You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2013/04/16 22:01:23 UTC
svn commit: r1468581 - in /httpd/httpd/trunk:
docs/manual/mod/mod_auth_basic.xml modules/aaa/mod_auth_basic.c
Author: minfrin
Date: Tue Apr 16 20:01:22 2013
New Revision: 1468581
URL: http://svn.apache.org/r1468581
Log:
mod_auth_basic: Allow AuthBasicFake to be switched off for an URL space.
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml
httpd/httpd/trunk/modules/aaa/mod_auth_basic.c
Modified: httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml?rev=1468581&r1=1468580&r2=1468581&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_auth_basic.xml Tue Apr 16 20:01:22 2013
@@ -113,7 +113,7 @@ lower level modules</description>
<name>AuthBasicFake</name>
<description>Fake basic authentication using the given expressions for
username and password</description>
-<syntax>AuthBasicFake username password</syntax>
+<syntax>AuthBasicFake off|username [password]</syntax>
<default>none</default>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
@@ -127,6 +127,10 @@ username and password</description>
which allows both the username and password to be set based on
request parameters.</p>
+ <p>If the password is not specified, the default value "password"
+ will be used. To disable fake basic authentication for an URL
+ space, specify "AuthBasicFake off".</p>
+
<p>In this example, we pass a fixed username and password to a
backend server.</p>
@@ -147,7 +151,7 @@ username and password</description>
<example><title>Certificate Example</title>
<highlight language="config">
<Location /secure>
- AuthBasicFake %{SSL_CLIENT_S_DN_Email} password
+ AuthBasicFake %{SSL_CLIENT_S_DN_Email}
</Location>
</highlight>
</example>
@@ -165,6 +169,14 @@ username and password</description>
</highlight>
</example>
+ <example><title>Exclusion Example</title>
+ <highlight language="config">
+<Location /public>
+ AuthBasicFake off
+</Location>
+ </highlight>
+ </example>
+
</usage>
</directivesynopsis>
Modified: httpd/httpd/trunk/modules/aaa/mod_auth_basic.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_basic.c?rev=1468581&r1=1468580&r2=1468581&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_auth_basic.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_auth_basic.c Tue Apr 16 20:01:22 2013
@@ -130,26 +130,47 @@ static const char *set_authoritative(cmd
return NULL;
}
-static const char *add_basic_fake(cmd_parms * cmd, void *config, const char *user, const char *pass)
+static const char *add_basic_fake(cmd_parms * cmd, void *config,
+ const char *user, const char *pass)
{
auth_basic_config_rec *conf = (auth_basic_config_rec *) config;
const char *err;
- conf->fakeuser = ap_expr_parse_cmd(cmd, user, AP_EXPR_FLAG_STRING_RESULT,
- &err, NULL);
- if (err) {
- return apr_psprintf(cmd->pool,
- "Could not parse fake username expression '%s': %s",
- user, err);
+ if (!strcasecmp(user, "off")) {
+
+ conf->fakeuser = NULL;
+ conf->fakepass = NULL;
+ conf->fake_set = 1;
+
}
- conf->fakepass = ap_expr_parse_cmd(cmd, pass, AP_EXPR_FLAG_STRING_RESULT,
- &err, NULL);
- if (err) {
- return apr_psprintf(cmd->pool,
- "Could not parse fake password expression '%s': %s",
- user, err);
+ else {
+
+ /* if password is unspecified, set it to the fixed string "password" to
+ * be compatible with the behaviour of mod_ssl.
+ */
+ if (!pass) {
+ pass = "password";
+ }
+
+ conf->fakeuser =
+ ap_expr_parse_cmd(cmd, user, AP_EXPR_FLAG_STRING_RESULT,
+ &err, NULL);
+ if (err) {
+ return apr_psprintf(cmd->pool,
+ "Could not parse fake username expression '%s': %s", user,
+ err);
+ }
+ conf->fakepass =
+ ap_expr_parse_cmd(cmd, pass, AP_EXPR_FLAG_STRING_RESULT,
+ &err, NULL);
+ if (err) {
+ return apr_psprintf(cmd->pool,
+ "Could not parse fake password expression '%s': %s", user,
+ err);
+ }
+ conf->fake_set = 1;
+
}
- conf->fake_set = 1;
return NULL;
}
@@ -161,9 +182,10 @@ static const command_rec auth_basic_cmds
AP_INIT_FLAG("AuthBasicAuthoritative", set_authoritative, NULL, OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module"),
- AP_INIT_TAKE2("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE12("AuthBasicFake", add_basic_fake, NULL, OR_AUTHCFG,
"Fake basic authentication using the given expressions for "
- "username and password"),
+ "username and password, 'off' to disable. Password defaults "
+ "to 'password' if missing."),
{NULL}
};
@@ -365,7 +387,7 @@ static int authenticate_basic_fake(reque
auth_basic_config_rec *conf = ap_get_module_config(r->per_dir_config,
&auth_basic_module);
- if (!conf->fake_set) {
+ if (!conf->fakeuser) {
return DECLINED;
}