summaryrefslogtreecommitdiff
path: root/modules/aaa
Commit message (Collapse)AuthorAgeFilesLines
* De-duplicate log message tags.Graham Leggett2023-04-251-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909419 13f79535-47bb-0310-9956-ffa450edef68
* Apply log next numbers.Graham Leggett2023-04-252-24/+24
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909418 13f79535-47bb-0310-9956-ffa450edef68
* The apr_jose API requires apr-util 1.7+.Graham Leggett2023-04-251-2/+36
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909416 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_autht_jwt: New module to handle RFC 7519 JWT tokens withinGraham Leggett2023-04-254-0/+1749
| | | | | | | | | | | | | | | bearer tokens, both as part of the aaa framework, and as a way to generate tokens and pass them to backend servers and services. *) mod_auth_bearer: New module to handle RFC 6750 Bearer tokens, using the token_checker hook. *) mod_autht_core: New module to handle provider aliases for token authentication. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909411 13f79535-47bb-0310-9956-ffa450edef68
* fix select-groups example, bz 66010Giovanni Bechis2022-04-201-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900077 13f79535-47bb-0310-9956-ffa450edef68
* APR (and APR-util) 1.3 is a requirement for building httpd 2.4 and above.Christophe Jaillet2022-01-221-4/+2
| | | | | | So these compatibility tests can be removed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897326 13f79535-47bb-0310-9956-ffa450edef68
* Add log tags.Graham Leggett2021-06-242-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891023 13f79535-47bb-0310-9956-ffa450edef68
* dbm: Split the loading of a dbm driver from the opening of a dbm file. WhenGraham Leggett2021-06-242-21/+60
| | | | | | | | an attempt to load a dbm driver fails, log clearly which driver triggered the error (not "default"), and what the error was. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891019 13f79535-47bb-0310-9956-ffa450edef68
* * Add lognumberRuediger Pluem2021-01-271-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885945 13f79535-47bb-0310-9956-ffa450edef68
* Before doing any bind check that the provided username is not NULL and that theRuediger Pluem2021-01-271-15/+26
| | | | | | | | | | | | | password is neither NULL nor empty. Binds with empty passwords always succeed, but in case the password of the user was not empty subsequent LDAP operations fail. This causes authentications that use user supplied credentials (AuthLDAPInitialBindAsUser set to on) to fail with status code 500 instead of 401 if the user supplied an empty password. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885940 13f79535-47bb-0310-9956-ffa450edef68
* Do not allow to set empty bind passwords to be set via AuthLDAPBindPasswordRuediger Pluem2021-01-271-0/+4
| | | | | | | | Binds with empty passwords always succeed, but in case the password of the user was not empty subsequent LDAP operations fail. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885939 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: Fast validation of the nonce's base64 to fail early ifYann Ylavic2021-01-181-2/+7
| | | | | | | | the format can't match anyway. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885659 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: fix crash with ONE_PROCESS (debug) mode shutdown.Yann Ylavic2020-11-251-2/+6
| | | | | | | | | | | Avoid double free/cleanup by just letting shm/rmm/global_mutex cleanups do their work on restart/exit. Set the globals to NULL in initialize_tables() should cleanup_tables() be called on error. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883810 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1883807 and r1883745, not the right fix.Yann Ylavic2020-11-251-43/+38
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883809 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: axe useless assignment from r1883745.Yann Ylavic2020-11-251-1/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883807 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: fix crash on ONE_PROCESS (debug) mode shutdown.Yann Ylavic2020-11-231-38/+44
| | | | | | | | | | There need to be separate global variables for rmm and mutex(es) in the parent and child processes, otherwise in ONE_PROCCESS (were clean_child_exit() and ap_terminate() execute in the same process) the variables get overwritten in child_init and freed twice when pchild and then pconf are destroyed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883745 13f79535-47bb-0310-9956-ffa450edef68
* -Werror=maybe-uninitialized issueEric Covener2020-11-081-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883214 13f79535-47bb-0310-9956-ffa450edef68
* PR64785: mod_allowmethods: Allow methods to be added/removed with +/- prefixEric Covener2020-11-081-16/+93
| | | | | | | | | Committed By: covener Submitted By: Marcel Montes <spiceman gmail.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883203 13f79535-47bb-0310-9956-ffa450edef68
* * modules/aaa/mod_authnz_ldap.c (build_request_config): Fix typo.Joe Orton2020-04-161-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876609 13f79535-47bb-0310-9956-ffa450edef68
* Add missing pool tags to help debugging.Yann Ylavic2020-04-163-0/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876599 13f79535-47bb-0310-9956-ffa450edef68
* PR64172: drop severity of AH01666Eric Covener2020-02-231-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874424 13f79535-47bb-0310-9956-ffa450edef68
* Define ap_method_mask_t (typedef for apr_uint64_t) and use for methodJoe Orton2020-02-173-7/+7
| | | | | | | | | | | | | | | | | | bitmasks rather than apr_int64_t. Fixes UBSan errors shifting to the top bit of a signed integer. * include/httpd.h: Add ap_method_mask_t, use it for AP_METHOD_BIT. (struct ap_method_mask_t): Likewise for method_mask field. (struct request_rec): Likewise for allowed field. * include/http_config.h (struct cmd_parms): Likewise for limited field. * include/ap_mmn.h: Bump MMN major. * modules/*/*.c: Adjust all method masks to use ap_method_mask_t. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874114 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling errors found by codespell. [skip ci]Mike Rumph2020-02-131-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873985 13f79535-47bb-0310-9956-ffa450edef68
* mod_authz_core: follow up to r1864759.Yann Ylavic2019-11-071-7/+8
| | | | | | | We should at least log the unexpected provider_name == NULL condition. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869512 13f79535-47bb-0310-9956-ffa450edef68
* Increase the maximum length of strings that can be cached by the module from ↵Christophe Jaillet2019-08-181-1/+1
| | | | | | 100 to 256. PR 62149 [<thorsten.meinl knime.com>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1865405 13f79535-47bb-0310-9956-ffa450edef68
* Axe some dead code + slighly improve a commentChristophe Jaillet2019-08-091-5/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864759 13f79535-47bb-0310-9956-ffa450edef68
* use the provided types via the macroEric Covener2019-06-151-5/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861432 13f79535-47bb-0310-9956-ffa450edef68
* Fix a race condition.Christophe Jaillet2019-02-081-14/+12
| | | | | | | | Authentication with valid credentials could be refused in case of concurrent accesses from different users. PR 63124 [Simon Kappel <simon.kappel axis.com>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853190 13f79535-47bb-0310-9956-ffa450edef68
* Clarify potentially unsuccessful success results.William A. Rowe Jr2019-01-171-0/+4
| | | | | | | | | Curious why modules/aaa/mod_authz_dbm.c:get_dbm_grp() doesn't need the same net changes? git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1851552 13f79535-47bb-0310-9956-ffa450edef68
* * modules/aaa/mod_authn_dbm.c (fetch_dbm_value): No functional change:Joe Orton2019-01-091-1/+1
| | | | | | | | return APR_SUCCESS rather than rv, which is guaranteed to be APR_SUCCESS in current code. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850835 13f79535-47bb-0310-9956-ffa450edef68
* follow-up to r1656549.Christophe Jaillet2018-09-131-2/+2
| | | | | | Instead of logging a password (which is not a good practice), clarify the associated message git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840776 13f79535-47bb-0310-9956-ffa450edef68
* If several parameters are used in a AuthzProviderAlias directive, if these ↵Christophe Jaillet2018-06-231-1/+12
| | | | | | | | | parameters are not enclosed in quotation mark, only the first one is handled. The other ones are silently ignored. Add a message to warn about such a spurious configuration. PR 62469 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834209 13f79535-47bb-0310-9956-ffa450edef68
* * modules/aaa/mod_authz_host.c (host_check_authorization): SimplifyJoe Orton2018-03-081-14/+22
| | | | | | | | | comment stripping in "Require host"; log a warning if a comment is used in 'Require host', or an error if the expression is empty with the comment stripped. (Currently in 2.4, #comment part is parsed) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1826207 13f79535-47bb-0310-9956-ffa450edef68
* mod_authnz_ldap: Fix language long names detection as short name.Yann Ylavic2018-02-151-3/+7
| | | | | | | | Make sure the long name format is relevent before converting it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824336 13f79535-47bb-0310-9956-ffa450edef68
* Be less tolerant when parsing the credencial for Basic authorization. Only ↵Christophe Jaillet2017-12-041-1/+1
| | | | | | | | | | spaces should be accepted after the authorization scheme. \t are also tolerated. The current code accepts \v and \f as well. The same behavior is already used in 'ap_get_basic_auth_pw()' which is mostly the same function as 'get_basic_auth()'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1817131 13f79535-47bb-0310-9956-ffa450edef68
* Use ap_cstr_casecmp instead of strcasecmp.Christophe Jaillet2017-12-041-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1817063 13f79535-47bb-0310-9956-ffa450edef68
* Fix a segmentation fault if AuthzDBDQuery is not set.Christophe Jaillet2017-09-211-2/+8
| | | | | | PR 61546 [Lubos Uhliarik <luhliari redhat.com>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809209 13f79535-47bb-0310-9956-ffa450edef68
* Correct string scope to prevent duplicated values for subsequent tokens.William A. Rowe Jr2017-07-051-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1800919 13f79535-47bb-0310-9956-ffa450edef68
* Fix some style issues.Christophe Jaillet2017-05-201-7/+11
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1795652 13f79535-47bb-0310-9956-ffa450edef68
* Add an explicit NULL to initialise a field in an authn_provider structure, ↵Christophe Jaillet2017-05-201-0/+1
| | | | | | as done in all other places. PR 60636 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1795651 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1772919: update APLOGNO().Yann Ylavic2017-02-201-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1783765 13f79535-47bb-0310-9956-ffa450edef68
* https://bz.apache.org/bugzilla/show_bug.cgi?id=58855Jim Jagielski2017-01-092-12/+12
| | | | | | | Optimize check for empty strings git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1778067 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: fix segfaults during shared memory exhaustionJacob Champion2016-12-061-9/+43
| | | | | | | | | | | The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly check for a malloc failure, leading to crashes when we ran out of the limited space provided by AuthDigestShmemSize. This patch replaces all these calls with a helper function that performs this check. Additionally, fix a NULL-check bug during entry garbage collection. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772919 13f79535-47bb-0310-9956-ffa450edef68
* Remove unused typedef uthn_dbd_confChristophe Jaillet2016-08-181-5/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756846 13f79535-47bb-0310-9956-ffa450edef68
* Fix some missed "strcasecmp <--> ap_cstr_casecmp" conversions.Christophe Jaillet2016-08-181-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756843 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling in comments and text files.Rainer Jung2016-08-116-6/+6
| | | | | | | | No functional change. PR 59990 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1756038 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1755930: actually what'd be read after AP_FCGI_END_REQUEST is padding,Yann Ylavic2016-08-111-8/+8
| | | | | | | | not any potential/errorneous next response. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1755931 13f79535-47bb-0310-9956-ffa450edef68
* mod_{proxy,authnz}_fcgi: follow up to r1750392.Yann Ylavic2016-08-111-8/+8
| | | | | | | | | | Don't try to read past AP_FCGI_END_REQUEST on the backend side, it would be a response for the next request. [Reverted by r1755931] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1755930 13f79535-47bb-0310-9956-ffa450edef68
* Rename ap_casecmpstr[n]() to ap_cstr_casecmp[n](), update with APR doxygenWilliam A. Rowe Jr2016-06-095-30/+30
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1747469 13f79535-47bb-0310-9956-ffa450edef68
* PR59612: Print the ap_expr() error message when an expression cannotEric Covener2016-05-221-0/+1
| | | | | | | | | | | be evaluated in forward-dns provider. Submitted By: Tianyin Xu <tixu cs.ucsd.edu> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1745034 13f79535-47bb-0310-9956-ffa450edef68
View Lorry Controller Status