: protocol error (Expected 202, got %d)", code);
+ goto finally;
+ }
}
- while(*data != 0)
+ /* Send any setup info we have */
+ if(ctx->domain)
{
- r = write(ctx->socket, data, strlen(data));
-
- if(r > 0)
- data += r;
+ t = ap_pstrcat(r->pool, "SET Domain ", ctx->domain, "\n", NULL);
- else if(r == -1)
- {
- if(errno == EAGAIN)
- continue;
+ if(write_data(ctx, r->server, t) == -1)
+ goto finally;
- /* The other end closed. no message */
- if(errno == EPIPE)
- disconnect_socket(ctx, s);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, r,
+ "httpauth: sent domains to daemon: %s", t);
- else
- ap_log_error(APLOG_MARK, APLOG_ERR, s,
- "httpauth: Couldn't write data to daemon");
+ if(read_response(ctx, r, &code, NULL, NULL) == -1)
+ goto finally;
- errno = 0;
- return -1;
+ if(code != 202)
+ {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+ "httpauth: protocol error (Expected 202, got %d)", code);
+ goto finally;
}
}
- errno = 0;
- return 0;
+ /* We're cool! */
+ ret = 0;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, r, "httpauth: connected to daemon");
+
+finally:
+ if(ret == -1)
+ disconnect_socket(ctx, r->server);
+
+ return ret;
}
int write_request(httpauth_context_t* ctx, request_rec* r)
@@ -574,7 +586,7 @@ int write_request(httpauth_context_t* ctx, request_rec* r)
*/
/* Send the request header to httpauthd */
- t = ap_pstrcat(r->pool, "AUTH ", ctx->method, " XXX ", r->method,
+ t = ap_pstrcat(r->pool, "AUTH XXX ", r->method,
" ", r->unparsed_uri, "\n", NULL);
if(write_data(ctx, r->server, t) == -1)
@@ -679,14 +691,6 @@ static int httpauth_authenticate(request_rec* r)
if(read_response(ctx, r, &code, &ccode, &details) == -1)
return SERVER_ERROR;
- if(code >= 400 && code < 600)
- {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
- "httpauth: received server error from httpauthd: %d%s%s%s",
- code, details ? " (" : "", details ? details : "", details ? ")" : "");
- return SERVER_ERROR;
- }
-
if(code != 200)
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
@@ -756,3 +760,4 @@ module MODULE_VAR_EXPORT httpauth_module =
* so we include this here
*/
#include "../common/sock_any.c"
+#include "../common/stringx.c"