|
From: <fir...@us...> - 2003-11-11 02:57:35
|
Update of /cvsroot/mod-auth/mod_authn_pop3/src In directory sc8-pr-cvs1:/tmp/cvs-serv18125/src Added Files: Makefile.am mod_authn_pop3.c Removed Files: mod_auth_pop3.c Log Message: add autoconf foo for authn_pop3. also moved it from auth_pop3 to authn_pop3 --- NEW FILE: Makefile.am --- CLEANFILES = .libs/libmod_authn_pop3 *~ libmod_authn_pop3_la_SOURCES = mod_authn_pop3.c lib_LTLIBRARIES = libmod_authn_pop3.la make_so: @if test ! -L mod_authn_pop3.so ; then ln -s .libs/libmod_authn_pop3.so mod_authn_pop3.so ; fi install: $(INSTALL) -m 644 .libs/libmod_authn_pop3.so $(LIBEXECDIR)/mod_authn_pop3.so @echo "" @echo "" @echo "***********************************************" @echo "" @echo " Please read the documentation at " @echo " http://mod-auth.sourceforge.net/docs/ for " @echo " details on configuration of this module " @echo "" @echo "***********************************************" @echo "" --- NEW FILE: mod_authn_pop3.c --- /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact ap...@ap.... * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. * * Portions of this software are based upon public domain software * originally written at the National Center for Supercomputing Applications, * University of Illinois, Urbana-Champaign. */ /* * http_auth: authentication * * Rob McCool & Brian Behlendorf. * * Adapted to Apache by rst. * * dirkx - Added Authoritative control to allow passing on to lower * modules if and only if the userid is not known to this * module. A known user with a faulty or absent password still * causes an AuthRequired. The default is 'Authoritative', i.e. * no control is passed along. * * ianh - modified to use pop for authentication */ #define APR_WANT_STRFUNC #include "apr_want.h" #include "apr_strings.h" #include "httpd.h" #include "http_config.h" #include "http_core.h" #include "http_log.h" #include "http_protocol.h" #include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ typedef struct { char *serverhostname; int port; int auth_popauthoritative; } pop_auth_config_rec; static void *create_pop_auth_dir_config(apr_pool_t *p, char *d) { pop_auth_config_rec *conf = apr_palloc(p, sizeof(*conf)); conf->serverhostname = NULL; conf->port = 110; conf->auth_popauthoritative = 1; /* fortress is secure by default */ return conf; } static const char *set_pop_slot(cmd_parms *cmd, void *offset, const char *f, const char *t) { if (!t || strcmp(t, "pop")) return DECLINE_CMD; return ap_set_file_slot(cmd, offset, f); } static const char *set_pop_hostname(cmd_parms *cmd, void *dir_config, const char *arg) { pop_auth_config_rec *conf = dir_config; conf->serverhostname = apr_pstrdup(cmd->pool, arg); return NULL; } static const char *set_pop_port(cmd_parms *cmd, void *dir_config, const char *arg) { pop_auth_config_rec *conf = dir_config; conf->port = atoi(arg); return NULL; } static const command_rec pop_auth_cmds[] = { AP_INIT_TAKE1("AuthPOPHostname", set_pop_hostname, NULL, OR_AUTHCFG, "hostname for POP Server"), AP_INIT_TAKE1("AuthPOPPort", set_pop_port, NULL, OR_AUTHCFG, "port for POP Server"), AP_INIT_FLAG("AuthPOPAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(pop_auth_config_rec, auth_popauthoritative), OR_AUTHCFG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"), {NULL} }; typedef struct { request_rec *r; const char *cookiename; char *cookie; } cookie_res; static int cookie_match( void *result, const char *key, const char *cook) { char *value; cookie_res * cr = (cookie_res *) result; if (cook != NULL) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, cr->r, "mod_auth_pop checking cookie <%s>", cook); if ((value = strstr(cook, cr->cookiename))) { char *cookiebuf, *cookieend; value += strlen(cr->cookiename) + 1; /* Skip over the '=' */ cookiebuf = apr_pstrdup(cr->r->pool, value); cookieend = strchr(cookiebuf, ';'); if (cookieend) *cookieend = '\0'; /* Ignore anything after a ; */ cr->cookie = cookiebuf; return (0); } } return (1); } static char * find_our_cookie(request_rec *r, const char* cookiename) { cookie_res *cr = apr_palloc(r->pool, sizeof(cookie_res)); cr->r = r; cr->cookie = NULL; cr->cookiename = cookiename; apr_table_do(cookie_match, (void *) cr, r->headers_in, "Cookie", NULL); return (cr->cookie); } #define RECVLEN 200 static apr_status_t send_pop_command( request_rec *r, apr_socket_t *sock, const char* command, char*response, apr_size_t *responselen) { apr_status_t rv; apr_size_t sendlen; char errbuf[200]; sendlen = strlen(command); rv = apr_socket_send( sock, command, &sendlen); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_socket_send"); return rv; } memset( response, 0, *responselen); rv = apr_socket_recv( sock, response, responselen); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_socket_recv"); return rv; } return rv; } static apr_status_t pop_auth( request_rec *r, const char *user, const char *pass, const char *hostname, int port, apr_interval_time_t timeout) { apr_status_t rv; apr_socket_t *sock = NULL; apr_sockaddr_t *sockaddr; apr_pool_t *pool; char *line=NULL; char *recv=NULL; apr_size_t recvlen; pool = r->pool; recv = apr_palloc( pool, RECVLEN); recvlen = RECVLEN; rv = apr_sockaddr_info_get(&sockaddr, hostname, APR_UNSPEC, port, 0, pool ); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_sockaddr_info_get"); return rv; } if (apr_socket_create(&sock, sockaddr->family, SOCK_STREAM, pool) != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_socket_create"); return rv; } rv = apr_socket_timeout_set(sock, timeout); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_socket_timeout_set"); return rv; } rv = apr_socket_connect( sock, sockaddr); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_socket_connect"); return rv; } rv = apr_socket_recv( sock, recv, &recvlen); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_socket_recv handshake"); apr_socket_close(sock); return rv; } if ( *recv != '+' ) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0 , r, "invalid handshake %s", recv); apr_socket_close(sock); return APR_EGENERAL; } line = apr_psprintf(pool, "USER %s\r\n", user ); rv = send_pop_command(r, sock, line, recv, &recvlen ); if (rv != APR_SUCCESS) { apr_socket_close(sock); return rv; } if ( *recv != '+' ) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "invalid response to USER command %s",recv); apr_socket_close(sock); return APR_EGENERAL; } recvlen = RECVLEN; line = apr_psprintf(pool, "PASS %s\r\n", pass ); rv = send_pop_command(r, sock, line, recv, &recvlen ); if (rv != APR_SUCCESS) { apr_socket_close(sock); return rv; } if ( *recv != '+' ) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0 , r, "invalid password %s",recv); apr_socket_close(sock); return APR_EGENERAL; } recvlen = RECVLEN; line = apr_psprintf(pool, "QUIT\r\n" ); rv = send_pop_command(r, sock, line, recv, &recvlen ); rv = apr_socket_close( sock ); if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, rv , r, "apr_socket_close"); return rv; } return APR_SUCCESS; } module AP_MODULE_DECLARE_DATA pop_auth_module; static int pop_authenticate_basic_user(request_rec *r) { pop_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &pop_auth_module); const char *sent_pw; apr_status_t invalid_pw; apr_interval_time_t timeout = apr_time_from_sec(10); int res; char *cookie, *cookiename; char md5result[120]; if (!conf->serverhostname ) return DECLINED; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) return res; apr_md5_encode( conf->serverhostname, "severname", md5result, sizeof(md5result)); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "MD5 hash %s %s ", md5result, conf->serverhostname); cookiename = apr_psprintf(r->pool, "pam_%s", md5result ); cookie = find_our_cookie(r,cookiename); invalid_pw = pop_auth( r, r->user, sent_pw, conf->serverhostname, conf->port, timeout); if (invalid_pw != APR_SUCCESS ) { if (!(conf->auth_popauthoritative)) return DECLINED; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "POP user %s authentication failure for \"%s\": " "Password Mismatch", r->user, r->uri ); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } return OK; } /* Checking ID */ static int pop_check_auth(request_rec *r) { return DECLINED; } static void register_hooks(apr_pool_t *p) { ap_hook_check_user_id(pop_authenticate_basic_user, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker(pop_check_auth, NULL, NULL, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA pop_auth_module = { STANDARD20_MODULE_STUFF, create_pop_auth_dir_config, /* dir config creater */ NULL, /* dir merger --- default is to override */ NULL, /* server config */ NULL, /* merge server config */ pop_auth_cmds, /* command apr_table_t */ register_hooks /* register hooks */ }; --- mod_auth_pop3.c DELETED --- |
