#3 ported to 2.0
/*
it is working though I don't know how
the .htaccess and php should be
since I get errors and if I used lynx
the php code is displayed
*/
#ifndef AUTH_REQUIRED
#define AUTH_REQUIRED HTTP_UNAUTHORIZED
#endif
#include "apr_compat.h"
#include "apr_strings.h"
#include "apr_md5.h"
#include "ap_config.h"
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_protocol.h"
#include "http_request.h"
static const char *myname = "mod_auth_script";
#define MY_MARK myname,0
typedef struct {
enum { type_file, type_uri } type_;
char *path_;
} config_rec;
typedef struct {
char *xconfig_file;
char *xconfig_uri;
} xconfig_rec;
static void* dir_config(apr_pool_t *p, char *d) {
config_rec *conf = (config_rec*)ap_pcalloc(p, sizeof
(config_rec));
conf->type_ = type_file;
conf->path_ = 0;
return conf;
}
static const char *config_file(cmd_parms *cmd, void
*mconfig, char *arg) {
if (((config_rec *)mconfig)->path_)
return "Path to the script already set.";
((config_rec *)mconfig)->type_ = type_file;
((config_rec *)mconfig)->path_ =
ap_server_root_relative(cmd->pool, arg);
return 0;
}
static const char *config_uri(cmd_parms *cmd, void
*mconfig, char *arg) {
if (((config_rec *)mconfig)->path_)
return "Path to the script already set.";
if (arg[0] != '/')
return "URI should start with '/'.";
((config_rec *)mconfig)->type_ = type_uri;
((config_rec *)mconfig)->path_ = ap_pstrdup(cmd-
>pool, arg);
return 0;
}
static const command_rec command_table[] =
{
AP_INIT_TAKE12("AuthScriptFile", config_file,
(void *)APR_OFFSETOF(xconfig_rec,
xconfig_file),
OR_AUTHCFG, "Set an OS path to an auth script"),
AP_INIT_TAKE12("AuthScriptURI",config_uri,
(void *)APR_OFFSETOF(xconfig_rec,
xconfig_uri),
OR_AUTHCFG, "Set a virtual path to an auth
script"),
{NULL}
};
module AP_MODULE_DECLARE_DATA auth_script_module;
static int callback_print_debug(void *rec, const char
*key, const char *value) {
ap_log_rerror(MY_MARK, APLOG_ERR, 0, (request_rec
*)rec, "debug %s", value);
return 1;
}
static int check_user_id(request_rec *r) {
config_rec *conf;
request_rec *subreq;
const char *s;
const char *t;
int st;
if (!(t = ap_auth_type(r)) || strcasecmp(t, "Basicx"))
{
return DECLINED;
}
for (subreq = r->main; subreq != 0; subreq = subreq-
>main) {
if (strcmp(subreq->uri, r->uri) == 0) {
ap_log_rerror(MY_MARK, APLOG_ERR, 0, r,
"Status: %s cannot be inside the protected
directory itself.", subreq->uri);
return DECLINED;
}
}
(config_rec *) conf = (config_rec *)
ap_get_module_config(r->per_dir_config,
&auth_script_module);
if (conf->path_ == 0) {
ap_log_rerror(MY_MARK, APLOG_ERR, 0, r, "not
configured properly");
return DECLINED;
}
subreq = (conf->type_ == type_file ?
ap_sub_req_lookup_file(conf->path_, r, NULL) :
ap_sub_req_lookup_uri(conf->path_, r, NULL));
if ((st = ap_run_sub_req(subreq)) != OK) {
ap_destroy_sub_req(subreq);
ap_log_rerror(MY_MARK, APLOG_ERR, 0, r, "error
on script execution");
return st;
}
ap_table_do(callback_print_debug, (void *)r,
r->headers_out, "auth-script-debug", r-
>headers_out);
ap_table_do(callback_print_debug, (void *)r,
r->err_headers_out, "auth-script-debug", r-
>err_headers_out);
s = ap_table_get(r->headers_out, "auth-script-
custom-response");
if (s == 0)
ap_table_get(r->err_headers_out, "auth-script-
custom-response");
if (s != 0) {
char *ss;
ss = ap_pstrdup(r->pool, s);
ap_custom_response(r, HTTP_UNAUTHORIZED,
ss);
ap_custom_response(r,
HTTP_PROXY_AUTHENTICATION_REQUIRED, ss);
}
s = ap_table_get(r->headers_out, "auth-script-user");
if (s == 0)
ap_table_get(r->err_headers_out, "auth-script-
user");
if (s != 0)
r->user = ap_pstrdup(r->connection->pool, s);
s = ap_table_get(r->headers_out, "auth-script");
if (s == 0)
s = ap_table_get(r->err_headers_out, "auth-
script");
if (s == 0) {
ap_log_rerror(MY_MARK, APLOG_ERR, 0, r, "no
result from script");
ap_destroy_sub_req(subreq);
return DECLINED;
}
if (strcasecmp(s, "allow") == 0) {
if (r->user == 0) {
(void)ap_get_basic_auth_pw(r, &s);
}
ap_destroy_sub_req(subreq);
return OK;
}
if (strcasecmp(s, "deny") == 0) {
ap_destroy_sub_req(subreq);
return AUTH_REQUIRED;
}
if (strcasecmp(s, "prompt") == 0) {
ap_note_basic_auth_failure(r);
ap_destroy_sub_req(subreq);
return AUTH_REQUIRED;
}
ap_log_rerror(MY_MARK, APLOG_ERR, 0,
r, "unrecognized response '%s' from script", s);
ap_destroy_sub_req(subreq);
return DECLINED;
}
static int check_auth(request_rec *r) {
return OK;
}
static void register_hooks(apr_pool_t *p) {
ap_hook_check_user_id(check_user_id, NULL,
NULL,APR_HOOK_MIDDLE);
ap_hook_auth_checker(check_auth, NULL, NULL,
APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA auth_script_module
= {
STANDARD20_MODULE_STUFF,
dir_config,
NULL,
NULL,
NULL,
command_table,
register_hooks
};
Logged In: YES
user_id=204266
Makefile required for apache2 (mandrake 9.1)
-- changes to apxs2, and -n switch.
#
# Makefile for mod_auth_script to build as a DSO module
#
MODNAME = mod_auth_script
SRC = ${MODNAME}.c
MODFILE = ${MODNAME}.so
SHELL = /bin/sh
APXS = /usr/sbin/apxs2
APACHECTL = /etc/init.d/httpd
${MODFILE}: ${SRC}
${APXS} -c ${SRC}
install: ${MODFILE}
${APXS} -i -a -n auth_script .libs/${MODFILE}
${APACHECTL} restart
clean:
rm -f *.o *.so a.out core core.*
Logged In: NO
I didn't have any luck with this patch until I changed the 3rd
argument in ap_sub_req_lookup_file and
ap_sub_req_lookup_uri from NULL to r->output_filters and
commented out these lines:
/*
if (!(t = ap_auth_type(r)) || strcasecmp(t, "Basicx"))
{
return DECLINED;
}
*/
/*
ap_table_do(callback_print_debug, (void *)r,
r->headers_out, "auth-script-debug", r-
>headers_out);
ap_table_do(callback_print_debug, (void *)r,
r->err_headers_out, "auth-script-debug", r-
>err_headers_out);
*/
Also, I got warning messages until I changed the type of the
3rd argument in config_file and config_uri from char* to const
char*.
chuck.morris@ngc.com