From 845693df0604b5890db0eb36e7f7bf9c2e2813e8 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 5 May 2004 22:28:57 +0000 Subject: - Parse incoming headers properly for authtypes - Handle sub-requests properly - Makefile fix --- apache1x/Makefile | 2 +- apache1x/mod_httpauth.c | 44 ++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 5 deletions(-) (limited to 'apache1x') diff --git a/apache1x/Makefile b/apache1x/Makefile index 3ddc156..b398959 100644 --- a/apache1x/Makefile +++ b/apache1x/Makefile @@ -16,7 +16,7 @@ all: mod_httpauth.so # compile the DSO file mod_httpauth.so: mod_httpauth.c ../common/sock_any.c - $(APXS) -c -Wc,-g -Wc,-O0 $(DEF) $(INC) $(LIB) mod_httpauth.c ../common/sock_any.c + $(APXS) -c -Wc,-g -Wc,-O0 $(DEF) $(INC) $(LIB) mod_httpauth.c # install the DSO file into the Apache installation # and activate it in the Apache configuration diff --git a/apache1x/mod_httpauth.c b/apache1x/mod_httpauth.c index b112120..fae668e 100644 --- a/apache1x/mod_httpauth.c +++ b/apache1x/mod_httpauth.c @@ -363,12 +363,32 @@ int read_copy_headers(httpauth_context_t* ctx, int ccode, request_rec* r) line = trim_space(line); - /* Fix up when we're a proxy */ - if(r->proxyreq == STD_PROXY) + if(strcasecmp(name, "WWW-Authenticate") == 0) { - if(strcasecmp(name, "WWW-Authenticate") == 0) + if(strncasecmp(line, AUTH_PREFIX_BASIC, strlen(AUTH_PREFIX_BASIC)) == 0 && + !(ctx->types & AUTH_TYPE_BASIC)) + continue; + + else if(strncasecmp(line, AUTH_PREFIX_DIGEST, strlen(AUTH_PREFIX_DIGEST)) == 0 && + !(ctx->types & AUTH_TYPE_DIGEST)) + continue; + + else if(strncasecmp(line, AUTH_PREFIX_NTLM, strlen(AUTH_PREFIX_NTLM)) == 0 && + !(ctx->types & AUTH_TYPE_NTLM)) + continue; + + /* Only allow unknown if we don't have it */ + else if(!(ctx->types & AUTH_TYPE_ANY)) + continue; + + /* Fix up when we're a proxy */ + if(r->proxyreq == STD_PROXY) name = "Proxy-Authenticate"; - else if(strcasecmp(name, "Authentication-Info") == 0) + } + + else if(strcasecmp(name, "Authentication-Info") == 0) + { + if(r->proxyreq == STD_PROXY) name = "Proxy-Authentication-Info"; } @@ -618,6 +638,7 @@ static int httpauth_authenticate(request_rec* r) int code = 0; int ccode = 0; char* details = NULL; + request_rec* mainreq; /* Make sure it's for us */ if(!(authtype = ap_auth_type(r)) || strcasecmp(HTTPAUTH_AUTHTYPE, authtype) != 0) @@ -629,6 +650,18 @@ static int httpauth_authenticate(request_rec* r) if(!ctx->socketname || !ctx->method) return DECLINED; + mainreq = r; + + while(mainreq->main != NULL) + mainreq = mainreq->main; + + while(mainreq->prev != NULL) + mainreq = mainreq->prev; + + /* Check if we've already authenticated this request */ + if(ap_get_module_config(mainreq->request_config, &httpauth_module)) + return OK; + if(ctx->socket == -1) { if(connect_httpauth(ctx, r) == -1) @@ -672,6 +705,9 @@ static int httpauth_authenticate(request_rec* r) (char*)(r->connection->user) = ap_pstrdup(r->connection->pool, details); r->connection->ap_auth_type = HTTPAUTH_AUTHTYPE; + + /* Mark request as successfully authenticated */ + ap_set_module_config(r->request_config, &httpauth_module, details); return OK; } -- cgit v1.2.3