diff options
author | William A. Rowe Jr <wrowe@apache.org> | 2015-06-09 20:41:28 +0000 |
---|---|---|
committer | William A. Rowe Jr <wrowe@apache.org> | 2015-06-09 20:41:28 +0000 |
commit | db81019ab88734ed35fa70294a0cfa7a19743f73 (patch) | |
tree | be30cc753c32ebca361afcf3fbb118faed3b1b00 /include/http_request.h | |
parent | a6027e56924bb6227c1fdbf6f91e7e2438338be6 (diff) | |
download | httpd-db81019ab88734ed35fa70294a0cfa7a19743f73.tar.gz |
SECURITY: CVE-2015-3185 (cve.mitre.org)
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.
Submitted by: breser
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1684524 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include/http_request.h')
-rw-r--r-- | include/http_request.h | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/include/http_request.h b/include/http_request.h index 2317826f3a..97591e3e3e 100644 --- a/include/http_request.h +++ b/include/http_request.h @@ -185,6 +185,9 @@ AP_DECLARE(void) ap_internal_fast_redirect(request_rec *sub_req, request_rec *r) * is required for the current request * @param r The current request * @return 1 if authentication is required, 0 otherwise + * @bug Behavior changed in 2.4.x refactoring, API no longer usable + * @deprecated @see ap_some_authn_required() + * */ AP_DECLARE(int) ap_some_auth_required(request_rec *r); @@ -542,6 +545,16 @@ AP_DECLARE_HOOK(void,insert_filter,(request_rec *r)) AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r)) /** + * This hook allows a module to force authn to be required when + * processing a request. + * This hook should be registered with ap_hook_force_authn(). + * @param r The current request + * @return OK (force authn), DECLINED (let later modules decide) + * @ingroup hooks + */ +AP_DECLARE_HOOK(int,force_authn,(request_rec *r)) + +/** * This hook allows modules to handle/emulate the apr_stat() calls * needed for directory walk. * @param finfo where to put the stat data @@ -587,6 +600,17 @@ AP_DECLARE(apr_bucket *) ap_bucket_eor_make(apr_bucket *b, request_rec *r); AP_DECLARE(apr_bucket *) ap_bucket_eor_create(apr_bucket_alloc_t *list, request_rec *r); +/** + * Can be used within any handler to determine if any authentication + * is required for the current request. Note that if used with an + * access_checker hook, an access_checker_ex hook or an authz provider; the + * caller should take steps to avoid a loop since this function is + * implemented by calling these hooks. + * @param r The current request + * @return TRUE if authentication is required, FALSE otherwise + */ +AP_DECLARE(int) ap_some_authn_required(request_rec *r); + #ifdef __cplusplus } #endif |