diff options
author | (no author) <(no author)@unknown> | 2002-09-17 00:41:28 +0000 |
---|---|---|
committer | (no author) <(no author)@unknown> | 2002-09-17 00:41:28 +0000 |
commit | 10b95d9cf4c5dca278650bc9610bcf36b7abc468 (patch) | |
tree | 591e11a0fe0e1f49494fadc659aff44634391a9d | |
parent | 7599dce3f64ae439966c3aa57f90bdfa74b30c83 (diff) | |
download | httpd-2.0.41.tar.gz |
This commit was manufactured by cvs2svn to create tag2.0.41
'APACHE_2_0_41'.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/2.0.41@96854 13f79535-47bb-0310-9956-ffa450edef68
79 files changed, 1098 insertions, 7197 deletions
diff --git a/Apache.dsw b/Apache.dsw index 593239be4a..16c9cd021f 100644 --- a/Apache.dsw +++ b/Apache.dsw @@ -57,6 +57,9 @@ Package=<4> Project_Dep_Name ApacheMonitor End Project Dependency Begin Project Dependency + Project_Dep_Name mod_access + End Project Dependency + Begin Project Dependency Project_Dep_Name mod_actions End Project Dependency Begin Project Dependency @@ -66,34 +69,16 @@ Package=<4> Project_Dep_Name mod_asis End Project Dependency Begin Project Dependency - Project_Dep_Name mod_auth_digest - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_authn_anon - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_authn_dbm - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_authn_default - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_authn_file - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_authz_dbm - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_authz_default + Project_Dep_Name mod_auth End Project Dependency Begin Project Dependency - Project_Dep_Name mod_authz_groupfile + Project_Dep_Name mod_auth_anon End Project Dependency Begin Project Dependency - Project_Dep_Name mod_authz_host + Project_Dep_Name mod_auth_dbm End Project Dependency Begin Project Dependency - Project_Dep_Name mod_authz_user + Project_Dep_Name mod_auth_digest End Project Dependency Begin Project Dependency Project_Dep_Name mod_autoindex @@ -105,9 +90,6 @@ Package=<4> Project_Dep_Name mod_cgi End Project Dependency Begin Project Dependency - Project_Dep_Name mod_charset_lite - End Project Dependency - Begin Project Dependency Project_Dep_Name mod_dav_fs End Project Dependency Begin Project Dependency @@ -279,18 +261,6 @@ Package=<4> ############################################################################### -Project: "apriconv"=".\srclib\apr-iconv\apriconv.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ -}}} - -############################################################################### - Project: "aprutil"=".\srclib\apr-util\aprutil.dsp" - Package Owner=<4> Package=<5> @@ -300,9 +270,6 @@ Package=<5> Package=<4> {{{ Begin Project Dependency - Project_Dep_Name apriconv - End Project Dependency - Begin Project Dependency Project_Dep_Name gen_uri_delims End Project Dependency Begin Project Dependency @@ -417,21 +384,6 @@ Package=<4> ############################################################################### -Project: "libapriconv"=".\srclib\apr-iconv\libapriconv.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency -}}} - -############################################################################### - Project: "libaprutil"=".\srclib\apr-util\libaprutil.dsp" - Package Owner=<4> Package=<5> @@ -444,9 +396,6 @@ Package=<4> Project_Dep_Name libapr End Project Dependency Begin Project Dependency - Project_Dep_Name libapriconv - End Project Dependency - Begin Project Dependency Project_Dep_Name gen_uri_delims End Project Dependency Begin Project Dependency @@ -468,9 +417,6 @@ Package=<4> Project_Dep_Name libapr End Project Dependency Begin Project Dependency - Project_Dep_Name libapriconv - End Project Dependency - Begin Project Dependency Project_Dep_Name libaprutil End Project Dependency Begin Project Dependency @@ -501,7 +447,7 @@ Package=<4> ############################################################################### -Project: "mod_actions"=".\modules\mappers\mod_actions.dsp" - Package Owner=<4> +Project: "mod_access"=".\modules\aaa\mod_access.dsp" - Package Owner=<4> Package=<5> {{{ @@ -522,142 +468,7 @@ Package=<4> ############################################################################### -Project: "mod_alias"=".\modules\mappers\mod_alias.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency -}}} - -############################################################################### - -Project: "mod_asis"=".\modules\generators\mod_asis.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency -}}} - -############################################################################### - -Project: "mod_auth_basic"=".\modules\aaa\mod_auth_basic.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency -}}} - -############################################################################### - -Project: "mod_auth_digest"=".\modules\aaa\mod_auth_digest.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency -}}} - -############################################################################### - -Project: "mod_authn_anon"=".\modules\aaa\mod_authn_anon.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency -}}} - -############################################################################### - -Project: "mod_authn_dbm"=".\modules\aaa\mod_authn_dbm.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency -}}} - -############################################################################### - -Project: "mod_authn_default"=".\modules\aaa\mod_authn_default.dsp" - Package Owner=<4> +Project: "mod_actions"=".\modules\mappers\mod_actions.dsp" - Package Owner=<4> Package=<5> {{{ @@ -674,14 +485,11 @@ Package=<4> Begin Project Dependency Project_Dep_Name libhttpd End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency }}} ############################################################################### -Project: "mod_authn_file"=".\modules\aaa\mod_authn_file.dsp" - Package Owner=<4> +Project: "mod_alias"=".\modules\mappers\mod_alias.dsp" - Package Owner=<4> Package=<5> {{{ @@ -698,14 +506,11 @@ Package=<4> Begin Project Dependency Project_Dep_Name libhttpd End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency }}} ############################################################################### -Project: "mod_authz_dbm"=".\modules\aaa\mod_authz_dbm.dsp" - Package Owner=<4> +Project: "mod_asis"=".\modules\generators\mod_asis.dsp" - Package Owner=<4> Package=<5> {{{ @@ -722,14 +527,11 @@ Package=<4> Begin Project Dependency Project_Dep_Name libhttpd End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency }}} ############################################################################### -Project: "mod_authz_default"=".\modules\aaa\mod_authz_default.dsp" - Package Owner=<4> +Project: "mod_auth"=".\modules\aaa\mod_auth.dsp" - Package Owner=<4> Package=<5> {{{ @@ -746,14 +548,11 @@ Package=<4> Begin Project Dependency Project_Dep_Name libhttpd End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency }}} ############################################################################### -Project: "mod_authz_groupfile"=".\modules\aaa\mod_authz_groupfile.dsp" - Package Owner=<4> +Project: "mod_auth_anon"=".\modules\aaa\mod_auth_anon.dsp" - Package Owner=<4> Package=<5> {{{ @@ -770,14 +569,11 @@ Package=<4> Begin Project Dependency Project_Dep_Name libhttpd End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency }}} ############################################################################### -Project: "mod_authz_host"=".\modules\aaa\mod_authz_host.dsp" - Package Owner=<4> +Project: "mod_auth_dbm"=".\modules\aaa\mod_auth_dbm.dsp" - Package Owner=<4> Package=<5> {{{ @@ -794,14 +590,11 @@ Package=<4> Begin Project Dependency Project_Dep_Name libhttpd End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency }}} ############################################################################### -Project: "mod_authz_user"=".\modules\aaa\mod_authz_user.dsp" - Package Owner=<4> +Project: "mod_auth_digest"=".\modules\aaa\mod_auth_digest.dsp" - Package Owner=<4> Package=<5> {{{ @@ -818,9 +611,6 @@ Package=<4> Begin Project Dependency Project_Dep_Name libhttpd End Project Dependency - Begin Project Dependency - Project_Dep_Name mod_auth_basic - End Project Dependency }}} ############################################################################### @@ -909,27 +699,6 @@ Package=<4> ############################################################################### -Project: "mod_charset_lite"=".\modules\experimental\mod_charset_lite.dsp" - Package Owner=<4> - -Package=<5> -{{{ -}}} - -Package=<4> -{{{ - Begin Project Dependency - Project_Dep_Name libapr - End Project Dependency - Begin Project Dependency - Project_Dep_Name libaprutil - End Project Dependency - Begin Project Dependency - Project_Dep_Name libhttpd - End Project Dependency -}}} - -############################################################################### - Project: "mod_dav"=".\modules\dav\main\mod_dav.dsp" - Package Owner=<4> Package=<5> diff --git a/Makefile.win b/Makefile.win index 00633710b4..b98dc8f258 100644 --- a/Makefile.win +++ b/Makefile.win @@ -31,12 +31,13 @@ default: _apacher CTARGET=/build !ENDIF -!IF !EXIST("srclib\apr") || !EXIST("srclib\apr-util") || !EXIST("srclib\apr-iconv") +!IF !EXIST("srclib\apr") || !EXIST("srclib\apr-util") +## || !EXIST("srclib\apr-iconv") !MESSAGE Please check out or download and unpack the Apache Portability Runtime -!MESSAGE sources (apr, apr-iconv and apr-util) into your $(INSTDIR)\srclib dir. +!MESSAGE sources (apr and apr-util) into your $(INSTDIR)\srclib dir. !MESSAGE Apache cannot build without these libraries! !MESSAGE -!ERROR Need $(INSTDIR)\srclib\ apr, apr-iconv and apr-util +!ERROR Need $(INSTDIR)\srclib\ apr and apr-util !ENDIF # Note; _tryssl: is only used by the msvc developer studio environment to 'fix up' @@ -174,10 +175,6 @@ _build: $(MAKE) $(MAKEOPT) -f apr.mak CFG="apr - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f libapr.mak CFG="libapr - Win32 $(LONG)" RECURSE=0 $(CTARGET) cd ..\.. - cd srclib\apr-iconv - $(MAKE) $(MAKEOPT) -f apriconv.mak CFG="apriconv - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f libapriconv.mak CFG="libapriconv - Win32 $(LONG)" RECURSE=0 $(CTARGET) - cd ..\.. cd srclib\apr-util\uri $(MAKE) $(MAKEOPT) -f gen_uri_delims.mak CFG="gen_uri_delims - Win32 $(LONG)" RECURSE=0 $(CTARGET) cd ..\..\.. @@ -198,17 +195,11 @@ _build: $(MAKE) $(MAKEOPT) -f libhttpd.mak CFG="libhttpd - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f Apache.mak CFG="Apache - Win32 $(LONG)" RECURSE=0 $(CTARGET) cd modules\aaa - $(MAKE) $(MAKEOPT) -f mod_auth_basic.mak CFG="mod_auth_basic - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_access.mak CFG="mod_access - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_auth.mak CFG="mod_auth - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_auth_anon.mak CFG="mod_auth_anon - Win32 $(LONG)" RECURSE=0 $(CTARGET) + $(MAKE) $(MAKEOPT) -f mod_auth_dbm.mak CFG="mod_auth_dbm - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_auth_digest.mak CFG="mod_auth_digest - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authn_anon.mak CFG="mod_authn_anon - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authn_dbm.mak CFG="mod_authn_dbm - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authn_default.mak CFG="mod_authn_default - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authn_file.mak CFG="mod_authn_file - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authz_dbm.mak CFG="mod_authz_dbm - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authz_default.mak CFG="mod_authz_default - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authz_groupfile.mak CFG="mod_authz_groupfile - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authz_host.mak CFG="mod_authz_host - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_authz_user.mak CFG="mod_authz_user - Win32 $(LONG)" RECURSE=0 $(CTARGET) cd ..\.. cd modules\arch\win32 $(MAKE) $(MAKEOPT) -f mod_isapi.mak CFG="mod_isapi - Win32 $(LONG)" RECURSE=0 $(CTARGET) @@ -224,7 +215,6 @@ _build: cd ..\..\.. cd modules\experimental $(MAKE) $(MAKEOPT) -f mod_cache.mak CFG="mod_cache - Win32 $(LONG)" RECURSE=0 $(CTARGET) - $(MAKE) $(MAKEOPT) -f mod_charset_lite.mak CFG="mod_charset_lite - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_mem_cache.mak CFG="mod_mem_cache - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_disk_cache.mak CFG="mod_disk_cache - Win32 $(LONG)" RECURSE=0 $(CTARGET) $(MAKE) $(MAKEOPT) -f mod_ext_filter.mak CFG="mod_ext_filter - Win32 $(LONG)" RECURSE=0 $(CTARGET) @@ -363,25 +353,17 @@ _install: copy $(LONG)\Apache.exe "$(INSTDIR)\bin" <.y copy $(LONG)\libhttpd.dll "$(INSTDIR)\bin" <.y copy srclib\apr\$(LONG)\libapr.dll "$(INSTDIR)\bin" <.y - copy srclib\apr-iconv\$(LONG)\libapriconv.dll "$(INSTDIR)\bin" <.y copy srclib\apr-util\$(LONG)\libaprutil.dll "$(INSTDIR)\bin" <.y - copy modules\aaa\$(LONG)\mod_auth_basic.so "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_access.so "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_auth.so "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_auth_anon.so "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_auth_dbm.so "$(INSTDIR)\modules" <.y copy modules\aaa\$(LONG)\mod_auth_digest.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_anon.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_dbm.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_default.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_file.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_dbm.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_default.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_groupfile.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_host.so "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_user.so "$(INSTDIR)\modules" <.y copy modules\arch\win32\$(LONG)\mod_isapi.so "$(INSTDIR)\modules" <.y copy modules\cache\$(LONG)\mod_file_cache.so "$(INSTDIR)\modules" <.y copy modules\dav\fs\$(LONG)\mod_dav_fs.so "$(INSTDIR)\modules" <.y copy modules\dav\main\$(LONG)\mod_dav.so "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_cache.so "$(INSTDIR)\modules" <.y - copy modules\experimental\$(LONG)\mod_charset_lite.so "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_mem_cache.so "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_disk_cache.so "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_ext_filter.so "$(INSTDIR)\modules" <.y @@ -418,25 +400,17 @@ _install: copy $(LONG)\Apache.pdb "$(INSTDIR)\bin" <.y copy $(LONG)\libhttpd.pdb "$(INSTDIR)\bin" <.y copy srclib\apr\$(LONG)\libapr.pdb "$(INSTDIR)\bin" <.y - copy srclib\apr-iconv\$(LONG)\libapriconv.pdb "$(INSTDIR)\bin" <.y copy srclib\apr-util\$(LONG)\libaprutil.pdb "$(INSTDIR)\bin" <.y - copy modules\aaa\$(LONG)\mod_auth_basic.pdb "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_access.pdb "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_auth.pdb "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_auth_anon.pdb "$(INSTDIR)\modules" <.y + copy modules\aaa\$(LONG)\mod_auth_dbm.pdb "$(INSTDIR)\modules" <.y copy modules\aaa\$(LONG)\mod_auth_digest.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_anon.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_dbm.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_default.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authn_file.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_dbm.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_default.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_groupfile.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_host.pdb "$(INSTDIR)\modules" <.y - copy modules\aaa\$(LONG)\mod_authz_user.pdb "$(INSTDIR)\modules" <.y copy modules\arch\win32\$(LONG)\mod_isapi.pdb "$(INSTDIR)\modules" <.y copy modules\cache\$(LONG)\mod_file_cache.pdb "$(INSTDIR)\modules" <.y copy modules\dav\fs\$(LONG)\mod_dav_fs.pdb "$(INSTDIR)\modules" <.y copy modules\dav\main\$(LONG)\mod_dav.pdb "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_cache.pdb "$(INSTDIR)\modules" <.y - copy modules\experimental\$(LONG)\mod_charset_lite.pdb "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_mem_cache.pdb "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_disk_cache.pdb "$(INSTDIR)\modules" <.y copy modules\experimental\$(LONG)\mod_ext_filter.pdb "$(INSTDIR)\modules" <.y @@ -629,8 +603,6 @@ BEGIN { copy srclib\apr-util\xml\expat\lib\Lib$(SHORT)\xml.lib "$(INSTDIR)\lib\expat.lib" <.y copy srclib\apr\$(LONG)\libapr.lib "$(INSTDIR)\lib" <.y copy srclib\apr\$(LONG)\libapr.exp "$(INSTDIR)\lib" <.y - copy srclib\apr-iconv\$(LONG)\libapriconv.lib "$(INSTDIR)\lib" <.y - copy srclib\apr-iconv\$(LONG)\libapriconv.exp "$(INSTDIR)\lib" <.y copy srclib\apr-util\$(LONG)\libaprutil.lib "$(INSTDIR)\lib" <.y copy srclib\apr-util\$(LONG)\libaprutil.exp "$(INSTDIR)\lib" <.y copy $(LONG)\libhttpd.exp "$(INSTDIR)\lib" <.y diff --git a/NWGNUmakefile b/NWGNUmakefile index d4a675061d..82d2ce4424 100644 --- a/NWGNUmakefile +++ b/NWGNUmakefile @@ -32,7 +32,6 @@ XINCDIRS += \ $(AP_WORK)/srclib/include/arch/NetWare \ $(AP_WORK)/srclib/apr-util/include \ $(AP_WORK)/include \ - $(AP_WORK)/modules/aaa/ \ $(AP_WORK)/modules/filters/ \ $(AP_WORK)/modules/generators/ \ $(AP_WORK)/modules/http/ \ @@ -184,7 +183,6 @@ TARGET_lib = \ # Paths must all use the '/' character # FILES_nlm_objs = \ - $(OBJDIR)/auth_provider.o \ $(OBJDIR)/buildmark.o \ $(OBJDIR)/config.o \ $(OBJDIR)/connection.o \ @@ -196,10 +194,11 @@ FILES_nlm_objs = \ $(OBJDIR)/listen.o \ $(OBJDIR)/log.o \ $(OBJDIR)/main.o \ - $(OBJDIR)/mod_authz_host.o \ + $(OBJDIR)/mod_access.o \ $(OBJDIR)/mod_actions.o \ $(OBJDIR)/mod_alias.o \ $(OBJDIR)/mod_asis.o \ + $(OBJDIR)/mod_auth.o \ $(OBJDIR)/mod_autoindex.o \ $(OBJDIR)/mod_cgi.o \ $(OBJDIR)/mod_dir.o \ @@ -1,6 +1,6 @@ APACHE 2.1+ ROADMAP: -Last modified at [$Date: 2002/09/10 08:24:09 $] +Last modified at [$Date: 2002/07/11 20:15:03 $] DEFERRRED FOR APACHE 2.1 @@ -39,6 +39,9 @@ DEFERRRED FOR APACHE 2.1 that file, and allow the cleanup to close it [if it isn't a shared, cached file handle.] + * Refactor auth into auth protocols and auth database stores. + Many interested hackers, too destabilizing for 2.0 inclusion. + DEFERRRED FOR APACHE 3.0 * The Async Apache Server implemented in terms of APR. diff --git a/apachenw.mcp.zip b/apachenw.mcp.zip Binary files differindex d11b0cc386..4d8655852a 100644 --- a/apachenw.mcp.zip +++ b/apachenw.mcp.zip diff --git a/build/NWGNUmakefile b/build/NWGNUmakefile index 277450ffb4..deeef84fa2 100644 --- a/build/NWGNUmakefile +++ b/build/NWGNUmakefile @@ -43,7 +43,6 @@ cc.opt : NWGNUmakefile $(AP_WORK)\build\NWGNUenvironment.inc $(AP_WORK)\build\NW @echo -DCORE_PRIVATE >> $@ @echo -I..\include >> $@ @echo -I..\modules\http >> $@ - @echo -I..\modules\aaa >> $@ @echo -I..\os\netware >> $@ @echo -I..\server\mpm\netware >> $@ @echo -I..\srclib\apr\include >> $@ diff --git a/build/mkconfNW.awk b/build/mkconfNW.awk index 1be5bc3db2..fd52102fb9 100644 --- a/build/mkconfNW.awk +++ b/build/mkconfNW.awk @@ -23,16 +23,9 @@ BEGIN { } /@@LoadModule@@/ { - print "#LoadModule auth_basic_module modules/authbasc.nlm" - print "#LoadModule auth_digest_module modules/authdigt.nlm" - print "#LoadModule authn_anon_module modules/authnano.nlm" - print "#LoadModule authn_dbm_module modules/authndbm.nlm" - print "#LoadModule authn_default_module modules/authndef.nlm" - print "#LoadModule authn_file_module modules/authnfil.nlm" - print "#LoadModule authz_dbm_module modules/authzdbm.nlm" - print "#LoadModule authz_default_module modules/authzdef.nlm" - print "#LoadModule authz_groupfile_module modules/authzgrp.nlm" - print "#LoadModule authz_user_module modules/authzusr.nlm" + print "#LoadModule auth_anon_module modules/authanon.nlm" + print "#LoadModule auth_dbm_module modules/authdbm.nlm" + print "#LoadModule auth_digest_module modules/digest.nlm" print "#LoadModule cern_meta_module modules/cernmeta.nlm" print "#LoadModule dav_module modules/mod_dav.nlm" print "#LoadModule dav_fs_module modules/moddavfs.nlm" diff --git a/build/nw_export.inc b/build/nw_export.inc index 1d2e83f2bd..27185ead30 100644 --- a/build/nw_export.inc +++ b/build/nw_export.inc @@ -45,4 +45,3 @@ #include "util_xml.h" #include "mod_core.h" -#include "mod_auth.h" diff --git a/build/prebuildNW.bat b/build/prebuildNW.bat index 0ce59f1e66..240b4a6938 100755 --- a/build/prebuildNW.bat +++ b/build/prebuildNW.bat @@ -36,7 +36,7 @@ copy ..\srclib\pcre\config.hw ..\srclib\pcre\config.h copy ..\srclib\pcre\pcre.hw ..\srclib\pcre\pcre.h @echo Generating the import lists... -set MWCIncludes=..\include;..\modules\http;..\modules\aaa;..\os\netware;..\server\mpm\netware;..\srclib\apr\include;..\srclib\apr-util\include;+%NovellLibC% +set MWCIncludes=..\include;..\modules\http;..\os\netware;..\server\mpm\netware;..\srclib\apr\include;..\srclib\apr-util\include;+%NovellLibC% mwccnlm -P nw_export.inc -d NETWARE -d CORE_PRIVATE -EP awk -f make_nw_export.awk nw_export.i |sort >..\os\netware\httpd.imp diff --git a/docs/STATUS b/docs/STATUS index 4804e8958a..7b06c77d1f 100644 --- a/docs/STATUS +++ b/docs/STATUS @@ -1,5 +1,5 @@ Apache HTTP Server 2.0 Documentation Status File. -Last modified: $Date: 2002/09/16 20:08:36 $ +Last modified: $Date: 2002/09/15 18:59:14 $ If you are interested in helping accomplish some of the tasks on this list or otherwise improving the documentation, please join the @@ -12,34 +12,10 @@ tutorial on how to get started with making your contribution. ------------------------------ -Things That Need Fixing -======================= - - XML - Rewriting of the remainder of the manual into xml is in progress. See the bottom of this file for status info. - Get mod/mod_auth_ldap.xml to validate against the current dtd. - - Some of the nested <dl>s in mod/mod_include.xml are not working - in mozilla. Probably enclosing some of the bare paragraphs - in <p> would fix it. - -- Windows platform docs are in desperate need of rewrites/updates for 2.0. - - Bill Rowe and Bill Stoddard are good contacts for tech questions. - -- New Auth system - - With the new auth system, we have a bunch of directives that are - duplicated in multiple modules, where one of the modules is obsolete. - We probably need to mark the old modules as <status>obsolete</status> - and key on that to omit them from the directive index, etc. - - Much clean-up and enhancement of docs - - Independent note on how to upgrade to new auth system - -- Figure out what to do about the 2.0 FAQ - - Copy important stuff from 1.3? - - Some kind of XML? - - Something that allows dynamic contributions from users a la - FAQ-O-Matic? (I don't think any really good software exists - for this.) - modules docs - mod_suexec: very little documentation @@ -54,10 +30,6 @@ Things That Need Fixing willing to update the nroff files at the moment. What should we do? - - we should be able to setup an XSLT to convert XML to nroff, - shouldn't we? --nd - - Theoretically? Yes. ;-) --Joshua - - MPM documentation - Non unix/windows MPMs still need to be completed. - the perchild directives in threaded/worker need docs @@ -73,8 +45,8 @@ Things That Need Fixing - misc/known_client_problems.html - mostly ancient - New build process. - - install.html has had a first-pass rewrite, it is basically - accurate, but very incomplete. + - install.html has had a first-pass rewrite, but many things have + changed in the build system since it was written. - API documentation Status: Ben Laurie has written some hooks documentation @@ -86,12 +58,14 @@ Things That Need Fixing http://httpd.apache.org/docs-project/translations.html +New User documentation +====================== + +* Directory Handling (mod_dir/mod_autoindex/etc) Documentation improvements ========================== -* New user docs: Directory Handling (mod_dir/mod_autoindex/etc) - * Enhancements to the DTD/XSL: - <glossary> tag that links to the glossary and uses some special style in the css. @@ -99,24 +73,17 @@ Documentation improvements more structure for the cookie-crumbs, etc. - New index: directives by context, including listing which directives are available for each AllowOverride setting. - - Add a quickreference.html that contains summary info on each - directive. - - Joshua is working on this - - Use a tag like <var> in place of <em> for things like the - <syntax> listing. - - nd volunteers + - Add more information to the directives.html index (description, + syntax, context, ...) or perhaps add a quickreference.html + that contains this info. + - Use a tag like <replaceable> (but not that long) in place of + <em> for things like the <syntax> listing. - Use the sitemap.xml in place of allmodules.xml to generate the directives.html and mod/index.html. - Handle more levels of sub<section>s. - - add letter links to glossary, perhaps also a term overview (sidebar) - -* Autogeneration of PDF - - FOP? - -* Windows help file - - David Shane Holden was working on this * Improving the "security docs" + - More content and better organisation. * General cleaning and improving of module docs @@ -157,6 +124,9 @@ misc/known_client_problems.html # obsolete? misc/perf-tuning.html misc/rewriteguide.html misc/tutorials.html # obsolete? +platform/win_compiling.html +platform/win_service.html +platform/windows.html ssl/index.html.en ssl/ssl_compat.html ssl/ssl_faq.html diff --git a/docs/manual/mod/mod_auth_basic.html.en b/docs/manual/mod/mod_auth_basic.html.en deleted file mode 100644 index dd794fa69f..0000000000 --- a/docs/manual/mod/mod_auth_basic.html.en +++ /dev/null @@ -1,62 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - This file is generated from xml source: DO NOT EDIT - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - --><title>mod_auth_basic - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_auth_basic</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description: - </a></th><td>Basic authentication</td></tr><tr><th><a href="module-dict.html#Status">Status: - </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier: - </a></th><td>auth_basic_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File: - </a></th><td>mod_auth_basic.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility: - </a></th><td>Available in Apache 2.0.42 and later</td></tr></table><h3>Summary</h3> - - <p>This module allows the use of HTTP Basic Authentication to - restrict access by looking up users in the given providers. - HTTP Digest Authentication is provided by - <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>.</p> - -</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authbasicauthoritative">AuthBasicAuthoritative</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authbasicprovider">AuthBasicProvider</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthBasicAuthoritative" id="AuthBasicAuthoritative">AuthBasicAuthoritative</a> <a name="authbasicauthoritative" id="authbasicauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets whether authorization and authentication are -passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthBasicAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default: - </a></th><td><code>AuthBasicAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_auth_basic</td></tr></table> - <p>Setting the <code class="directive">AuthBasicAuthoritative</code> directive - explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> files) if there is <strong>no - userID</strong> or <strong>rule</strong> matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will give - an Authorization Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthAuthoritative setting.</p> - - <p>By default; control is not passed on; and an unknown userID or - rule will result in an Authorization Required reply. Not setting - it thus keeps the system secure; and forces an NCSA compliant - behaviour.</p> - -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthBasicProvider" id="AuthBasicProvider">AuthBasicProvider</a> <a name="authbasicprovider" id="authbasicprovider">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets the authentication provider(s) for this location</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthBasicProvider <em>provider-name</em></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, location, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_auth_basic</td></tr></table> - <p>The <code class="directive">AuthBasicProvider</code> directive sets - which provider is used to authenticate the users for this location.</p> - - <p>See <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code>, <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> - for providers.</p> - -</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file diff --git a/docs/manual/mod/mod_auth_basic.xml b/docs/manual/mod/mod_auth_basic.xml deleted file mode 100644 index 03a6735a32..0000000000 --- a/docs/manual/mod/mod_auth_basic.xml +++ /dev/null @@ -1,82 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> -<modulesynopsis> - -<name>mod_auth_basic</name> -<description>Basic authentication</description> -<status>Base</status> -<sourcefile>mod_auth_basic.c</sourcefile> -<identifier>auth_basic_module</identifier> -<compatibility>Available in Apache 2.0.42 and later</compatibility> - -<summary> - - <p>This module allows the use of HTTP Basic Authentication to - restrict access by looking up users in the given providers. - HTTP Digest Authentication is provided by - <module>mod_auth_digest</module>.</p> - -</summary> -<seealso><directive module="core">AuthName</directive></seealso> -<seealso><directive module="core">AuthType</directive></seealso> - -<directivesynopsis> -<name>AuthBasicProvider</name> -<description>Sets the authentication provider(s) for this location</description> -<syntax>AuthBasicProvider <em>provider-name</em></syntax> -<contextlist> - <context>directory</context> - <context>location</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <p>The <directive>AuthBasicProvider</directive> directive sets - which provider is used to authenticate the users for this location.</p> - - <p>See <module>mod_authn_dbm</module>, <module>mod_authn_file</module> - for providers.</p> - -</usage> -</directivesynopsis> - -<directivesynopsis> -<name>AuthBasicAuthoritative</name> -<description>Sets whether authorization and authentication are -passed to lower level modules</description> -<syntax>AuthBasicAuthoritative on|off</syntax> -<default>AuthBasicAuthoritative on</default> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <p>Setting the <directive>AuthBasicAuthoritative</directive> directive - explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> files) if there is <strong>no - userID</strong> or <strong>rule</strong> matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will give - an Authorization Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <directive module="core">Require</directive> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthAuthoritative setting.</p> - - <p>By default; control is not passed on; and an unknown userID or - rule will result in an Authorization Required reply. Not setting - it thus keeps the system secure; and forces an NCSA compliant - behaviour.</p> - -</usage> -</directivesynopsis> - -</modulesynopsis> diff --git a/docs/manual/mod/mod_authn_dbm.html.en b/docs/manual/mod/mod_authn_dbm.html.en deleted file mode 100644 index b547d825e1..0000000000 --- a/docs/manual/mod/mod_authn_dbm.html.en +++ /dev/null @@ -1,124 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - This file is generated from xml source: DO NOT EDIT - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - --><title>mod_authn_dbm - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authn_dbm</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description: - </a></th><td>User authentication using DBM files</td></tr><tr><th><a href="module-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier: - </a></th><td>authn_dbm_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File: - </a></th><td>mod_authn_dbm.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility: - </a></th><td>Available in Apache 2.0.42 and later</td></tr></table><h3>Summary</h3> - <p>This module provides authentication front-ends such as - <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> - to authenticate users by looking up users in plain text password files. - Similar functionality is provided by <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>.</p> - - <p>When using <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> or - <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>, this module is invoked via the - <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or - <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code> - with the 'dbm' value.</p> -</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmauthoritative">AuthDBMAuthoritative</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authdbmtype">AuthDBMType</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authdbmuserfile">AuthDBMUserFile</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li> - <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> -</li><li> - <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code> -</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMAuthoritative" id="AuthDBMAuthoritative">AuthDBMAuthoritative</a> <a name="authdbmauthoritative" id="authdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets whether authentication and authorization will be -passwed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthDBMAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default: - </a></th><td><code>AuthDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authn_dbm</td></tr></table> - - <p>Setting the <code class="directive">AuthDBMAuthoritative</code> - directive explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> file if there is <strong>no userID</strong> - or <strong>rule</strong> matching the supplied userID. If there is - a userID and/or rule specified; the usual password and access - checks will be applied and a failure will give an Authorization - Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the <code class="directive">AuthAuthoritative</code> setting.</p> - - <p>A common use for this is in conjunction with one of the - auth providers; such as <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. Whereas this - DBM module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.</p> - - <p>By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.</p> - - <p>Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.</p> -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMType" id="AuthDBMType">AuthDBMType</a> <a name="authdbmtype" id="authdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets the type of database file that is used to -store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthDBMType default|SDBM|GDBM|NDBM|DB</td></tr><tr><th><a href="directive-dict.html#Default">Default: - </a></th><td><code>AuthDBMType default</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authn_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility: - </a></th><td>Available in version 2.0.30 and later.</td></tr></table> - -<p>Sets the type of database file that is used to store the passwords. -The default database type is determined at compile time. The -availability of other types of database files also depends on -<a href="../install.html#dbm">compile-time settings</a>.</p> - -<p>It is crucial that whatever program you use to create your password -files is configured to use the same type of database.</p> -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMUserFile" id="AuthDBMUserFile">AuthDBMUserFile</a> <a name="authdbmuserfile" id="authdbmuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets the name of a database file containing the list of users and -passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthDBMUserFile <em>file-path</em></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authn_dbm</td></tr></table> - <p>The <code class="directive">AuthDBMUserFile</code> directive sets the - name of a DBM file containing the list of users and passwords for - user authentication. <em>File-path</em> is the absolute path to - the user file.</p> - - <p>The user file is keyed on the username. The value for a user is - the <code>crypt()</code> encrypted password, optionally followed - by a colon and arbitrary data. The colon and the data following it - will be ignored by the server.</p> - - <p>Security: make sure that the - <code class="directive">AuthDBMUserFile</code> is stored outside the - document tree of the web-server; do <em>not</em> put it in the - directory that it protects. Otherwise, clients will be able to - download the <code class="directive">AuthDBMUserFile</code>.</p> - - <p>Important compatibility note: The implementation of - "dbmopen" in the apache modules reads the string length of the - hashed values from the DBM data structures, rather than relying - upon the string being NULL-appended. Some applications, such as - the Netscape web server, rely upon the string being - NULL-appended, so if you are having trouble using DBM files - interchangeably between applications this may be a part of the - problem.</p> - - <p>A perl script called - <a href="../programs/dbmmanage.html">dbmmanage</a> is included with - Apache. This program can be used to create and update DBM - format password files for use with this module.</p> -</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file diff --git a/docs/manual/mod/mod_authn_dbm.xml b/docs/manual/mod/mod_authn_dbm.xml deleted file mode 100644 index 57b4479d27..0000000000 --- a/docs/manual/mod/mod_authn_dbm.xml +++ /dev/null @@ -1,151 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> -<modulesynopsis> - -<name>mod_authn_dbm</name> -<description>User authentication using DBM files</description> -<status>Extension</status> -<sourcefile>mod_authn_dbm.c</sourcefile> -<identifier>authn_dbm_module</identifier> -<compatibility>Available in Apache 2.0.42 and later</compatibility> - -<summary> - <p>This module provides authentication front-ends such as - <module>mod_auth_digest</module> and <module>mod_auth_basic</module> - to authenticate users by looking up users in plain text password files. - Similar functionality is provided by <module>mod_authn_file</module>.</p> - - <p>When using <module>mod_auth_basic</module> or - <module>mod_auth_digest</module>, this module is invoked via the - <directive module="mod_auth_basic">AuthBasicProvider</directive> or - <directive module="mod_auth_digest">AuthDigestProvider</directive> - with the 'dbm' value.</p> -</summary> - -<seealso><directive module="core">AuthName</directive></seealso> -<seealso><directive module="core">AuthType</directive></seealso> -<seealso> - <directive module="mod_auth_basic">AuthBasicProvider</directive> -</seealso> -<seealso> - <directive module="mod_auth_digest">AuthDigestProvider</directive> -</seealso> - -<directivesynopsis> -<name>AuthDBMUserFile</name> -<description>Sets the name of a database file containing the list of users and -passwords for authentication</description> -<syntax>AuthDBMUserFile <em>file-path</em></syntax> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <p>The <directive>AuthDBMUserFile</directive> directive sets the - name of a DBM file containing the list of users and passwords for - user authentication. <em>File-path</em> is the absolute path to - the user file.</p> - - <p>The user file is keyed on the username. The value for a user is - the <code>crypt()</code> encrypted password, optionally followed - by a colon and arbitrary data. The colon and the data following it - will be ignored by the server.</p> - - <p>Security: make sure that the - <directive>AuthDBMUserFile</directive> is stored outside the - document tree of the web-server; do <em>not</em> put it in the - directory that it protects. Otherwise, clients will be able to - download the <directive>AuthDBMUserFile</directive>.</p> - - <p>Important compatibility note: The implementation of - "dbmopen" in the apache modules reads the string length of the - hashed values from the DBM data structures, rather than relying - upon the string being NULL-appended. Some applications, such as - the Netscape web server, rely upon the string being - NULL-appended, so if you are having trouble using DBM files - interchangeably between applications this may be a part of the - problem.</p> - - <p>A perl script called - <a href="../programs/dbmmanage.html">dbmmanage</a> is included with - Apache. This program can be used to create and update DBM - format password files for use with this module.</p> -</usage> -</directivesynopsis> - -<directivesynopsis> -<name>AuthDBMType</name> -<description>Sets the type of database file that is used to -store passwords</description> -<syntax>AuthDBMType default|SDBM|GDBM|NDBM|DB</syntax> -<default>AuthDBMType default</default> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> -<compatibility>Available in version 2.0.30 and later.</compatibility> - -<usage> - -<p>Sets the type of database file that is used to store the passwords. -The default database type is determined at compile time. The -availability of other types of database files also depends on -<a href="../install.html#dbm">compile-time settings</a>.</p> - -<p>It is crucial that whatever program you use to create your password -files is configured to use the same type of database.</p> -</usage> -</directivesynopsis> - -<directivesynopsis> -<name>AuthDBMAuthoritative</name> -<description>Sets whether authentication and authorization will be -passwed on to lower level modules</description> -<syntax>AuthDBMAuthoritative on|off</syntax> -<default>AuthDBMAuthoritative on</default> -<contextlist><context>directory</context><context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - - <p>Setting the <directive>AuthDBMAuthoritative</directive> - directive explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> file if there is <strong>no userID</strong> - or <strong>rule</strong> matching the supplied userID. If there is - a userID and/or rule specified; the usual password and access - checks will be applied and a failure will give an Authorization - Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <directive module="core">Require</directive> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the <directive>AuthAuthoritative</directive> setting.</p> - - <p>A common use for this is in conjunction with one of the - auth providers; such as <module>mod_authn_file</module>. Whereas this - DBM module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.</p> - - <p>By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.</p> - - <p>Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.</p> -</usage> -</directivesynopsis> - -</modulesynopsis> diff --git a/docs/manual/mod/mod_authn_file.html.en b/docs/manual/mod/mod_authn_file.html.en deleted file mode 100644 index 7def1468b7..0000000000 --- a/docs/manual/mod/mod_authn_file.html.en +++ /dev/null @@ -1,114 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - This file is generated from xml source: DO NOT EDIT - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - --><title>mod_authn_file - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authn_file</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description: - </a></th><td>User authentication using text files</td></tr><tr><th><a href="module-dict.html#Status">Status: - </a></th><td>Base</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier: - </a></th><td>authn_file_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File: - </a></th><td>mod_authn_file.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility: - </a></th><td>Available in Apache 2.0.42 and later</td></tr></table><h3>Summary</h3> - - <p>This module provides authentication front-ends such as - <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code> and <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> - to authenticate users by looking up users in plain text password files. - Similar functionality is provided by <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code>.</p> - - <p>When using <code class="module"><a href="../mod/mod_auth_basic.html">mod_auth_basic</a></code> or - <code class="module"><a href="../mod/mod_auth_digest.html">mod_auth_digest</a></code>, this module is invoked via the - <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> or - <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code> - with the 'file' value.</p> - -</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authuserfile">AuthUserFile</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authuserfileauthoritative">AuthUserFileAuthoritative</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#authname">AuthName</a></code></li><li><code class="directive"><a href="../mod/core.html#authtype">AuthType</a></code></li><li> - <code class="directive"><a href="../mod/mod_auth_basic.html#authbasicprovider">AuthBasicProvider</a></code> -</li><li> - <code class="directive"><a href="../mod/mod_auth_digest.html#authdigestprovider">AuthDigestProvider</a></code> -</li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFile" id="AuthUserFile">AuthUserFile</a> <a name="authuserfile" id="authuserfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets the name of a text file containing the list of users and -passwords for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthUserFile <em>file-path</em></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authn_file</td></tr></table> - <p>The <code class="directive">AuthUserFile</code> directive sets the name - of a textual file containing the list of users and passwords for - user authentication. <em>File-path</em> is the path to the user - file. If it is not absolute (<em>i.e.</em>, if it doesn't begin - with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p> - - <p>Each line of the user file contains a username followed by - a colon, followed by the <code>crypt()</code> encrypted - password. The behavior of multiple occurrences of the same user is - undefined.</p> - - <p>The utility <a href="../programs/htpasswd.html">htpasswd</a> - which is installed as part of the binary distribution, or which - can be found in <code>src/support</code>, is used to maintain - this password file. See the <code>man</code> page for more - details. In short:</p> - - <p>Create a password file 'Filename' with 'username' as the - initial ID. It will prompt for the password:</p> - <div class="example"><p><code>htpasswd -c Filename username</code></p></div> - - <p>Add or modify 'username2' in the password file 'Filename':</p> - <div class="example"><p><code>htpasswd Filename username2</code></p></div> - - <p>Note that searching large text files is <em>very</em> - inefficient; <code class="directive"><a href="../mod/mod_authn_dbm.html#authdbmuserfile">AuthDBMUserFile</a></code> should be used - instead.</p> - - <div class="note"><h3>Security</h3> - <p>Make sure that the <code class="directive">AuthUserFile</code> is - stored outside the document tree of the web-server; do <em>not</em> - put it in the directory that it protects. Otherwise, clients will - be able to download the <code class="directive">AuthUserFile</code>.</p> - </div> -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthUserFileAuthoritative" id="AuthUserFileAuthoritative">AuthUserFileAuthoritative</a> <a name="authuserfileauthoritative" id="authuserfileauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets whether authorization and authentication are -passed to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthUserFileAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default: - </a></th><td><code>AuthUserFileAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Base</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authn_file</td></tr></table> - <div class="note">This information has not been updated for Apache 2.0, which - uses a different system for module ordering.</div> - - <p>Setting the <code class="directive">AuthAuthoritative</code> directive - explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> files) if there is <strong>no - userID</strong> or <strong>rule</strong> matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will give - an Authorization Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthAuthoritative setting.</p> - - <p>By default; control is not passed on; and an unknown userID or - rule will result in an Authorization Required reply. Not setting - it thus keeps the system secure; and forces an NCSA compliant - behaviour.</p> - - <div class="note"><h3>Security</h3> Do consider the implications of - allowing a user to allow fall-through in his .htaccess file; and - verify that this is really what you want; Generally it is easier - to just secure a single .htpasswd file, than it is to secure a - database such as mSQL. Make sure that the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code> and the <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code> are stored outside - the document tree of the web-server; do <em>not</em> put them in the - directory that they protect. Otherwise, clients will be able to - download the <code class="directive"><a href="#authuserfile">AuthUserFile</a></code> - and the <code class="directive"><a href="../mod/mod_authz_groupfile.html#authgroupfile">AuthGroupFile</a></code>. - </div> -</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file diff --git a/docs/manual/mod/mod_authn_file.xml b/docs/manual/mod/mod_authn_file.xml deleted file mode 100644 index fe4ed95396..0000000000 --- a/docs/manual/mod/mod_authn_file.xml +++ /dev/null @@ -1,139 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> -<modulesynopsis> - -<name>mod_authn_file</name> -<description>User authentication using text files</description> -<status>Base</status> -<sourcefile>mod_authn_file.c</sourcefile> -<identifier>authn_file_module</identifier> -<compatibility>Available in Apache 2.0.42 and later</compatibility> - -<summary> - - <p>This module provides authentication front-ends such as - <module>mod_auth_digest</module> and <module>mod_auth_basic</module> - to authenticate users by looking up users in plain text password files. - Similar functionality is provided by <module>mod_authn_dbm</module>.</p> - - <p>When using <module>mod_auth_basic</module> or - <module>mod_auth_digest</module>, this module is invoked via the - <directive module="mod_auth_basic">AuthBasicProvider</directive> or - <directive module="mod_auth_digest">AuthDigestProvider</directive> - with the 'file' value.</p> - -</summary> -<seealso><directive module="core">AuthName</directive></seealso> -<seealso><directive module="core">AuthType</directive></seealso> -<seealso> - <directive module="mod_auth_basic">AuthBasicProvider</directive> -</seealso> -<seealso> - <directive module="mod_auth_digest">AuthDigestProvider</directive> -</seealso> - -<directivesynopsis> -<name>AuthUserFile</name> -<description>Sets the name of a text file containing the list of users and -passwords for authentication</description> -<syntax>AuthUserFile <em>file-path</em></syntax> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <p>The <directive>AuthUserFile</directive> directive sets the name - of a textual file containing the list of users and passwords for - user authentication. <em>File-path</em> is the path to the user - file. If it is not absolute (<em>i.e.</em>, if it doesn't begin - with a slash), it is treated as relative to the <directive - module="core">ServerRoot</directive>.</p> - - <p>Each line of the user file contains a username followed by - a colon, followed by the <code>crypt()</code> encrypted - password. The behavior of multiple occurrences of the same user is - undefined.</p> - - <p>The utility <a href="../programs/htpasswd.html">htpasswd</a> - which is installed as part of the binary distribution, or which - can be found in <code>src/support</code>, is used to maintain - this password file. See the <code>man</code> page for more - details. In short:</p> - - <p>Create a password file 'Filename' with 'username' as the - initial ID. It will prompt for the password:</p> - <example>htpasswd -c Filename username</example> - - <p>Add or modify 'username2' in the password file 'Filename':</p> - <example>htpasswd Filename username2</example> - - <p>Note that searching large text files is <em>very</em> - inefficient; <directive - module="mod_authn_dbm">AuthDBMUserFile</directive> should be used - instead.</p> - - <note><title>Security</title> - <p>Make sure that the <directive>AuthUserFile</directive> is - stored outside the document tree of the web-server; do <em>not</em> - put it in the directory that it protects. Otherwise, clients will - be able to download the <directive>AuthUserFile</directive>.</p> - </note> -</usage> -</directivesynopsis> - -<directivesynopsis> -<name>AuthUserFileAuthoritative</name> -<description>Sets whether authorization and authentication are -passed to lower level modules</description> -<syntax>AuthUserFileAuthoritative on|off</syntax> -<default>AuthUserFileAuthoritative on</default> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <note>This information has not been updated for Apache 2.0, which - uses a different system for module ordering.</note> - - <p>Setting the <directive>AuthAuthoritative</directive> directive - explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> files) if there is <strong>no - userID</strong> or <strong>rule</strong> matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will give - an Authorization Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <directive module="core">Require</directive> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the AuthAuthoritative setting.</p> - - <p>By default; control is not passed on; and an unknown userID or - rule will result in an Authorization Required reply. Not setting - it thus keeps the system secure; and forces an NCSA compliant - behaviour.</p> - - <note><title>Security</title> Do consider the implications of - allowing a user to allow fall-through in his .htaccess file; and - verify that this is really what you want; Generally it is easier - to just secure a single .htpasswd file, than it is to secure a - database such as mSQL. Make sure that the <directive - module="mod_authn_file">AuthUserFile</directive> and the <directive - module="mod_authz_groupfile">AuthGroupFile</directive> are stored outside - the document tree of the web-server; do <em>not</em> put them in the - directory that they protect. Otherwise, clients will be able to - download the <directive module="mod_authn_file">AuthUserFile</directive> - and the <directive module="mod_authz_groupfile">AuthGroupFile</directive>. - </note> -</usage> -</directivesynopsis> - -</modulesynopsis> diff --git a/docs/manual/mod/mod_authz_dbm.html.en b/docs/manual/mod/mod_authz_dbm.html.en deleted file mode 100644 index 4e8e4bea28..0000000000 --- a/docs/manual/mod/mod_authz_dbm.html.en +++ /dev/null @@ -1,126 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - This file is generated from xml source: DO NOT EDIT - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - --><title>mod_authz_dbm - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_dbm</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description: - </a></th><td>Group authorization using DBM files</td></tr><tr><th><a href="module-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier: - </a></th><td>authz_dbm_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File: - </a></th><td>mod_authz_dbm.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility: - </a></th><td>Available in Apache 2.0.42 and later</td></tr></table><h3>Summary</h3> - <p>This module provides authorization capabilities so that - authenticated users can be allowed or denied access to portions - of the web site by group membership. Similar functionality is - provided by <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code>.</p> -</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authdbmgroupfile">AuthDBMGroupFile</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authzdbmauthoritative">AuthzDBMAuthoritative</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authzdbmtype">AuthzDBMType</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthDBMGroupFile" id="AuthDBMGroupFile">AuthDBMGroupFile</a> <a name="authdbmgroupfile" id="authdbmgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets the name of the database file containing the list -of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthDBMGroupFile <em>file-path</em></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authz_dbm</td></tr></table> - <p>The <code class="directive">AuthDBMGroupFile</code> directive sets the - name of a DBM file containing the list of user groups for user - authentication. <em>File-path</em> is the absolute path to the - group file.</p> - - <p>The group file is keyed on the username. The value for a - user is a comma-separated list of the groups to which the users - belongs. There must be no whitespace within the value, and it - must never contain any colons.</p> - - <p>Security: make sure that the - <code class="directive">AuthDBMGroupFile</code> is stored outside the - document tree of the web-server; do <em>not</em> put it in the - directory that it protects. Otherwise, clients will be able to - download the <code class="directive">AuthDBMGroupFile</code> unless - otherwise protected.</p> - - <p>Combining Group and Password DBM files: In some cases it is - easier to manage a single database which contains both the - password and group details for each user. This simplifies any - support programs that need to be written: they now only have to - deal with writing to and locking a single DBM file. This can be - accomplished by first setting the group and password files to - point to the same DBM:</p> - -<div class="example"><p><code> -AuthDBMGroupFile /www/userbase<br /> -AuthDBMUserFile /www/userbase -</code></p></div> - - <p>The key for the single DBM is the username. The value consists - of</p> - -<div class="example"><p><code>Unix Crypt-ed Password : List of Groups [ : (ignored) - ]</code></p></div> - - <p>The password section contains the Unix <code>crypt()</code> - password as before. This is followed by a colon and the comma - separated list of groups. Other data may optionally be left in the - DBM file after another colon; it is ignored by the authentication - module. This is what www.telescope.org uses for its combined - password and group database.</p> -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDBMAuthoritative" id="AuthzDBMAuthoritative">AuthzDBMAuthoritative</a> <a name="authzdbmauthoritative" id="authzdbmauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets whether authorization will be passed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthzDBMAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default: - </a></th><td><code>AuthzDBMAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authz_dbm</td></tr></table> - - <p>Setting the <code class="directive">AuthzDBMAuthoritative</code> - directive explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> file if there is <strong>no userID</strong> - or <strong>rule</strong> matching the supplied userID. If there is - a userID and/or rule specified; the usual password and access - checks will be applied and a failure will give an Authorization - Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the <code class="directive">AuthAuthoritative</code> setting.</p> - - <p>A common use for this is in conjunction with one of the - auth providers; such as <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. Whereas this - DBM module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.</p> - - <p>By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.</p> - - <p>Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.</p> -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzDBMType" id="AuthzDBMType">AuthzDBMType</a> <a name="authzdbmtype" id="authzdbmtype">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets the type of database file that is used to -store passwords</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthzDBMType default|SDBM|GDBM|NDBM|DB</td></tr><tr><th><a href="directive-dict.html#Default">Default: - </a></th><td><code>AuthzDBMType default</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authz_dbm</td></tr><tr><th><a href="directive-dict.html#Compatibility">Compatibility: - </a></th><td>Available in version 2.0.30 and later.</td></tr></table> - -<p>Sets the type of database file that is used to store the passwords. -The default database type is determined at compile time. The -availability of other types of database files also depends on -<a href="../install.html#dbm">compile-time settings</a>.</p> - -<p>It is crucial that whatever program you use to create your password -files is configured to use the same type of database.</p> -</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file diff --git a/docs/manual/mod/mod_authz_dbm.xml b/docs/manual/mod/mod_authz_dbm.xml deleted file mode 100644 index 624f71619d..0000000000 --- a/docs/manual/mod/mod_authz_dbm.xml +++ /dev/null @@ -1,151 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> -<modulesynopsis> - -<name>mod_authz_dbm</name> -<description>Group authorization using DBM files</description> -<status>Extension</status> -<sourcefile>mod_authz_dbm.c</sourcefile> -<identifier>authz_dbm_module</identifier> -<compatibility>Available in Apache 2.0.42 and later</compatibility> - -<summary> - <p>This module provides authorization capabilities so that - authenticated users can be allowed or denied access to portions - of the web site by group membership. Similar functionality is - provided by <module>mod_authz_groupfile</module>.</p> -</summary> - -<seealso><directive module="core">Require</directive></seealso> -<seealso><directive module="core">Satisfy</directive></seealso> - -<directivesynopsis> -<name>AuthDBMGroupFile</name> -<description>Sets the name of the database file containing the list -of user groups for authentication</description> -<syntax>AuthDBMGroupFile <em>file-path</em></syntax> -<contextlist><context>directory</context><context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <p>The <directive>AuthDBMGroupFile</directive> directive sets the - name of a DBM file containing the list of user groups for user - authentication. <em>File-path</em> is the absolute path to the - group file.</p> - - <p>The group file is keyed on the username. The value for a - user is a comma-separated list of the groups to which the users - belongs. There must be no whitespace within the value, and it - must never contain any colons.</p> - - <p>Security: make sure that the - <directive>AuthDBMGroupFile</directive> is stored outside the - document tree of the web-server; do <em>not</em> put it in the - directory that it protects. Otherwise, clients will be able to - download the <directive>AuthDBMGroupFile</directive> unless - otherwise protected.</p> - - <p>Combining Group and Password DBM files: In some cases it is - easier to manage a single database which contains both the - password and group details for each user. This simplifies any - support programs that need to be written: they now only have to - deal with writing to and locking a single DBM file. This can be - accomplished by first setting the group and password files to - point to the same DBM:</p> - -<example> -AuthDBMGroupFile /www/userbase<br /> -AuthDBMUserFile /www/userbase -</example> - - <p>The key for the single DBM is the username. The value consists - of</p> - -<example>Unix Crypt-ed Password : List of Groups [ : (ignored) - ]</example> - - <p>The password section contains the Unix <code>crypt()</code> - password as before. This is followed by a colon and the comma - separated list of groups. Other data may optionally be left in the - DBM file after another colon; it is ignored by the authentication - module. This is what www.telescope.org uses for its combined - password and group database.</p> -</usage> -</directivesynopsis> - -<directivesynopsis> -<name>AuthzDBMType</name> -<description>Sets the type of database file that is used to -store passwords</description> -<syntax>AuthzDBMType default|SDBM|GDBM|NDBM|DB</syntax> -<default>AuthzDBMType default</default> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> -<compatibility>Available in version 2.0.30 and later.</compatibility> - -<usage> - -<p>Sets the type of database file that is used to store the passwords. -The default database type is determined at compile time. The -availability of other types of database files also depends on -<a href="../install.html#dbm">compile-time settings</a>.</p> - -<p>It is crucial that whatever program you use to create your password -files is configured to use the same type of database.</p> -</usage> -</directivesynopsis> - -<directivesynopsis> -<name>AuthzDBMAuthoritative</name> -<description>Sets whether authorization will be passed on to lower level modules</description> -<syntax>AuthzDBMAuthoritative on|off</syntax> -<default>AuthzDBMAuthoritative on</default> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - - <p>Setting the <directive>AuthzDBMAuthoritative</directive> - directive explicitly to <strong>'off'</strong> allows for both - authentication and authorization to be passed on to lower level - modules (as defined in the <code>Configuration</code> and - <code>modules.c</code> file if there is <strong>no userID</strong> - or <strong>rule</strong> matching the supplied userID. If there is - a userID and/or rule specified; the usual password and access - checks will be applied and a failure will give an Authorization - Required reply.</p> - - <p>So if a userID appears in the database of more than one module; - or if a valid <directive module="core">Require</directive> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the <directive>AuthAuthoritative</directive> setting.</p> - - <p>A common use for this is in conjunction with one of the - auth providers; such as <module>mod_authn_file</module>. Whereas this - DBM module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.</p> - - <p>By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.</p> - - <p>Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.</p> -</usage> -</directivesynopsis> - -</modulesynopsis> diff --git a/docs/manual/mod/mod_authz_groupfile.html.en b/docs/manual/mod/mod_authz_groupfile.html.en deleted file mode 100644 index f9cbe56867..0000000000 --- a/docs/manual/mod/mod_authz_groupfile.html.en +++ /dev/null @@ -1,81 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!-- - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - This file is generated from xml source: DO NOT EDIT - XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - --><title>mod_authz_groupfile - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs-project/">Documentation</a> > <a href="../">Version 2.0</a> > <a href="./">Modules</a></div><div id="page-content"><div id="preamble"><h1>Apache Module mod_authz_groupfile</h1><table class="module"><tr><th><a href="module-dict.html#Description">Description: - </a></th><td>Group authorization using plaintext files</td></tr><tr><th><a href="module-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier: - </a></th><td>authz_groupfile_module</td></tr><tr><th><a href="module-dict.html#SourceFile">Source File: - </a></th><td>mod_authz_groupfile.c</td></tr><tr><th><a href="module-dict.html#Compatibility">Compatibility: - </a></th><td>Available in Apache 2.0.42 and later</td></tr></table><h3>Summary</h3> - <p>This module provides authorization capabilities so that - authenticated users can be allowed or denied access to portions - of the web site by group membership. Similar functionality is - provided by <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.</p> -</div><div id="quickview"><h3 class="directives">Directives</h3><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#authgroupfile">AuthGroupFile</a></li><li><img alt="" src="../images/down.gif" /> <a href="#authzgroupfileauthoritative">AuthzGroupFileAuthoritative</a></li></ul><h3>See also</h3><ul class="seealso"><li><code class="directive"><a href="../mod/core.html#require">Require</a></code></li><li><code class="directive"><a href="../mod/core.html#satisfy">Satisfy</a></code></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthGroupFile" id="AuthGroupFile">AuthGroupFile</a> <a name="authgroupfile" id="authgroupfile">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets the name of a text file containing the list -of user groups for authentication</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthGroupFile <em>file-path</em></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authz_groupfile</td></tr></table> - <p>The <code class="directive">AuthGroupFile</code> directive sets the - name of a textual file containing the list of user groups for user - authentication. <em>File-path</em> is the path to the group - file. If it is not absolute (<em>i.e.</em>, if it doesn't begin - with a slash), it is treated as relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p> - - <p>Each line of the group file contains a groupname followed by a - colon, followed by the member usernames separated by spaces. - Example:</p> - - <div class="example"><p><code>mygroup: bob joe anne</code></p></div> - - <p>Note that searching large text files is <em>very</em> - inefficient; <code class="directive"><a href="../mod/mod_authz_dbm.html#authdbmgroupfile">AuthDBMGroupFile</a></code> should be used - instead.</p> - - <div class="note"><h3>Security</h3> - <p>Make sure that the <code class="directive">AuthGroupFile</code> is - stored outside the document tree of the web-server; do <em>not</em> - put it in the directory that it protects. Otherwise, clients will - be able to download the <code class="directive">AuthGroupFile</code>.</p> - </div> -</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="directive-section"><h2><a name="AuthzGroupFileAuthoritative" id="AuthzGroupFileAuthoritative">AuthzGroupFileAuthoritative</a> <a name="authzgroupfileauthoritative" id="authzgroupfileauthoritative">Directive</a></h2><table class="directive"><tr><th><a href="directive-dict.html#Description">Description: - </a></th><td>Sets whether authorization will be passed on to lower level modules</td></tr><tr><th><a href="directive-dict.html#Syntax">Syntax: - </a></th><td>AuthzGroupFileAuthoritative on|off</td></tr><tr><th><a href="directive-dict.html#Default">Default: - </a></th><td><code>AuthzGroupFileAuthoritative on</code></td></tr><tr><th><a href="directive-dict.html#Context">Context: - </a></th><td>directory, .htaccess</td></tr><tr><th><a href="directive-dict.html#Override">Override: - </a></th><td>AuthConfig</td></tr><tr><th><a href="directive-dict.html#Status">Status: - </a></th><td>Extension</td></tr><tr><th><a href="directive-dict.html#Module">Module: - </a></th><td>mod_authz_groupfile</td></tr></table> - - <p>Setting the <code class="directive">AuthzGroupFileAuthoritative</code> - directive explicitly to <strong>'off'</strong> allows for - authorization to be passed on to lower level modules (as defined in - the <code>Configuration</code> and <code>modules.c</code> file if - there is <strong>no userID</strong> or <strong>rule</strong> matching - the supplied userID. If there is a userID and/or rule specified; the - usual password and access checks will be applied and a failure will - give an Authorization Required reply.</p> - - <p>So if a valid <code class="directive"><a href="../mod/core.html#require">Require</a></code> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the <code class="directive">AuthzGroupFileAuthoritative</code> - setting.</p> - - <p>By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.</p> - - <p>Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.</p> -</div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file diff --git a/docs/manual/mod/mod_authz_groupfile.xml b/docs/manual/mod/mod_authz_groupfile.xml deleted file mode 100644 index 0753de7257..0000000000 --- a/docs/manual/mod/mod_authz_groupfile.xml +++ /dev/null @@ -1,103 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd"> -<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?> -<modulesynopsis> - -<name>mod_authz_groupfile</name> -<description>Group authorization using plaintext files</description> -<status>Extension</status> -<sourcefile>mod_authz_groupfile.c</sourcefile> -<identifier>authz_groupfile_module</identifier> -<compatibility>Available in Apache 2.0.42 and later</compatibility> - -<summary> - <p>This module provides authorization capabilities so that - authenticated users can be allowed or denied access to portions - of the web site by group membership. Similar functionality is - provided by <module>mod_authz_dbm</module>.</p> -</summary> - -<seealso><directive module="core">Require</directive></seealso> -<seealso><directive module="core">Satisfy</directive></seealso> - -<directivesynopsis> -<name>AuthGroupFile</name> -<description>Sets the name of a text file containing the list -of user groups for authentication</description> -<syntax>AuthGroupFile <em>file-path</em></syntax> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - <p>The <directive>AuthGroupFile</directive> directive sets the - name of a textual file containing the list of user groups for user - authentication. <em>File-path</em> is the path to the group - file. If it is not absolute (<em>i.e.</em>, if it doesn't begin - with a slash), it is treated as relative to the <directive - module="core">ServerRoot</directive>.</p> - - <p>Each line of the group file contains a groupname followed by a - colon, followed by the member usernames separated by spaces. - Example:</p> - - <example>mygroup: bob joe anne</example> - - <p>Note that searching large text files is <em>very</em> - inefficient; <directive - module="mod_authz_dbm">AuthDBMGroupFile</directive> should be used - instead.</p> - - <note><title>Security</title> - <p>Make sure that the <directive>AuthGroupFile</directive> is - stored outside the document tree of the web-server; do <em>not</em> - put it in the directory that it protects. Otherwise, clients will - be able to download the <directive>AuthGroupFile</directive>.</p> - </note> -</usage> -</directivesynopsis> - -<directivesynopsis> -<name>AuthzGroupFileAuthoritative</name> -<description>Sets whether authorization will be passed on to lower level modules</description> -<syntax>AuthzGroupFileAuthoritative on|off</syntax> -<default>AuthzGroupFileAuthoritative on</default> -<contextlist> - <context>directory</context> - <context>.htaccess</context> -</contextlist> -<override>AuthConfig</override> - -<usage> - - <p>Setting the <directive>AuthzGroupFileAuthoritative</directive> - directive explicitly to <strong>'off'</strong> allows for - authorization to be passed on to lower level modules (as defined in - the <code>Configuration</code> and <code>modules.c</code> file if - there is <strong>no userID</strong> or <strong>rule</strong> matching - the supplied userID. If there is a userID and/or rule specified; the - usual password and access checks will be applied and a failure will - give an Authorization Required reply.</p> - - <p>So if a valid <directive module="core">Require</directive> - directive applies to more than one module; then the first module - will verify the credentials; and no access is passed on; - regardless of the <directive>AuthzGroupFileAuthoritative</directive> - setting.</p> - - <p>By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behaviour.</p> - - <p>Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.</p> -</usage> -</directivesynopsis> - -</modulesynopsis> diff --git a/modules/aaa/NWGNUauthnano b/modules/aaa/NWGNUauthanon index 299ded841e..1847e7d345 100644 --- a/modules/aaa/NWGNUauthnano +++ b/modules/aaa/NWGNUauthanon @@ -94,13 +94,13 @@ endif # This is used by the link 'name' directive to name the nlm. If left blank # TARGET_nlm (see below) will be used. # -NLM_NAME = authnano +NLM_NAME = authanon # # This is used by the link '-desc ' directive. # If left blank, NLM_NAME will be used. # -NLM_DESCRIPTION = Anonymouse Authentication Module +NLM_DESCRIPTION = Authentication Anonymous Module # # This is used by the '-threadname' directive. If left blank, @@ -151,7 +151,7 @@ XDCDATA = # If there is an NLM target, put it here # TARGET_nlm = \ - $(OBJDIR)/authnano.nlm \ + $(OBJDIR)/authanon.nlm \ $(EOLIST) # @@ -165,7 +165,7 @@ TARGET_lib = \ # Paths must all use the '/' character # FILES_nlm_objs = \ - $(OBJDIR)/mod_authn_anon.o \ + $(OBJDIR)/mod_auth_anon.o \ $(EOLIST) # @@ -213,7 +213,7 @@ FILES_nlm_Ximports = \ # Any symbols exported to here # FILES_nlm_exports = \ - authn_anon_module \ + auth_anon_module \ $(EOLIST) # diff --git a/modules/aaa/NWGNUauthbasc b/modules/aaa/NWGNUauthbasc deleted file mode 100644 index 3b495c7cef..0000000000 --- a/modules/aaa/NWGNUauthbasc +++ /dev/null @@ -1,251 +0,0 @@ -# -# Make sure all needed macro's are defined -# - -# -# Get the 'head' of the build environment if necessary. This includes default -# targets and paths to tools -# - -ifndef EnvironmentDefined -include $(AP_WORK)\build\NWGNUhead.inc -endif - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(AP_WORK)/include \ - $(NWOS) \ - $(AP_WORK)/modules/arch/netware \ - $(AP_WORK)/srclib/apr/include \ - $(AP_WORK)/srclib/apr-util/include \ - $(AP_WORK)/srclib/apr \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - -prefix pre_nw.h \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = authbasc - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = Basic Authentication Module - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = AuthBasic Module - -# -# If this is specified, it will override VERSION value in -# $(AP_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = 8192 - - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = _LibCPrelude - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = _LibCPostlude - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If these are specified it will be used by the link '-flags' directive -# -NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled -# by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(OBJDIR)/authbasc.nlm \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(OBJDIR)/mod_auth_basic.o \ - $(OBJDIR)/auth_provider.o \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - libcpre.o \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - aprlib \ - libc \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override $(NWOS)\copyright.txt. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - @$(APR)/aprlib.imp \ - @$(NWOS)/httpd.imp \ - @libc.imp \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - auth_basic_module \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(AP_WORK)\build\NWGNUtail.inc - diff --git a/modules/aaa/NWGNUauthndbm b/modules/aaa/NWGNUauthdbm index ca8bbfd122..a64e7ec732 100644 --- a/modules/aaa/NWGNUauthndbm +++ b/modules/aaa/NWGNUauthdbm @@ -93,7 +93,7 @@ endif # This is used by the link 'name' directive to name the nlm. If left blank # TARGET_nlm (see below) will be used. # -NLM_NAME = authndbm +NLM_NAME = authdbm # # This is used by the link '-desc ' directive. @@ -105,7 +105,7 @@ NLM_DESCRIPTION = Database Authentication Module # This is used by the '-threadname' directive. If left blank, # NLM_NAME Thread will be used. # -NLM_THREAD_NAME = AuthnDBM Module +NLM_THREAD_NAME = AuthDBM Module # # If this is specified, it will override VERSION value in @@ -150,7 +150,7 @@ XDCDATA = # If there is an NLM target, put it here # TARGET_nlm = \ - $(OBJDIR)/authndbm.nlm \ + $(OBJDIR)/authdbm.nlm \ $(EOLIST) # @@ -164,7 +164,7 @@ TARGET_lib = \ # Paths must all use the '/' character # FILES_nlm_objs = \ - $(OBJDIR)/mod_authn_dbm.o \ + $(OBJDIR)/mod_auth_dbm.o \ $(EOLIST) # @@ -206,14 +206,13 @@ FILES_nlm_Ximports = \ @$(APR)/aprlib.imp \ @$(NWOS)/httpd.imp \ @libc.imp \ - authn_register_provider \ $(EOLIST) # # Any symbols exported to here # FILES_nlm_exports = \ - authn_dbm_module \ + auth_dbm_module \ $(EOLIST) # diff --git a/modules/aaa/NWGNUauthndef b/modules/aaa/NWGNUauthndef deleted file mode 100644 index 20996e74b6..0000000000 --- a/modules/aaa/NWGNUauthndef +++ /dev/null @@ -1,250 +0,0 @@ -# -# Make sure all needed macro's are defined -# - -# -# Get the 'head' of the build environment if necessary. This includes default -# targets and paths to tools -# - -ifndef EnvironmentDefined -include $(AP_WORK)\build\NWGNUhead.inc -endif - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(AP_WORK)/include \ - $(NWOS) \ - $(AP_WORK)/modules/arch/netware \ - $(AP_WORK)/srclib/apr/include \ - $(AP_WORK)/srclib/apr-util/include \ - $(AP_WORK)/srclib/apr \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - -prefix pre_nw.h \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = authndef - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = Default Authentication Module - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = Authndef Module - -# -# If this is specified, it will override VERSION value in -# $(AP_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = 8192 - - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = _LibCPrelude - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = _LibCPostlude - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If these are specified it will be used by the link '-flags' directive -# -NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled -# by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(OBJDIR)/authndef.nlm \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(OBJDIR)/mod_authn_default.o \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - libcpre.o \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - aprlib \ - libc \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override $(NWOS)\copyright.txt. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - @$(APR)/aprlib.imp \ - @$(NWOS)/httpd.imp \ - @libc.imp \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - authn_default_module \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(AP_WORK)\build\NWGNUtail.inc - diff --git a/modules/aaa/NWGNUauthnfil b/modules/aaa/NWGNUauthnfil deleted file mode 100644 index cbeb8b4771..0000000000 --- a/modules/aaa/NWGNUauthnfil +++ /dev/null @@ -1,251 +0,0 @@ -# -# Make sure all needed macro's are defined -# - -# -# Get the 'head' of the build environment if necessary. This includes default -# targets and paths to tools -# - -ifndef EnvironmentDefined -include $(AP_WORK)\build\NWGNUhead.inc -endif - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(AP_WORK)/include \ - $(NWOS) \ - $(AP_WORK)/modules/arch/netware \ - $(AP_WORK)/srclib/apr/include \ - $(AP_WORK)/srclib/apr-util/include \ - $(AP_WORK)/srclib/apr \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - -prefix pre_nw.h \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = authnfil - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = File Authentication Module - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = AuthnFile Module - -# -# If this is specified, it will override VERSION value in -# $(AP_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = 8192 - - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = _LibCPrelude - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = _LibCPostlude - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If these are specified it will be used by the link '-flags' directive -# -NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled -# by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(OBJDIR)/authnfil.nlm \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(OBJDIR)/mod_authn_file.o \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - libcpre.o \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - aprlib \ - libc \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override $(NWOS)\copyright.txt. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - @$(APR)/aprlib.imp \ - @$(NWOS)/httpd.imp \ - @libc.imp \ - authn_register_provider \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - authn_file_module \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(AP_WORK)\build\NWGNUtail.inc - diff --git a/modules/aaa/NWGNUauthzdbm b/modules/aaa/NWGNUauthzdbm deleted file mode 100644 index f79e705b90..0000000000 --- a/modules/aaa/NWGNUauthzdbm +++ /dev/null @@ -1,250 +0,0 @@ -# -# Make sure all needed macro's are defined -# - -# -# Get the 'head' of the build environment if necessary. This includes default -# targets and paths to tools -# - -ifndef EnvironmentDefined -include $(AP_WORK)\build\NWGNUhead.inc -endif - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(AP_WORK)/include \ - $(NWOS) \ - $(AP_WORK)/modules/arch/netware \ - $(AP_WORK)/srclib/apr/include \ - $(AP_WORK)/srclib/apr-util/include \ - $(AP_WORK)/srclib/apr \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - -prefix pre_nw.h \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = authzdbm - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = Database Authorization Module - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = AuthzDBM Module - -# -# If this is specified, it will override VERSION value in -# $(AP_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = 8192 - - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = _LibCPrelude - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = _LibCPostlude - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If these are specified it will be used by the link '-flags' directive -# -NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled -# by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(OBJDIR)/authzdbm.nlm \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(OBJDIR)/mod_authz_dbm.o \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - libcpre.o \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - aprlib \ - libc \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override $(NWOS)\copyright.txt. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - @$(APR)/aprlib.imp \ - @$(NWOS)/httpd.imp \ - @libc.imp \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - authz_dbm_module \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(AP_WORK)\build\NWGNUtail.inc - diff --git a/modules/aaa/NWGNUauthzdef b/modules/aaa/NWGNUauthzdef deleted file mode 100644 index d3b914f848..0000000000 --- a/modules/aaa/NWGNUauthzdef +++ /dev/null @@ -1,250 +0,0 @@ -# -# Make sure all needed macro's are defined -# - -# -# Get the 'head' of the build environment if necessary. This includes default -# targets and paths to tools -# - -ifndef EnvironmentDefined -include $(AP_WORK)\build\NWGNUhead.inc -endif - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(AP_WORK)/include \ - $(NWOS) \ - $(AP_WORK)/modules/arch/netware \ - $(AP_WORK)/srclib/apr/include \ - $(AP_WORK)/srclib/apr-util/include \ - $(AP_WORK)/srclib/apr \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - -prefix pre_nw.h \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = authzdef - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = Default Authorization Module - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = Authzdef Module - -# -# If this is specified, it will override VERSION value in -# $(AP_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = 8192 - - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = _LibCPrelude - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = _LibCPostlude - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If these are specified it will be used by the link '-flags' directive -# -NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled -# by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(OBJDIR)/authzdef.nlm \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(OBJDIR)/mod_authz_default.o \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - libcpre.o \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - aprlib \ - libc \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override $(NWOS)\copyright.txt. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - @$(APR)/aprlib.imp \ - @$(NWOS)/httpd.imp \ - @libc.imp \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - authz_default_module \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(AP_WORK)\build\NWGNUtail.inc - diff --git a/modules/aaa/NWGNUauthzgrp b/modules/aaa/NWGNUauthzgrp deleted file mode 100644 index 3b6f97f281..0000000000 --- a/modules/aaa/NWGNUauthzgrp +++ /dev/null @@ -1,250 +0,0 @@ -# -# Make sure all needed macro's are defined -# - -# -# Get the 'head' of the build environment if necessary. This includes default -# targets and paths to tools -# - -ifndef EnvironmentDefined -include $(AP_WORK)\build\NWGNUhead.inc -endif - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(AP_WORK)/include \ - $(NWOS) \ - $(AP_WORK)/modules/arch/netware \ - $(AP_WORK)/srclib/apr/include \ - $(AP_WORK)/srclib/apr-util/include \ - $(AP_WORK)/srclib/apr \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - -prefix pre_nw.h \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = authzgrp - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = Group File Authorization Module - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = AuthzGrp Module - -# -# If this is specified, it will override VERSION value in -# $(AP_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = 8192 - - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = _LibCPrelude - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = _LibCPostlude - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If these are specified it will be used by the link '-flags' directive -# -NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled -# by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(OBJDIR)/authzgrp.nlm \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(OBJDIR)/mod_authz_groupfile.o \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - libcpre.o \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - aprlib \ - libc \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override $(NWOS)\copyright.txt. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - @$(APR)/aprlib.imp \ - @$(NWOS)/httpd.imp \ - @libc.imp \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - authz_groupfile_module \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(AP_WORK)\build\NWGNUtail.inc - diff --git a/modules/aaa/NWGNUauthzusr b/modules/aaa/NWGNUauthzusr deleted file mode 100644 index f4f3a06259..0000000000 --- a/modules/aaa/NWGNUauthzusr +++ /dev/null @@ -1,250 +0,0 @@ -# -# Make sure all needed macro's are defined -# - -# -# Get the 'head' of the build environment if necessary. This includes default -# targets and paths to tools -# - -ifndef EnvironmentDefined -include $(AP_WORK)\build\NWGNUhead.inc -endif - -# -# These directories will be at the beginning of the include list, followed by -# INCDIRS -# -XINCDIRS += \ - $(AP_WORK)/include \ - $(NWOS) \ - $(AP_WORK)/modules/arch/netware \ - $(AP_WORK)/srclib/apr/include \ - $(AP_WORK)/srclib/apr-util/include \ - $(AP_WORK)/srclib/apr \ - $(EOLIST) - -# -# These flags will come after CFLAGS -# -XCFLAGS += \ - -prefix pre_nw.h \ - $(EOLIST) - -# -# These defines will come after DEFINES -# -XDEFINES += \ - $(EOLIST) - -# -# These flags will be added to the link.opt file -# -XLFLAGS += \ - $(EOLIST) - -# -# These values will be appended to the correct variables based on the value of -# RELEASE -# -ifeq "$(RELEASE)" "debug" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "noopt" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -ifeq "$(RELEASE)" "release" -XINCDIRS += \ - $(EOLIST) - -XCFLAGS += \ - $(EOLIST) - -XDEFINES += \ - $(EOLIST) - -XLFLAGS += \ - $(EOLIST) -endif - -# -# These are used by the link target if an NLM is being generated -# This is used by the link 'name' directive to name the nlm. If left blank -# TARGET_nlm (see below) will be used. -# -NLM_NAME = authzusr - -# -# This is used by the link '-desc ' directive. -# If left blank, NLM_NAME will be used. -# -NLM_DESCRIPTION = User Authorization Module - -# -# This is used by the '-threadname' directive. If left blank, -# NLM_NAME Thread will be used. -# -NLM_THREAD_NAME = AuthzUser Module - -# -# If this is specified, it will override VERSION value in -# $(AP_WORK)\build\NWGNUenvironment.inc -# -NLM_VERSION = - -# -# If this is specified, it will override the default of 64K -# -NLM_STACK_SIZE = 8192 - - -# -# If this is specified it will be used by the link '-entry' directive -# -NLM_ENTRY_SYM = _LibCPrelude - -# -# If this is specified it will be used by the link '-exit' directive -# -NLM_EXIT_SYM = _LibCPostlude - -# -# If this is specified it will be used by the link '-check' directive -# -NLM_CHECK_SYM = - -# -# If these are specified it will be used by the link '-flags' directive -# -NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION - -# -# If this is specified it will be linked in with the XDCData option in the def -# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled -# by setting APACHE_UNIPROC in the environment -# -XDCDATA = - -# -# If there is an NLM target, put it here -# -TARGET_nlm = \ - $(OBJDIR)/authzusr.nlm \ - $(EOLIST) - -# -# If there is an LIB target, put it here -# -TARGET_lib = \ - $(EOLIST) - -# -# These are the OBJ files needed to create the NLM target above. -# Paths must all use the '/' character -# -FILES_nlm_objs = \ - $(OBJDIR)/mod_authz_user.o \ - $(EOLIST) - -# -# These are the LIB files needed to create the NLM target above. -# These will be added as a library command in the link.opt file. -# -FILES_nlm_libs = \ - libcpre.o \ - $(EOLIST) - -# -# These are the modules that the above NLM target depends on to load. -# These will be added as a module command in the link.opt file. -# -FILES_nlm_modules = \ - aprlib \ - libc \ - $(EOLIST) - -# -# If the nlm has a msg file, put it's path here -# -FILE_nlm_msg = - -# -# If the nlm has a hlp file put it's path here -# -FILE_nlm_hlp = - -# -# If this is specified, it will override $(NWOS)\copyright.txt. -# -FILE_nlm_copyright = - -# -# Any additional imports go here -# -FILES_nlm_Ximports = \ - @$(APR)/aprlib.imp \ - @$(NWOS)/httpd.imp \ - @libc.imp \ - $(EOLIST) - -# -# Any symbols exported to here -# -FILES_nlm_exports = \ - authz_user_module \ - $(EOLIST) - -# -# These are the OBJ files needed to create the LIB target above. -# Paths must all use the '/' character -# -FILES_lib_objs = \ - $(EOLIST) - -# -# implement targets and dependancies (leave this section alone) -# - -libs :: $(OBJDIR) $(TARGET_lib) - -nlms :: libs $(TARGET_nlm) - -# -# Updated this target to create necessary directories and copy files to the -# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) -# -install :: nlms FORCE - -# -# Any specialized rules here -# - -# -# Include the 'tail' makefile that has targets that depend on variables defined -# in this makefile -# - -include $(AP_WORK)\build\NWGNUtail.inc - diff --git a/modules/aaa/NWGNUauthdigt b/modules/aaa/NWGNUdigest index 4c7d00b5f7..814db9841c 100644 --- a/modules/aaa/NWGNUauthdigt +++ b/modules/aaa/NWGNUdigest @@ -16,7 +16,6 @@ endif # INCDIRS # XINCDIRS += \ - $(AP_WORK)/include \ $(NWOS) \ $(AP_WORK)/modules/arch/netware \ $(AP_WORK)/srclib/apr/include \ @@ -28,7 +27,6 @@ XINCDIRS += \ # These flags will come after CFLAGS # XCFLAGS += \ - -prefix pre_nw.h \ $(EOLIST) # @@ -94,7 +92,7 @@ endif # This is used by the link 'name' directive to name the nlm. If left blank # TARGET_nlm (see below) will be used. # -NLM_NAME = authdigt +NLM_NAME = digest # # This is used by the link '-desc ' directive. @@ -151,7 +149,7 @@ XDCDATA = # If there is an NLM target, put it here # TARGET_nlm = \ - $(OBJDIR)/authdigt.nlm \ + $(OBJDIR)/digest.nlm \ $(EOLIST) # @@ -166,7 +164,6 @@ TARGET_lib = \ # FILES_nlm_objs = \ $(OBJDIR)/mod_auth_digest.o \ - $(OBJDIR)/auth_provider.o \ $(EOLIST) # diff --git a/modules/aaa/NWGNUmakefile b/modules/aaa/NWGNUmakefile index 7a45c0c60d..fc72c7355e 100644 --- a/modules/aaa/NWGNUmakefile +++ b/modules/aaa/NWGNUmakefile @@ -152,16 +152,9 @@ XDCDATA = # If there is an NLM target, put it here # TARGET_nlm = \ - $(OBJDIR)/authbasc.nlm \ - $(OBJDIR)/authdigt.nlm \ - $(OBJDIR)/authnano.nlm \ - $(OBJDIR)/authndbm.nlm \ - $(OBJDIR)/authndef.nlm \ - $(OBJDIR)/authnfil.nlm \ - $(OBJDIR)/authzdbm.nlm \ - $(OBJDIR)/authzdef.nlm \ - $(OBJDIR)/authzgrp.nlm \ - $(OBJDIR)/authzusr.nlm \ + $(OBJDIR)/authanon.nlm \ + $(OBJDIR)/authdbm.nlm \ + $(OBJDIR)/digest.nlm \ $(EOLIST) # diff --git a/modules/aaa/auth_provider.c b/modules/aaa/auth_provider.c deleted file mode 100644 index 25260b5601..0000000000 --- a/modules/aaa/auth_provider.c +++ /dev/null @@ -1,120 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - */ - -#include "apr_pools.h" -#include "apr_hash.h" - -#include "mod_auth.h" - -static apr_hash_t *authn_repos_providers = NULL; -static apr_hash_t *authz_repos_providers = NULL; - -static apr_status_t authn_cleanup_providers(void *ctx) -{ - authn_repos_providers = NULL; - return APR_SUCCESS; -} - -static apr_status_t authz_cleanup_providers(void *ctx) -{ - authz_repos_providers = NULL; - return APR_SUCCESS; -} - -AAA_DECLARE(void) authn_register_provider(apr_pool_t *p, const char *name, - const authn_provider *provider) -{ - if (authn_repos_providers == NULL) { - authn_repos_providers = apr_hash_make(p); - apr_pool_cleanup_register(p, NULL, authn_cleanup_providers, - apr_pool_cleanup_null); - } - - /* just set it. no biggy if it was there before. */ - apr_hash_set(authn_repos_providers, name, APR_HASH_KEY_STRING, provider); -} - -AAA_DECLARE(const authn_provider *) authn_lookup_provider(const char *name) -{ - /* Better watch out against no registered providers */ - if (authn_repos_providers == NULL) { - return NULL; - } - - return apr_hash_get(authn_repos_providers, name, APR_HASH_KEY_STRING); -} - -AAA_DECLARE(void) authz_register_provider(apr_pool_t *p, const char *name, - const authz_provider *provider) -{ - if (authz_repos_providers == NULL) { - authz_repos_providers = apr_hash_make(p); - apr_pool_cleanup_register(p, NULL, authz_cleanup_providers, - apr_pool_cleanup_null); - } - - /* just set it. no biggy if it was there before. */ - apr_hash_set(authz_repos_providers, name, APR_HASH_KEY_STRING, provider); -} - -AAA_DECLARE(const authz_provider *) authz_lookup_provider(const char *name) -{ - /* Better watch out against no registered providers */ - if (authz_repos_providers == NULL) { - return NULL; - } - - return apr_hash_get(authz_repos_providers, name, APR_HASH_KEY_STRING); -} diff --git a/modules/aaa/config.m4 b/modules/aaa/config.m4 index 500623cfb4..525e79d675 100644 --- a/modules/aaa/config.m4 +++ b/modules/aaa/config.m4 @@ -1,50 +1,22 @@ dnl modules enabled in this directory by default -dnl Authentication (authn), Access, and Authorization (authz) - dnl APACHE_MODULE(name, helptext[, objects[, structname[, default[, config]]]]) APACHE_MODPATH_INIT(aaa) -dnl Authentication modules; modules checking a username and password against a -dnl file, database, or other similar magic. -dnl -APACHE_MODULE(authn_file, file-based authentication control, , , yes) -APACHE_MODULE(authn_dbm, DBM-based authentication control, , , most) -APACHE_MODULE(authn_anon, anonymous user authentication control, , , most) - -dnl - and just in case all of the above punt; a default handler to -dnl keep the bad guys out. -APACHE_MODULE(authn_default, authentication backstopper, , , yes) - -dnl Authorization modules: modules which verify a certain property such as -dnl membership of a group, value of the IP address against a list of pre -dnl configured directives (e.g. require, allow) or against an external file -dnl or database. -dnl -APACHE_MODULE(authz_host, host-based authorization control, , , yes) -APACHE_MODULE(authz_groupfile, 'require group' authorization control, , , yes) -APACHE_MODULE(authz_user, 'require user' authorization control, , , yes) -APACHE_MODULE(authz_dbm, DBM-based authorization control, , , most) - -dnl - and just in case all of the above punt; a default handler to -dnl keep the bad guys out. -APACHE_MODULE(authz_default, authorization control backstopper, , , yes) - -dnl these are the front-end authentication modules - -std_auth_provider_objects="auth_provider.lo" +APACHE_MODULE(access, host-based access control, , , yes) +APACHE_MODULE(auth, user-based access control, , , yes) +APACHE_MODULE(auth_anon, anonymous user access, , , most) +APACHE_MODULE(auth_dbm, DBM-based access databases, , , most) -APACHE_MODULE(auth_basic, basic authentication, - mod_auth_basic.lo $std_auth_provider_objects, , yes) -APACHE_MODULE(auth_digest, RFC2617 Digest authentication, - mod_auth_digest.lo $std_auth_provider_objects , , most, [ +APACHE_MODULE(auth_digest, RFC2617 Digest authentication, , , most, [ ap_old_cppflags=$CPPFLAGS CPPFLAGS="$CPPFLAGS -I$APR_SOURCE_DIR/include -I$abs_builddir/srclib/apr/include" - AC_TRY_COMPILE([#include <apr.h>], [ -#if !APR_HAS_RANDOM -#error You need APR random support to use mod_auth_digest. -#endif], , enable_auth_digest=no) + AC_TRY_COMPILE([#include <apr.h>], + [#if !APR_HAS_RANDOM + #error You need APR random support to use auth_digest. + #endif],, + enable_auth_digest=no) CPPFLAGS=$ap_old_cppflags ]) diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_access.c index 5e15d9cc1f..af377aa6c2 100644 --- a/modules/aaa/mod_authz_host.c +++ b/modules/aaa/mod_access.c @@ -65,7 +65,7 @@ #include "apr_strings.h" #include "apr_network_io.h" -#include "apr_md5.h" +#include "apr_lib.h" #define APR_WANT_STRFUNC #define APR_WANT_BYTEFUNC @@ -108,15 +108,15 @@ typedef struct { int order[METHODS]; apr_array_header_t *allows; apr_array_header_t *denys; -} authz_host_dir_conf; +} access_dir_conf; -module AP_MODULE_DECLARE_DATA authz_host_module; +module AP_MODULE_DECLARE_DATA access_module; -static void *create_authz_host_dir_config(apr_pool_t *p, char *dummy) +static void *create_access_dir_config(apr_pool_t *p, char *dummy) { int i; - authz_host_dir_conf *conf = - (authz_host_dir_conf *)apr_pcalloc(p, sizeof(authz_host_dir_conf)); + access_dir_conf *conf = + (access_dir_conf *)apr_pcalloc(p, sizeof(access_dir_conf)); for (i = 0; i < METHODS; ++i) { conf->order[i] = DENY_THEN_ALLOW; @@ -129,21 +129,21 @@ static void *create_authz_host_dir_config(apr_pool_t *p, char *dummy) static const char *order(cmd_parms *cmd, void *dv, const char *arg) { - authz_host_dir_conf *d = (authz_host_dir_conf *) dv; + access_dir_conf *d = (access_dir_conf *) dv; int i, o; if (!strcasecmp(arg, "allow,deny")) - o = ALLOW_THEN_DENY; + o = ALLOW_THEN_DENY; else if (!strcasecmp(arg, "deny,allow")) - o = DENY_THEN_ALLOW; + o = DENY_THEN_ALLOW; else if (!strcasecmp(arg, "mutual-failure")) - o = MUTUAL_FAILURE; + o = MUTUAL_FAILURE; else - return "unknown order"; + return "unknown order"; for (i = 0; i < METHODS; ++i) - if (cmd->limited & (AP_METHOD_BIT << i)) - d->order[i] = o; + if (cmd->limited & (AP_METHOD_BIT << i)) + d->order[i] = o; return NULL; } @@ -151,7 +151,7 @@ static const char *order(cmd_parms *cmd, void *dv, const char *arg) static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from, const char *where_c) { - authz_host_dir_conf *d = (authz_host_dir_conf *) dv; + access_dir_conf *d = (access_dir_conf *) dv; allowdeny *a; char *where = apr_pstrdup(cmd->pool, where_c); char *s; @@ -159,19 +159,19 @@ static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from, apr_status_t rv; if (strcasecmp(from, "from")) - return "allow and deny must be followed by 'from'"; + return "allow and deny must be followed by 'from'"; a = (allowdeny *) apr_array_push(cmd->info ? d->allows : d->denys); a->x.from = where; a->limited = cmd->limited; if (!strncasecmp(where, "env=", 4)) { - a->type = T_ENV; - a->x.from += 4; + a->type = T_ENV; + a->x.from += 4; } else if (!strcasecmp(where, "all")) { - a->type = T_ALL; + a->type = T_ALL; } else if ((s = strchr(where, '/'))) { *s++ = '\0'; @@ -194,7 +194,7 @@ static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from, a->type = T_IP; } else { /* no slash, didn't look like an IP address => must be a host */ - a->type = T_HOST; + a->type = T_HOST; } return NULL; @@ -202,7 +202,7 @@ static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from, static char its_an_allow; -static const command_rec authz_host_cmds[] = +static const command_rec access_cmds[] = { AP_INIT_TAKE1("order", order, NULL, OR_LIMIT, "'allow,deny', 'deny,allow', or 'mutual-failure'"), @@ -219,25 +219,21 @@ static int in_domain(const char *domain, const char *what) int wl = strlen(what); if ((wl - dl) >= 0) { - if (strcasecmp(domain, &what[wl - dl]) != 0) { - return 0; - } - - /* Make sure we matched an *entire* subdomain --- if the user - * said 'allow from good.com', we don't want people from nogood.com - * to be able to get in. - */ - - if (wl == dl) { - return 1; /* matched whole thing */ - } - else { - return (domain[0] == '.' || what[wl - dl - 1] == '.'); - } - } - else { - return 0; + if (strcasecmp(domain, &what[wl - dl]) != 0) + return 0; + + /* Make sure we matched an *entire* subdomain --- if the user + * said 'allow from good.com', we don't want people from nogood.com + * to be able to get in. + */ + + if (wl == dl) + return 1; /* matched whole thing */ + else + return (domain[0] == '.' || what[wl - dl - 1] == '.'); } + else + return 0; } static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method) @@ -250,52 +246,46 @@ static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method) const char *remotehost = NULL; for (i = 0; i < a->nelts; ++i) { - if (!(mmask & ap[i].limited)) { - continue; - } + if (!(mmask & ap[i].limited)) + continue; - switch (ap[i].type) { - case T_ENV: - if (apr_table_get(r->subprocess_env, ap[i].x.from)) { - return 1; - } - break; + switch (ap[i].type) { + case T_ENV: + if (apr_table_get(r->subprocess_env, ap[i].x.from)) { + return 1; + } + break; - case T_ALL: - return 1; + case T_ALL: + return 1; - case T_IP: + case T_IP: if (apr_ipsubnet_test(ap[i].x.ip, r->connection->remote_addr)) { return 1; } break; - case T_HOST: - if (!gothost) { + case T_HOST: + if (!gothost) { int remotehost_is_ip; - remotehost = ap_get_remote_host(r->connection, - r->per_dir_config, - REMOTE_DOUBLE_REV, - &remotehost_is_ip); - - if ((remotehost == NULL) || remotehost_is_ip) { - gothost = 1; - } - else { - gothost = 2; - } - } + remotehost = ap_get_remote_host(r->connection, r->per_dir_config, + REMOTE_DOUBLE_REV, &remotehost_is_ip); - if ((gothost == 2) && in_domain(ap[i].x.from, remotehost)) { - return 1; - } - break; + if ((remotehost == NULL) || remotehost_is_ip) + gothost = 1; + else + gothost = 2; + } - case T_FAIL: - /* do nothing? */ - break; - } + if ((gothost == 2) && in_domain(ap[i].x.from, remotehost)) + return 1; + break; + + case T_FAIL: + /* do nothing? */ + break; + } } return 0; @@ -305,34 +295,28 @@ static int check_dir_access(request_rec *r) { int method = r->method_number; int ret = OK; - authz_host_dir_conf *a = (authz_host_dir_conf *) - ap_get_module_config(r->per_dir_config, &authz_host_module); + access_dir_conf *a = (access_dir_conf *) + ap_get_module_config(r->per_dir_config, &access_module); if (a->order[method] == ALLOW_THEN_DENY) { ret = HTTP_FORBIDDEN; - if (find_allowdeny(r, a->allows, method)) { + if (find_allowdeny(r, a->allows, method)) ret = OK; - } - if (find_allowdeny(r, a->denys, method)) { + if (find_allowdeny(r, a->denys, method)) ret = HTTP_FORBIDDEN; - } } else if (a->order[method] == DENY_THEN_ALLOW) { - if (find_allowdeny(r, a->denys, method)) { + if (find_allowdeny(r, a->denys, method)) ret = HTTP_FORBIDDEN; - } - if (find_allowdeny(r, a->allows, method)) { + if (find_allowdeny(r, a->allows, method)) ret = OK; - } } else { if (find_allowdeny(r, a->allows, method) - && !find_allowdeny(r, a->denys, method)) { + && !find_allowdeny(r, a->denys, method)) ret = OK; - } - else { + else ret = HTTP_FORBIDDEN; - } } if (ret == HTTP_FORBIDDEN @@ -347,17 +331,16 @@ static int check_dir_access(request_rec *r) static void register_hooks(apr_pool_t *p) { - /* This can be access checker since we don't require r->user to be set. */ ap_hook_access_checker(check_dir_access,NULL,NULL,APR_HOOK_MIDDLE); } -module AP_MODULE_DECLARE_DATA authz_host_module = +module AP_MODULE_DECLARE_DATA access_module = { STANDARD20_MODULE_STUFF, - create_authz_host_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authz_host_cmds, - register_hooks /* register hooks */ + create_access_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + access_cmds, + register_hooks /* register hooks */ }; diff --git a/modules/aaa/mod_authz_dbm.dsp b/modules/aaa/mod_access.dsp index 833e7aecd3..ee1118b356 100644 --- a/modules/aaa/mod_authz_dbm.dsp +++ b/modules/aaa/mod_access.dsp @@ -1,24 +1,24 @@ -# Microsoft Developer Studio Project File - Name="mod_authz_dbm" - Package Owner=<4> +# Microsoft Developer Studio Project File - Name="mod_access" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 -CFG=mod_authz_dbm - Win32 Debug +CFG=mod_access - Win32 Release !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE -!MESSAGE NMAKE /f "mod_authz_dbm.mak". +!MESSAGE NMAKE /f "mod_access.mak". !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "mod_authz_dbm.mak" CFG="mod_authz_dbm - Win32 Debug" +!MESSAGE NMAKE /f "mod_access.mak" CFG="mod_access - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE -!MESSAGE "mod_authz_dbm - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authz_dbm - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_access - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_access - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE # Begin Project @@ -29,7 +29,7 @@ CPP=cl.exe MTL=midl.exe RSC=rc.exe -!IF "$(CFG)" == "mod_authz_dbm - Win32 Release" +!IF "$(CFG)" == "mod_access - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 @@ -43,19 +43,19 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authz_dbm" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_access" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_dbm -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_dbm +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access -!ELSEIF "$(CFG)" == "mod_authz_dbm - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_access - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 @@ -69,55 +69,55 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authz_dbm" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_access" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_dbm -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_dbm +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access !ENDIF # Begin Target -# Name "mod_authz_dbm - Win32 Release" -# Name "mod_authz_dbm - Win32 Debug" +# Name "mod_access - Win32 Release" +# Name "mod_access - Win32 Debug" # Begin Source File -SOURCE=.\mod_authz_dbm.c +SOURCE=.\mod_access.c # End Source File # Begin Source File -SOURCE=.\mod_authz_dbm.rc +SOURCE=.\mod_access.rc # End Source File # Begin Source File SOURCE=..\..\build\win32\win32ver.awk -!IF "$(CFG)" == "mod_authz_dbm - Win32 Release" +!IF "$(CFG)" == "mod_access - Win32 Release" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authz_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_dbm "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_dbm.rc +".\mod_access.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_access "access_module for Apache" ../../include/ap_release.h > .\mod_access.rc # End Custom Build -!ELSEIF "$(CFG)" == "mod_authz_dbm - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_access - Win32 Debug" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authz_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_dbm "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_dbm.rc +".\mod_access.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_access "access_module for Apache" ../../include/ap_release.h > .\mod_access.rc # End Custom Build diff --git a/modules/aaa/mod_access.exp b/modules/aaa/mod_access.exp new file mode 100644 index 0000000000..f8aff339da --- /dev/null +++ b/modules/aaa/mod_access.exp @@ -0,0 +1 @@ +access_module diff --git a/modules/aaa/mod_auth.c b/modules/aaa/mod_auth.c new file mode 100644 index 0000000000..ed349bd22b --- /dev/null +++ b/modules/aaa/mod_auth.c @@ -0,0 +1,356 @@ +/* ==================================================================== + * The Apache Software License, Version 1.1 + * + * Copyright (c) 2000-2002 The Apache Software Foundation. All rights + * reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The end-user documentation included with the redistribution, + * if any, must include the following acknowledgment: + * "This product includes software developed by the + * Apache Software Foundation (http://www.apache.org/)." + * Alternately, this acknowledgment may appear in the software itself, + * if and wherever such third-party acknowledgments normally appear. + * + * 4. The names "Apache" and "Apache Software Foundation" must + * not be used to endorse or promote products derived from this + * software without prior written permission. For written + * permission, please contact apache@apache.org. + * + * 5. Products derived from this software may not be called "Apache", + * nor may "Apache" appear in their name, without prior written + * permission of the Apache Software Foundation. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * ==================================================================== + * + * This software consists of voluntary contributions made by many + * individuals on behalf of the Apache Software Foundation. For more + * information on the Apache Software Foundation, please see + * <http://www.apache.org/>. + * + * Portions of this software are based upon public domain software + * originally written at the National Center for Supercomputing Applications, + * University of Illinois, Urbana-Champaign. + */ + +/* + * http_auth: authentication + * + * Rob McCool + * + * Adapted to Apache by rst. + * + * dirkx - Added Authoritative control to allow passing on to lower + * modules if and only if the userid is not known to this + * module. A known user with a faulty or absent password still + * causes an AuthRequired. The default is 'Authoritative', i.e. + * no control is passed along. + */ + +#include "apr_strings.h" +#include "apr_md5.h" /* for apr_password_validate */ + +#include "ap_config.h" +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_log.h" +#include "http_protocol.h" +#include "http_request.h" + + +typedef struct { + char *auth_pwfile; + char *auth_grpfile; + int auth_authoritative; +} auth_config_rec; + +static void *create_auth_dir_config(apr_pool_t *p, char *d) +{ + auth_config_rec *conf = apr_palloc(p, sizeof(*conf)); + + conf->auth_pwfile = NULL; /* just to illustrate the default really */ + conf->auth_grpfile = NULL; /* unless you have a broken HP cc */ + conf->auth_authoritative = 1; /* keep the fortress secure by default */ + return conf; +} + +static const char *set_auth_slot(cmd_parms *cmd, void *offset, const char *f, + const char *t) +{ + if (t && strcmp(t, "standard")) { + return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); + } + + return ap_set_file_slot(cmd, offset, f); +} + +static const command_rec auth_cmds[] = +{ + AP_INIT_TAKE12("AuthUserFile", set_auth_slot, + (void *)APR_OFFSETOF(auth_config_rec, auth_pwfile), + OR_AUTHCFG, "text file containing user IDs and passwords"), + AP_INIT_TAKE12("AuthGroupFile", set_auth_slot, + (void *)APR_OFFSETOF(auth_config_rec, auth_grpfile), + OR_AUTHCFG, + "text file containing group names and member user IDs"), + AP_INIT_FLAG("AuthAuthoritative", ap_set_flag_slot, + (void *)APR_OFFSETOF(auth_config_rec, auth_authoritative), + OR_AUTHCFG, + "Set to 'no' to allow access control to be passed along to " + "lower modules if the UserID is not known to this module"), + {NULL} +}; + +module AP_MODULE_DECLARE_DATA auth_module; + +static char *get_pw(request_rec *r, char *user, char *auth_pwfile) +{ + ap_configfile_t *f; + char l[MAX_STRING_LEN]; + const char *rpw, *w; + apr_status_t status; + + if ((status = ap_pcfg_openfile(&f, r->pool, auth_pwfile)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, + "Could not open password file: %s", auth_pwfile); + return NULL; + } + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + rpw = l; + w = ap_getword(r->pool, &rpw, ':'); + + if (!strcmp(user, w)) { + ap_cfg_closefile(f); + return ap_getword(r->pool, &rpw, ':'); + } + } + ap_cfg_closefile(f); + return NULL; +} + +static apr_table_t *groups_for_user(apr_pool_t *p, char *user, char *grpfile) +{ + ap_configfile_t *f; + apr_table_t *grps = apr_table_make(p, 15); + apr_pool_t *sp; + char l[MAX_STRING_LEN]; + const char *group_name, *ll, *w; + apr_status_t status; + + if ((status = ap_pcfg_openfile(&f, p, grpfile)) != APR_SUCCESS) { +/*add? aplog_error(APLOG_MARK, APLOG_ERR, NULL, + "Could not open group file: %s", grpfile);*/ + return NULL; + } + + apr_pool_create(&sp, p); + + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + ll = l; + apr_pool_clear(sp); + + group_name = ap_getword(sp, &ll, ':'); + + while (ll[0]) { + w = ap_getword_conf(sp, &ll); + if (!strcmp(w, user)) { + apr_table_setn(grps, apr_pstrdup(p, group_name), "in"); + break; + } + } + } + ap_cfg_closefile(f); + apr_pool_destroy(sp); + return grps; +} + +/* These functions return 0 if client is OK, and proper error status + * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or + * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we + * couldn't figure out how to tell if the client is authorized or not. + * + * If they return DECLINED, and all other modules also decline, that's + * treated by the server core as a configuration error, logged and + * reported as such. + */ + +/* Determine user ID, and check if it really is that user, for HTTP + * basic authentication... + */ + +static int authenticate_basic_user(request_rec *r) +{ + auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_module); + const char *sent_pw; + char *real_pw; + apr_status_t invalid_pw; + int res; + + if ((res = ap_get_basic_auth_pw(r, &sent_pw))) { + return res; + } + + if (!conf->auth_pwfile) { + return DECLINED; + } + + if (!(real_pw = get_pw(r, r->user, conf->auth_pwfile))) { + if (!(conf->auth_authoritative)) { + return DECLINED; + } + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s not found: %s", r->user, r->uri); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + invalid_pw = apr_password_validate(sent_pw, real_pw); + if (invalid_pw != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s: authentication failure for \"%s\": " + "Password Mismatch", + r->user, r->uri); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + return OK; +} + +/* Checking ID */ + +static int check_user_access(request_rec *r) +{ + auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_module); + char *user = r->user; + int m = r->method_number; + int method_restricted = 0; + register int x; + const char *t, *w; + apr_table_t *grpstatus; + const apr_array_header_t *reqs_arr = ap_requires(r); + require_line *reqs; + + /* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive, + * then any user will do. + */ + if (!reqs_arr) { + return OK; + } + reqs = (require_line *)reqs_arr->elts; + + if (conf->auth_grpfile) { + grpstatus = groups_for_user(r->pool, user, conf->auth_grpfile); + } + else { + grpstatus = NULL; + } + + for (x = 0; x < reqs_arr->nelts; x++) { + + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { + continue; + } + + method_restricted = 1; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + if (!strcmp(w, "valid-user")) { + return OK; + } + if (!strcmp(w, "user")) { + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (!strcmp(user, w)) { + return OK; + } + } + } + else if (!strcmp(w, "group")) { + if (!grpstatus) { + return DECLINED; /* DBM group? Something else? */ + } + + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (apr_table_get(grpstatus, w)) { + return OK; + } + } + } + else if (conf->auth_authoritative) { + /* if we aren't authoritative, any require directive could be + * valid even if we don't grok it. However, if we are + * authoritative, we can warn the user they did something wrong. + * That something could be a missing "AuthAuthoritative off", but + * more likely is a typo in the require directive. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: unknown require " + "directive:\"%s\"", r->uri, reqs[x].requirement); + } + } + + if (!method_restricted) { + return OK; + } + + if (!(conf->auth_authoritative)) { + return DECLINED; + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: user %s not allowed access", + r->uri, user); + + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; +} + +static void register_hooks(apr_pool_t *p) +{ + ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); + ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA auth_module = +{ + STANDARD20_MODULE_STUFF, + create_auth_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + auth_cmds, /* command apr_table_t */ + register_hooks /* register hooks */ +}; diff --git a/modules/aaa/mod_authn_file.dsp b/modules/aaa/mod_auth.dsp index 77cd417305..b2d6863ce9 100644 --- a/modules/aaa/mod_authn_file.dsp +++ b/modules/aaa/mod_auth.dsp @@ -1,24 +1,24 @@ -# Microsoft Developer Studio Project File - Name="mod_authn_file" - Package Owner=<4> +# Microsoft Developer Studio Project File - Name="mod_auth" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 -CFG=mod_authn_file - Win32 Debug +CFG=mod_auth - Win32 Release !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE -!MESSAGE NMAKE /f "mod_authn_file.mak". +!MESSAGE NMAKE /f "mod_auth.mak". !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "mod_authn_file.mak" CFG="mod_authn_file - Win32 Debug" +!MESSAGE NMAKE /f "mod_auth.mak" CFG="mod_auth - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE -!MESSAGE "mod_authn_file - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authn_file - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE # Begin Project @@ -29,7 +29,7 @@ CPP=cl.exe MTL=midl.exe RSC=rc.exe -!IF "$(CFG)" == "mod_authn_file - Win32 Release" +!IF "$(CFG)" == "mod_auth - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 @@ -43,19 +43,19 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authn_file" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_file.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_file -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_file.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_file +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth -!ELSEIF "$(CFG)" == "mod_authn_file - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_auth - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 @@ -69,55 +69,55 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authn_file" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_file.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_file -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_file.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_file +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth !ENDIF # Begin Target -# Name "mod_authn_file - Win32 Release" -# Name "mod_authn_file - Win32 Debug" +# Name "mod_auth - Win32 Release" +# Name "mod_auth - Win32 Debug" # Begin Source File -SOURCE=.\mod_authn_file.c +SOURCE=.\mod_auth.c # End Source File # Begin Source File -SOURCE=.\mod_authn_file.rc +SOURCE=.\mod_auth.rc # End Source File # Begin Source File SOURCE=..\..\build\win32\win32ver.awk -!IF "$(CFG)" == "mod_authn_file - Win32 Release" +!IF "$(CFG)" == "mod_auth - Win32 Release" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authn_file.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_file "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_file.rc +".\mod_auth.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth "auth_module for Apache" ../../include/ap_release.h > .\mod_auth.rc # End Custom Build -!ELSEIF "$(CFG)" == "mod_authn_file - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_auth - Win32 Debug" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authn_file.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_file "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_file.rc +".\mod_auth.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth "auth_module for Apache" ../../include/ap_release.h > .\mod_auth.rc # End Custom Build diff --git a/modules/aaa/mod_auth.exp b/modules/aaa/mod_auth.exp new file mode 100644 index 0000000000..76adad0a66 --- /dev/null +++ b/modules/aaa/mod_auth.exp @@ -0,0 +1 @@ +auth_module diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h deleted file mode 100644 index f7fe064c1f..0000000000 --- a/modules/aaa/mod_auth.h +++ /dev/null @@ -1,125 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - */ - -#ifndef APACHE_MOD_AUTH_H -#define APACHE_MOD_AUTH_H - -#include "apr_pools.h" -#include "apr_hash.h" - -#include "httpd.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* Create a set of AAA_DECLARE(type) and AAA_DECLARE_DATA with - * appropriate export and import tags for the platform - */ -#if !defined(WIN32) -#define AAA_DECLARE(type) type -#define AAA_DECLARE_DATA -#elif defined(AAA_DECLARE_STATIC) -#define AAA_DECLARE(type) type __stdcall -#define AAA_DECLARE_DATA -#elif defined(AAA_DECLARE_EXPORT) -#define AAA_DECLARE(type) __declspec(dllexport) type __stdcall -#define AAA_DECLARE_DATA __declspec(dllexport) -#else -#define AAA_DECLARE(type) __declspec(dllimport) type __stdcall -#define AAA_DECLARE_DATA __declspec(dllimport) -#endif - -#define AUTHN_DEFAULT_PROVIDER "file" - -typedef enum { - AUTH_DENIED, - AUTH_GRANTED, - AUTH_USER_FOUND, - AUTH_USER_NOT_FOUND, - AUTH_GENERAL_ERROR -} authn_status; - -typedef struct { - /* Given a username and password, expected to return AUTH_GRANTED - * if we can validate this user/password combination. - */ - authn_status (*check_password)(request_rec *r, const char *user, - const char *password); - - /* Given a user and realm, expected to return AUTH_USER_FOUND if we - * can find a md5 hash of 'user:realm:password' - */ - authn_status (*get_realm_hash)(request_rec *r, const char *user, - const char *realm, char **rethash); -} authn_provider; - -AAA_DECLARE(void) authn_register_provider(apr_pool_t *p, const char *name, - const authn_provider *provider); -AAA_DECLARE(const authn_provider *) authn_lookup_provider(const char *name); - -typedef struct { - /* For a given user, return a hash of all groups the user belongs to. */ - apr_hash_t * (*get_user_groups)(request_rec *r, const char *user); -} authz_provider; - -AAA_DECLARE(void) authz_register_provider(apr_pool_t *p, const char *name, - const authz_provider *provider); -AAA_DECLARE(const authz_provider *) authz_lookup_provider(const char *name); -#ifdef __cplusplus -} -#endif - -#endif diff --git a/modules/aaa/mod_authn_anon.c b/modules/aaa/mod_auth_anon.c index 28c1c81db9..0726e9f295 100644 --- a/modules/aaa/mod_authn_anon.c +++ b/modules/aaa/mod_auth_anon.c @@ -106,87 +106,85 @@ #include "http_request.h" #include "http_protocol.h" -typedef struct anon_auth_pw { +typedef struct anon_auth { char *password; - struct anon_auth_pw *next; -} anon_auth_pw; + struct anon_auth *next; +} anon_auth; typedef struct { - anon_auth_pw *passwords; - int nouserid; - int logemail; - int verifyemail; - int mustemail; - int authoritative; -} authn_anon_config_rec; + anon_auth *anon_auth_passwords; + int anon_auth_nouserid; + int anon_auth_logemail; + int anon_auth_verifyemail; + int anon_auth_mustemail; + int anon_auth_authoritative; +} anon_auth_config_rec; -static void *create_authn_anon_dir_config(apr_pool_t *p, char *d) +static void *create_anon_auth_dir_config(apr_pool_t *p, char *d) { - authn_anon_config_rec *conf = apr_palloc(p, sizeof(*conf)); + anon_auth_config_rec *conf = apr_palloc(p, sizeof(*conf)); /* just to illustrate the defaults really. */ - conf->passwords = NULL; + conf->anon_auth_passwords = NULL; - conf->nouserid = 0; - conf->logemail = 1; - conf->verifyemail = 0; - conf->mustemail = 1; - conf->authoritative = 0; + conf->anon_auth_nouserid = 0; + conf->anon_auth_logemail = 1; + conf->anon_auth_verifyemail = 0; + conf->anon_auth_mustemail = 1; + conf->anon_auth_authoritative = 0; return conf; } static const char *anon_set_string_slots(cmd_parms *cmd, void *my_config, const char *arg) { - authn_anon_config_rec *conf = my_config; - anon_auth_pw *first; + anon_auth_config_rec *conf = my_config; + anon_auth *first; - if (!(*arg)) { - return "Anonymous string cannot be empty, use Anonymous_NoUserId"; - } + if (!(*arg)) + return "Anonymous string cannot be empty, use Anonymous_NoUserId instead"; /* squeeze in a record */ - first = conf->passwords; + first = conf->anon_auth_passwords; - if (!(conf->passwords = apr_palloc(cmd->pool, sizeof(anon_auth_pw))) || - !(conf->passwords->password = apr_pstrdup(cmd->pool, arg))) { - return "Failed to claim memory for an anonymous password..."; - } + if (!(conf->anon_auth_passwords = apr_palloc(cmd->pool, sizeof(anon_auth))) || + !(conf->anon_auth_passwords->password = apr_pstrdup(cmd->pool, arg))) + return "Failed to claim memory for an anonymous password..."; /* and repair the next */ - conf->passwords->next = first; + conf->anon_auth_passwords->next = first; return NULL; } -static const command_rec authn_anon_cmds[] = +static const command_rec anon_auth_cmds[] = { AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG, "a space-separated list of user IDs"), AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_anon_config_rec, mustemail), + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_mustemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_anon_config_rec, nouserid), + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_nouserid), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_anon_config_rec, verifyemail), + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_verifyemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_anon_config_rec, logemail), + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_logemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_Authoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_anon_config_rec, authoritative), + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_authoritative), OR_AUTHCFG, "Limited to 'on' or 'off'"), {NULL} }; -module AP_MODULE_DECLARE_DATA authn_anon_module; +module AP_MODULE_DECLARE_DATA auth_anon_module; static int anon_authenticate_basic_user(request_rec *r) { - authn_anon_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authn_anon_module); + anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_anon_module); const char *sent_pw; int res = DECLINED; @@ -195,18 +193,18 @@ static int anon_authenticate_basic_user(request_rec *r) } /* Ignore if we are not configured */ - if (!conf->passwords) { + if (!conf->anon_auth_passwords) { return DECLINED; } /* Do we allow an empty userID and/or is it the magic one */ - if ((!(r->user[0])) && (conf->nouserid)) { + if ((!(r->user[0])) && (conf->anon_auth_nouserid)) { res = OK; } else { - anon_auth_pw *p = conf->passwords; + anon_auth *p = conf->anon_auth_passwords; res = DECLINED; while ((res == DECLINED) && (p != NULL)) { if (!(strcasecmp(r->user, p->password))) { @@ -215,13 +213,16 @@ static int anon_authenticate_basic_user(request_rec *r) p = p->next; } } - /* Is username is OK and password been filled out (if required) */ - if ((res == OK) && ((!conf->mustemail) || strlen(sent_pw)) && + if ( + /* username is OK */ + (res == OK) + /* password been filled out ? */ + && ((!conf->anon_auth_mustemail) || strlen(sent_pw)) /* does the password look like an email address ? */ - ((!conf->verifyemail) || - ((strpbrk("@", sent_pw) != NULL) && - (strpbrk(".", sent_pw) != NULL)))) { - if (conf->logemail && ap_is_initial_req(r)) { + && ((!conf->anon_auth_verifyemail) + || ((strpbrk("@", sent_pw) != NULL) + && (strpbrk(".", sent_pw) != NULL)))) { + if (conf->anon_auth_logemail && ap_is_initial_req(r)) { ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r, "Anonymous: Passwd <%s> Accepted", sent_pw ? sent_pw : "\'none\'"); @@ -229,7 +230,7 @@ static int anon_authenticate_basic_user(request_rec *r) return OK; } else { - if (conf->authoritative) { + if (conf->anon_auth_authoritative) { ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, "Anonymous: Authoritative, Passwd <%s> not accepted", sent_pw ? sent_pw : "\'none\'"); @@ -241,18 +242,39 @@ static int anon_authenticate_basic_user(request_rec *r) return DECLINED; } +static int check_anon_access(request_rec *r) +{ +#ifdef NOTYET + conn_rec *c = r->connection; + anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_anon_module); + + if (!conf->anon_auth) { + return DECLINED; + } + + if (strcasecmp(r->connection->user, conf->anon_auth)) { + return DECLINED; + } + + return OK; +#endif + return DECLINED; +} + static void register_hooks(apr_pool_t *p) { ap_hook_check_user_id(anon_authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); + ap_hook_auth_checker(check_anon_access,NULL,NULL,APR_HOOK_MIDDLE); } -module AP_MODULE_DECLARE_DATA authn_anon_module = +module AP_MODULE_DECLARE_DATA auth_anon_module = { STANDARD20_MODULE_STUFF, - create_authn_anon_dir_config, /* dir config creater */ - NULL, /* dir merger ensure strictness */ - NULL, /* server config */ - NULL, /* merge server config */ - authn_anon_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ + create_anon_auth_dir_config, /* dir config creater */ + NULL, /* dir merger ensure strictness */ + NULL, /* server config */ + NULL, /* merge server config */ + anon_auth_cmds, /* command apr_table_t */ + register_hooks /* register hooks */ }; diff --git a/modules/aaa/mod_authn_dbm.dsp b/modules/aaa/mod_auth_anon.dsp index dc6558fe2a..9f2cd2d355 100644 --- a/modules/aaa/mod_authn_dbm.dsp +++ b/modules/aaa/mod_auth_anon.dsp @@ -1,24 +1,24 @@ -# Microsoft Developer Studio Project File - Name="mod_authn_dbm" - Package Owner=<4> +# Microsoft Developer Studio Project File - Name="mod_auth_anon" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 -CFG=mod_authn_dbm - Win32 Debug +CFG=mod_auth_anon - Win32 Release !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE -!MESSAGE NMAKE /f "mod_authn_dbm.mak". +!MESSAGE NMAKE /f "mod_auth_anon.mak". !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "mod_authn_dbm.mak" CFG="mod_authn_dbm - Win32 Debug" +!MESSAGE NMAKE /f "mod_auth_anon.mak" CFG="mod_auth_anon - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE -!MESSAGE "mod_authn_dbm - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authn_dbm - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth_anon - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth_anon - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE # Begin Project @@ -29,7 +29,7 @@ CPP=cl.exe MTL=midl.exe RSC=rc.exe -!IF "$(CFG)" == "mod_authn_dbm - Win32 Release" +!IF "$(CFG)" == "mod_auth_anon - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 @@ -43,19 +43,19 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authn_dbm" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth_anon" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_dbm -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_dbm +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon -!ELSEIF "$(CFG)" == "mod_authn_dbm - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_auth_anon - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 @@ -69,55 +69,55 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authn_dbm" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth_anon" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_dbm -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_dbm +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon !ENDIF # Begin Target -# Name "mod_authn_dbm - Win32 Release" -# Name "mod_authn_dbm - Win32 Debug" +# Name "mod_auth_anon - Win32 Release" +# Name "mod_auth_anon - Win32 Debug" # Begin Source File -SOURCE=.\mod_authn_dbm.c +SOURCE=.\mod_auth_anon.c # End Source File # Begin Source File -SOURCE=.\mod_authn_dbm.rc +SOURCE=.\mod_auth_anon.rc # End Source File # Begin Source File SOURCE=..\..\build\win32\win32ver.awk -!IF "$(CFG)" == "mod_authn_dbm - Win32 Release" +!IF "$(CFG)" == "mod_auth_anon - Win32 Release" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authn_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_dbm "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_dbm.rc +".\mod_auth_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_anon "auth_anon_module for Apache" ../../include/ap_release.h > .\mod_auth_anon.rc # End Custom Build -!ELSEIF "$(CFG)" == "mod_authn_dbm - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_auth_anon - Win32 Debug" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authn_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_dbm "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_dbm.rc +".\mod_auth_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_anon "auth_anon_module for Apache" ../../include/ap_release.h > .\mod_auth_anon.rc # End Custom Build diff --git a/modules/aaa/mod_auth_anon.exp b/modules/aaa/mod_auth_anon.exp new file mode 100644 index 0000000000..63282532a9 --- /dev/null +++ b/modules/aaa/mod_auth_anon.exp @@ -0,0 +1 @@ +auth_anon_module diff --git a/modules/aaa/mod_auth_basic.c b/modules/aaa/mod_auth_basic.c deleted file mode 100644 index 3f76418a36..0000000000 --- a/modules/aaa/mod_auth_basic.c +++ /dev/null @@ -1,300 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -#include "apr_strings.h" -#include "apr_md5.h" /* for apr_password_validate */ -#include "apr_lib.h" /* for apr_isspace */ -#include "apr_base64.h" /* for apr_base64_decode et al */ -#define APR_WANT_STRFUNC /* for strcasecmp */ -#include "apr_want.h" - -#include "ap_config.h" -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" - -#include "mod_auth.h" - -typedef struct { - const char *provider_name; - const authn_provider *provider; - char *dir; - int authoritative; -} auth_basic_config_rec; - -static void *create_auth_basic_dir_config(apr_pool_t *p, char *d) -{ - auth_basic_config_rec *conf = apr_pcalloc(p, sizeof(*conf)); - - conf->dir = d; - /* Any failures are fatal. */ - conf->authoritative = 1; - - return conf; -} - -static const char *add_authn_provider(cmd_parms *cmd, void *config, - const char *arg) -{ - auth_basic_config_rec *conf = (auth_basic_config_rec*)config; - - if (strcasecmp(arg, "on") == 0) { - conf->provider_name = AUTHN_DEFAULT_PROVIDER; - } - else if (strcasecmp(arg, "off") == 0) { - conf->provider_name = NULL; - conf->provider = NULL; - } - else { - conf->provider_name = apr_pstrdup(cmd->pool, arg); - } - - if (conf->provider_name != NULL) { - /* lookup and cache the actual provider now */ - conf->provider = authn_lookup_provider(conf->provider_name); - - if (conf->provider == NULL) { - /* by the time they use it, the provider should be loaded and - registered with us. */ - return apr_psprintf(cmd->pool, - "Unknown Authn provider: %s", - conf->provider_name); - } - } - - return NULL; -} - -static const command_rec auth_basic_cmds[] = -{ - AP_INIT_ITERATE("AuthBasicProvider", add_authn_provider, NULL, ACCESS_CONF, - "specify the auth providers for a directory or location"), - AP_INIT_FLAG("AuthBasicAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(auth_basic_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'no' to allow access control to be passed along to " - "lower modules if the UserID is not known to this module"), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA auth_basic_module; - -/* These functions return 0 if client is OK, and proper error status - * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or - * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we - * couldn't figure out how to tell if the client is authorized or not. - * - * If they return DECLINED, and all other modules also decline, that's - * treated by the server core as a configuration error, logged and - * reported as such. - */ - -static void note_basic_auth_failure(request_rec *r) -{ - apr_table_setn(r->err_headers_out, - (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" - : "WWW-Authenticate", - apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), - "\"", NULL)); -} - -static int get_basic_auth(request_rec *r, const char **user, - const char **pw) -{ - const char *auth_line; - char *decoded_line; - int length; - - /* Get the appropriate header */ - auth_line = apr_table_get(r->headers_in, (PROXYREQ_PROXY == r->proxyreq) - ? "Proxy-Authorization" - : "Authorization"); - - if (!auth_line) { - note_basic_auth_failure(r); - return HTTP_UNAUTHORIZED; - } - - if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) { - /* Client tried to authenticate using wrong auth scheme */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "client used wrong authentication scheme: %s", r->uri); - note_basic_auth_failure(r); - return HTTP_UNAUTHORIZED; - } - - /* Skip leading spaces. */ - while (apr_isspace(*auth_line)) { - auth_line++; - } - - decoded_line = apr_palloc(r->pool, apr_base64_decode_len(auth_line) + 1); - length = apr_base64_decode(decoded_line, auth_line); - /* Null-terminate the string. */ - decoded_line[length] = '\0'; - - *user = ap_getword_nulls(r->pool, (const char**)&decoded_line, ':'); - *pw = decoded_line; - - return OK; -} - -/* Determine user ID, and check if it really is that user, for HTTP - * basic authentication... - */ -static int authenticate_basic_user(request_rec *r) -{ - auth_basic_config_rec *conf = ap_get_module_config(r->per_dir_config, - &auth_basic_module); - const char *sent_user, *sent_pw, *current_auth; - int res; - authn_status auth_result; - - /* Are we configured to be Basic auth? */ - current_auth = ap_auth_type(r); - if (!current_auth || strcasecmp(current_auth, "Basic")) { - return DECLINED; - } - - /* We need an authentication realm. */ - if (!ap_auth_name(r)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, - 0, r, "need AuthName: %s", r->uri); - return HTTP_INTERNAL_SERVER_ERROR; - } - - r->ap_auth_type = "Basic"; - - res = get_basic_auth(r, &sent_user, &sent_pw); - if (res) { - return res; - } - - /* For now, if a provider isn't set, we'll be nice and use the file - * provider. - */ - if (!conf->provider) { - conf->provider = authn_lookup_provider(AUTHN_DEFAULT_PROVIDER); - } - - auth_result = conf->provider->check_password(r, sent_user, sent_pw); - - if (auth_result != AUTH_GRANTED) { - int return_code; - - /* If we're not authoritative, then any error is ignored. */ - if (!(conf->authoritative)) { - return DECLINED; - } - - switch (auth_result) { - case AUTH_DENIED: - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "user %s: authentication failure for \"%s\": " - "Password Mismatch", - sent_user, r->uri); - return_code = HTTP_UNAUTHORIZED; - break; - case AUTH_USER_NOT_FOUND: - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "user %s not found: %s", sent_user, r->uri); - return_code = HTTP_UNAUTHORIZED; - break; - case AUTH_GENERAL_ERROR: - default: - /* We'll assume that the module has already said what its error - * was in the logs. - */ - return_code = HTTP_INTERNAL_SERVER_ERROR; - break; - } - - /* If we're returning 403, tell them to try again. */ - if (return_code == HTTP_UNAUTHORIZED) { - note_basic_auth_failure(r); - } - return return_code; - } - - /* Now that we are done, set the request_rec values so others will know - * who we are. - */ - r->user = (char*)sent_user; - r->ap_auth_type = "Basic"; - - return OK; -} - -static void register_hooks(apr_pool_t *p) -{ - ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); -} - -module AP_MODULE_DECLARE_DATA auth_basic_module = -{ - STANDARD20_MODULE_STUFF, - create_auth_basic_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - auth_basic_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/modules/aaa/mod_auth_basic.dsp b/modules/aaa/mod_auth_basic.dsp deleted file mode 100644 index fe779a95ba..0000000000 --- a/modules/aaa/mod_auth_basic.dsp +++ /dev/null @@ -1,132 +0,0 @@ -# Microsoft Developer Studio Project File - Name="mod_auth_basic" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - -CFG=mod_auth_basic - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "mod_auth_basic.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "mod_auth_basic.mak" CFG="mod_auth_basic - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "mod_auth_basic - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_auth_basic - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -MTL=midl.exe -RSC=rc.exe - -!IF "$(CFG)" == "mod_auth_basic - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "AAA_DECLARE_EXPORT" /Fd"Release\mod_auth_basic" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth_basic.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_basic -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth_basic.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_basic - -!ELSEIF "$(CFG)" == "mod_auth_basic - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "AAA_DECLARE_EXPORT" /Fd"Debug\mod_auth_basic" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth_basic.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_basic -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth_basic.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_basic - -!ENDIF - -# Begin Target - -# Name "mod_auth_basic - Win32 Release" -# Name "mod_auth_basic - Win32 Debug" -# Begin Source File - -SOURCE=.\mod_auth_basic.c -# End Source File -# Begin Source File - -SOURCE=.\auth_provider.c -# End Source File -# Begin Source File - -SOURCE=.\mod_auth_basic.rc -# End Source File -# Begin Source File - -SOURCE=..\..\build\win32\win32ver.awk - -!IF "$(CFG)" == "mod_auth_basic - Win32 Release" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_auth_basic.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_auth_basic "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_auth_basic.rc - -# End Custom Build - -!ELSEIF "$(CFG)" == "mod_auth_basic - Win32 Debug" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_auth_basic.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_auth_basic "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_auth_basic.rc - -# End Custom Build - -!ENDIF - -# End Source File -# End Target -# End Project diff --git a/modules/aaa/mod_authz_dbm.c b/modules/aaa/mod_auth_dbm.c index fa95303b6e..c14e5fab47 100644 --- a/modules/aaa/mod_authz_dbm.c +++ b/modules/aaa/mod_auth_dbm.c @@ -74,7 +74,7 @@ #include "apr_want.h" #include "apr_strings.h" #include "apr_dbm.h" -#include "apr_md5.h" +#include "apr_md5.h" /* for apr_password_validate */ #include "httpd.h" #include "http_config.h" @@ -83,82 +83,104 @@ #include "http_protocol.h" #include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ + typedef struct { - char *grpfile; - char *dbmtype; - int authoritative; -} authz_dbm_config_rec; + char *auth_dbmpwfile; + char *auth_dbmgrpfile; + char *auth_dbmtype; + int auth_dbmauthoritative; +} dbm_auth_config_rec; -/* This should go into APR; perhaps with some nice - * caching/locking/flocking of the open dbm file. - * - * Duplicated in mod_auth_dbm.c - */ -static apr_status_t get_dbm_entry_as_str(request_rec *r, char *user, - char *auth_dbmfile, char *dbtype, - char ** str) +static void *create_dbm_auth_dir_config(apr_pool_t *p, char *d) +{ + dbm_auth_config_rec *conf = apr_palloc(p, sizeof(*conf)); + + conf->auth_dbmpwfile = NULL; + conf->auth_dbmgrpfile = NULL; + conf->auth_dbmtype = "default"; + conf->auth_dbmauthoritative = 1; /* fortress is secure by default */ + + return conf; +} + +static const char *set_dbm_slot(cmd_parms *cmd, void *offset, + const char *f, const char *t) +{ + if (!t || strcmp(t, "dbm")) + return DECLINE_CMD; + + return ap_set_file_slot(cmd, offset, f); +} + +static const char *set_dbm_type(cmd_parms *cmd, + void *dir_config, + const char *arg) +{ + dbm_auth_config_rec *conf = dir_config; + + conf->auth_dbmtype = apr_pstrdup(cmd->pool, arg); + return NULL; +} + +static const command_rec dbm_auth_cmds[] = +{ + AP_INIT_TAKE1("AuthDBMUserFile", ap_set_file_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmpwfile), + OR_AUTHCFG, "dbm database file containing user IDs and passwords"), + AP_INIT_TAKE1("AuthDBMGroupFile", ap_set_file_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmgrpfile), + OR_AUTHCFG, "dbm database file containing group names and member user IDs"), + AP_INIT_TAKE12("AuthUserFile", set_dbm_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmpwfile), + OR_AUTHCFG, NULL), + AP_INIT_TAKE12("AuthGroupFile", set_dbm_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmgrpfile), + OR_AUTHCFG, NULL), + AP_INIT_TAKE1("AuthDBMType", set_dbm_type, + NULL, + OR_AUTHCFG, "what type of DBM file the user file is"), + AP_INIT_FLAG("AuthDBMAuthoritative", ap_set_flag_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmauthoritative), + OR_AUTHCFG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"), + {NULL} +}; + +module AP_MODULE_DECLARE_DATA auth_dbm_module; + +static char *get_dbm_pw(request_rec *r, + char *user, + char *auth_dbmpwfile, + char *dbtype) { apr_dbm_t *f; apr_datum_t d, q; char *pw = NULL; apr_status_t retval; q.dptr = user; - #ifndef NETSCAPE_DBM_COMPAT q.dsize = strlen(q.dptr); #else q.dsize = strlen(q.dptr) + 1; #endif - retval = apr_dbm_open_ex(&f, dbtype, auth_dbmfile, APR_DBM_READONLY, + retval = apr_dbm_open_ex(&f, dbtype, auth_dbmpwfile, APR_DBM_READONLY, APR_OS_DEFAULT, r->pool); - if (retval != APR_SUCCESS) { - return retval; + ap_log_rerror(APLOG_MARK, APLOG_ERR, retval, r, + "could not open dbm (type %s) auth file: %s", dbtype, + auth_dbmpwfile); + return NULL; } - - *str = NULL; - if (apr_dbm_fetch(f, q, &d) == APR_SUCCESS && d.dptr) { - *str = apr_palloc(r->pool, d.dsize + 1); + pw = apr_palloc(r->pool, d.dsize + 1); strncpy(pw, d.dptr, d.dsize); - *str[d.dsize] = '\0'; /* Terminate the string */ + pw[d.dsize] = '\0'; /* Terminate the string */ } apr_dbm_close(f); - - return retval; + return pw; } -static void *create_authz_dbm_dir_config(apr_pool_t *p, char *d) -{ - authz_dbm_config_rec *conf = apr_palloc(p, sizeof(*conf)); - - conf->grpfile = NULL; - conf->dbmtype = "default"; - conf->authoritative = 1; /* fortress is secure by default */ - - return conf; -} - -static const command_rec authz_dbm_cmds[] = -{ - AP_INIT_TAKE1("AuthDBMGroupFile", ap_set_file_slot, - (void *)APR_OFFSETOF(authz_dbm_config_rec, grpfile), - OR_AUTHCFG, "database file containing group names and member user IDs"), - AP_INIT_TAKE1("AuthzDBMType", ap_set_string_slot, - (void *)APR_OFFSETOF(authz_dbm_config_rec, dbmtype), - OR_AUTHCFG, "what type of DBM file the group file is"), - AP_INIT_FLAG("AuthzDBMAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_dbm_config_rec, authoritative), - OR_AUTHCFG, "Set to 'no' to allow access control to be passed along to " - "lower modules, if the group required is not found or empty, or the user " - " is not in the required groups. (default is yes.)"), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA authz_dbm_module; - /* We do something strange with the group file. If the group file * contains any : we assume the format is * key=username value=":"groupname [":"anything here is ignored] @@ -170,110 +192,117 @@ module AP_MODULE_DECLARE_DATA authz_dbm_module; * mark@telescope.org, 22Sep95 */ -static apr_status_t get_dbm_grp(request_rec *r, char *user, char *dbmgrpfile, - char *dbtype, const char ** out) +static char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile, + char *dbtype) { - char *grp_data; + char *grp_data = get_dbm_pw(r, user, auth_dbmgrpfile,dbtype); char *grp_colon; char *grp_colon2; - apr_status_t status = get_dbm_entry_as_str(r, user, dbmgrpfile, - dbtype, &grp_data); - - if (status != APR_SUCCESS) { - return status; - } - - *out = NULL; - - if (grp_data == NULL) { - return APR_SUCCESS; - } + if (grp_data == NULL) + return NULL; if ((grp_colon = strchr(grp_data, ':')) != NULL) { grp_colon2 = strchr(++grp_colon, ':'); - if (grp_colon2) { + if (grp_colon2) *grp_colon2 = '\0'; - } - *out = grp_colon; - return APR_SUCCESS; + return grp_colon; } + return grp_data; +} + +static int dbm_authenticate_basic_user(request_rec *r) +{ + dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_dbm_module); + const char *sent_pw; + char *real_pw, *colon_pw; + apr_status_t invalid_pw; + int res; + + if ((res = ap_get_basic_auth_pw(r, &sent_pw))) + return res; - return APR_SUCCESS; + if (!conf->auth_dbmpwfile) + return DECLINED; + + if (!(real_pw = get_dbm_pw(r, r->user, conf->auth_dbmpwfile, + conf->auth_dbmtype))) { + if (!(conf->auth_dbmauthoritative)) + return DECLINED; + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "DBM user %s not found: %s", r->user, r->filename); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + /* Password is up to first : if exists */ + colon_pw = strchr(real_pw, ':'); + if (colon_pw) { + *colon_pw = '\0'; + } + invalid_pw = apr_password_validate(sent_pw, real_pw); + if (invalid_pw != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "DBM user %s: authentication failure for \"%s\": " + "Password Mismatch", + r->user, r->uri); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + return OK; } /* Checking ID */ + static int dbm_check_auth(request_rec *r) { - authz_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authz_dbm_module); + dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_dbm_module); char *user = r->user; int m = r->method_number; - int required = 0; + const apr_array_header_t *reqs_arr = ap_requires(r); require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; + register int x; const char *t; char *w; - apr_status_t status; - if (!conf->grpfile) { + if (!conf->auth_dbmgrpfile) return DECLINED; - } - - if (!reqs_arr) { + if (!reqs_arr) return DECLINED; - } for (x = 0; x < reqs_arr->nelts; x++) { - required |= 1; - - if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) continue; - } t = reqs[x].requirement; w = ap_getword_white(r->pool, &t); - - if (!strcmp(w, "group")) { + + if (!strcmp(w, "group") && conf->auth_dbmgrpfile) { const char *orig_groups, *groups; char *v; - required |= 2; - - status = get_dbm_grp(r, user, conf->grpfile, conf->dbmtype, - &groups); - - if (status != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, - "could not open dbm (type %s) group access file: %s", - conf->dbmtype, conf->grpfile); - return HTTP_INTERNAL_SERVER_ERROR; - } - - if (groups == NULL) { - if (!conf->authoritative) { + if (!(groups = get_dbm_grp(r, user, conf->auth_dbmgrpfile, + conf->auth_dbmtype))) { + if (!(conf->auth_dbmauthoritative)) return DECLINED; - } - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "user %s not in DBM group file %s: %s", - user, conf->grpfile, r->filename); - + user, conf->auth_dbmgrpfile, r->filename); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } - orig_groups = groups; while (t[0]) { w = ap_getword_white(r->pool, &t); groups = orig_groups; while (groups[0]) { v = ap_getword(r->pool, &groups, ','); - if (!strcmp(v, w)) { + if (!strcmp(v, w)) return OK; - } } } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, @@ -289,16 +318,18 @@ static int dbm_check_auth(request_rec *r) static void register_hooks(apr_pool_t *p) { + ap_hook_check_user_id(dbm_authenticate_basic_user, NULL, NULL, + APR_HOOK_MIDDLE); ap_hook_auth_checker(dbm_check_auth, NULL, NULL, APR_HOOK_MIDDLE); } -module AP_MODULE_DECLARE_DATA authz_dbm_module = +module AP_MODULE_DECLARE_DATA auth_dbm_module = { STANDARD20_MODULE_STUFF, - create_authz_dbm_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authz_dbm_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ + create_dbm_auth_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + dbm_auth_cmds, /* command apr_table_t */ + register_hooks /* register hooks */ }; diff --git a/modules/aaa/mod_authz_host.dsp b/modules/aaa/mod_auth_dbm.dsp index 12ab8f741f..59a2575163 100644 --- a/modules/aaa/mod_authz_host.dsp +++ b/modules/aaa/mod_auth_dbm.dsp @@ -1,24 +1,24 @@ -# Microsoft Developer Studio Project File - Name="mod_authz_host" - Package Owner=<4> +# Microsoft Developer Studio Project File - Name="mod_auth_dbm" - Package Owner=<4> # Microsoft Developer Studio Generated Build File, Format Version 6.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 -CFG=mod_authz_host - Win32 Debug +CFG=mod_auth_dbm - Win32 Release !MESSAGE This is not a valid makefile. To build this project using NMAKE, !MESSAGE use the Export Makefile command and run !MESSAGE -!MESSAGE NMAKE /f "mod_authz_host.mak". +!MESSAGE NMAKE /f "mod_auth_dbm.mak". !MESSAGE !MESSAGE You can specify a configuration when running NMAKE !MESSAGE by defining the macro CFG on the command line. For example: !MESSAGE -!MESSAGE NMAKE /f "mod_authz_host.mak" CFG="mod_authz_host - Win32 Debug" +!MESSAGE NMAKE /f "mod_auth_dbm.mak" CFG="mod_auth_dbm - Win32 Release" !MESSAGE !MESSAGE Possible choices for configuration are: !MESSAGE -!MESSAGE "mod_authz_host - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authz_host - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth_dbm - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth_dbm - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") !MESSAGE # Begin Project @@ -29,7 +29,7 @@ CPP=cl.exe MTL=midl.exe RSC=rc.exe -!IF "$(CFG)" == "mod_authz_host - Win32 Release" +!IF "$(CFG)" == "mod_auth_dbm - Win32 Release" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 0 @@ -43,19 +43,19 @@ RSC=rc.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authz_host" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_AUTH_DBM_USE_APR" /Fd"Release\mod_auth_dbm" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "NDEBUG" # ADD RSC /l 0x409 /d "NDEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_host.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_host -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_host.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_host +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm -!ELSEIF "$(CFG)" == "mod_authz_host - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_auth_dbm - Win32 Debug" # PROP BASE Use_MFC 0 # PROP BASE Use_Debug_Libraries 1 @@ -69,55 +69,55 @@ LINK32=link.exe # PROP Ignore_Export_Lib 0 # PROP Target_Dir "" # ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authz_host" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" +# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_AUTH_DBM_USE_APR" /Fd"Debug\mod_auth_dbm" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 # ADD BASE RSC /l 0x409 /d "_DEBUG" # ADD RSC /l 0x409 /d "_DEBUG" BSC32=bscmake.exe # ADD BASE BSC32 /nologo # ADD BSC32 /nologo LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_host.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_host -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_host.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_host +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm !ENDIF # Begin Target -# Name "mod_authz_host - Win32 Release" -# Name "mod_authz_host - Win32 Debug" +# Name "mod_auth_dbm - Win32 Release" +# Name "mod_auth_dbm - Win32 Debug" # Begin Source File -SOURCE=.\mod_authz_host.c +SOURCE=.\mod_auth_dbm.c # End Source File # Begin Source File -SOURCE=.\mod_authz_host.rc +SOURCE=.\mod_auth_dbm.rc # End Source File # Begin Source File SOURCE=..\..\build\win32\win32ver.awk -!IF "$(CFG)" == "mod_authz_host - Win32 Release" +!IF "$(CFG)" == "mod_auth_dbm - Win32 Release" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authz_host.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_host "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_host.rc +".\mod_auth_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_dbm "auth_dbm_module for Apache" ../../include/ap_release.h > .\mod_auth_dbm.rc # End Custom Build -!ELSEIF "$(CFG)" == "mod_authz_host - Win32 Debug" +!ELSEIF "$(CFG)" == "mod_auth_dbm - Win32 Debug" # PROP Ignore_Default_Tool 1 # Begin Custom Build - Creating Version Resource InputPath=..\..\build\win32\win32ver.awk -".\mod_authz_host.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_host "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_host.rc +".\mod_auth_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_dbm "auth_dbm_module for Apache" ../../include/ap_release.h > .\mod_auth_dbm.rc # End Custom Build diff --git a/modules/aaa/mod_auth_dbm.exp b/modules/aaa/mod_auth_dbm.exp new file mode 100644 index 0000000000..7038e8047d --- /dev/null +++ b/modules/aaa/mod_auth_dbm.exp @@ -0,0 +1 @@ +auth_dbm_module diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index 4dbe89c5ce..2ea178fff7 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -119,8 +119,6 @@ #include "apr_shm.h" #include "apr_rmm.h" -#include "mod_auth.h" - /* Disable shmem until pools/init gets sorted out * remove following two lines when fixed */ @@ -131,8 +129,8 @@ typedef struct digest_config_struct { const char *dir_name; - const char *provider_name; - const authn_provider *provider; + const char *pwfile; + const char *grpfile; const char *realm; char **qop_list; apr_sha1_ctx_t nonce_ctx; @@ -482,35 +480,17 @@ static const char *set_realm(cmd_parms *cmd, void *config, const char *realm) return DECLINE_CMD; } -static const char *add_authn_provider(cmd_parms *cmd, void *config, - const char *arg) +static const char *set_digest_file(cmd_parms *cmd, void *config, + const char *file) { - digest_config_rec *conf = (digest_config_rec*)config; - - if (strcasecmp(arg, "on") == 0) { - conf->provider_name = AUTHN_DEFAULT_PROVIDER; - } - else if (strcasecmp(arg, "off") == 0) { - conf->provider_name = NULL; - conf->provider = NULL; - } - else { - conf->provider_name = apr_pstrdup(cmd->pool, arg); - } - - if (conf->provider_name != NULL) { - /* lookup and cache the actual provider now */ - conf->provider = authn_lookup_provider(conf->provider_name); - - if (conf->provider == NULL) { - /* by the time they use it, the provider should be loaded and - registered with us. */ - return apr_psprintf(cmd->pool, - "Unknown Authn provider: %s", - conf->provider_name); - } - } + ((digest_config_rec *) config)->pwfile = file; + return NULL; +} +static const char *set_group_file(cmd_parms *cmd, void *config, + const char *file) +{ + ((digest_config_rec *) config)->grpfile = file; return NULL; } @@ -663,8 +643,10 @@ static const command_rec digest_cmds[] = { AP_INIT_TAKE1("AuthName", set_realm, NULL, OR_AUTHCFG, "The authentication realm (e.g. \"Members Only\")"), - AP_INIT_ITERATE("AuthDigestProvider", add_authn_provider, NULL, ACCESS_CONF, - "specify the auth providers for a directory or location"), + AP_INIT_TAKE1("AuthDigestFile", set_digest_file, NULL, OR_AUTHCFG, + "The name of the file containing the usernames and password hashes"), + AP_INIT_TAKE1("AuthDigestGroupFile", set_group_file, NULL, OR_AUTHCFG, + "The name of the file containing the group names and members"), AP_INIT_ITERATE("AuthDigestQop", set_qop, NULL, OR_AUTHCFG, "A list of quality-of-protection options"), AP_INIT_TAKE1("AuthDigestNonceLifetime", set_nonce_lifetime, NULL, OR_AUTHCFG, @@ -1443,27 +1425,34 @@ static void note_digest_auth_failure(request_rec *r, */ static const char *get_hash(request_rec *r, const char *user, - digest_config_rec *conf) + const char *realm, const char *auth_pwfile) { - authn_status auth_result; - char *password; - - /* To be nice, if we make it this far and we don't have a provider set, - * we'll use the default provider. - */ - if (!conf->provider) { - conf->provider = authn_lookup_provider(AUTHN_DEFAULT_PROVIDER); - } - - /* We expect the password to be md5 hash of user:realm:password */ - auth_result = conf->provider->get_realm_hash(r, user, conf->realm, - &password); + ap_configfile_t *f; + char l[MAX_STRING_LEN]; + const char *rpw; + char *w, *x; + apr_status_t sts; - if (auth_result != AUTH_USER_FOUND) { + if ((sts = ap_pcfg_openfile(&f, r->pool, auth_pwfile)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, sts, r, + "Digest: Could not open password file: %s", auth_pwfile); return NULL; } + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + rpw = l; + w = ap_getword(r->pool, &rpw, ':'); + x = ap_getword(r->pool, &rpw, ':'); - return password; + if (x && w && !strcmp(user, w) && !strcmp(realm, x)) { + ap_cfg_closefile(f); + return apr_pstrdup(r->pool, rpw); + } + } + ap_cfg_closefile(f); + return NULL; } static int check_nc(const request_rec *r, const digest_header_rec *resp, @@ -1822,11 +1811,11 @@ static int authenticate_digest_user(request_rec *r) return HTTP_UNAUTHORIZED; } - if (!conf->provider) { + if (!conf->pwfile) { return DECLINED; } - if (!(conf->ha1 = get_hash(r, r->user, conf))) { + if (!(conf->ha1 = get_hash(r, r->user, conf->realm, conf->pwfile))) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Digest: user `%s' in realm `%s' not found: %s", r->user, conf->realm, r->uri); @@ -1893,6 +1882,146 @@ static int authenticate_digest_user(request_rec *r) return OK; } + +/* + * Checking ID + */ + +static apr_table_t *groups_for_user(request_rec *r, const char *user, + const char *grpfile) +{ + ap_configfile_t *f; + apr_table_t *grps = apr_table_make(r->pool, 15); + apr_pool_t *sp; + char l[MAX_STRING_LEN]; + const char *group_name, *ll, *w; + apr_status_t sts; + + if ((sts = ap_pcfg_openfile(&f, r->pool, grpfile)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, sts, r, + "Digest: Could not open group file: %s", grpfile); + return NULL; + } + + if (apr_pool_create(&sp, r->pool) != APR_SUCCESS) { + return NULL; + } + + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + ll = l; + apr_pool_clear(sp); + + group_name = ap_getword(sp, &ll, ':'); + + while (ll[0]) { + w = ap_getword_conf(sp, &ll); + if (!strcmp(w, user)) { + apr_table_setn(grps, apr_pstrdup(r->pool, group_name), "in"); + break; + } + } + } + + ap_cfg_closefile(f); + apr_pool_destroy(sp); + return grps; +} + + +static int digest_check_auth(request_rec *r) +{ + const digest_config_rec *conf = + (digest_config_rec *) ap_get_module_config(r->per_dir_config, + &auth_digest_module); + const char *user = r->user; + int m = r->method_number; + int method_restricted = 0; + register int x; + const char *t, *w; + apr_table_t *grpstatus; + const apr_array_header_t *reqs_arr; + require_line *reqs; + + if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest")) { + return DECLINED; + } + + reqs_arr = ap_requires(r); + /* If there is no "requires" directive, then any user will do. + */ + if (!reqs_arr) { + return OK; + } + reqs = (require_line *) reqs_arr->elts; + + if (conf->grpfile) { + grpstatus = groups_for_user(r, user, conf->grpfile); + } + else { + grpstatus = NULL; + } + + for (x = 0; x < reqs_arr->nelts; x++) { + + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { + continue; + } + + method_restricted = 1; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + if (!strcasecmp(w, "valid-user")) { + return OK; + } + else if (!strcasecmp(w, "user")) { + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (!strcmp(user, w)) { + return OK; + } + } + } + else if (!strcasecmp(w, "group")) { + if (!grpstatus) { + return DECLINED; + } + + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (apr_table_get(grpstatus, w)) { + return OK; + } + } + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: access to %s failed, reason: unknown " + "require directive \"%s\"", + r->uri, reqs[x].requirement); + return DECLINED; + } + } + + if (!method_restricted) { + return OK; + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: access to %s failed, reason: user %s not " + "allowed access", r->uri, user); + + note_digest_auth_failure(r, conf, + (digest_header_rec *) ap_get_module_config(r->request_config, + &auth_digest_module), + 0); + return HTTP_UNAUTHORIZED; +} + + /* * Authorization-Info header code */ @@ -2078,7 +2207,7 @@ static void register_hooks(apr_pool_t *p) ap_hook_child_init(initialize_child, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_read_request(parse_hdr_and_update_nc, parsePre, NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id(authenticate_digest_user, NULL, NULL, APR_HOOK_MIDDLE); - + ap_hook_auth_checker(digest_check_auth, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_fixups(add_auth_info, NULL, NULL, APR_HOOK_MIDDLE); } diff --git a/modules/aaa/mod_authn_anon.dsp b/modules/aaa/mod_authn_anon.dsp deleted file mode 100644 index de9c8c67ee..0000000000 --- a/modules/aaa/mod_authn_anon.dsp +++ /dev/null @@ -1,128 +0,0 @@ -# Microsoft Developer Studio Project File - Name="mod_authn_anon" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - -CFG=mod_authn_anon - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "mod_authn_anon.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "mod_authn_anon.mak" CFG="mod_authn_anon - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "mod_authn_anon - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authn_anon - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -MTL=midl.exe -RSC=rc.exe - -!IF "$(CFG)" == "mod_authn_anon - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authn_anon" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_anon -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_anon - -!ELSEIF "$(CFG)" == "mod_authn_anon - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authn_anon" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_anon -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_anon - -!ENDIF - -# Begin Target - -# Name "mod_authn_anon - Win32 Release" -# Name "mod_authn_anon - Win32 Debug" -# Begin Source File - -SOURCE=.\mod_authn_anon.c -# End Source File -# Begin Source File - -SOURCE=.\mod_authn_anon.rc -# End Source File -# Begin Source File - -SOURCE=..\..\build\win32\win32ver.awk - -!IF "$(CFG)" == "mod_authn_anon - Win32 Release" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authn_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_anon "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_anon.rc - -# End Custom Build - -!ELSEIF "$(CFG)" == "mod_authn_anon - Win32 Debug" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authn_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_anon "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_anon.rc - -# End Custom Build - -!ENDIF - -# End Source File -# End Target -# End Project diff --git a/modules/aaa/mod_authn_dbm.c b/modules/aaa/mod_authn_dbm.c deleted file mode 100644 index a0b8e83a1a..0000000000 --- a/modules/aaa/mod_authn_dbm.c +++ /dev/null @@ -1,215 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -/* - * http_auth: authentication - * - * Rob McCool & Brian Behlendorf. - * - * Adapted to Apache by rst. - * - * dirkx - Added Authoritative control to allow passing on to lower - * modules if and only if the userid is not known to this - * module. A known user with a faulty or absent password still - * causes an AuthRequired. The default is 'Authoritative', i.e. - * no control is passed along. - */ - -#define APR_WANT_STRFUNC -#include "apr_want.h" -#include "apr_strings.h" -#include "apr_dbm.h" -#include "apr_md5.h" /* for apr_password_validate */ - -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ - -#include "mod_auth.h" - -typedef struct { - char *pwfile; - char *dbmtype; - int authoritative; -} authn_dbm_config_rec; - -static void *create_authn_dbm_dir_config(apr_pool_t *p, char *d) -{ - authn_dbm_config_rec *conf = apr_palloc(p, sizeof(*conf)); - - conf->pwfile = NULL; - conf->dbmtype = "default"; - conf->authoritative = 1; /* fortress is secure by default */ - - return conf; -} - -static const char *set_dbm_type(cmd_parms *cmd, - void *dir_config, - const char *arg) -{ - authn_dbm_config_rec *conf = dir_config; - - conf->dbmtype = apr_pstrdup(cmd->pool, arg); - return NULL; -} - -static const command_rec authn_dbm_cmds[] = -{ - AP_INIT_TAKE1("AuthDBMUserFile", ap_set_file_slot, - (void *)APR_OFFSETOF(authn_dbm_config_rec, pwfile), - OR_AUTHCFG, "dbm database file containing user IDs and passwords"), - AP_INIT_TAKE1("AuthDBMType", set_dbm_type, - NULL, - OR_AUTHCFG, "what type of DBM file the user file is"), - AP_INIT_FLAG("AuthDBMAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_dbm_config_rec, authoritative), - OR_AUTHCFG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA authn_dbm_module; - -static apr_status_t fetch_dbm(const char *dbmtype, const char *dbmfile, - const char *user, apr_datum_t *val, - apr_pool_t *pool) -{ - apr_dbm_t *f; - apr_datum_t key; - apr_status_t rv; - - rv = apr_dbm_open_ex(&f, dbmtype, dbmfile, APR_DBM_READONLY, - APR_OS_DEFAULT, pool); - - if (rv != APR_SUCCESS) { - return rv; - } - - key.dptr = (char*)user; -#ifndef NETSCAPE_DBM_COMPAT - key.dsize = strlen(key.dptr); -#else - key.dsize = strlen(key.dptr) + 1; -#endif - - rv = apr_dbm_fetch(f, key, val); - - apr_dbm_close(f); - - return rv; -} - -static authn_status check_dbm_pw(request_rec *r, const char *user, - const char *password) -{ - authn_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authn_dbm_module); - apr_datum_t dbm_pw; - apr_status_t rv; - char *dbm_password; - - rv = fetch_dbm(conf->dbmtype, conf->pwfile, user, &dbm_pw, r->pool); - - if (rv != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, - "could not open dbm (type %s) auth file: %s", - conf->dbmtype, conf->pwfile); - return AUTH_GENERAL_ERROR; - } - - if (dbm_pw.dptr) { - dbm_password = apr_pstrmemdup(r->pool, dbm_pw.dptr, dbm_pw.dsize); - } - - if (!dbm_password) { - return AUTH_USER_NOT_FOUND; - } - - rv = apr_password_validate(password, dbm_password); - - if (rv != APR_SUCCESS) { - return AUTH_DENIED; - } - - return AUTH_GRANTED; -} - -static const authn_provider authn_dbm_provider = -{ - &check_dbm_pw, - NULL, /* No realm support yet. */ -}; - -static void register_hooks(apr_pool_t *p) -{ - authn_register_provider(p, "dbm", &authn_dbm_provider); -} - -module AP_MODULE_DECLARE_DATA authn_dbm_module = -{ - STANDARD20_MODULE_STUFF, - create_authn_dbm_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authn_dbm_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/modules/aaa/mod_authn_default.c b/modules/aaa/mod_authn_default.c deleted file mode 100644 index fa6a1896f1..0000000000 --- a/modules/aaa/mod_authn_default.c +++ /dev/null @@ -1,148 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -/* - * http_auth: authentication - * - * Rob McCool - * - * Adapted to Apache by rst. - * - * dirkx - Added Authoritative control to allow passing on to lower - * modules if and only if the userid is not known to this - * module. A known user with a faulty or absent password still - * causes an AuthRequired. The default is 'Authoritative', i.e. - * no control is passed along. - */ - -#include "apr_strings.h" -#include "apr_md5.h" /* for apr_password_validate */ - -#include "ap_config.h" -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" - -typedef struct { - int authoritative; -} authn_default_config_rec; - -static void *create_authn_default_dir_config(apr_pool_t *p, char *d) -{ - authn_default_config_rec *conf = apr_palloc(p, sizeof(*conf)); - - conf->authoritative = 1; /* keep the fortress secure by default */ - return conf; -} - -static const command_rec authn_default_cmds[] = -{ - AP_INIT_FLAG("AuthDefaultAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_default_config_rec, - authoritative), - OR_AUTHCFG, - "Set to 'no' to allow access control to be passed along to " - "lower modules if the UserID is not known to this module. " - "(default is yes)."), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA authn_default_module; - -static int authenticate_basic_user(request_rec *r) -{ - authn_default_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authn_default_module); - const char *sent_pw; - int res; - - if ((res = ap_get_basic_auth_pw(r, &sent_pw))) { - return res; - } - - if (conf->authoritative == 0) { - return DECLINED; - } - - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "access to %s failed, reason: verification of user id '%s' " - "not configured", - r->uri, r->user ? r->user : "<null>"); - - ap_note_basic_auth_failure(r); - return HTTP_UNAUTHORIZED; -} - -static void register_hooks(apr_pool_t *p) -{ - ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_LAST); -} - -module AP_MODULE_DECLARE_DATA authn_default_module = -{ - STANDARD20_MODULE_STUFF, - create_authn_default_dir_config,/* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authn_default_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/modules/aaa/mod_authn_default.dsp b/modules/aaa/mod_authn_default.dsp deleted file mode 100644 index 7e56e8fc34..0000000000 --- a/modules/aaa/mod_authn_default.dsp +++ /dev/null @@ -1,128 +0,0 @@ -# Microsoft Developer Studio Project File - Name="mod_authn_default" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - -CFG=mod_authn_default - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "mod_authn_default.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "mod_authn_default.mak" CFG="mod_authn_default - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "mod_authn_default - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authn_default - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -MTL=midl.exe -RSC=rc.exe - -!IF "$(CFG)" == "mod_authn_default - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authn_default" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_default -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authn_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_default - -!ELSEIF "$(CFG)" == "mod_authn_default - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authn_default" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_default -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authn_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authn_default - -!ENDIF - -# Begin Target - -# Name "mod_authn_default - Win32 Release" -# Name "mod_authn_default - Win32 Debug" -# Begin Source File - -SOURCE=.\mod_authn_default.c -# End Source File -# Begin Source File - -SOURCE=.\mod_authn_default.rc -# End Source File -# Begin Source File - -SOURCE=..\..\build\win32\win32ver.awk - -!IF "$(CFG)" == "mod_authn_default - Win32 Release" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authn_default.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_default "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_default.rc - -# End Custom Build - -!ELSEIF "$(CFG)" == "mod_authn_default - Win32 Debug" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authn_default.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authn_default "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authn_default.rc - -# End Custom Build - -!ENDIF - -# End Source File -# End Target -# End Project diff --git a/modules/aaa/mod_authn_file.c b/modules/aaa/mod_authn_file.c deleted file mode 100644 index fb7c1105c4..0000000000 --- a/modules/aaa/mod_authn_file.c +++ /dev/null @@ -1,241 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -/* - * http_auth: authentication - * - * Rob McCool - * - * Adapted to Apache by rst. - * - * dirkx - Added Authoritative control to allow passing on to lower - * modules if and only if the userid is not known to this - * module. A known user with a faulty or absent password still - * causes an AuthRequired. The default is 'Authoritative', i.e. - * no control is passed along. - */ - -#include "apr_strings.h" -#include "apr_md5.h" /* for apr_password_validate */ - -#include "ap_config.h" -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" - -#include "mod_auth.h" - -typedef struct { - char *pwfile; - int authoritative; -} authn_file_config_rec; - -static void *create_authn_file_dir_config(apr_pool_t *p, char *d) -{ - authn_file_config_rec *conf = apr_palloc(p, sizeof(*conf)); - - conf->pwfile = NULL; /* just to illustrate the default really */ - conf->authoritative = 1; /* keep the fortress secure by default */ - return conf; -} - -static const char *set_authn_file_slot(cmd_parms *cmd, void *offset, - const char *f, const char *t) -{ - if (t && strcmp(t, "standard")) { - return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); - } - - return ap_set_file_slot(cmd, offset, f); -} - -static const command_rec authn_file_cmds[] = -{ - AP_INIT_TAKE12("AuthUserFile", set_authn_file_slot, - (void *)APR_OFFSETOF(authn_file_config_rec, pwfile), - OR_AUTHCFG, "text file containing user IDs and passwords"), - AP_INIT_FLAG("AuthUserFileAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_file_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'no' to allow access control to be passed along to " - "other modules if the BasicAuth username is not in " - "AuthUserFile. (default is yes)." ), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA authn_file_module; - -static authn_status check_password(request_rec *r, const char *user, - const char *password) -{ - authn_file_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authn_file_module); - ap_configfile_t *f; - char l[MAX_STRING_LEN]; - apr_status_t status; - char *file_password = NULL; - - status = ap_pcfg_openfile(&f, r->pool, conf->pwfile); - - if (status != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, - "Could not open password file: %s", conf->pwfile); - return AUTH_GENERAL_ERROR; - } - - while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { - const char *rpw, *w; - - /* Skip # or blank lines. */ - if ((l[0] == '#') || (!l[0])) { - continue; - } - - rpw = l; - w = ap_getword(r->pool, &rpw, ':'); - - if (!strcmp(user, w)) { - file_password = ap_getword(r->pool, &rpw, ':'); - break; - } - } - ap_cfg_closefile(f); - - if (!file_password) { - return AUTH_USER_NOT_FOUND; - } - - status = apr_password_validate(password, file_password); - if (status != APR_SUCCESS) { - return AUTH_DENIED; - } - - return AUTH_GRANTED; -} - -static authn_status get_realm_hash(request_rec *r, const char *user, - const char *realm, char **rethash) -{ - authn_file_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authn_file_module); - ap_configfile_t *f; - char l[MAX_STRING_LEN]; - apr_status_t status; - char *file_hash = NULL; - - status = ap_pcfg_openfile(&f, r->pool, conf->pwfile); - - if (status != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, - "Could not open password file: %s", conf->pwfile); - return AUTH_GENERAL_ERROR; - } - - while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { - const char *rpw, *w, *x; - - /* Skip # or blank lines. */ - if ((l[0] == '#') || (!l[0])) { - continue; - } - - rpw = l; - w = ap_getword(r->pool, &rpw, ':'); - x = ap_getword(r->pool, &rpw, ':'); - - if (x && w && !strcmp(user, w) && !strcmp(realm, x)) { - /* Remember that this is a md5 hash of user:realm:password. */ - file_hash = ap_getword(r->pool, &rpw, ':'); - break; - } - } - ap_cfg_closefile(f); - - if (!file_hash) { - return AUTH_USER_NOT_FOUND; - } - - *rethash = file_hash; - - return AUTH_USER_FOUND; -} - -static const authn_provider authn_file_provider = -{ - &check_password, - &get_realm_hash, -}; - -static void register_hooks(apr_pool_t *p) -{ - authn_register_provider(p, "file", &authn_file_provider); -} - -module AP_MODULE_DECLARE_DATA authn_file_module = -{ - STANDARD20_MODULE_STUFF, - create_authn_file_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authn_file_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/modules/aaa/mod_authz_default.c b/modules/aaa/mod_authz_default.c deleted file mode 100644 index 4fb5e66965..0000000000 --- a/modules/aaa/mod_authz_default.c +++ /dev/null @@ -1,171 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -/* - * http_auth: authentication - * - * Rob McCool - * - * Adapted to Apache by rst. - * - * dirkx - Added Authoritative control to allow passing on to lower - * modules if and only if the userid is not known to this - * module. A known user with a faulty or absent password still - * causes an AuthRequired. The default is 'Authoritative', i.e. - * no control is passed along. - */ - -#include "apr_strings.h" -#include "apr_md5.h" /* for apr_password_validate */ - -#include "ap_config.h" -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" - -typedef struct { - int authoritative; -} authz_default_config_rec; - -static void *create_authz_default_dir_config(apr_pool_t *p, char *d) -{ - authz_default_config_rec *conf = apr_palloc(p, sizeof(*conf)); - - conf->authoritative = 1; /* keep the fortress secure by default */ - return conf; -} - -static const command_rec authz_default_cmds[] = -{ - AP_INIT_FLAG("AccessAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_default_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'no' to allow access control to be passed along to " - "lower modules. (default is yes.)"), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA authz_default_module; - -static int check_user_access(request_rec *r) -{ - authz_default_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authz_default_module); - int m = r->method_number; - int method_restricted = 0; - register int x; - const apr_array_header_t *reqs_arr = ap_requires(r); - require_line *reqs; - - /* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive, - * then any user will do. - */ - if (!reqs_arr) { - return OK; - } - reqs = (require_line *)reqs_arr->elts; - - for (x = 0; x < reqs_arr->nelts; x++) { - if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { - continue; - } - method_restricted = 1; - break; - } - - if (method_restricted == 0) { - return OK; - } - - if (!(conf->authoritative)) { - return DECLINED; - } - - /* if we aren't authoritative, any require directive could be - * considered valid even if noone groked it. However, if we are - * authoritative, we can warn the user they did something wrong. - * - * That something could be a missing "AuthAuthoritative off", but - * more likely is a typo in the require directive. - */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "access to %s failed, reason: require directives " - "present and no Authoritative handler.", r->uri); - - ap_note_basic_auth_failure(r); - return HTTP_UNAUTHORIZED; -} - -static void register_hooks(apr_pool_t *p) -{ - ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_LAST); -} - -module AP_MODULE_DECLARE_DATA authz_default_module = -{ - STANDARD20_MODULE_STUFF, - create_authz_default_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authz_default_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/modules/aaa/mod_authz_default.dsp b/modules/aaa/mod_authz_default.dsp deleted file mode 100644 index f565857f90..0000000000 --- a/modules/aaa/mod_authz_default.dsp +++ /dev/null @@ -1,128 +0,0 @@ -# Microsoft Developer Studio Project File - Name="mod_authz_default" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - -CFG=mod_authz_default - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "mod_authz_default.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "mod_authz_default.mak" CFG="mod_authz_default - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "mod_authz_default - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authz_default - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -MTL=midl.exe -RSC=rc.exe - -!IF "$(CFG)" == "mod_authz_default - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authz_default" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_default -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_default - -!ELSEIF "$(CFG)" == "mod_authz_default - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authz_default" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_default -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_default.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_default - -!ENDIF - -# Begin Target - -# Name "mod_authz_default - Win32 Release" -# Name "mod_authz_default - Win32 Debug" -# Begin Source File - -SOURCE=.\mod_authz_default.c -# End Source File -# Begin Source File - -SOURCE=.\mod_authz_default.rc -# End Source File -# Begin Source File - -SOURCE=..\..\build\win32\win32ver.awk - -!IF "$(CFG)" == "mod_authz_default - Win32 Release" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authz_default.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_default "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_default.rc - -# End Custom Build - -!ELSEIF "$(CFG)" == "mod_authz_default - Win32 Debug" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authz_default.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_default "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_default.rc - -# End Custom Build - -!ENDIF - -# End Source File -# End Target -# End Project diff --git a/modules/aaa/mod_authz_groupfile.c b/modules/aaa/mod_authz_groupfile.c deleted file mode 100644 index 3be7eab722..0000000000 --- a/modules/aaa/mod_authz_groupfile.c +++ /dev/null @@ -1,277 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -/* This module is triggered by an - * - * AuthGroupFile standard /path/to/file - * - * and the presense of a - * - * require group <list-of-groups> - * - * In an applicable limit/directory block for that method. - * - * If there are no AuthGroupFile directives valid for - * the request; we DECLINED. - * - * If the AuthGroupFile is defined; but somehow not - * accessible: we SERVER_ERROR (was DECLINED). - * - * If there are no 'require ' directives defined for - * this request then we DECLINED (was OK). - * - * If there are no 'require ' directives valid for - * this request method then we DECLINED. (was OK) - * - * If there are any 'require group' blocks and we - * are not in any group - we HTTP_UNAUTHORIZE - * unless we are non-authoritative; in which - * case we DECLINED. - * - */ - -#include "apr_strings.h" -#include "apr_md5.h" /* for apr_password_validate */ - -#include "ap_config.h" -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" - -typedef struct { - char *groupfile; - int authoritative; -} authz_groupfile_config_rec; - -static void *create_authz_groupfile_dir_config(apr_pool_t *p, char *d) -{ - authz_groupfile_config_rec *conf = apr_palloc(p, sizeof(*conf)); - - conf->groupfile = NULL; - conf->authoritative = 1; /* keep the fortress secure by default */ - return conf; -} - -static const char *set_authz_groupfile_slot(cmd_parms *cmd, void *offset, const char *f, - const char *t) -{ - if (t && strcmp(t, "standard")) { - return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); - } - - return ap_set_file_slot(cmd, offset, f); -} - -static const command_rec authz_groupfile_cmds[] = -{ - AP_INIT_TAKE12("AuthGroupFile", set_authz_groupfile_slot, - (void *)APR_OFFSETOF(authz_groupfile_config_rec, groupfile), - OR_AUTHCFG, - "text file containing group names and member user IDs"), - AP_INIT_FLAG("AuthzGroupFileAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_groupfile_config_rec, - authoritative), - OR_AUTHCFG, - "Set to 'no' to allow access control to be passed along to " - "lower modules if the 'require group' fails. (default is " - "no)."), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA authz_groupfile_module; - -static apr_status_t groups_for_user(apr_pool_t *p, char *user, char *grpfile, - apr_table_t ** out) -{ - ap_configfile_t *f; - apr_table_t *grps = apr_table_make(p, 15); - apr_pool_t *sp; - char l[MAX_STRING_LEN]; - const char *group_name, *ll, *w; - apr_status_t status; - - if ((status = ap_pcfg_openfile(&f, p, grpfile)) != APR_SUCCESS) { - return status ; - } - - apr_pool_create(&sp, p); - - while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { - if ((l[0] == '#') || (!l[0])) { - continue; - } - ll = l; - apr_pool_clear(sp); - - group_name = ap_getword(sp, &ll, ':'); - - while (ll[0]) { - w = ap_getword_conf(sp, &ll); - if (!strcmp(w, user)) { - apr_table_setn(grps, apr_pstrdup(p, group_name), "in"); - break; - } - } - } - ap_cfg_closefile(f); - apr_pool_destroy(sp); - - *out = grps; - return APR_SUCCESS; -} - -/* Checking ID */ - -static int check_user_access(request_rec *r) -{ - authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authz_groupfile_module); - char *user = r->user; - int m = r->method_number; - int method_restricted = 0; - register int x,has_entries; - const char *t, *w; - apr_table_t *grpstatus; - const apr_array_header_t *reqs_arr = ap_requires(r); - require_line *reqs; - apr_status_t status; - - if (!reqs_arr) { - return DECLINED; /* XXX change from legacy */ - } - - reqs = (require_line *)reqs_arr->elts; - - /* If there is no group file - then we are not - * configured. So decline. - */ - if (!(conf->groupfile)) - return DECLINED; - - if ((status = groups_for_user(r->pool, user, conf->groupfile, - &grpstatus)) != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, - "Could not open group file: %s", conf->groupfile); - return HTTP_INTERNAL_SERVER_ERROR; - }; - - has_entries = apr_table_elts(grpstatus)->nelts; - - for (x = 0; x < reqs_arr->nelts; x++) { - - if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { - continue; - } - method_restricted |= 1; - - t = reqs[x].requirement; - w = ap_getword_white(r->pool, &t); - - if (!strcmp(w, "group")) { - method_restricted |= 2; - if (has_entries) { - while (t[0]) { - w = ap_getword_conf(r->pool, &t); - if (apr_table_get(grpstatus, w)) { - return OK; - } - } - } - } - } - - /* No applicable requires for this method seen at all */ - if (method_restricted == 0) { - return DECLINED; /* XXX change from legacy */ - } - - /* No applicable "requires group" for this method seen */ - if ((method_restricted & 2) == 0) { - return DECLINED; - } - - if (!(conf->authoritative)) { - return DECLINED; - } - - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "access to %s failed, reason: user %s not part of the " - "'require'ed group(s).", r->uri, user); - - ap_note_basic_auth_failure(r); - return HTTP_UNAUTHORIZED; -} - -static void register_hooks(apr_pool_t *p) -{ - ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_MIDDLE); -} - -module AP_MODULE_DECLARE_DATA authz_groupfile_module = -{ - STANDARD20_MODULE_STUFF, - create_authz_groupfile_dir_config,/* dir config creater */ - NULL, /* dir merger -- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authz_groupfile_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/modules/aaa/mod_authz_groupfile.dsp b/modules/aaa/mod_authz_groupfile.dsp deleted file mode 100644 index 6a2298b5cb..0000000000 --- a/modules/aaa/mod_authz_groupfile.dsp +++ /dev/null @@ -1,128 +0,0 @@ -# Microsoft Developer Studio Project File - Name="mod_authz_groupfile" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - -CFG=mod_authz_groupfile - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "mod_authz_groupfile.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "mod_authz_groupfile.mak" CFG="mod_authz_groupfile - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "mod_authz_groupfile - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authz_groupfile - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -MTL=midl.exe -RSC=rc.exe - -!IF "$(CFG)" == "mod_authz_groupfile - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authz_groupfile" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_groupfile.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_groupfile -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_groupfile.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_groupfile - -!ELSEIF "$(CFG)" == "mod_authz_groupfile - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authz_groupfile" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_groupfile.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_groupfile -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_groupfile.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_groupfile - -!ENDIF - -# Begin Target - -# Name "mod_authz_groupfile - Win32 Release" -# Name "mod_authz_groupfile - Win32 Debug" -# Begin Source File - -SOURCE=.\mod_authz_groupfile.c -# End Source File -# Begin Source File - -SOURCE=.\mod_authz_groupfile.rc -# End Source File -# Begin Source File - -SOURCE=..\..\build\win32\win32ver.awk - -!IF "$(CFG)" == "mod_authz_groupfile - Win32 Release" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authz_groupfile.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_groupfile "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_groupfile.rc - -# End Custom Build - -!ELSEIF "$(CFG)" == "mod_authz_groupfile - Win32 Debug" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authz_groupfile.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_groupfile "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_groupfile.rc - -# End Custom Build - -!ENDIF - -# End Source File -# End Target -# End Project diff --git a/modules/aaa/mod_authz_user.c b/modules/aaa/mod_authz_user.c deleted file mode 100644 index a2befbd881..0000000000 --- a/modules/aaa/mod_authz_user.c +++ /dev/null @@ -1,198 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2002 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * <http://www.apache.org/>. - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - -/* http_auth: - * authentication - * - * Rob McCool - * - * Adapted to Apache by rst. - * - * dirkx - Added Authoritative control to allow passing on to lower - * modules if and only if the userid is not known to this - * module. A known user with a faulty or absent password still - * causes an AuthRequired. The default is 'Authoritative', i.e. - * no control is passed along. - */ - -#include "apr_strings.h" - -#include "ap_config.h" -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" - -typedef struct { - int authoritative; -} authz_user_config_rec; - -static void *create_authz_user_dir_config(apr_pool_t *p, char *d) -{ - authz_user_config_rec *conf = apr_palloc(p, sizeof(*conf)); - - conf->authoritative = 1; /* keep the fortress secure by default */ - return conf; -} - -static const command_rec authz_user_cmds[] = -{ - AP_INIT_FLAG("AuthzUserAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_user_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'no' to allow access control to be passed along to " - "lower modules if the 'require user' or 'require valid-user' " - "statement is not met. (default: yes)."), - {NULL} -}; - -module AP_MODULE_DECLARE_DATA authz_user_module; - -static int check_user_access(request_rec *r) -{ - authz_user_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authz_user_module); - char *user = r->user; - int m = r->method_number; - int method_restricted = 0; - register int x; - const char *t, *w; - const apr_array_header_t *reqs_arr = ap_requires(r); - require_line *reqs; - - /* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive, - * then any user will do. - */ - if (!reqs_arr) { - return DECLINED; - } - reqs = (require_line *)reqs_arr->elts; - - for (x = 0; x < reqs_arr->nelts; x++) { - - if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { - continue; - } - - /* Note that there are applicable requirements - */ - method_restricted |= 1; - - t = reqs[x].requirement; - w = ap_getword_white(r->pool, &t); - if (!strcmp(w, "valid-user")) { - return OK; - } - if (!strcmp(w, "user")) { - /* And note that there are applicable requirements - * which we consider ourselves the owner of. - */ - method_restricted |= 2; - while (t[0]) { - w = ap_getword_conf(r->pool, &t); - if (!strcmp(user, w)) { - return OK; - } - } - } - } - - if (method_restricted == 0) { - /* no applicable requirements at all */ - return DECLINED; - } - /* There are require methods which we do not - * understand. - */ - if ((method_restricted & 2) == 0) { - /* no requirements of which we consider ourselves - * the owner. - */ - return DECLINED; - } - - if (!conf->authoritative) { - return DECLINED; - } - - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "access to %s failed, reason: user '%s' does not meet " - "'require'ments for user/valid-user to be allowed access", - r->uri, user); - - ap_note_basic_auth_failure(r); - return HTTP_UNAUTHORIZED; -} - -static void register_hooks(apr_pool_t *p) -{ - ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE); -} - -module AP_MODULE_DECLARE_DATA authz_user_module = -{ - STANDARD20_MODULE_STUFF, - create_authz_user_dir_config, /* dir config creater */ - NULL, /* dir merger --- default is to override */ - NULL, /* server config */ - NULL, /* merge server config */ - authz_user_cmds, /* command apr_table_t */ - register_hooks /* register hooks */ -}; diff --git a/modules/aaa/mod_authz_user.dsp b/modules/aaa/mod_authz_user.dsp deleted file mode 100644 index ef710f5410..0000000000 --- a/modules/aaa/mod_authz_user.dsp +++ /dev/null @@ -1,128 +0,0 @@ -# Microsoft Developer Studio Project File - Name="mod_authz_user" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 -# ** DO NOT EDIT ** - -# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 - -CFG=mod_authz_user - Win32 Debug -!MESSAGE This is not a valid makefile. To build this project using NMAKE, -!MESSAGE use the Export Makefile command and run -!MESSAGE -!MESSAGE NMAKE /f "mod_authz_user.mak". -!MESSAGE -!MESSAGE You can specify a configuration when running NMAKE -!MESSAGE by defining the macro CFG on the command line. For example: -!MESSAGE -!MESSAGE NMAKE /f "mod_authz_user.mak" CFG="mod_authz_user - Win32 Debug" -!MESSAGE -!MESSAGE Possible choices for configuration are: -!MESSAGE -!MESSAGE "mod_authz_user - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE "mod_authz_user - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") -!MESSAGE - -# Begin Project -# PROP AllowPerConfigDependencies 0 -# PROP Scc_ProjName "" -# PROP Scc_LocalPath "" -CPP=cl.exe -MTL=midl.exe -RSC=rc.exe - -!IF "$(CFG)" == "mod_authz_user - Win32 Release" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 0 -# PROP BASE Output_Dir "Release" -# PROP BASE Intermediate_Dir "Release" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 0 -# PROP Output_Dir "Release" -# PROP Intermediate_Dir "Release" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MD /W3 /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_authz_user" /FD /c -# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "NDEBUG" -# ADD RSC /l 0x409 /d "NDEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_user.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_user -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /map /machine:I386 /out:"Release/mod_authz_user.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_user - -!ELSEIF "$(CFG)" == "mod_authz_user - Win32 Debug" - -# PROP BASE Use_MFC 0 -# PROP BASE Use_Debug_Libraries 1 -# PROP BASE Output_Dir "Debug" -# PROP BASE Intermediate_Dir "Debug" -# PROP BASE Target_Dir "" -# PROP Use_MFC 0 -# PROP Use_Debug_Libraries 1 -# PROP Output_Dir "Debug" -# PROP Intermediate_Dir "Debug" -# PROP Ignore_Export_Lib 0 -# PROP Target_Dir "" -# ADD BASE CPP /nologo /MDd /W3 /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c -# ADD CPP /nologo /MDd /W3 /GX /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_authz_user" /FD /c -# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" -# ADD BASE RSC /l 0x409 /d "_DEBUG" -# ADD RSC /l 0x409 /d "_DEBUG" -BSC32=bscmake.exe -# ADD BASE BSC32 /nologo -# ADD BSC32 /nologo -LINK32=link.exe -# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_user.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_user -# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /map /debug /machine:I386 /out:"Debug/mod_authz_user.so" /base:@..\..\os\win32\BaseAddr.ref,mod_authz_user - -!ENDIF - -# Begin Target - -# Name "mod_authz_user - Win32 Release" -# Name "mod_authz_user - Win32 Debug" -# Begin Source File - -SOURCE=.\mod_authz_user.c -# End Source File -# Begin Source File - -SOURCE=.\mod_authz_user.rc -# End Source File -# Begin Source File - -SOURCE=..\..\build\win32\win32ver.awk - -!IF "$(CFG)" == "mod_authz_user - Win32 Release" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authz_user.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_user "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_user.rc - -# End Custom Build - -!ELSEIF "$(CFG)" == "mod_authz_user - Win32 Debug" - -# PROP Ignore_Default_Tool 1 -# Begin Custom Build - Creating Version Resource -InputPath=..\..\build\win32\win32ver.awk - -".\mod_authz_user.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" - awk -f ../../build/win32/win32ver.awk mod_authz_user "auth_basic_module for Apache" ../../include/ap_release.h > .\mod_authz_user.rc - -# End Custom Build - -!ENDIF - -# End Source File -# End Target -# End Project diff --git a/modules/arch/netware/mod_auth_anon.def b/modules/arch/netware/mod_auth_anon.def new file mode 100644 index 0000000000..ab6b138f81 --- /dev/null +++ b/modules/arch/netware/mod_auth_anon.def @@ -0,0 +1 @@ +EXPORT auth_anon_module diff --git a/modules/arch/netware/mod_auth_basic.def b/modules/arch/netware/mod_auth_basic.def deleted file mode 100644 index 0a6f81aa21..0000000000 --- a/modules/arch/netware/mod_auth_basic.def +++ /dev/null @@ -1 +0,0 @@ -EXPORT auth_basic_module diff --git a/modules/arch/netware/mod_auth_dbm.def b/modules/arch/netware/mod_auth_dbm.def new file mode 100644 index 0000000000..830f194d11 --- /dev/null +++ b/modules/arch/netware/mod_auth_dbm.def @@ -0,0 +1 @@ +EXPORT auth_dbm_module diff --git a/modules/arch/netware/mod_authn_anon.def b/modules/arch/netware/mod_authn_anon.def deleted file mode 100644 index 78bb61be2d..0000000000 --- a/modules/arch/netware/mod_authn_anon.def +++ /dev/null @@ -1 +0,0 @@ -EXPORT authn_anon_module diff --git a/modules/arch/netware/mod_authn_dbm.def b/modules/arch/netware/mod_authn_dbm.def deleted file mode 100644 index 16c6b32176..0000000000 --- a/modules/arch/netware/mod_authn_dbm.def +++ /dev/null @@ -1,2 +0,0 @@ -EXPORT authn_dbm_module -IMPORT authn_register_provider diff --git a/modules/arch/netware/mod_authn_default.def b/modules/arch/netware/mod_authn_default.def deleted file mode 100644 index fb94aa37fb..0000000000 --- a/modules/arch/netware/mod_authn_default.def +++ /dev/null @@ -1 +0,0 @@ -EXPORT authn_default_module diff --git a/modules/arch/netware/mod_authn_file.def b/modules/arch/netware/mod_authn_file.def deleted file mode 100644 index 8aac8206d1..0000000000 --- a/modules/arch/netware/mod_authn_file.def +++ /dev/null @@ -1,3 +0,0 @@ -EXPORT authn_file_module -IMPORT authn_register_provider - diff --git a/modules/arch/netware/mod_authz_dbm.def b/modules/arch/netware/mod_authz_dbm.def deleted file mode 100644 index d52639c15b..0000000000 --- a/modules/arch/netware/mod_authz_dbm.def +++ /dev/null @@ -1 +0,0 @@ -EXPORT authz_dbm_module diff --git a/modules/arch/netware/mod_authz_default.def b/modules/arch/netware/mod_authz_default.def deleted file mode 100644 index 164564f540..0000000000 --- a/modules/arch/netware/mod_authz_default.def +++ /dev/null @@ -1 +0,0 @@ -EXPORT authz_default_module diff --git a/modules/arch/netware/mod_authz_groupfile.def b/modules/arch/netware/mod_authz_groupfile.def deleted file mode 100644 index 25d955519a..0000000000 --- a/modules/arch/netware/mod_authz_groupfile.def +++ /dev/null @@ -1,2 +0,0 @@ -EXPORT authz_groupfile_module - diff --git a/modules/arch/netware/mod_authz_user.def b/modules/arch/netware/mod_authz_user.def deleted file mode 100644 index 043418b620..0000000000 --- a/modules/arch/netware/mod_authz_user.def +++ /dev/null @@ -1 +0,0 @@ -EXPORT authz_user_module diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index 8ccc22d0fe..1ebfe9f031 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -101,6 +101,9 @@ /* ### what is the best way to set this? */ #define DAV_DEFAULT_PROVIDER "filesystem" +/* used to denote that mod_dav will be handling this request */ +#define DAV_HANDLER_NAME "dav-handler" + enum { DAV_ENABLED_UNSET = 0, DAV_ENABLED_OFF, @@ -4423,38 +4426,11 @@ static int dav_method_bind(request_rec *r) */ static int dav_handler(request_rec *r) { - dav_dir_conf *conf = ap_get_module_config(r->per_dir_config, &dav_module); - - /* if DAV is not enabled, then we've got nothing to do */ - if (conf->provider == NULL) { + if (strcmp(r->handler, DAV_HANDLER_NAME) != 0) return DECLINED; - } - - if (r->method_number == M_GET) { - /* - * ### need some work to pull Content-Type and Content-Language - * ### from the property database. - */ - - /* - * If the repository hasn't indicated that it will handle the - * GET method, then just punt. - * - * ### this isn't quite right... taking over the response can break - * ### things like mod_negotiation. need to look into this some more. - */ - if (!conf->provider->repos->handle_get) { - return DECLINED; - } - } /* ### do we need to do anything with r->proxyreq ?? */ - /* quickly ignore any HTTP/0.9 requests which aren't subreqs. */ - if (r->assbackwards && !r->main) { - return DECLINED; - } - /* * ### anything else to do here? could another module and/or * ### config option "take over" the handler here? i.e. how do @@ -4618,10 +4594,56 @@ static int dav_handler(request_rec *r) return DECLINED; } +static int dav_fixups(request_rec *r) +{ + dav_dir_conf *conf; + + /* quickly ignore any HTTP/0.9 requests which aren't subreqs. */ + if (r->assbackwards && !r->main) { + return DECLINED; + } + + conf = (dav_dir_conf *)ap_get_module_config(r->per_dir_config, + &dav_module); + + /* if DAV is not enabled, then we've got nothing to do */ + if (conf->provider == NULL) { + return DECLINED; + } + + /* We are going to handle almost every request. In certain cases, + the provider maps to the filesystem (thus, handle_get is + FALSE), and core Apache will handle it. a For that case, we + just return right away. */ + if (r->method_number == M_GET) { + /* + * ### need some work to pull Content-Type and Content-Language + * ### from the property database. + */ + + /* + * If the repository hasn't indicated that it will handle the + * GET method, then just punt. + * + * ### this isn't quite right... taking over the response can break + * ### things like mod_negotiation. need to look into this some more. + */ + if (!conf->provider->repos->handle_get) { + return DECLINED; + } + } + + /* We are going to be handling the response for this resource. */ + r->handler = DAV_HANDLER_NAME; + + return OK; +} + static void register_hooks(apr_pool_t *p) { ap_hook_handler(dav_handler, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_config(dav_init_handler, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_fixups(dav_fixups, NULL, NULL, APR_HOOK_MIDDLE); dav_hook_find_liveprop(dav_core_find_liveprop, NULL, NULL, APR_HOOK_LAST); dav_hook_insert_all_liveprops(dav_core_insert_all_liveprops, diff --git a/os/netware/modules.c b/os/netware/modules.c index 1ec622eaa4..966f9c731e 100644 --- a/os/netware/modules.c +++ b/os/netware/modules.c @@ -12,7 +12,8 @@ extern module mpm_netware_module; extern module http_module; extern module so_module; extern module mime_module; -extern module authz_host_module; +extern module access_module; +extern module auth_module; extern module negotiation_module; extern module include_module; extern module autoindex_module; @@ -35,7 +36,8 @@ module *ap_prelinked_modules[] = { &http_module, &so_module, &mime_module, - &authz_host_module, + &access_module, + &auth_module, &negotiation_module, &include_module, &autoindex_module, @@ -60,7 +62,8 @@ module *ap_preloaded_modules[] = { &http_module, &so_module, &mime_module, - &authz_host_module, + &access_module, + &auth_module, &negotiation_module, &include_module, &autoindex_module, diff --git a/os/win32/BaseAddr.ref b/os/win32/BaseAddr.ref index 5fdf1c57a0..e954eabedf 100644 --- a/os/win32/BaseAddr.ref +++ b/os/win32/BaseAddr.ref @@ -9,7 +9,7 @@ ; module name base-address max-size libhttpd 0x6FF00000 0x000A0000 -mod_auth_basic 0x6FEF0000 0x00010000 +mod_auth_anon 0x6FEF0000 0x00010000 mod_auth_digest 0x6FED0000 0x00020000 mod_cern_meta 0x6FEC0000 0x00010000 mod_expires 0x6FEB0000 0x00010000 @@ -20,6 +20,7 @@ mod_speling 0x6FE60000 0x00010000 mod_status 0x6FE50000 0x00010000 mod_usertrack 0x6FE40000 0x00010000 mod_file_cache 0x6FE20000 0x00020000 +mod_auth_dbm 0x6FE10000 0x00010000 mod_unique_id 0x6FE00000 0x00010000 mod_vhost_alias 0x6FDF0000 0x00010000 mod_mime_magic 0x6FDE0000 0x00010000 @@ -30,9 +31,11 @@ mod_proxy_connect 0x6FD90000 0x00010000 mod_proxy_ftp 0x6FD80000 0x00010000 mod_proxy_http 0x6FD70000 0x00010000 mod_ssl 0x6FD00000 0x00070000 +mod_access 0x6FCF0000 0x00010000 mod_actions 0x6FCE0000 0x00010000 mod_alias 0x6FCD0000 0x00010000 mod_asis 0x6FCC0000 0x00010000 +mod_auth 0x6FCB0000 0x00010000 mod_autoindex 0x6FCA0000 0x00010000 mod_cgi 0x6FC90000 0x00010000 mod_dir 0x6FC80000 0x00010000 @@ -51,12 +54,3 @@ mod_mem_cache 0x6FBC0000 0x00010000 mod_deflate 0x6FBA0000 0x00020000 mod_ext_filter 0x6FB90000 0x00010000 mod_charset_lite 0x6FB80000 0x00010000 -mod_authn_anon 0x6FB70000 0x00010000 -mod_authn_dbm 0x6FB60000 0x00010000 -mod_authn_default 0x6FB50000 0x00010000 -mod_authn_file 0x6FB40000 0x00010000 -mod_authz_dbm 0x6FB30000 0x00010000 -mod_authz_default 0x6FB20000 0x00010000 -mod_authz_groupfile 0x6FB10000 0x00010000 -mod_authz_host 0x6FB00000 0x00010000 -mod_authz_user 0x6FAF0000 0x00010000 diff --git a/support/dbmmanage b/support/dbmmanage deleted file mode 100644 index 49190f13e0..0000000000 --- a/support/dbmmanage +++ /dev/null @@ -1,350 +0,0 @@ -#!/usr/bin/perl -# ==================================================================== -# The Apache Software License, Version 1.1 -# -# Copyright (c) 2000-2002 The Apache Software Foundation. All rights -# reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The end-user documentation included with the redistribution, -# if any, must include the following acknowledgment: -# "This product includes software developed by the -# Apache Software Foundation (http://www.apache.org/)." -# Alternately, this acknowledgment may appear in the software itself, -# if and wherever such third-party acknowledgments normally appear. -# -# 4. The names "Apache" and "Apache Software Foundation" must -# not be used to endorse or promote products derived from this -# software without prior written permission. For written -# permission, please contact apache@apache.org. -# -# 5. Products derived from this software may not be called "Apache", -# nor may "Apache" appear in their name, without prior written -# permission of the Apache Software Foundation. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# ==================================================================== -# -# This software consists of voluntary contributions made by many -# individuals on behalf of the Apache Software Foundation. For more -# information on the Apache Software Foundation, please see -# <http://www.apache.org/>. -# - -#for more functionality see the HTTPD::UserAdmin module: -# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz -# -# usage: dbmmanage <DBMfile> <command> <user> <password> <groups> <comment> - -package dbmmanage; -# -ldb -lndbm -lgdbm -lsdbm -BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) } -use strict; -use Fcntl; -use AnyDBM_File (); - -sub usage { - my $cmds = join "|", sort keys %dbmc::; - die <<SYNTAX; -Usage: dbmmanage [enc] dbname command [username [pw [group[,group] [comment]]]] - - where enc is -d for crypt encryption (default except on Win32, Netware) - -m for MD5 encryption (default on Win32, Netware) - -s for SHA1 encryption - -p for plaintext - - command is one of: $cmds - - pw of . for update command retains the old password - pw of - (or blank) for update command prompts for the password - - groups or comment of . (or blank) for update command retains old values - groups or comment of - for update command clears the existing value - groups or comment of - for add and adduser commands is the empty value -SYNTAX -} - -sub need_sha1_crypt { - if (!eval ('require "Digest/SHA1.pm";')) { - print STDERR <<SHAERR; -dbmmanage SHA1 passwords require the interface or the module Digest::SHA1 -available from CPAN: - - http://www.cpan.org/modules/by-module/Digest/Digest-MD5-2.12.tar.gz - -Please install Digest::SHA1 and try again, or use a different crypt option: - -SHAERR - usage(); - } -} - -sub need_md5_crypt { - if (!eval ('require "Crypt/PasswdMD5.pm";')) { - print STDERR <<MD5ERR; -dbmmanage MD5 passwords require the module Crypt::PasswdMD5 available from CPAN - - http://www.cpan.org/modules/by-module/Crypt/Crypt-PasswdMD5-1.1.tar.gz - -Please install Crypt::PasswdMD5 and try again, or use a different crypt option: - -MD5ERR - usage(); - } -} - -# if your osname is in $newstyle_salt, then use new style salt (starts with '_' and contains -# four bytes of iteration count and four bytes of salt). Otherwise, just use -# the traditional two-byte salt. -# see the man page on your system to decide if you have a newer crypt() lib. -# I believe that 4.4BSD derived systems do (at least BSD/OS 2.0 does). -# The new style crypt() allows up to 20 characters of the password to be -# significant rather than only 8. -# -my $newstyle_salt_platforms = join '|', qw{bsdos}; #others? -my $newstyle_salt = $^O =~ /(?:$newstyle_salt_platforms)/; - -# Some platforms just can't crypt() for Apache -# -my $crypt_not_supported_platforms = join '|', qw{MSWin32 NetWare}; #others? -my $crypt_not_supported = $^O =~ /(?:$crypt_not_supported_platforms)/; - -my $crypt_method = "crypt"; - -if ($crypt_not_supported) { - $crypt_method = "md5"; -} - -# Some platforms won't jump through our favorite hoops -# -my $not_unix_platforms = join '|', qw{MSWin32 NetWare}; #others? -my $not_unix = $^O =~ /(?:$not_unix_platforms)/; - -if ($crypt_not_supported) { - $crypt_method = "md5"; -} - -if (@ARGV[0] eq "-d") { - shift @ARGV; - if ($crypt_not_supported) { - print STDERR - "Warning: Apache/$^O does not support crypt()ed passwords!\n\n"; - } - $crypt_method = "crypt"; -} - -if (@ARGV[0] eq "-m") { - shift @ARGV; - $crypt_method = "md5"; -} - -if (@ARGV[0] eq "-p") { - shift @ARGV; - if (!$crypt_not_supported) { - print STDERR - "Warning: Apache/$^O does not support plaintext passwords!\n\n"; - } - $crypt_method = "plain"; -} - -if (@ARGV[0] eq "-s") { - shift @ARGV; - need_sha1_crypt(); - $crypt_method = "sha1"; -} - -if ($crypt_method eq "md5") { - need_md5_crypt(); -} - -my($file,$command,$key,$crypted_pwd,$groups,$comment) = @ARGV; - -usage() unless $file and $command and defined &{$dbmc::{$command}}; - -# remove extension if any -my $chop = join '|', qw{db.? pag dir}; -$file =~ s/\.($chop)$//; - -my $is_update = $command eq "update"; -my %DB = (); -my @range = (); -my($mode, $flags) = $command =~ - /^(?:view|check)$/ ? (0644, O_RDONLY) : (0644, O_RDWR|O_CREAT); - -tie (%DB, "AnyDBM_File", $file, $flags, $mode) || die "Can't tie $file: $!"; -dbmc->$command(); -untie %DB; - - -my $x; -sub genseed { - my $psf; - if ($not_unix) { - srand (time ^ $$ or time ^ ($$ + ($$ << 15))); - } - else { - for (qw(-xlwwa -le)) { - `ps $_ 2>/dev/null`; - $psf = $_, last unless $?; - } - srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`)); - } - @range = (qw(. /), '0'..'9','a'..'z','A'..'Z'); - $x = int scalar @range; -} - -sub randchar { - join '', map $range[rand $x], 1..shift||1; -} - -sub saltpw_crypt { - genseed() unless @range; - return $newstyle_salt ? - join '', "_", randchar, "a..", randchar(4) : - randchar(2); -} - -sub cryptpw_crypt { - my ($pw, $salt) = @_; - $salt = saltpw_crypt unless $salt; - crypt $pw, $salt; -} - -sub saltpw_md5 { - genseed() unless @range; - randchar(8); -} - -sub cryptpw_md5 { - my($pw, $salt) = @_; - $salt = saltpw_md5 unless $salt; - Crypt::PasswdMD5::apache_md5_crypt($pw, $salt); -} - -sub cryptpw_sha1 { - my($pw, $salt) = @_; - '{SHA}' . Digest::SHA1::sha1_base64($pw) . "="; -} - -sub cryptpw { - if ($crypt_method eq "md5") { - return cryptpw_md5(@_); - } elsif ($crypt_method eq "sha1") { - return cryptpw_sha1(@_); - } elsif ($crypt_method eq "crypt") { - return cryptpw_crypt(@_); - } - @_[0]; # otherwise return plaintext -} - -sub getpass { - my $prompt = shift || "Enter password:"; - - unless($not_unix) { - open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n"; - system "stty -echo;"; - } - - my($c,$pwd); - print STDERR $prompt; - while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") { - $pwd .= $c; - } - - system "stty echo" unless $not_unix; - print STDERR "\n"; - die "Can't use empty password!\n" unless length $pwd; - return $pwd; -} - -sub dbmc::update { - die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; - $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.'; - $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.'; - $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.'; - if (!$crypted_pwd || $crypted_pwd eq '-') { - dbmc->adduser; - } - else { - dbmc->add; - } -} - -sub dbmc::add { - die "Can't use empty password!\n" unless $crypted_pwd; - unless($is_update) { - die "Sorry, user `$key' already exists!\n" if $DB{$key}; - } - $groups = '' if $groups eq '-'; - $comment = '' if $comment eq '-'; - $groups .= ":" . $comment if $comment; - $crypted_pwd .= ":" . $groups if $groups; - $DB{$key} = $crypted_pwd; - my $action = $is_update ? "updated" : "added"; - print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n"; -} - -sub dbmc::adduser { - my $value = getpass "New password:"; - die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value; - $crypted_pwd = cryptpw $value; - dbmc->add; -} - -sub dbmc::delete { - die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; - delete $DB{$key}, print "`$key' deleted\n"; -} - -sub dbmc::view { - print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB; -} - -sub dbmc::check { - die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key}; - my $chkpass = (split /:/, $DB{$key}, 3)[0]; - my $testpass = getpass(); - if (substr($chkpass, 0, 6) eq '$apr1$') { - need_md5_crypt; - $crypt_method = "md5"; - } elsif (substr($chkpass, 0, 5) eq '{SHA}') { - need_sha1_crypt; - $crypt_method = "sha1"; - } elsif (length($chkpass) == 13 && $chkpass ne $testpass) { - $crypt_method = "crypt"; - } else { - $crypt_method = "plain"; - } - print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass - ? " password ok\n" : " password mismatch\n"); -} - -sub dbmc::import { - while(defined($_ = <STDIN>) and chomp) { - ($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4; - dbmc->add; - } -} - diff --git a/support/log_server_status b/support/log_server_status deleted file mode 100644 index f9c871d835..0000000000 --- a/support/log_server_status +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/perl -# ==================================================================== -# The Apache Software License, Version 1.1 -# -# Copyright (c) 2000-2002 The Apache Software Foundation. All rights -# reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The end-user documentation included with the redistribution, -# if any, must include the following acknowledgment: -# "This product includes software developed by the -# Apache Software Foundation (http://www.apache.org/)." -# Alternately, this acknowledgment may appear in the software itself, -# if and wherever such third-party acknowledgments normally appear. -# -# 4. The names "Apache" and "Apache Software Foundation" must -# not be used to endorse or promote products derived from this -# software without prior written permission. For written -# permission, please contact apache@apache.org. -# -# 5. Products derived from this software may not be called "Apache", -# nor may "Apache" appear in their name, without prior written -# permission of the Apache Software Foundation. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# ==================================================================== -# -# This software consists of voluntary contributions made by many -# individuals on behalf of the Apache Software Foundation. For more -# information on the Apache Software Foundation, please see -# <http://www.apache.org/>. -# -# Log Server Status -# Mark J Cox, UK Web Ltd 1996, mark@ukweb.com -# -# This script is designed to be run at a frequent interval by something -# like cron. It connects to the server and downloads the status -# information. It reformats the information to a single line and logs -# it to a file. Make sure the directory $wherelog is writable by the -# user who runs this script. -# -require 'sys/socket.ph'; - -$wherelog = "/var/log/graph/"; # Logs will be like "/var/log/graph/19960312" -$server = "localhost"; # Name of server, could be "www.foo.com" -$port = "80"; # Port on server -$request = "/status/?auto"; # Request to send - -sub tcp_connect -{ - local($host,$port) =@_; - $sockaddr='S n a4 x8'; - chop($hostname=`hostname`); - $port=(getservbyname($port, 'tcp'))[2] unless $port =~ /^\d+$/; - $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]); - $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]); - socket(S,&PF_INET,&SOCK_STREAM,(getprotobyname('tcp'))[2]) || - die "socket: $!"; - bind(S,$me) || return "bind: $!"; - connect(S,$them) || return "connect: $!"; - select(S); - $| = 1; - select(stdout); - return ""; -} - -### Main - -{ - $year=`date +%y`; - chomp($year); - $year += ($year < 70) ? 2000 : 1900; - $date = $year . `date +%m%d:%H%M%S`; - chomp($date); - ($day,$time)=split(/:/,$date); - $res=&tcp_connect($server,$port); - open(OUT,">>$wherelog$day"); - if ($res) { - print OUT "$time:-1:-1:-1:-1:$res\n"; - exit 1; - } - print S "GET $request\n"; - while (<S>) { - $requests=$1 if ( m|^BusyServers:\ (\S+)|); - $idle=$1 if ( m|^IdleServers:\ (\S+)|); - $number=$1 if ( m|sses:\ (\S+)|); - $cpu=$1 if (m|^CPULoad:\ (\S+)|); - } - print OUT "$time:$requests:$idle:$number:$cpu\n"; -} - - diff --git a/support/logresolve.pl b/support/logresolve.pl deleted file mode 100644 index b99a5b8d83..0000000000 --- a/support/logresolve.pl +++ /dev/null @@ -1,261 +0,0 @@ -#!/usr/bin/perl -# ==================================================================== -# The Apache Software License, Version 1.1 -# -# Copyright (c) 2000-2002 The Apache Software Foundation. All rights -# reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The end-user documentation included with the redistribution, -# if any, must include the following acknowledgment: -# "This product includes software developed by the -# Apache Software Foundation (http://www.apache.org/)." -# Alternately, this acknowledgment may appear in the software itself, -# if and wherever such third-party acknowledgments normally appear. -# -# 4. The names "Apache" and "Apache Software Foundation" must -# not be used to endorse or promote products derived from this -# software without prior written permission. For written -# permission, please contact apache@apache.org. -# -# 5. Products derived from this software may not be called "Apache", -# nor may "Apache" appear in their name, without prior written -# permission of the Apache Software Foundation. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# ==================================================================== -# -# This software consists of voluntary contributions made by many -# individuals on behalf of the Apache Software Foundation. For more -# information on the Apache Software Foundation, please see -# <http://www.apache.org/>. -# -# logresolve.pl -# -# v 1.2 by robh @ imdb.com -# -# usage: logresolve.pl <infile >outfile -# -# input = Apache/NCSA/.. logfile with IP numbers at start of lines -# output = same logfile with IP addresses resolved to hostnames where -# name lookups succeeded. -# -# this differs from the C based 'logresolve' in that this script -# spawns a number ($CHILDREN) of subprocesses to resolve addresses -# concurrently and sets a short timeout ($TIMEOUT) for each lookup in -# order to keep things moving quickly. -# -# the parent process handles caching of IP->hostnames using a Perl hash -# it also avoids sending the same IP to multiple child processes to be -# resolved multiple times concurrently. -# -# Depending on the settings of $CHILDREN and $TIMEOUT you should see -# significant reductions in the overall time taken to resolve your -# logfiles. With $CHILDREN=40 and $TIMEOUT=5 I've seen 200,000 - 300,000 -# logfile lines processed per hour compared to ~45,000 per hour -# with 'logresolve'. -# -# I haven't yet seen any noticable reduction in the percentage of IPs -# that fail to get resolved. Your mileage will no doubt vary. 5s is long -# enough to wait IMO. -# -# Known to work with FreeBSD 2.2 -# Known to have problems with Solaris -# -# 980417 - use 'sockaddr_un' for bind/connect to make the script work -# with linux. Fix from Luuk de Boer <luuk_de_boer@pi.net> - -require 5.004; - -$|=1; - -use FileHandle; -use Socket; - -use strict; -no strict 'refs'; - -use vars qw($PROTOCOL); -$PROTOCOL = 0; - -my $CHILDREN = 40; -my $TIMEOUT = 5; - -my $filename; -my %hash = (); -my $parent = $$; - -my @children = (); -for (my $child = 1; $child <=$CHILDREN; $child++) { - my $f = fork(); - if (!$f) { - $filename = "./.socket.$parent.$child"; - if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";} - &child($child); - exit(0); - } - push(@children, $f); -} - -&parent; -&cleanup; - -## remove all temporary files before shutting down -sub cleanup { - # die kiddies, die - kill(15, @children); - for (my $child = 1; $child <=$CHILDREN; $child++) { - if (-e "./.socket.$parent.$child") { - unlink("./.socket.$parent.$child") - || warn ".socket.$parent.$child $!"; - } - } -} - -sub parent { - # Trap some possible signals to trigger temp file cleanup - $SIG{'KILL'} = $SIG{'INT'} = $SIG{'PIPE'} = \&cleanup; - - my %CHILDSOCK; - my $filename; - - ## fork child processes. Each child will create a socket connection - ## to this parent and use an unique temp filename to do so. - for (my $child = 1; $child <=$CHILDREN; $child++) { - $CHILDSOCK{$child}= FileHandle->new; - - if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) { - warn "parent socket to child failed $!"; - } - $filename = "./.socket.$parent.$child"; - my $response; - do { - $response = connect($CHILDSOCK{$child}, sockaddr_un($filename)); - if ($response != 1) { - sleep(1); - } - } while ($response != 1); - $CHILDSOCK{$child}->autoflush; - } - ## All child processes should now be ready or at worst warming up - - my (@buffer, $child, $ip, $rest, $hostname, $response); - ## read the logfile lines from STDIN - while(<STDIN>) { - @buffer = (); # empty the logfile line buffer array. - $child = 1; # children are numbered 1..N, start with #1 - - # while we have a child to talk to and data to give it.. - do { - push(@buffer, $_); # buffer the line - ($ip, $rest) = split(/ /, $_, 2); # separate IP form rest - - unless ($hash{$ip}) { # resolve if unseen IP - $CHILDSOCK{$child}->print("$ip\n"); # pass IP to next child - $hash{$ip} = $ip; # don't look it up again. - $child++; - } - } while (($child < ($CHILDREN-1)) and ($_ = <STDIN>)); - - ## now poll each child for a response - while (--$child > 0) { - $response = $CHILDSOCK{$child}->getline; - chomp($response); - # child sends us back both the IP and HOSTNAME, no need for us - # to remember what child received any given IP, and no worries - # what order we talk to the children - ($ip, $hostname) = split(/\|/, $response, 2); - $hash{$ip} = $hostname; - } - - # resolve all the logfiles lines held in the log buffer array.. - for (my $line = 0; $line <=$#buffer; $line++) { - # get next buffered line - ($ip, $rest) = split(/ /, $buffer[$line], 2); - # separate IP from rest and replace with cached hostname - printf STDOUT ("%s %s", $hash{$ip}, $rest); - } - } -} - -######################################## - -sub child { - # arg = numeric ID - how the parent refers to me - my $me = shift; - - # add trap for alarm signals. - $SIG{'ALRM'} = sub { die "alarmed"; }; - - # create a socket to communicate with parent - socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL) - || die "Error with Socket: !$\n"; - $filename = "./.socket.$parent.$me"; - bind(INBOUND, sockaddr_un($filename)) - || die "Error Binding $filename: $!\n"; - listen(INBOUND, 5) || die "Error Listening: $!\n"; - - my ($ip, $send_back); - my $talk = FileHandle->new; - - # accept a connection from the parent process. We only ever have - # have one connection where we exchange 1 line of info with the - # parent.. 1 line in (IP address), 1 line out (IP + hostname). - accept($talk, INBOUND) || die "Error Accepting: $!\n"; - # disable I/O buffering just in case - $talk->autoflush; - # while the parent keeps sending data, we keep responding.. - while(($ip = $talk->getline)) { - chomp($ip); - # resolve the IP if time permits and send back what we found.. - $send_back = sprintf("%s|%s", $ip, &nslookup($ip)); - $talk->print($send_back."\n"); - } -} - -# perform a time restricted hostname lookup. -sub nslookup { - # get the IP as an arg - my $ip = shift; - my $hostname = undef; - - # do the hostname lookup inside an eval. The eval will use the - # already configured SIGnal handler and drop out of the {} block - # regardless of whether the alarm occured or not. - eval { - alarm($TIMEOUT); - $hostname = gethostbyaddr(gethostbyname($ip), AF_INET); - alarm(0); - }; - if ($@ =~ /alarm/) { - # useful for debugging perhaps.. - # print "alarming, isn't it? ($ip)"; - } - - # return the hostname or the IP address itself if there is no hostname - $hostname ne "" ? $hostname : $ip; -} - - diff --git a/support/phf_abuse_log.cgi b/support/phf_abuse_log.cgi deleted file mode 100644 index 87543ce5f4..0000000000 --- a/support/phf_abuse_log.cgi +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/perl - -# This script is used to detect people trying to abuse the security hole which -# existed in A CGI script direstributed with Apache 1.0.3 and earlier versions. -# You can redirect them to here using the "<Location /cgi-bin/phf*>" suggestion -# in httpd.conf. -# -# The format logged to is -# "[date] remote_addr remote_host [date] referrer user_agent". - -$LOG = "/var/log/phf_log"; - -require "ctime.pl"; -$when = &ctime(time); -$when =~ s/\n//go; -$ENV{HTTP_USER_AGENT} .= " via $ENV{HTTP_VIA}" if($ENV{HTTP_VIA}); - -open(LOG, ">>$LOG") || die "boo hoo, phf_log $!"; -print LOG "[$when] $ENV{REMOTE_ADDR} $ENV{REMOTE_HOST} $ENV{$HTTP_REFERER} $ENV{HTTP_USER_AGENT}\n"; -close(LOG); - -print "Content-type: text/html\r\n\r\n<BLINK>Smile, you're on Candid Camera.</BLINK>\n"; diff --git a/support/split-logfile b/support/split-logfile deleted file mode 100644 index c0f34861aa..0000000000 --- a/support/split-logfile +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/bin/perl -# ==================================================================== -# The Apache Software License, Version 1.1 -# -# Copyright (c) 2000-2001 The Apache Software Foundation. All rights -# reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. The end-user documentation included with the redistribution, -# if any, must include the following acknowledgment: -# "This product includes software developed by the -# Apache Software Foundation (http://www.apache.org/)." -# Alternately, this acknowledgment may appear in the software itself, -# if and wherever such third-party acknowledgments normally appear. -# -# 4. The names "Apache" and "Apache Software Foundation" must -# not be used to endorse or promote products derived from this -# software without prior written permission. For written -# permission, please contact apache@apache.org. -# -# 5. Products derived from this software may not be called "Apache", -# nor may "Apache" appear in their name, without prior written -# permission of the Apache Software Foundation. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# ==================================================================== -# -# This software consists of voluntary contributions made by many -# individuals on behalf of the Apache Software Foundation. For more -# information on the Apache Software Foundation, please see -# <http://www.apache.org/>. - -# This script will take a combined Web server access -# log file and break its contents into separate files. -# It assumes that the first field of each line is the -# virtual host identity (put there by "%v"), and that -# the logfiles should be named that+".log" in the current -# directory. -# -# The combined log file is read from stdin. Records read -# will be appended to any existing log files. -# -%is_open = (); - -while ($log_line = <STDIN>) { - # - # Get the first token from the log record; it's the - # identity of the virtual host to which the record - # applies. - # - ($vhost) = split (/\s/, $log_line); - # - # Normalize the virtual host name to all lowercase. - # If it's blank, the request was handled by the default - # server, so supply a default name. This shouldn't - # happen, but caution rocks. - # - $vhost = lc ($vhost) or "access"; - # - # If the log file for this virtual host isn't opened - # yet, do it now. - # - if (! $is_open{$vhost}) { - open $vhost, ">>${vhost}.log" - or die ("Can't open ${vhost}.log"); - $is_open{$vhost} = 1; - } - # - # Strip off the first token (which may be null in the - # case of the default server), and write the edited - # record to the current log file. - # - $log_line =~ s/^\S*\s+//; - printf $vhost "%s", $log_line; -} -exit 0; |