logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Building & Member Downloads View previous topic :: View next topic
Reply to topic   Topic: per directory config corrupted
Author
scott



Joined: 16 Jun 2009
Posts: 6

PostPosted: Fri 19 Jun '09 9:35    Post subject: per directory config corrupted Reply with quote

I have a problem in modules where
r->per_dir_config always = 0x2. No
matter if I specify a function to create
config directories or not.

Im guessing this shouldnt be the case.
I'll post the code here of the module I
was trying to run which would crash because of it.

Any knowledge on this would be appreciated.
--scott

Code:

/* ====================================================================
 * The Apache Software License, Version 1.1
 *
 * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Apache" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 * Portions of this software are based upon public domain software
 * originally written at the National Center for Supercomputing Applications,
 * University of Illinois, Urbana-Champaign.
 */

/*
 * mod_auth_cookie: authentication addon for Apache 2
 *
 * Richard Antony Burton.
 *
 * Version 0.1 January 2004
 *
 * Allows a cookie to be checked for authentication instead of the Authorization
 * header. This is an addon module to your normal auth module, that will fake
 * normal auth header with data from a cookie. Can be used to allow a form based
 * logon, rather than using the browsers user/password popup dialog. If cookie
 * is not present or contains invalid credentials, normal auth will resume, and
 * normal popup will occur, browser permitting.
 *
 * This module is based on the original mod_auth_cookie (for Apache 1.3)
 * by Vivek Khera:
 *  http://modules.apache.org/search?id=3
 *  ftp://ftp.kcilink.com/pub/
 *
 * Although this module was written from scratch after a discussion in
 * alt.apache.configuration the code has come out pretty similar, and has been
 * made with the same features and config directives on purpose, to provide a
 * dropin replacement to the original (for users upgrading to Apache 2).
 *
 * Place these directives to your <directory> stanza:
 *   (along with you normal auth config)
 *
 *   AuthCookieName       CookieName
 *   AuthCookieOverride   [ On | Off ] Default = Off
 *   AuthCookieBase64     [ On | Off ] Default = Off
 *
 * CookieName - can be any cookie name. This is the cookie that will be checked.
 *
 * AuthCookieOverride - if request contains both a cookie and an Authorization
 *  header, the cookie will be the one that is used.
 *
 * AuthCookieBase64 - cookie contains "username:password" already base64 encoded
 *  as would be flowed in the normal Authorization header. Recommended as this
 *  will make the password (slightly) harder to figure out from the cookie, at
 *  the very least it will obscure it from people looking over your shoulder.
 *
 * Load using:
 *   LoadModule auth_cookie_module modules/mod_auth_cookie.so
 *
 */


// (this code is minimally modified by scott)


#include <apr_strings.h>

#define APR_WANT_STRFUNC
#include <apr_want.h>

#include <httpd.h>
#include <http_config.h>
#include <http_core.h>
#include <http_log.h>
#include <http_request.h>
#include <http_protocol.h>


typedef struct {
    char *cookie_auth_cookie;
    int cookie_auth_base64;
    int cookie_auth_override;
} cookie_auth_config_rec;

static void *create_cookie_auth_dir_config(apr_pool_t *p, char *d)
{
    cookie_auth_config_rec *conf = apr_palloc(p, sizeof(*conf));

   if (conf) {
        /* Set default values. */
        conf->cookie_auth_cookie = NULL;
        conf->cookie_auth_base64 = 0;
        conf->cookie_auth_override = 0;
   }

    return conf;
}

static const char * ap_set_string_slot_m(cmd_parms *cmd,
                                                   void *struct_ptr,
                                                   const char *arg)
{
    int offset = (int)(long)cmd->info;

    *(const char **)((char *)struct_ptr + offset) = arg;

    return NULL;
}

static const char * ap_set_flag_slot_m(cmd_parms *cmd,
                                                 void *struct_ptr_v, int arg)
{
    int offset = (int)(long)cmd->info;
    char *struct_ptr = (char *)struct_ptr_v;

    *(int *)(struct_ptr + offset) = arg ? 1 : 0;

    return NULL;
}

static const command_rec cookie_auth_cmds[] =
{
    AP_INIT_TAKE1("AuthCookieName", ap_set_string_slot_m,
    (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_cookie), OR_AUTHCFG, "auth cookie name"),
    AP_INIT_FLAG("AuthCookieOverride", ap_set_flag_slot_m,
     (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_override),
     OR_AUTHCFG, "Limited to 'on' or 'off'"),
    AP_INIT_FLAG("AuthCookieBase64", ap_set_flag_slot_m,
     (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_base64),
     OR_AUTHCFG, "Limited to 'on' or 'off'"),
    {NULL}
};

module AP_MODULE_DECLARE_DATA auth_cookie_module;

static int check_auth_cookie(request_rec *r)
{

   const char *cookies, *auth_line;
   char *cookie = NULL;

    /* Debug. */
   /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
       "check_auth_cookie called");*/

   /* Get config for this directory. */
    cookie_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
      &auth_cookie_module);

    /* Check we have been configured. */
    if (!conf->cookie_auth_cookie) {
        return DECLINED;
    }

   /* Do not override real auth header, unless config instructs us to. */
   if (!conf->cookie_auth_override &&
      apr_table_get(r->headers_in, "Authorization")) {
      return DECLINED;
   }

   /* todo: protect against xxxCookieNamexxx, regex? */
   /* todo: make case insensitive? */
   /* Get the cookie (code from mod_log_config). */   
   if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
      char *start_cookie, *end_cookie;
      if ((start_cookie = ap_strstr_c(cookies, conf->cookie_auth_cookie))) {
          start_cookie += strlen(conf->cookie_auth_cookie) + 1;
          cookie = apr_pstrdup(r->pool, start_cookie);
         /* kill everything in cookie after ';' */
         end_cookie = strchr(cookie, ';');
         if (end_cookie) {
            *end_cookie = '\0';
         }
      }
   }

   /* No cookie? Nothing for us to do. */
   if (!cookie) {
      return DECLINED;
   }

   /* Debug. */
   /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
       "%s=%s", conf->cookie_auth_cookie, cookie);*/
         
   /* Construct the fake auth_line. */
   if (conf->cookie_auth_base64) {
      auth_line = apr_pstrcat(r->pool, "Basic ", cookie, NULL);
   } else {
      ap_unescape_url(cookie);
      auth_line = apr_pstrcat(r->pool, "Basic ",
         ap_pbase64encode(r->pool, cookie), NULL);
   }

   /* Debug. */
   /*ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
      "Authorization: %s", auth_line);*/

   /* Set fake auth_line. */
   apr_table_set(r->headers_in, "Authorization", auth_line);
            
   /* Always return DECLINED because we don't authorize, */
   /* we just set things up for the next auth module to. */
    return DECLINED;
}

static void register_hooks(apr_pool_t *p)
{
    /* Hook in before the other auth modules. */
    ap_hook_check_user_id(check_auth_cookie, NULL, NULL, APR_HOOK_FIRST);
}

module AP_MODULE_DECLARE_DATA auth_cookie_module =
{
    STANDARD20_MODULE_STUFF,
    create_cookie_auth_dir_config, /* per-directory config creator */
    NULL,                          /* dir config merger */
    NULL,                          /* server config creator */
    NULL,                          /* server config merger */
    cookie_auth_cmds,              /* command table */
    register_hooks                 /* set up other request processing hooks */
};


Back to top


Reply to topic   Topic: per directory config corrupted View previous topic :: View next topic
Post new topic   Forum Index -> Building & Member Downloads