You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2008/06/29 18:42:44 UTC
svn commit: r672639 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h
include/mod_auth.h modules/aaa/mod_auth_digest.c
modules/aaa/mod_authn_core.c modules/aaa/mod_authn_dbm.c
modules/aaa/mod_authn_file.c modules/aaa/mod_authnz_ldap.c
Author: covener
Date: Sun Jun 29 09:42:43 2008
New Revision: 672639
URL: http://svn.apache.org/viewvc?rev=672639&view=rev
Log:
mod_auth_digest: Detect during startup when AuthDigestProvider
is configured to use an incompatible provider via AuthnProviderAlias.
PR 45196
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/include/ap_mmn.h
httpd/httpd/trunk/include/mod_auth.h
httpd/httpd/trunk/modules/aaa/mod_auth_digest.c
httpd/httpd/trunk/modules/aaa/mod_authn_core.c
httpd/httpd/trunk/modules/aaa/mod_authn_dbm.c
httpd/httpd/trunk/modules/aaa/mod_authn_file.c
httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Jun 29 09:42:43 2008
@@ -2,6 +2,10 @@
Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
+ *) mod_auth_digest: Detect during startup when AuthDigestProvider
+ is configured to use an incompatible provider via AuthnProviderAlias.
+ PR 45196 [Eric Covener]
+
*) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
[Tom Donovan]
Modified: httpd/httpd/trunk/include/ap_mmn.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/ap_mmn.h?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/include/ap_mmn.h (original)
+++ httpd/httpd/trunk/include/ap_mmn.h Sun Jun 29 09:42:43 2008
@@ -161,6 +161,7 @@
* 20080528.0 (2.3.0-dev) Switch order of ftp_directory_charset and
* interpolate_env in proxy_dir_conf.
* Rationale: see r661069.
+ * 20080528.1 (2.3.0-dev) add get_realm_hash() to mod_auth.h
*/
#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -168,7 +169,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20080528
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
Modified: httpd/httpd/trunk/include/mod_auth.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/mod_auth.h?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/include/mod_auth.h (original)
+++ httpd/httpd/trunk/include/mod_auth.h Sun Jun 29 09:42:43 2008
@@ -93,6 +93,10 @@
*/
authn_status (*get_realm_hash)(request_rec *r, const char *user,
const char *realm, char **rethash);
+
+ /* OK if provider can satisfy get_realm_hash(), APR_ENOTIMPL otherwise. */
+ apr_status_t (*has_realm_hash)(cmd_parms *cmd, const char *provider_name);
+
} authn_provider;
/* A linked-list of authn providers. */
Modified: httpd/httpd/trunk/modules/aaa/mod_auth_digest.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_digest.c?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_auth_digest.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_auth_digest.c Sun Jun 29 09:42:43 2008
@@ -463,7 +463,9 @@
newp->provider_name);
}
- if (!newp->provider->get_realm_hash) {
+ if (!newp->provider->get_realm_hash ||
+ (newp->provider->has_realm_hash &&
+ newp->provider->has_realm_hash(cmd, newp->provider_name) == APR_ENOTIMPL)) {
/* if it doesn't provide the appropriate function, reject it */
return apr_psprintf(cmd->pool,
"The '%s' Authn provider doesn't support "
Modified: httpd/httpd/trunk/modules/aaa/mod_authn_core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authn_core.c?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authn_core.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authn_core.c Sun Jun 29 09:42:43 2008
@@ -132,6 +132,27 @@
return ret;
}
+static apr_status_t authn_alias_has_realm_hash(cmd_parms *cmd, const char *provider_name)
+{
+ /* No merge, just a query to be passed on to the provider */
+ authn_alias_srv_conf *authcfg =
+ (authn_alias_srv_conf *)ap_get_module_config(cmd->server->module_config,
+ &authn_core_module);
+ apr_status_t ret = APR_ENOTIMPL;
+
+ provider_alias_rec *prvdraliasrec = apr_hash_get(authcfg->alias_rec,
+ provider_name,
+ APR_HASH_KEY_STRING);
+ if (prvdraliasrec->provider->has_realm_hash) {
+ ret = prvdraliasrec->provider->has_realm_hash(cmd, provider_name);
+ }
+ else if (prvdraliasrec->provider->get_realm_hash) {
+ /* provider didn't register has_realm_hash, but does have get_realm_hash */
+ ret = OK;
+ }
+
+ return ret;
+}
static authn_status authn_alias_get_realm_hash(request_rec *r, const char *user,
const char *realm, char **rethash)
{
@@ -179,6 +200,7 @@
{
&authn_alias_check_password,
&authn_alias_get_realm_hash,
+ &authn_alias_has_realm_hash,
};
static const char *authaliassection(cmd_parms *cmd, void *mconfig, const char *arg)
Modified: httpd/httpd/trunk/modules/aaa/mod_authn_dbm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authn_dbm.c?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authn_dbm.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authn_dbm.c Sun Jun 29 09:42:43 2008
@@ -147,6 +147,11 @@
return AUTH_GRANTED;
}
+static apr_status_t has_dbm_realm_hash(cmd_parms *cmd, const char *provider_name)
+{
+ return OK;
+}
+
static authn_status get_dbm_realm_hash(request_rec *r, const char *user,
const char *realm, char **rethash)
{
@@ -184,7 +189,8 @@
static const authn_provider authn_dbm_provider =
{
&check_dbm_pw,
- &get_dbm_realm_hash
+ &get_dbm_realm_hash,
+ &has_dbm_realm_hash
};
static void register_hooks(apr_pool_t *p)
Modified: httpd/httpd/trunk/modules/aaa/mod_authn_file.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authn_file.c?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authn_file.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authn_file.c Sun Jun 29 09:42:43 2008
@@ -108,6 +108,11 @@
return AUTH_GRANTED;
}
+static apr_status_t has_realm_hash(cmd_parms *cmd, const char *provider_name)
+{
+ return OK;
+}
+
static authn_status get_realm_hash(request_rec *r, const char *user,
const char *realm, char **rethash)
{
@@ -159,6 +164,7 @@
{
&check_password,
&get_realm_hash,
+ &has_realm_hash,
};
static void register_hooks(apr_pool_t *p)
Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c?rev=672639&r1=672638&r2=672639&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c Sun Jun 29 09:42:43 2008
@@ -1538,9 +1538,23 @@
return OK;
}
+static authn_status authn_ldap_get_realm_hash(request_rec *r, const char *user,
+ const char *realm, char **rethash)
+{
+ return AUTH_GENERAL_ERROR;
+
+}
+
+static apr_status_t authn_ldap_has_realm_hash(cmd_parms *cmd, const char *provider_name)
+{
+ return APR_ENOTIMPL;
+}
+
static const authn_provider authn_ldap_provider =
{
&authn_ldap_check_password,
+ authn_ldap_get_realm_hash,
+ &authn_ldap_has_realm_hash
};
static const authz_provider authz_ldapuser_provider =
Re: svn commit: r672639 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/mod_auth.h modules/aaa/mod_auth_digest.c modules/aaa/mod_authn_core.c modules/aaa/mod_authn_dbm.c modules/aaa/mod_authn_file.c modules/aaa/mod_authnz_ldap.c
Posted by Eric Covener <co...@gmail.com>.
On Sun, Jun 29, 2008 at 3:58 PM, Ruediger Pluem <rp...@apache.org> wrote:
>> + authn_ldap_get_realm_hash,
>
> An '&' is missing above.
Thanks much, updated in r672671.
--
Eric Covener
covener@gmail.com
Re: svn commit: r672639 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h
include/mod_auth.h modules/aaa/mod_auth_digest.c modules/aaa/mod_authn_core.c
modules/aaa/mod_authn_dbm.c modules/aaa/mod_authn_file.c modules/aaa/mod_authnz_ldap.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 06/29/2008 06:42 PM, covener@apache.org wrote:
> Author: covener
> Date: Sun Jun 29 09:42:43 2008
> New Revision: 672639
>
> URL: http://svn.apache.org/viewvc?rev=672639&view=rev
> Log:
> mod_auth_digest: Detect during startup when AuthDigestProvider
> is configured to use an incompatible provider via AuthnProviderAlias.
> PR 45196
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/include/ap_mmn.h
> httpd/httpd/trunk/include/mod_auth.h
> httpd/httpd/trunk/modules/aaa/mod_auth_digest.c
> httpd/httpd/trunk/modules/aaa/mod_authn_core.c
> httpd/httpd/trunk/modules/aaa/mod_authn_dbm.c
> httpd/httpd/trunk/modules/aaa/mod_authn_file.c
> httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
>
>
> Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c?rev=672639&r1=672638&r2=672639&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c (original)
> +++ httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c Sun Jun 29 09:42:43 2008
> @@ -1538,9 +1538,23 @@
> return OK;
> }
>
> +static authn_status authn_ldap_get_realm_hash(request_rec *r, const char *user,
> + const char *realm, char **rethash)
> +{
> + return AUTH_GENERAL_ERROR;
> +
> +}
> +
> +static apr_status_t authn_ldap_has_realm_hash(cmd_parms *cmd, const char *provider_name)
> +{
> + return APR_ENOTIMPL;
> +}
> +
> static const authn_provider authn_ldap_provider =
> {
> &authn_ldap_check_password,
> + authn_ldap_get_realm_hash,
An '&' is missing above.
Regards
RĂ¼diger