#endif static const command_rec privileges_cmds[] = { AP_INIT_TAKE1("VHostUser", vhost_user, NULL, RSRC_CONF, "Userid under which the virtualhost will run"), AP_INIT_TAKE1("VHostGroup", vhost_group, NULL, RSRC_CONF, "Group under which the virtualhost will run"), AP_INIT_FLAG("VHostSecure", vhost_secure, NULL, RSRC_CONF, "Run in enhanced security mode (default ON)"), AP_INIT_TAKE1("VHostCGIMode", vhost_cgimode, NULL, RSRC_CONF, "Enable fork+exec for this virtualhost (Off|Secure|On)"), AP_INIT_FLAG("DTracePrivileges", dtraceenable, NULL, RSRC_CONF, "Enable DTrace"), AP_INIT_TAKE1("PrivilegesMode", privs_mode, NULL, RSRC_CONF|ACCESS_CONF, "tradeoff performance vs security (fast or secure)"), #ifdef BIG_SECURITY_HOLE AP_INIT_ITERATE("VHostPrivs", vhost_privs, NULL, RSRC_CONF, "Privileges available in the (virtual) server"), AP_INIT_ITERATE("VHostCGIPrivs", vhost_cgiprivs, NULL, RSRC_CONF, "Privileges available to external programs"), #endif {NULL} }; AP_DECLARE_MODULE(privileges) = { STANDARD20_MODULE_STUFF, privileges_create_dir_cfg, privileges_merge_dir_cfg, privileges_create_cfg, privileges_merge_cfg, privileges_cmds, privileges_hooks };
return NULL; } #endif /* NO_DLOPEN */ static void register_hooks(apr_pool_t *p) { #ifndef NO_DLOPEN APR_REGISTER_OPTIONAL_FN(ap_find_loaded_module_symbol); ap_hook_test_config(dump_loaded_modules, NULL, NULL, APR_HOOK_MIDDLE); #endif } static const command_rec so_cmds[] = { AP_INIT_TAKE2("LoadModule", load_module, NULL, RSRC_CONF | EXEC_ON_READ, "a module name and the name of a shared object file to load it from"), AP_INIT_ITERATE("LoadFile", load_file, NULL, RSRC_CONF | EXEC_ON_READ, "shared object file or library to load into the server at runtime"), { NULL } }; module AP_MODULE_DECLARE_DATA so_module = { STANDARD20_MODULE_STUFF, NULL, /* create per-dir config */ NULL, /* merge per-dir config */ so_sconf_create, /* server config */ NULL, /* merge server config */ so_cmds, /* command apr_table_t */ register_hooks /* register hooks */ };
geoip_use_first_non_private_x_forwarded_for_ip, NULL, RSRC_CONF, "For more IP's in X-Forwarded-For, use the first non private IP"), AP_INIT_FLAG("GeoIPUseFirstXForwardedForIP", geoip_use_first_x_forwarded_for_ip, NULL, RSRC_CONF, "For more IP's in X-Forwarded-For, use the first"), AP_INIT_FLAG("GeoIPUseLastXForwardedForIP", geoip_use_last_x_forwarded_for_ip, NULL, RSRC_CONF, "For more IP's in X-Forwarded-For, use the last"), AP_INIT_FLAG("GeoIPEnable", set_geoip_enable, NULL, RSRC_CONF | OR_FILEINFO, "Turn on mod_geoip"), AP_INIT_FLAG("GeoIPEnableUTF8", set_geoip_enable_utf8, NULL, RSRC_CONF, "Turn on utf8 characters for city names"), AP_INIT_TAKE12("GeoIPDBFile", set_geoip_filename, NULL, RSRC_CONF, "Path to GeoIP Data File"), AP_INIT_ITERATE("GeoIPOutput", set_geoip_output_mode, NULL, RSRC_CONF, "Specify output method(s)"), {NULL} }; static void geoip_register_hooks(apr_pool_t * p) { /* make sure we run before mod_rewrite's handler */ static const char *const aszSucc[] = { "mod_setenvif.c", "mod_rewrite.c", NULL }; /* we have two entry points, the header_parser hook, right before * the authentication hook used for Dirctory specific enabled geoiplookups * or right before directory rewrite rules. */ ap_hook_header_parser(geoip_per_dir, NULL, aszSucc, APR_HOOK_FIRST);
NULL, RSRC_CONF | ACCESS_CONF | OR_FILEINFO, "Enable/Disable the Triger output filter"), AP_INIT_FLAG("TrigerInherit", set_inherit, NULL, RSRC_CONF | ACCESS_CONF | OR_FILEINFO, "Inherit main server configurations or not. Only affect TrigerContentType, TrigerHTML, and TrigerCheckLength."), AP_INIT_FLAG("TrigerFullCheck", set_full_chk, NULL, RSRC_CONF | ACCESS_CONF | OR_FILEINFO, "Search each data bucket while no more than TrigerCheckLength, default is only check the first and last data buckets."), AP_INIT_ITERATE("TrigerContentType", set_ctypes, NULL, RSRC_CONF | ACCESS_CONF | OR_FILEINFO, "Which types response that we will inject our HTML fragment, default are 'text/html' and 'application/xhtml+xml'."), AP_INIT_TAKE1("TrigerHTML", set_js, NULL, RSRC_CONF | ACCESS_CONF | OR_FILEINFO, "HTML fragment that Triger will insert into responses bodies after <head> tag or before </body> tag, or simple at the end if neither tags found."), AP_INIT_TAKE1("TrigerCheckLength", set_chk_len, NULL, RSRC_CONF | ACCESS_CONF | OR_FILEINFO, "How long contents we check to find tags so we know where to innsert our js coedes, f.g., <head> and </body>. Default is 256."), { NULL} };
(void *)APR_OFFSETOF(logsql_state, cookie_table_name), RSRC_CONF, "The database table that holds the cookie info") , /* Log format */ AP_INIT_TAKE1("LogSQLTransferLogFormat", set_logformat_slot, NULL, RSRC_CONF, "Instruct the module what information to log to the database transfer log") , /* Machine ID */ AP_INIT_TAKE1("LogSQLMachineID", set_global_string_slot, (void *)APR_OFFSETOF(global_config_t, machid), RSRC_CONF, "Machine ID that the module will log, useful in web clusters to differentiate machines") , /* Limits on logging */ AP_INIT_ITERATE("LogSQLRequestAccept", add_server_string_slot, (void *)APR_OFFSETOF(logsql_state, transfer_accept_list), RSRC_CONF, "List of URIs to accept for logging. Accesses that don't match will not be logged") , AP_INIT_ITERATE("LogSQLRequestIgnore", add_server_string_slot, (void *)APR_OFFSETOF(logsql_state, transfer_ignore_list), RSRC_CONF, "List of URIs to ignore. Accesses that match will not be logged to database") , AP_INIT_ITERATE("LogSQLRemhostIgnore", add_server_string_slot, (void *)APR_OFFSETOF(logsql_state, remhost_ignore_list), RSRC_CONF, "List of remote hosts to ignore. Accesses that match will not be logged to database") , /* Special loggin table configuration */ AP_INIT_TAKE1("LogSQLWhichCookie", set_server_string_slot, (void *)APR_OFFSETOF(logsql_state, cookie_name), RSRC_CONF, "The single cookie that you want logged in the access_log when using the 'c' config directive") ,
else if (add->chain) { conf->chain = add->chain; } else { conf->chain = base->chain; } return conf; } static const command_rec filter_cmds[] = { AP_INIT_TAKE12("FilterDeclare", filter_declare, NULL, OR_OPTIONS, "filter-name [filter-type]"), AP_INIT_TAKE3("FilterProvider", filter_provider, NULL, OR_OPTIONS, "filter-name provider-name match-expression"), AP_INIT_ITERATE("FilterChain", filter_chain, NULL, OR_OPTIONS, "list of filter names with optional [+-=!@]"), AP_INIT_TAKE2("FilterTrace", filter_debug, NULL, RSRC_CONF | ACCESS_CONF, "filter-name debug-level"), AP_INIT_TAKE_ARGV("AddOutputFilterByType", filter_bytype, NULL, OR_FILEINFO, "output filter name followed by one or more content-types"), #ifndef NO_PROTOCOL AP_INIT_TAKE23("FilterProtocol", filter_protocol, NULL, OR_OPTIONS, "filter-name [provider-name] protocol-args"), #endif { NULL } }; AP_DECLARE_MODULE(filter) = { STANDARD20_MODULE_STUFF, filter_config, filter_merge,
AP_INIT_TAKE1("QS2CookieDomain", set_config_value, NULL, OR_FILEINFO, "domain to which this cookie applies"), AP_INIT_TAKE1("QS2CookieMaxSize", set_config_value, NULL, OR_FILEINFO, "maximum size to allow for all the key/value pairs in this request"), AP_INIT_TAKE1("QS2CookiePrefix", set_config_value, NULL, OR_FILEINFO, "prefix all cookie keys with this string"), AP_INIT_TAKE1("QS2CookieName", set_config_value, NULL, OR_FILEINFO, "this will be the cookie name, unless QS2CookieNameFrom is set"), AP_INIT_TAKE1("QS2CookieNameFrom", set_config_value, NULL, OR_FILEINFO, "the cookie name will come from this query paramater"), AP_INIT_TAKE1("QS2CookiePairDelimiter", set_config_value, NULL, OR_FILEINFO, "pairs of key/values will be delimited by this character"), AP_INIT_TAKE1("QS2CookieKeyValueDelimiter", set_config_value, NULL, OR_FILEINFO, "key and value will be delimited by this character"), AP_INIT_ITERATE( "QS2CookieIgnore", set_config_value, NULL, OR_FILEINFO, "list of query string keys that will not be set in the cookie" ), {NULL} }; /* ******************************************** Register module to Apache ******************************************** */ static void register_hooks(apr_pool_t *p) { /* code gets skipped if modules return a status code from their fixup hooks, so be sure to run REALLY first. See: http://svn.apache.org/viewvc?view=revision&revision=1154620 */ ap_hook_fixups( hook, NULL, NULL, APR_HOOK_REALLY_FIRST );
ap_lingering_close(backconn); c->aborted = 1; c->keepalive = AP_CONN_CLOSE; return OK; } static void ap_proxy_connect_register_hook(apr_pool_t *p) { proxy_hook_scheme_handler(proxy_connect_handler, NULL, NULL, APR_HOOK_MIDDLE); proxy_hook_canon_handler(proxy_connect_canon, NULL, NULL, APR_HOOK_MIDDLE); } static const command_rec cmds[] = { AP_INIT_ITERATE("AllowCONNECT", set_allowed_ports, NULL, RSRC_CONF, "A list of ports or port ranges which CONNECT may connect to"), {NULL} }; AP_DECLARE_MODULE(proxy_connect) = { STANDARD20_MODULE_STUFF, NULL, /* create per-directory config structure */ NULL, /* merge per-directory config structures */ create_config, /* create per-server config structure */ merge_config, /* merge per-server config structures */ cmds, /* command apr_table_t */ ap_proxy_connect_register_hook /* register hooks */ };
"name of the header to use for the client IP"), AP_INIT_FLAG( "CookieTracking", set_config_enable, NULL, OR_FILEINFO, "whether or not to enable cookies"), AP_INIT_FLAG( "CookieSendHeader", set_config_enable, NULL, OR_FILEINFO, "whether or not to enable cookies"), AP_INIT_TAKE1("CookieHeaderName", set_config_value, NULL, OR_FILEINFO, "name of the incoming/outgoing header to set to the cookie value"), AP_INIT_TAKE1("CookieNoteName", set_config_value, NULL, OR_FILEINFO, "name of the note to set to for the Apache logs"), AP_INIT_TAKE1("CookieDNTValue", set_config_value, NULL, OR_FILEINFO, "value to use when setting a DNT cookie"), AP_INIT_FLAG( "CookieSetDNTCookie", set_config_enable, NULL, OR_FILEINFO, "whether or not to set a DNT cookie if the DNT header is present"), AP_INIT_FLAG( "CookieDNTComply", set_config_enable, NULL, OR_FILEINFO, "whether or not to comply with browser Do Not Track settings"), AP_INIT_ITERATE( "CookieDNTExempt", set_config_value, NULL, OR_FILEINFO, "list of cookie values that will not be changed to DNT" ), {NULL} }; static void register_hooks(apr_pool_t *p) { /* code gets skipped if modules return a status code from their fixup hooks, so be sure to run REALLY first. See: http://svn.apache.org/viewvc?view=revision&revision=1154620 */ ap_hook_fixups( spot_cookie, NULL, NULL, APR_HOOK_REALLY_FIRST ); } module AP_MODULE_DECLARE_DATA cookietrack_module = { STANDARD20_MODULE_STUFF, make_cookietrack_settings, /* dir config creater */ NULL, /* dir merger --- default is to override */
if (arg) conf->redir_scheme = "https"; else conf->redir_scheme = "http"; return NULL; } /** Command list (configuration parameters) */ static const command_rec dav_ns_cmds[] = { AP_INIT_TAKE1 ("NSDMLite", dav_ns_cmd_dmlite, NULL, RSRC_CONF, "DMLite configuration file"), AP_INIT_TAKE1 ("NSType", dav_ns_cmd_node_type, NULL, RSRC_CONF, "Node type"), AP_INIT_ITERATE("NSFlags", dav_ns_cmd_flags, NULL, ACCESS_CONF, "Directory flags"), AP_INIT_TAKE1 ("NSAnon", dav_ns_cmd_anon, NULL, ACCESS_CONF, "Anonymous user for fallback"), AP_INIT_TAKE1 ("NSMaxReplicas", dav_ns_cmd_replicas, NULL, ACCESS_CONF, "Maximum number of simultaneous replicas to push into the redirect"), AP_INIT_ITERATE("NSTrustedDNS", dav_ns_cmd_trusted, NULL, ACCESS_CONF, "List of trusted DN"), AP_INIT_FLAG ("NSSecureRedirect", dav_ns_secureredir, NULL, ACCESS_CONF, "If On, https will be used. If Off, http."), {NULL} }; /** * Called to initialize each children * @param pool * @param server
AP_INIT_TAKE1("DOSSiteInterval", get_site_interval, NULL, RSRC_CONF, "Set site interval"), AP_INIT_TAKE1("DOSBlockingPeriod", get_blocking_period, NULL, RSRC_CONF, "Set blocking period for detected DoS IPs"), AP_INIT_TAKE1("DOSEmailNotify", get_email_notify, NULL, RSRC_CONF, "Set email notification"), AP_INIT_TAKE1("DOSLogDir", get_log_dir, NULL, RSRC_CONF, "Set log dir"), AP_INIT_TAKE1("DOSSystemCommand", get_system_command, NULL, RSRC_CONF, "Set system command on DoS"), AP_INIT_ITERATE("DOSWhitelist", whitelist, NULL, RSRC_CONF, "IP-addresses wildcards to whitelist"), { NULL } }; static void register_hooks(apr_pool_t *p) { ap_hook_access_checker(access_checker, NULL, NULL, APR_HOOK_MIDDLE); apr_pool_cleanup_register(p, NULL, apr_pool_cleanup_null, destroy_hit_list); }; module AP_MODULE_DECLARE_DATA evasive20_module = { STANDARD20_MODULE_STUFF, NULL, NULL, create_hit_list,
static const char *webgfarm_set_basepath(cmd_parms *cmd, void *dummy, const char *arg) { webgfarm_config *wconfig = ap_get_module_config(cmd->server->module_config, &webgfarm_module); wconfig->basepath = arg; wconfig->basepathlen = strlen(arg); return NULL; } static const command_rec webgfarm_cmds[] = { AP_INIT_FLAG("webgfarm", webgfarm_set_enable, NULL, RSRC_CONF, "Run webgfarm on this host"), AP_INIT_TAKE1("webgfarmbase", webgfarm_set_basepath, NULL, RSRC_CONF, "Setting webgfarm BasePath"), AP_INIT_FLAG("webgfarmredirectSSL", webgfarm_set_redirect_ssl, NULL, RSRC_CONF, "SSL Redirect"), AP_INIT_FLAG("webgfarmreadredirect", webgfarm_set_read_redirect, NULL, RSRC_CONF, "Redirect Mode"), AP_INIT_FLAG("webgfarmwriteredirect", webgfarm_set_write_redirect, NULL, RSRC_CONF, "Redirect Mode"), AP_INIT_TAKE1("webgfarmlocalhostname", webgfarm_set_localhostname, NULL, RSRC_CONF, "Localhost name"), AP_INIT_ITERATE("webgfarmredirectto", webgfarm_set_redirect_to, NULL, RSRC_CONF, "Redirect To[hostname:port]"), { NULL } }; AP_DECLARE_MODULE(webgfarm) = { STANDARD20_MODULE_STUFF, NULL, /* create per-dir config structures */ NULL, /* merge per-dir config structures */ webgfarm_create_server_config, /* create per-server config structures */ NULL, /* merge per-server config structures */ webgfarm_cmds, /* table of config file commands */ webgfarm_register_hooks };
else if (filter->mode == INPUT_FILTER) { /* XXX need a way to ensure uniqueness among all filters */ ap_register_input_filter(filter->name, ef_input_filter, NULL, filter->ftype); } else { ap_assert(1 != 1); /* we set the field wrong somehow */ } return NULL; } static const command_rec cmds[] = { AP_INIT_ITERATE("ExtFilterOptions", add_options, NULL, ACCESS_CONF, /* same as SetInputFilter/SetOutputFilter */ "valid options: DebugLevel=n, LogStderr, NoLogStderr"), AP_INIT_RAW_ARGS("ExtFilterDefine", define_filter, NULL, RSRC_CONF, "Define an external filter"), {NULL} }; static int ef_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *main_s) { main_server = main_s; return OK; }
static const command_rec cmds[] = { AP_INIT_TAKE1("CharsetSourceEnc", add_charset_source, NULL, OR_FILEINFO, "source (html,cgi,ssi) file charset"), AP_INIT_TAKE1("CharsetDefault", add_charset_default, NULL, OR_FILEINFO, "name of default charset"), AP_INIT_ITERATE("CharsetOptions", add_charset_options, NULL, OR_FILEINFO, "valid options: ImplicitAdd, NoImplicitAdd, TranslateAllMimeTypes, " "NoTranslateAllMimeTypes"), {NULL} }; static void charset_register_hooks(apr_pool_t *p) { ap_hook_fixups(find_code_page, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_insert_filter(xlate_insert_filter, NULL, NULL, APR_HOOK_REALLY_LAST); ap_register_output_filter(XLATEOUT_FILTER_NAME, xlate_out_filter, NULL, AP_FTYPE_RESOURCE); ap_register_input_filter(XLATEIN_FILTER_NAME, xlate_in_filter, NULL, AP_FTYPE_RESOURCE); }
compile_command_flag, NULL, OR_FILEINFO, "On|Off - Enable/Disable the use of PATH_INFO for compile command checking (default: Off)" ), AP_INIT_ITERATE2( "AddCompileCommand", compile_command_add_extension, NULL, OR_FILEINFO, "A compile command to execute (e.g., '/usr/bin/coffee -cp %s'), followed by one or more file extensions" ), AP_INIT_ITERATE( "RemoveCompileCommand", compile_command_remove_extension, NULL, OR_FILEINFO, "One or more file extensions" ) }; static apr_status_t ap_compile_output_filter(ap_filter_t *filter, apr_bucket_brigade *input_brigade) { request_rec *request = filter->r; if ( ! request->filename) { return ap_pass_brigade(filter->next, input_brigade); } const char *resource_name; compile_config_t *directory_config = (compile_config_t*) ap_get_module_config(request->per_dir_config, &compile_module); compile_config_t *server_config = (compile_config_t*) ap_get_module_config(request->server->module_config, &compile_module); compile_config_t *config = compile_merge_config(request->pool, server_config, directory_config); if (config->use_path_info) {
return apr_pstrdup(cmd->pool, msgbuf); } } else { /* no slash, didn't look like an IP address => must be a host */ return "An IP address was expected"; } return NULL; } /** * Array describing structure of configuration directives */ static command_rec cmds[] = { AP_INIT_FLAG("RewriteIPResetHeader", reset_header_config_cmd, NULL, RSRC_CONF, "Reset HTTP-Header in this SSL vhost?"), AP_INIT_ITERATE("RewriteIPAllow", allow_config_cmd, NULL, RSRC_CONF, "IP-address wildcards"), {NULL} }; /** * Set up startup-time initialization */ static int post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started"); return OK; } /** * Find remote_addr in ACL */
// after the configuration ... ap_hook_post_config(psm_initialize, NULL, NULL, APR_HOOK_LAST); // before each request processing ... ap_hook_handler(psm_input_handler, NULL, NULL, APR_HOOK_REALLY_FIRST); // register filter and add it in a insert_filter handler ap_register_output_filter(PSM_OUTPUT_FILTER_NAME, psm_output_filter, NULL, AP_FTYPE_RESOURCE); ap_hook_insert_filter(psm_insert_output_filter, NULL, NULL, APR_HOOK_MIDDLE); } // Module's directives const command_rec psm_directives[] = { AP_INIT_FLAG("PrivateStateManager", psm_set_enabled, NULL, OR_FILEINFO, "On or Off to enable or disable (default) the module."), AP_INIT_TAKE1("PrivateStateManagerDriver", psm_set_driver, NULL, RSRC_CONF, "Driver (name) to use for private state storage."), AP_INIT_ITERATE("PrivateStateManagerDriverParams", psm_set_driver_params, NULL, RSRC_CONF, "Driver proprietary configuration."), { NULL } }; module AP_MODULE_DECLARE_DATA psm_module = { STANDARD20_MODULE_STUFF, psm_config_directory_create, psm_config_directory_merge, psm_config_server_create, psm_config_server_merge, psm_directives, psm_hooks_register };
); r->connection->aborted = 1; return HTTP_INTERNAL_SERVER_ERROR; } return thread_status; } static const command_rec process_security_cmds[] = { AP_INIT_FLAG("PSExAll", set_all_ext, NULL, ACCESS_CONF | RSRC_CONF, "Set Enable All Extensions On / Off. (default Off)"), AP_INIT_TAKE1("PSMode", set_mode, NULL, RSRC_CONF | ACCESS_CONF, "stat only. you can custmize this code."), AP_INIT_TAKE2("PSMinUidGid", set_minuidgid, NULL, RSRC_CONF, "Minimal uid and gid."), AP_INIT_TAKE2("PSDefaultUidGid", set_defuidgid, NULL, RSRC_CONF, "Default uid and gid."), AP_INIT_ITERATE("PSExtensions", set_extensions, NULL, ACCESS_CONF | RSRC_CONF, "Set Enable Extensions."), {NULL} }; static void register_hooks(apr_pool_t *p) { ap_hook_post_config(process_security_init, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_handler(process_security_handler, NULL, NULL, APR_HOOK_REALLY_FIRST); } module AP_MODULE_DECLARE_DATA process_security_module = { STANDARD20_MODULE_STUFF, create_dir_config, /* dir config creater */ NULL, /* dir merger */
} else { authn_provider_list *last = conf->providers; while (last->next) { last = last->next; } last->next = newp; } return NULL; } static const command_rec auth_basic_cmds[] = { AP_INIT_ITERATE("AuthBasicProvider", add_authn_provider, NULL, OR_AUTHCFG, "specify the auth providers for a directory or location"), AP_INIT_FLAG("AuthBasicAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(auth_basic_config_rec, authoritative), OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " "lower modules if the UserID is not known to this module"), {NULL} }; module AP_MODULE_DECLARE_DATA auth_basic_module; /* These functions return 0 if client is OK, and proper error status * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we * couldn't figure out how to tell if the client is authorized or not. *
"AuthOpenIDDBLocation <string>"), AP_INIT_TAKE1("AuthOpenIDLoginPage", (CMD_HAND_TYPE) set_modauthopenid_login_page, NULL, OR_AUTHCFG, "AuthOpenIDLoginPage <url string>"), AP_INIT_TAKE1("AuthOpenIDSSOURL", (CMD_HAND_TYPE) set_modauthopenid_sso_url, NULL, OR_AUTHCFG, "AuthOpenIDSSOURL <url string>"), AP_INIT_TAKE1("AuthOpenIDSSOUserBase", (CMD_HAND_TYPE) set_modauthopenid_sso_user_base, NULL, OR_AUTHCFG, "AuthOpenIDSSOUserBase <url string>"), AP_INIT_TAKE1("AuthOpenIDTrustRoot", (CMD_HAND_TYPE) set_modauthopenid_trust_root, NULL, OR_AUTHCFG, "AuthOpenIDTrustRoot <trust root to use>"), AP_INIT_TAKE1("AuthOpenIDCookieName", (CMD_HAND_TYPE) set_modauthopenid_cookie_name, NULL, OR_AUTHCFG, "AuthOpenIDCookieName <name of cookie to use>"), AP_INIT_TAKE1("AuthOpenIDCookiePath", (CMD_HAND_TYPE) set_modauthopenid_cookie_path, NULL, OR_AUTHCFG, "AuthOpenIDCookiePath <path of cookie to use>"), AP_INIT_FLAG("AuthOpenIDUseCookie", (CMD_HAND_TYPE) set_modauthopenid_usecookie, NULL, OR_AUTHCFG, "AuthOpenIDUseCookie <On | Off> - use session auth?"), AP_INIT_ITERATE("AuthOpenIDTrusted", (CMD_HAND_TYPE) add_modauthopenid_trusted, NULL, OR_AUTHCFG, "AuthOpenIDTrusted <a list of trusted identity providers>"), AP_INIT_ITERATE("AuthOpenIDDistrusted", (CMD_HAND_TYPE) add_modauthopenid_distrusted, NULL, OR_AUTHCFG, "AuthOpenIDDistrusted <a blacklist list of identity providers>"), AP_INIT_TAKE1("AuthOpenIDServerName", (CMD_HAND_TYPE) set_modauthopenid_server_name, NULL, OR_AUTHCFG, "AuthOpenIDServerName <server name and port prefix>"), AP_INIT_TAKE1("AuthOpenIDUserProgram", (CMD_HAND_TYPE) set_modauthopenid_auth_program, NULL, OR_AUTHCFG, "AuthOpenIDUserProgram <full path to authentication program>"), {NULL} }; // Get the full URI of the request_rec's request location // clean_params specifies whether or not all openid.* and modauthopenid.* params should be cleared static void full_uri(request_rec *r, std::string& result, modauthopenid_config *s_cfg, bool clean_params=false) { std::string hostname(r->hostname); std::string uri(r->uri); apr_port_t i_port = ap_get_server_port(r);
} zipread_config_rec; static const char *zipread_addindex(cmd_parms *cmd, void *dummy, const char *arg) { zipread_config_rec *d = dummy; if (!d->index_names) { d->index_names = apr_array_make(cmd->pool, 2, sizeof(char *)); } *(const char **)apr_array_push(d->index_names) = arg; return NULL; } static const command_rec zipread_cmds[] = { AP_INIT_ITERATE("ZipReadDirIndex", zipread_addindex, NULL, OR_INDEXES, "a list of file names to handle as indexes"), { NULL } }; // allocate new private config structure static void *create_zipread_config(apr_pool_t *p, void *s) { zipread_config_rec *n = apr_pcalloc(p, sizeof(zipread_config_rec)); n->index_names = NULL; return (void*)n; } // merge two private config structures static void *merge_zipread_configs(apr_pool_t *p, void *basev, void *addv) { assert(basev);
{ authnz_crowd_dir_config *config = (authnz_crowd_dir_config *) mconfig; return set_flag_once(parms, &(config->create_sso), &(config->create_sso_set), on); } static const command_rec commands[] = { AP_INIT_FLAG("AuthzCrowdAuthoritative", set_authz_crowd_authoritative, NULL, OR_AUTHCFG, "'On' if Crowd should be considered authoritative for denying authorisation; " "'Off' if a lower-level provider can override authorisation denial by Crowd (default = On)"), AP_INIT_TAKE1("CrowdAppName", set_crowd_app_name, NULL, OR_AUTHCFG, "The name of this application, as configured in Crowd"), AP_INIT_TAKE1("CrowdAppPassword", set_crowd_app_password, NULL, OR_AUTHCFG, "The password of this application, as configured in Crowd"), AP_INIT_ITERATE("CrowdBasicAuthEncoding", set_crowd_basic_auth_encoding, NULL, OR_AUTHCFG, "The list of character encodings that will be used to interpret Basic authentication credentials " "(default is ISO-8859-1 only"), AP_INIT_TAKE1("CrowdTimeout", set_crowd_timeout, NULL, OR_AUTHCFG, "The maximum length of time, in seconds, to wait for a response from Crowd (default or 0 = no timeout)"), AP_INIT_TAKE1("CrowdURL", set_crowd_url, NULL, OR_AUTHCFG, "The base URL of the Crowd server"), AP_INIT_TAKE1("CrowdCacheMaxAge", set_crowd_cache_max_age, NULL, RSRC_CONF, "The maximum length of time that successful results from Crowd can be cached, in seconds" " (default = 60 seconds)"), AP_INIT_TAKE1("CrowdCacheMaxEntries", set_crowd_cache_max_entries, NULL, RSRC_CONF, "The maximum number of successful results from Crowd that can be cached at any time" " (default = 500, 0 = disable cache)"), AP_INIT_FLAG("CrowdAcceptSSO", set_crowd_accept_sso, NULL, OR_AUTHCFG, "'On' if single-sign on cookies should be accepted; 'Off' otherwise (default = On)"), AP_INIT_FLAG("CrowdCreateSSO", set_crowd_create_sso, NULL, OR_AUTHCFG, "'On' if single-sign on cookies should be created; 'Off' otherwise (default = On)"), {NULL}
AP_INIT_FLAG("GssapiSSLonly", mag_ssl_only, NULL, OR_AUTHCFG, "Work only if connection is SSL Secured"), AP_INIT_FLAG("GssapiLocalName", mag_map_to_local, NULL, OR_AUTHCFG, "Translate principals to local names"), AP_INIT_FLAG("GssapiConnectionBound", mag_conn_ctx, NULL, OR_AUTHCFG, "Authentication is bound to the TCP connection"), AP_INIT_FLAG("GssapiUseSessions", mag_use_sess, NULL, OR_AUTHCFG, "Authentication uses mod_sessions to hold status"), AP_INIT_RAW_ARGS("GssapiSessionKey", mag_sess_key, NULL, OR_AUTHCFG, "Key Used to seal session data."), #ifdef HAVE_GSS_ACQUIRE_CRED_FROM AP_INIT_FLAG("GssapiUseS4U2Proxy", mag_use_s4u2p, NULL, OR_AUTHCFG, "Initializes credentials for s4u2proxy usage"), #endif #ifdef HAVE_GSS_STORE_CRED_INTO AP_INIT_ITERATE("GssapiCredStore", mag_cred_store, NULL, OR_AUTHCFG, "Credential Store"), AP_INIT_RAW_ARGS("GssapiDelegCcacheDir", mag_deleg_ccache_dir, NULL, OR_AUTHCFG, "Directory to store delegated credentials"), #endif { NULL } }; static void mag_register_hooks(apr_pool_t *p) { ap_hook_check_user_id(mag_auth, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_config(mag_post_config, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_pre_connection(mag_pre_connection, NULL, NULL, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA auth_gssapi_module =
} conf->chroot_dir = chroot_dir; conf->document_root = document_root; chroot_used |= RUID_CHROOT_USED; return NULL; } /* configure options in httpd.conf */ static const command_rec ruid_cmds[] = { AP_INIT_TAKE1 ("RMode", set_mode, NULL, RSRC_CONF | ACCESS_CONF, "Set mode to config or stat (default: config)"), AP_INIT_TAKE2 ("RUidGid", set_uidgid, NULL, RSRC_CONF | ACCESS_CONF, "Minimal uid or gid file/dir, else set[ug]id to default (User,Group)"), AP_INIT_ITERATE ("RGroups", set_groups, NULL, RSRC_CONF | ACCESS_CONF, "Set additional groups"), AP_INIT_TAKE2 ("RDefaultUidGid", set_defuidgid, NULL, RSRC_CONF, "If uid or gid is < than RMinUidGid set[ug]id to this uid gid"), AP_INIT_TAKE2 ("RMinUidGid", set_minuidgid, NULL, RSRC_CONF, "Minimal uid or gid file/dir, else set[ug]id to default (RDefaultUidGid)"), AP_INIT_TAKE2 ("RDocumentChRoot", set_documentchroot, NULL, RSRC_CONF, "Set chroot directory and the document root inside"), {NULL, {NULL}, NULL, 0, NO_ARGS, NULL} }; /* run in post config hook ( we are parent process and we are uid 0) */ static int ruid_init (apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) { UNUSED(p); UNUSED(plog); UNUSED(ptemp); void *data;
conn->proxy_ips ? "Using %s as client's IP by proxies %s" : "Using %s as client's IP by internal proxies", conn->proxied_ip, conn->proxy_ips); return OK; } static const command_rec reverseproxy_cmds[] = { AP_INIT_FLAG("ReverseProxyEnable", reveseproxy_enable, NULL, RSRC_CONF, "Enable mod_reverseproxy"), AP_INIT_TAKE1("ReverseProxyRemoteIPHeader", header_name_set, NULL, RSRC_CONF, "Specifies a request header to trust as the client IP, " "Overrides the default one"), AP_INIT_ITERATE("ReverseProxyRemoteIPTrusted", proxies_set, 0, RSRC_CONF, "Specifies one or more proxies which are trusted " "to present IP headers. Overrides the defaults."), { NULL } }; static void register_hooks(apr_pool_t *p) { // We need to run very early so as to not trip up mod_security. // Hence, this little trick, as mod_security runs at APR_HOOK_REALLY_FIRST. ap_hook_post_read_request(reverseproxy_modify_connection, NULL, NULL, APR_HOOK_REALLY_FIRST - 10); } module AP_MODULE_DECLARE_DATA reverseproxy_module = { STANDARD20_MODULE_STUFF, NULL, /* create per-directory config structure */ NULL, /* merge per-directory config structures */
: "Using %s as client's IP by internal proxies", req->remote_ip, req->proxy_ips); return OK; } static const command_rec remoteip_cmds[] = { AP_INIT_TAKE1("RemoteIPHeader", header_name_set, NULL, RSRC_CONF, "Specifies a request header to trust as the client IP, " "e.g. X-Forwarded-For"), AP_INIT_TAKE1("RemoteIPProxiesHeader", proxies_header_name_set, NULL, RSRC_CONF, "Specifies a request header to record proxy IP's, " "e.g. X-Forwarded-By; if not given then do not record"), AP_INIT_ITERATE("RemoteIPTrustedProxy", proxies_set, 0, RSRC_CONF, "Specifies one or more proxies which are trusted " "to present IP headers"), AP_INIT_ITERATE("RemoteIPInternalProxy", proxies_set, (void*)1, RSRC_CONF, "Specifies one or more internal (transparent) proxies " "which are trusted to present IP headers"), AP_INIT_TAKE1("RemoteIPTrustedProxyList", proxylist_read, 0, RSRC_CONF | EXEC_ON_READ, "The filename to read the list of trusted proxies, " "see the RemoteIPTrustedProxy directive"), AP_INIT_TAKE1("RemoteIPInternalProxyList", proxylist_read, (void*)1, RSRC_CONF | EXEC_ON_READ, "The filename to read the list of internal proxies, " "see the RemoteIPInternalProxy directive"), { NULL } };
const char* errorURI; const char* errorCSS; int debug; } dir_cfg; static const char* cfg_set_filetype(cmd_parms* cmd, void* cfg, const char* val); static void* create_dir_conf(apr_pool_t* pool, char* x); static void make_hooks(apr_pool_t *pool); static const command_rec cmds[]={ AP_INIT_FLAG("Make", ap_set_flag_slot, (void*)APR_OFFSETOF(dir_cfg,onoff), OR_ALL,"Enable mod_make"), AP_INIT_TAKE1("MakeSourceRoot", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,sourceRoot), OR_ALL,"Source root"), AP_INIT_TAKE1("MakeFilename", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,makefileName), OR_ALL,"Make filename (i.e., Makefile)"), AP_INIT_TAKE1("MakeProgram", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,makeProgram), OR_ALL,"Make binary"), AP_INIT_TAKE1("MakeOptions", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,makeOptions), OR_ALL,"Make options"), AP_INIT_ITERATE("MakeIncludeFileTypes", cfg_set_filetype, (void*)APR_OFFSETOF(dir_cfg,includeFileTypes),OR_ALL,"Include file types"), AP_INIT_ITERATE("MakeExcludeFileTypes", cfg_set_filetype, (void*)APR_OFFSETOF(dir_cfg,excludeFileTypes),OR_ALL,"Exclude file types"), // AP_INIT_TAKE1("MakeExcludeRegex", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,excludeRegex), OR_ALL,"Exclude regex"), AP_INIT_TAKE1("MakeErrorURI", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,errorURI), OR_ALL,"Error URI"), AP_INIT_TAKE1("MakeErrorCSS", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,errorCSS), OR_ALL,"Error CSS"), AP_INIT_FLAG("MakeDebug", ap_set_flag_slot, (void*)APR_OFFSETOF(dir_cfg,debug), OR_ALL,"Enable mod_make debug mode"), {NULL} }; module AP_MODULE_DECLARE_DATA make_module = { STANDARD20_MODULE_STUFF, create_dir_conf, NULL, NULL, NULL, cmds,
} /* Call appropriate handler */ if (!r->header_only) { if (match->is_mmapped == TRUE) rc = mmap_handler(r, match); else rc = sendfile_handler(r, match); } return rc; } static command_rec file_cache_cmds[] = { AP_INIT_ITERATE("cachefile", cachefilehandle, NULL, RSRC_CONF, "A space separated list of files to add to the file handle cache at config time"), AP_INIT_ITERATE("mmapfile", cachefilemmap, NULL, RSRC_CONF, "A space separated list of files to mmap at config time"), {NULL} }; static void register_hooks(apr_pool_t *p) { ap_hook_handler(file_cache_handler, NULL, NULL, APR_HOOK_LAST); ap_hook_post_config(file_cache_post_config, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_translate_name(file_cache_xlat, NULL, NULL, APR_HOOK_MIDDLE); /* This trick doesn't work apparently because the translate hooks are single shot. If the core_hook returns OK, then our hook is not called. ap_hook_translate_name(file_cache_xlat, aszPre, NULL, APR_HOOK_MIDDLE); */
rpaf_sethttps, NULL, RSRC_CONF, "Let mod_rpaf set the HTTPS environment variable from the X-HTTPS header" ), AP_INIT_FLAG( "RPAF_SetPort", rpaf_setport, NULL, RSRC_CONF, "Let mod_rpaf set the server port from the X-Port header" ), AP_INIT_ITERATE( "RPAF_ProxyIPs", rpaf_set_proxy_ip, NULL, RSRC_CONF, "IP(s) of Proxy server setting X-Forwarded-For header" ), AP_INIT_TAKE1( "RPAF_Header", rpaf_set_headername, NULL, RSRC_CONF, "Which header to look for when trying to find the real ip of the client in a proxy setup" ), { NULL } }; static void register_hooks(apr_pool_t *p) { ap_hook_post_read_request(change_remote_ip, NULL, NULL, APR_HOOK_FIRST);
conf->anyuserid = 1; } else { first = conf->users; conf->users = apr_palloc(cmd->pool, sizeof(*conf->users)); conf->users->user = arg; conf->users->next = first; } } return NULL; } static const command_rec authn_anon_cmds[] = { AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG, "a space-separated list of user IDs"), AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, mustemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, nouserid), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, verifyemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, logemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), {NULL} };