Changeset 390 for server/common/oursrc/httpdmods/mod_auth_sslcert.c
- Timestamp:
- Sep 2, 2007, 6:17:43 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
server/common/oursrc/httpdmods/mod_auth_sslcert.c
r236 r390 1 1 /* mod_auth_sslcert 2 * version 1. 0, released 2007-01-043 * Anders Kaseorg <anders @kaseorg.com>2 * version 1.1, released 2007-09-01 [NOT RELEASED YET] 3 * Anders Kaseorg <andersk@mit.edu> 4 4 * 5 5 * This module does authentication based on SSL client certificates: … … 18 18 #include "http_core.h" 19 19 #include "http_log.h" 20 #include "http_request.h" 20 21 21 22 #include "mod_auth.h" … … 25 26 26 27 typedef struct { 27 char *dir;28 28 int authoritative; 29 29 char *var; 30 30 char *strip_suffix; 31 int strip_suffix_required; 31 32 } auth_sslcert_config_rec; 32 33 33 static void *create_auth_sslcert_dir_config(apr_pool_t *p, char *d )34 static void *create_auth_sslcert_dir_config(apr_pool_t *p, char *dirspec) 34 35 { 35 36 auth_sslcert_config_rec *conf = apr_pcalloc(p, sizeof(*conf)); 36 37 37 conf->dir = d;38 /* Any failures are fatal. */39 38 conf->authoritative = 1; 40 39 conf->var = NULL; 41 40 conf->strip_suffix = NULL; 41 conf->strip_suffix_required = 1; 42 43 return conf; 44 } 45 46 static void *merge_auth_sslcert_dir_config(apr_pool_t *p, void *parent_conf, void *newloc_conf) 47 { 48 auth_sslcert_config_rec *pconf = parent_conf, *nconf = newloc_conf, 49 *conf = apr_pcalloc(p, sizeof(*conf)); 50 51 conf->authoritative = nconf->authoritative; 52 conf->var = (nconf->var != NULL) ? nconf->var : pconf->var; 53 conf->strip_suffix = (nconf->var != NULL || nconf->strip_suffix != NULL) ? 54 nconf->strip_suffix : pconf->strip_suffix; 42 55 43 56 return conf; … … 59 72 OR_AUTHCFG, 60 73 "An optional suffix to strip from the username"), 74 AP_INIT_FLAG("AuthSSLCertStripSuffixRequired", ap_set_flag_slot, 75 (void *)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix_required), 76 OR_AUTHCFG, 77 "Set to 'Off' to allow certs that don't end with a recognized " 78 "suffix to still authenticate"), 61 79 {NULL} 62 80 }; … … 94 112 r->user = apr_pstrmemdup(r->pool, user, i); 95 113 return OK; 114 } else if (!conf->strip_suffix_required) { 115 r->user = user; 116 return OK; 96 117 } else { 97 118 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 98 119 "SSL username for \"%s\" has wrong suffix: \"%s\"", 99 r->uri, r->user);120 r->uri, user); 100 121 } 101 122 } else { … … 107 128 "no SSL username for \"%s\"", r->uri); 108 129 } 109 } else {110 130 } else if (conf->authoritative) { 131 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 111 132 "SSL client not verified for \"%s\"", r->uri); 112 133 } … … 130 151 static void register_hooks(apr_pool_t *p) 131 152 { 132 ap_hook_check_user_id(authenticate_sslcert_user, NULL,NULL,APR_HOOK_MIDDLE);133 ap_hook_optional_fn_retrieve(import_ssl_var_lookup, NULL,NULL,APR_HOOK_MIDDLE);153 ap_hook_check_user_id(authenticate_sslcert_user, NULL, NULL, APR_HOOK_MIDDLE); 154 ap_hook_optional_fn_retrieve(import_ssl_var_lookup, NULL, NULL, APR_HOOK_MIDDLE); 134 155 } 135 156 … … 138 159 STANDARD20_MODULE_STUFF, 139 160 create_auth_sslcert_dir_config, /* dir config creater */ 140 NULL, /* dir merger --- default is to override*/161 merge_auth_sslcert_dir_config, /* dir merger */ 141 162 NULL, /* server config */ 142 163 NULL, /* merge server config */
Note: See TracChangeset
for help on using the changeset viewer.