Ignore:
Timestamp:
Sep 2, 2007, 6:17:43 AM (17 years ago)
Author:
andersk
Message:
httpd module updates, including support for optional authentication.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • server/common/oursrc/httpdmods/mod_auth_sslcert.c

    r236 r390  
    11/* mod_auth_sslcert
    2  * version 1.0, released 2007-01-04
    3  * Anders Kaseorg <anders@kaseorg.com>
     2 * version 1.1, released 2007-09-01 [NOT RELEASED YET]
     3 * Anders Kaseorg <andersk@mit.edu>
    44 *
    55 * This module does authentication based on SSL client certificates:
     
    1818#include "http_core.h"
    1919#include "http_log.h"
     20#include "http_request.h"
    2021
    2122#include "mod_auth.h"
     
    2526
    2627typedef struct {
    27     char *dir;
    2828    int authoritative;
    2929    char *var;
    3030    char *strip_suffix;
     31    int strip_suffix_required;
    3132} auth_sslcert_config_rec;
    3233
    33 static void *create_auth_sslcert_dir_config(apr_pool_t *p, char *d)
     34static void *create_auth_sslcert_dir_config(apr_pool_t *p, char *dirspec)
    3435{
    3536    auth_sslcert_config_rec *conf = apr_pcalloc(p, sizeof(*conf));
    3637
    37     conf->dir = d;
    38     /* Any failures are fatal. */
    3938    conf->authoritative = 1;
    4039    conf->var = NULL;
    4140    conf->strip_suffix = NULL;
     41    conf->strip_suffix_required = 1;
     42
     43    return conf;
     44}
     45
     46static void *merge_auth_sslcert_dir_config(apr_pool_t *p, void *parent_conf, void *newloc_conf)
     47{
     48    auth_sslcert_config_rec *pconf = parent_conf, *nconf = newloc_conf,
     49        *conf = apr_pcalloc(p, sizeof(*conf));
     50
     51    conf->authoritative = nconf->authoritative;
     52    conf->var = (nconf->var != NULL) ? nconf->var : pconf->var;
     53    conf->strip_suffix = (nconf->var != NULL || nconf->strip_suffix != NULL) ?
     54        nconf->strip_suffix : pconf->strip_suffix;
    4255
    4356    return conf;
     
    5972                  OR_AUTHCFG,
    6073                  "An optional suffix to strip from the username"),
     74    AP_INIT_FLAG("AuthSSLCertStripSuffixRequired", ap_set_flag_slot,
     75                 (void *)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix_required),
     76                 OR_AUTHCFG,
     77                 "Set to 'Off' to allow certs that don't end with a recognized "
     78                 "suffix to still authenticate"),
    6179    {NULL}
    6280};
     
    94112                    r->user = apr_pstrmemdup(r->pool, user, i);
    95113                    return OK;
     114                } else if (!conf->strip_suffix_required) {
     115                    r->user = user;
     116                    return OK;
    96117                } else {
    97118                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    98119                                  "SSL username for \"%s\" has wrong suffix: \"%s\"",
    99                                   r->uri, r->user);
     120                                  r->uri, user);
    100121                }
    101122            } else {
     
    107128                          "no SSL username for \"%s\"", r->uri);
    108129        }
    109     } else {
    110         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
     130    } else if (conf->authoritative) {
     131        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
    111132                      "SSL client not verified for \"%s\"", r->uri);
    112133    }
     
    130151static void register_hooks(apr_pool_t *p)
    131152{
    132     ap_hook_check_user_id(authenticate_sslcert_user,NULL,NULL,APR_HOOK_MIDDLE);
    133     ap_hook_optional_fn_retrieve(import_ssl_var_lookup,NULL,NULL,APR_HOOK_MIDDLE);
     153    ap_hook_check_user_id(authenticate_sslcert_user, NULL, NULL, APR_HOOK_MIDDLE);
     154    ap_hook_optional_fn_retrieve(import_ssl_var_lookup, NULL, NULL, APR_HOOK_MIDDLE);
    134155}
    135156
     
    138159    STANDARD20_MODULE_STUFF,
    139160    create_auth_sslcert_dir_config,  /* dir config creater */
    140     NULL,                            /* dir merger --- default is to override */
     161    merge_auth_sslcert_dir_config,   /* dir merger */
    141162    NULL,                            /* server config */
    142163    NULL,                            /* merge server config */
Note: See TracChangeset for help on using the changeset viewer.