typedef struct {
int authoritative;
} authz_webid_config_rec;
static void *
create_authz_webid_dir_config(apr_pool_t *p, char *dirspec) {
authz_webid_config_rec *conf = apr_palloc(p, sizeof(*conf));
conf->authoritative = 1;
return conf;
}
static const command_rec
authz_webid_cmds[] = {
AP_INIT_FLAG("AuthzWebIDAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(authz_webid_config_rec, authoritative),
OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the WebID is not authorized by this module"),
{NULL}
};
module AP_MODULE_DECLARE_DATA authz_webid_module;
static int
http_status_code(request_rec *r, int status_code) {
authz_webid_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authz_webid_module);
if (status_code != OK && !conf->authoritative) {
return DECLINED;
} else if (status_code != OK) {
/**
* POP but delete.
*/
css_prop_list_t *
chxj_css_get_last_prop_list(css_prop_list_stack_t *stack)
{
css_prop_list_t *tail = (css_prop_list_t *)((apr_size_t)stack->head.ref - (apr_size_t)APR_OFFSETOF(css_prop_list_t, next));
if (tail == &stack->head) {
return NULL;
}
return tail;
}
static void* config_create(apr_pool_t* p, char* path)
{
auth_conf* conf = apr_palloc(p, sizeof(auth_conf));
conf->pool = p;
conf->dump = UNSET;
conf->url = "localhost%s";
conf->secret = "";
conf->errdoc = NULL;
return conf;
}
static const command_rec config_cmds[] = {
AP_INIT_TAKE1(HR_AUTH "-URL", auth_url, NULL, OR_AUTHCFG, HR_AUTH ": Authentication request url."),
AP_INIT_TAKE1(HR_AUTH "-Secret", auth_secret, NULL, OR_OPTIONS, HR_AUTH "-Secret: Source file name for MD5."),
AP_INIT_TAKE1(HR_AUTH "-ErrorDocument", ap_set_string_slot, (void*)APR_OFFSETOF(auth_conf, errdoc),
OR_OPTIONS, HR_AUTH "-ErrorDocument: ErrorDocument."),
AP_INIT_FLAG (HR_AUTH "-DumpResult", ap_set_flag_slot, (void*)APR_OFFSETOF(auth_conf, dump), OR_OPTIONS, ""),
{ NULL },
};
static void register_hooks(apr_pool_t *p)
{
ap_hook_check_user_id(check_auth_handler, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_auth_checker(break_request_handler, NULL, NULL, APR_HOOK_MIDDLE);
ap_register_output_filter(DUMP_AUTH_RESULT, auth_result_dump_filter, NULL, AP_FTYPE_CONTENT_SET);
}
/* Dispatch list for API hooks */
module AP_MODULE_DECLARE_DATA auth_httprequest_module = {
STANDARD20_MODULE_STUFF,
// Implementation note: don't use l2 (use l3, l4 instead if required) since its
// space can be used in case of 64-bit return value.
NativeCodePtr compile_create_lil_jni_stub(Method_Handle method, void* func, NativeStubOverride nso)
{
ASSERT_NO_INTERPRETER;
const Class_Handle clss = method->get_class();
bool is_static = method->is_static();
bool is_synchronised = method->is_synchronized();
Method_Signature_Handle msh = method_get_signature(method);
unsigned num_args = method->get_num_args();
Type_Info_Handle ret_tih = method_ret_type_get_type_info(msh);
VM_Data_Type ret_type = type_info_get_type(ret_tih);
unsigned i;
unsigned num_ref_args = 0; // among original args, does not include jclass for static methods
for(i=0; i<num_args; i++)
if (is_reference(method_args_get_type_info(msh, i))) num_ref_args++;
//***** Part 1: Entry, Stats, Override, push m2n, allocate space for handles
LilCodeStub* cs = lil_parse_code_stub("entry 0:managed:%0m;",
method);
assert(cs);
// Increment stats (total number of calls)
#ifdef VM_STATS
cs = lil_parse_onto_end(cs,
"inc [%0i:pint];",
&((Method*)method)->num_accesses);
assert(cs);
#endif //VM_STATS
// Do stub override here
if (nso) cs = nso(cs, method);
assert(cs);
// Increment stats (number of nonoverridden calls)
#ifdef VM_STATS
cs = lil_parse_onto_end(cs,
"inc [%0i:pint];",
&((Method*)method)->num_slow_accesses);
assert(cs);
#endif
// Push M2nFrame
cs = lil_parse_onto_end(cs, "push_m2n %0i, %1i, handles; locals 3;",
method, (POINTER_SIZE_INT)FRAME_JNI);
assert(cs);
// Allocate space for handles
unsigned number_of_object_handles = num_ref_args + (is_static ? 1 : 0);
cs = oh_gen_allocate_handles(cs, number_of_object_handles, "l0", "l1");
assert(cs);
//***** Part 2: Initialize object handles
if (is_static) {
void *jlc = clss->get_class_handle();
cs = lil_parse_onto_end(cs,
//"ld l1,[%0i:pint];"
"ld l1,[%0i:ref];",
jlc);
assert(cs);
cs = oh_gen_init_handle(cs, "l0", 0, "l1", false);
assert(cs);
} else {
cs = oh_gen_init_handle(cs, "l0", 0, "i0", true);
}
// The remaining handles are for the proper arguments (not including this)
// Loop over the arguments, skipping 0th argument for instance methods. If argument is a reference, generate code
unsigned hn = 1;
for(i=(is_static?0:1); i<num_args; i++) {
if (is_reference(method_args_get_type_info(msh, i))) {
char buf[20];
sprintf(buf, "i%d", i);
cs = oh_gen_init_handle(cs, "l0", hn, buf, true);
assert(cs);
hn++;
}
}
//***** Part 3: Synchronize
if (is_synchronised) {
if (is_static) {
cs = lil_parse_onto_end(cs,
"out stdcall:pint:pint;"
"o0=%0i;"
"call %1i;"
"out stdcall:pint:void;"
"o0=r;"
"call %2i;",
clss,
lil_npc_to_fp(vm_helper_get_addr(VM_RT_CLASS_2_JLC)),
lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_ENTER)));
assert(cs);
} else {
cs = lil_parse_onto_end(cs,
"out stdcall:ref:void;"
"o0=i0;"
"call %0i;",
lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_ENTER)));
assert(cs);
}
}
//***** Call JVMTI MethodEntry
DebugUtilsTI* ti = VM_Global_State::loader_env->TI;
if (ti->isEnabled() &&
ti->get_global_capability(DebugUtilsTI::TI_GC_ENABLE_METHOD_ENTRY))
{
cs = lil_parse_onto_end(cs,
"out platform:pint:void;"
"o0=%0i:pint;"
"call %1i;",
(jmethodID)method,
jvmti_process_method_entry_event);
assert(cs);
}
//***** Part 4: Enable GC
cs = lil_parse_onto_end(cs,
"out platform::void;"
"call %0i;",
hythread_suspend_enable);
assert(cs);
//***** Part 5: Set up arguments
// Setup outputs, set JNIEnv, set class/this handle
cs = lil_parse_onto_end(cs,
"out jni:%0j;"
"l1=ts;"
"ld o0,[l1 + %1i:pint];"
"o1=l0+%2i;",
method,
(POINTER_SIZE_INT)APR_OFFSETOF(VM_thread, jni_env),
oh_get_handle_offset(0));
assert(cs);
// Loop over arguments proper, setting rest of outputs
unsigned int arg_base = 1 + (is_static ? 1 : 0);
hn = 1;
for(i=(is_static?0:1); i<num_args; i++) {
if (is_reference(method_args_get_type_info(msh, i))) {
POINTER_SIZE_INT handle_offset = oh_get_handle_offset(hn);
REFS_RUNTIME_SWITCH_IF
#ifdef REFS_RUNTIME_OR_COMPRESSED
cs = lil_parse_onto_end(cs,
"jc i%0i=%1i:ref,%n;"
"o%2i=l0+%3i;"
"j %o;"
":%g;"
"o%4i=0;"
":%g;",
i,
VM_Global_State::loader_env->managed_null,
arg_base+i, handle_offset, arg_base+i);
#endif // REFS_RUNTIME_OR_COMPRESSED
REFS_RUNTIME_SWITCH_ELSE
#ifdef REFS_RUNTIME_OR_UNCOMPRESSED
cs = lil_parse_onto_end(cs,
"jc i%0i=0:ref,%n;"
"o%1i=l0+%2i;"
"j %o;"
":%g;"
"o%3i=0;"
":%g;",
i,
arg_base+i, handle_offset,
arg_base+i);
#endif // REFS_RUNTIME_OR_UNCOMPRESSED
REFS_RUNTIME_SWITCH_ENDIF
hn++;
} else {
cs = lil_parse_onto_end(cs, "o%0i=i%1i;", arg_base+i, i);
}
assert(cs);
}
//***** Part 6: Call
cs = lil_parse_onto_end(cs,
"call %0i;",
func);
assert(cs);
//***** Part 7: Save return, widening if necessary
switch (ret_type) {
case VM_DATA_TYPE_VOID:
break;
case VM_DATA_TYPE_INT32:
cs = lil_parse_onto_end(cs, "l1=r;");
break;
case VM_DATA_TYPE_BOOLEAN:
cs = lil_parse_onto_end(cs, "l1=zx1 r;");
break;
case VM_DATA_TYPE_INT16:
cs = lil_parse_onto_end(cs, "l1=sx2 r;");
break;
case VM_DATA_TYPE_INT8:
cs = lil_parse_onto_end(cs, "l1=sx1 r;");
break;
case VM_DATA_TYPE_CHAR:
cs = lil_parse_onto_end(cs, "l1=zx2 r;");
break;
default:
cs = lil_parse_onto_end(cs, "l1=r;");
break;
}
assert(cs);
//***** Part 8: Disable GC
cs = lil_parse_onto_end(cs,
"out platform::void;"
"call %0i;",
hythread_suspend_disable);
assert(cs);
// Exception offsets
POINTER_SIZE_INT eoo = (POINTER_SIZE_INT)&((VM_thread*)0)->thread_exception.exc_object;
POINTER_SIZE_INT eco = (POINTER_SIZE_INT)&((VM_thread*)0)->thread_exception.exc_class;
//***** Call JVMTI MethodExit
if (ti->isEnabled() &&
ti->get_global_capability(DebugUtilsTI::TI_GC_ENABLE_METHOD_EXIT))
{
cs = lil_parse_onto_end(cs,
"out platform:pint,g1,g8:void;"
"l2=ts;"
"ld l2,[l2+%0i:ref];"
"jc l2!=0,_mex_exn_raised;"
"l2=ts;"
"ld l2,[l2+%1i:ref];"
"jc l2!=0,_mex_exn_raised;"
"o1=%2i:g1;"
"o2=l1:g8;"
"j _mex_exn_cont;"
":_mex_exn_raised;"
"o1=%3i:g1;"
"o2=0:g8;"
":_mex_exn_cont;"
"o0=%4i:pint;"
"call %5i;",
eoo,
eco,
(POINTER_SIZE_INT)JNI_FALSE,
(POINTER_SIZE_INT)JNI_TRUE,
(jmethodID)method,
jvmti_process_method_exit_event);
assert(cs);
}
//***** Part 9: Synchronize
if (is_synchronised) {
if (is_static) {
cs = lil_parse_onto_end(cs,
"out stdcall:pint:pint;"
"o0=%0i;"
"call %1i;"
"out stdcall:pint:void;"
"o0=r;"
"call %2i;",
clss,
lil_npc_to_fp(vm_helper_get_addr(VM_RT_CLASS_2_JLC)),
lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_EXIT)));
} else {
cs = lil_parse_onto_end(cs,
"ld l0,[l0+%0i:ref];"
"out stdcall:ref:void; o0=l0; call %1i;",
oh_get_handle_offset(0),
lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_EXIT)));
}
assert(cs);
}
//***** Part 10: Unhandle the return if it is a reference
if (is_reference(ret_tih)) {
cs = lil_parse_onto_end(cs,
"jc l1=0,ret_done;"
"ld l1,[l1+0:ref];"
":ret_done;");
#ifdef REFS_RUNTIME_OR_COMPRESSED
REFS_RUNTIME_SWITCH_IF
cs = lil_parse_onto_end(cs,
"jc l1!=0,done_translating_ret;"
"l1=%0i:ref;"
":done_translating_ret;",
VM_Global_State::loader_env->managed_null);
REFS_RUNTIME_SWITCH_ENDIF
#endif // REFS_RUNTIME_OR_UNCOMPRESSED
assert(cs);
}
//***** Part 11: Rethrow exception
cs = lil_parse_onto_end(cs,
"l0=ts;"
"ld l2,[l0+%0i:ref];"
"jc l2!=0,_exn_raised;"
"ld l2,[l0+%1i:ref];"
"jc l2=0,_no_exn;"
":_exn_raised;"
"m2n_save_all;"
"out platform::void;"
"call.noret %2i;"
":_no_exn;",
eoo, eco, exn_rethrow);
assert(cs);
//***** Part 12: Restore return variable, pop_m2n, return
if (ret_type != VM_DATA_TYPE_VOID) {
cs = lil_parse_onto_end(cs, "r=l1;");
assert(cs);
}
cs = lil_parse_onto_end(cs,
"pop_m2n;"
"ret;");
assert(cs);
//***** Now generate code
assert(lil_is_valid(cs));
NativeCodePtr addr = LilCodeGenerator::get_platform()->compile(cs, clss->get_class_loader()->GetCodePool());
#ifndef NDEBUG
char buf[100];
apr_snprintf(buf, sizeof(buf)-1, "jni_stub.%s::%s", clss->get_name()->bytes,
method->get_name()->bytes);
DUMP_STUB(addr, buf, lil_cs_get_code_size(cs));
#endif
#ifdef VM_STATS
VM_Statistics::get_vm_stats().jni_stub_bytes += lil_cs_get_code_size(cs);
#endif
lil_free_code_stub(cs);
return addr;
} // compile_create_lil_jni_stub
apr_pool_t *pool;
apr_thread_t *thread;
int counter;
int active;
apr_socket_t *sockfd;
} MosquittoData;
typedef struct mosquitto_cfg {
char* broker;
char* port;
} mosquitto_cfg ;
static const command_rec mosquitto_cmds[] = {
AP_INIT_TAKE1("MosBroker", ap_set_string_slot,
(void*) APR_OFFSETOF(mosquitto_cfg, broker), ACCESS_CONF,
"Broker") ,
AP_INIT_TAKE1("MosPort", ap_set_string_slot,
(void*) APR_OFFSETOF(mosquitto_cfg, port), ACCESS_CONF,
"Port") ,
{NULL}
};
module AP_MODULE_DECLARE_DATA mod_websocket_mosquitto;
static void* mosquitto_create_dir_conf(apr_pool_t* pool, char* x) {
mosquitto_cfg* dir = apr_pcalloc(pool, sizeof(mosquitto_cfg));
dir->broker = "ha-12.dk.eradus.com";
dir->port = "1883";
apr_status_t mbox_send_footer_includes(request_rec *r, mbox_dir_cfg_t *conf) {
if (conf->footer_include_file) {
RETURN_NOT_SUCCESS(mbox_send_include_file(r, conf->footer_include_file));
}
if (conf->script_path) {
ap_rprintf(r,
" <script type=\"text/javascript\" src=\"%s\"></script>\n",
conf->script_path);
}
return APR_SUCCESS;
}
static const command_rec mbox_cmds[] = {
AP_INIT_FLAG("mboxindex", ap_set_flag_slot,
(void *) APR_OFFSETOF(mbox_dir_cfg_t, enabled), OR_INDEXES,
"Enable mod_mbox to create directory listings of .mbox files."),
AP_INIT_FLAG("mboxantispam", ap_set_flag_slot,
(void *) APR_OFFSETOF(mbox_dir_cfg_t, antispam), OR_INDEXES,
"Enable mod_mbox email obfuscation."),
AP_INIT_FLAG("mboxhideempty", ap_set_flag_slot,
(void *) APR_OFFSETOF(mbox_dir_cfg_t, hide_empty),
OR_INDEXES,
"Whether to display empty mboxes in index listing."),
AP_INIT_TAKE1("mboxrootpath", ap_set_string_slot,
(void *) APR_OFFSETOF(mbox_dir_cfg_t, root_path),
OR_INDEXES,
"Set the path to the site index."),
AP_INIT_TAKE1("mboxstyle", ap_set_string_slot,
(void *) APR_OFFSETOF(mbox_dir_cfg_t, style_path),
OR_INDEXES,
if (authn_dbd_prepare_fn == NULL) {
return "You must load mod_dbd to enable AuthDBD functions";
}
authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
}
label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num);
authn_dbd_prepare_fn(cmd->server, query, label);
/* save the label here for our own use */
return ap_set_string_slot(cmd, cfg, label);
}
static const command_rec authn_dbd_cmds[] =
{
AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare,
(void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF,
"Query used to fetch password for user"),
AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare,
(void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF,
"Query used to fetch password for user+realm"),
{NULL}
};
static authn_status authn_dbd_password(request_rec *r, const char *user,
const char *password)
{
apr_status_t rv;
const char *dbd_password = NULL;
apr_dbd_prepared_t *statement;
apr_dbd_results_t *res = NULL;
apr_dbd_row_t *row = NULL;
conf->authoritative = (nconf->authoritative != -1) ?
nconf->authoritative : pconf->authoritative;
conf->var = (nconf->var != NULL) ?
nconf->var : pconf->var;
conf->strip_suffix = (nconf->var != NULL || nconf->strip_suffix != NULL) ?
nconf->strip_suffix : pconf->strip_suffix;
conf->strip_suffix_required = (nconf->var != NULL || nconf->strip_suffix_required != -1) ?
nconf->authoritative : pconf->authoritative;
return conf;
}
static const command_rec auth_sslcert_cmds[] =
{
AP_INIT_FLAG("AuthSSLCertAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_sslcert_config_rec, authoritative),
OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module"),
AP_INIT_TAKE1("AuthSSLCertVar", ap_set_string_slot,
(void*)APR_OFFSETOF(auth_sslcert_config_rec, var),
OR_AUTHCFG,
"SSL variable to use as the username"),
AP_INIT_TAKE1("AuthSSLCertStripSuffix", ap_set_string_slot,
(void*)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix),
OR_AUTHCFG,
"An optional suffix to strip from the username"),
AP_INIT_FLAG("AuthSSLCertStripSuffixRequired", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix_required),
OR_AUTHCFG,
"Set to 'Off' to allow certs that don't end with a recognized "
static const char *set_authn_set_int(cmd_parms *cmd, void *offset,
const char *f )
{
return ap_set_int_slot(cmd, offset, f);
}
static const char *set_authn_set_string(cmd_parms *cmd, void *offset,
const char *f )
{
return ap_set_string_slot(cmd, offset, f);
}
static const command_rec authn_google_cmds[] =
{
AP_INIT_TAKE12("GoogleAuthUserPath", set_authn_google_slot,
(void *)APR_OFFSETOF(authn_google_config_rec, pwfile),
OR_AUTHCFG, "Directory containing Google Authenticator credential files"),
AP_INIT_TAKE1("GoogleAuthCookieLife", set_authn_set_int,
(void *)APR_OFFSETOF(authn_google_config_rec, cookieLife),
OR_AUTHCFG, "Life (in seconds) authentication cookie before revalidation required"),
AP_INIT_TAKE1("GoogleAuthLogLevel", set_authn_set_int,
(void *)APR_OFFSETOF(authn_google_config_rec, debugLevel),
OR_AUTHCFG, "Verbosity level of debug output (zero=off)"),
AP_INIT_TAKE1("GoogleAuthEntryWindow", set_authn_set_int,
(void *)APR_OFFSETOF(authn_google_config_rec, entryWindow),
OR_AUTHCFG, "Enable authentication cookies with lifespan given in seconds"),
AP_INIT_TAKE1("GoogleAuthDomain", set_authn_set_string,
(void *)APR_OFFSETOF(authn_google_config_rec, domain),
OR_AUTHCFG, "Custom domain to be set for the authentication cookie"),
AP_INIT_TAKE1("GoogleAuthPath", set_authn_set_string,
(void *)APR_OFFSETOF(authn_google_config_rec, path),
if (arg[len - 1] != '/') {
ap_set_string_slot(cmd, config, apr_pstrcat(cmd->pool, arg, "/", NULL));
conf->prefix_len = len + 1;
}
else {
ap_set_string_slot(cmd, config, arg);
conf->prefix_len = len;
}
return NULL;
}
static const command_rec auth_token_cmds[] =
{
AP_INIT_TAKE1("AuthTokenSecret", ap_set_string_slot,
(void *)APR_OFFSETOF(auth_token_config_rec, secret),
ACCESS_CONF, "secret key to authenticate against"),
AP_INIT_TAKE1("AuthTokenPrefix", auth_token_set_prefix_slot,
(void *)APR_OFFSETOF(auth_token_config_rec, prefix),
ACCESS_CONF, "prefix uri to file storage directory"),
AP_INIT_TAKE1("AuthTokenTimeout", ap_set_int_slot,
(void *)APR_OFFSETOF(auth_token_config_rec, timeout),
ACCESS_CONF, "time to live for tokens"),
AP_INIT_FLAG("AuthTokenLimitByIp", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_token_config_rec, checkip),
ACCESS_CONF, "enable or disable ip checking"),
{NULL}
};
module AP_MODULE_DECLARE_DATA auth_token_module;
int send_auth_request(apr_pool_t * p, request_rec * r, int sock, const char *user, const char *pass, char *remotehost);
static void *create_authn_dovecot_dir_config(apr_pool_t * p, char *d)
{
authn_dovecot_config_rec * const conf = apr_pcalloc(p, sizeof(*conf));
ap_assert(conf != NULL);
conf->dovecotauthsocket = "/var/run/dovecot/auth-client"; /* just to illustrate the default really */
conf->dovecotauthtimeout = 5;
conf->authoritative = 1; // by default we are authoritative
return conf;
}
static const command_rec authn_dovecot_cmds[] = {
AP_INIT_TAKE1("AuthDovecotAuthSocket", ap_set_string_slot,
(void *)APR_OFFSETOF(authn_dovecot_config_rec,
dovecotauthsocket),
OR_AUTHCFG, "Dovecot auth deamon listening socket"),
AP_INIT_FLAG("AuthDovecotAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_dovecot_config_rec,
authoritative),
OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module. " "(default is On)."),
AP_INIT_TAKE1("AuthDovecotTimeout", ap_set_int_slot,
(void *)APR_OFFSETOF(authn_dovecot_config_rec,
dovecotauthtimeout),
OR_AUTHCFG, "Timeout waiting for authorization in seconds"),
{NULL}
};
module AP_MODULE_DECLARE_DATA authn_dovecot_module;
{
if (cmd->server->is_virtual) {
return MODULE_NAME_STR ": IronBee directive not allowed in VirtualHost";
}
dummy = ap_get_module_config(cmd->server->module_config, &ironbee_module);
return ap_set_int_slot(cmd, dummy, p1);
}
/**
* Declares all configuration directives.
*/
static const command_rec ironbee_cmds[] = {
AP_INIT_FLAG(
"IronBeeEnable",
ironbee_cmd_ibenable,
(void *)APR_OFFSETOF(ironbee_config_t, enabled),
RSRC_CONF,
"enable ironbee module"
),
AP_INIT_TAKE1(
"IronBeeConfig",
ironbee_cmd_ibconfig,
(void *)APR_OFFSETOF(ironbee_config_t, config),
RSRC_CONF,
"specify ironbee configuration file"
),
AP_INIT_TAKE1(
"IronBeeBufferSize",
ironbee_cmd_sz,
(void *)APR_OFFSETOF(ironbee_config_t, buf_size),
RSRC_CONF,
first = conf->users;
conf->users = apr_palloc(cmd->pool, sizeof(*conf->users));
conf->users->user = arg;
conf->users->next = first;
}
}
return NULL;
}
static const command_rec authn_anon_cmds[] =
{
AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG,
"a space-separated list of user IDs"),
AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, mustemail),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, nouserid),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, verifyemail),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, logemail),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
{NULL}
};
module AP_MODULE_DECLARE_DATA authn_anon_module;
void *dir_config,
const char *arg)
{
authn_mongodb_config_rec *conf = dir_config;
conf->port = atoi( arg);
if (conf->port <=0) {
return "invalid AuthMongoPort setting";
}
return NULL;
}
static const command_rec authn_mongodb_cmds[] =
{
AP_INIT_TAKE1("AuthMongoHost", ap_set_string_slot,
(void *)APR_OFFSETOF(authn_mongodb_config_rec, host),
OR_AUTHCFG, "hostname to mongo database containing user IDs and passwords (default 127.0.0.1)"),
AP_INIT_TAKE1("AuthMongoPort", set_mongodb_port,
NULL,
OR_AUTHCFG, "Port for mongoDB (default 27017)"),
AP_INIT_TAKE1("AuthMongoCollection", ap_set_string_slot,
(void *)APR_OFFSETOF(authn_mongodb_config_rec, collection),
OR_AUTHCFG, "collection to query (default priv.auth_user)"),
AP_INIT_TAKE1("AuthMongoUserField", ap_set_string_slot,
(void *)APR_OFFSETOF(authn_mongodb_config_rec, userfield),
OR_AUTHCFG, "collection to query (default username)"),
AP_INIT_TAKE1("AuthMongoPasswordField", ap_set_string_slot,
}
static const char *set_authz_groupfile_slot(cmd_parms *cmd, void *offset, const char *f,
const char *t)
{
if (t && strcmp(t, "standard")) {
return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
}
return ap_set_file_slot(cmd, offset, f);
}
static const command_rec authz_groupfile_cmds[] =
{
AP_INIT_TAKE12("AuthGroupFile", set_authz_groupfile_slot,
(void *)APR_OFFSETOF(authz_groupfile_config_rec, groupfile),
OR_AUTHCFG,
"text file containing group names and member user IDs"),
{NULL}
};
module AP_MODULE_DECLARE_DATA authz_groupfile_module;
#define VARBUF_INIT_LEN 512
#define VARBUF_MAX_LEN (16*1024*1024)
static apr_status_t groups_for_user(apr_pool_t *p, char *user, char *grpfile,
apr_table_t ** out)
{
ap_configfile_t *f;
apr_table_t *grps = apr_table_make(p, 15);
apr_pool_t *sp;
/*
apr_byte_t isSSL(const request_rec *r) {
#ifdef APACHE2_0
if(0 == apr_strnatcasecmp(ap_http_method(r), "https")) {
#else
if(0 == apr_strnatcasecmp(ap_http_scheme(r), "https")) {
#endif
return TRUE;
}
return FALSE;
}
*/
const command_rec cmds [] = {
AP_INIT_TAKE1(OBEY_CONTENT_TYPE, readparam, (void*)APR_OFFSETOF(mod_cfg, mimeSniff), ACCESS_CONF, "Define whether to force browsers to trust the Content-Type header"),
AP_INIT_TAKE1(STS_TIMEOUT, readparamsvr, (void*)APR_OFFSETOF(mod_server_cfg, stsTimeout), RSRC_CONF, "Define the Strict-Transport-Security timeout"),
AP_INIT_TAKE1(STS_SUBDOMAINS, readparamsvr, (void*)APR_OFFSETOF(mod_server_cfg, includeSubDomains), RSRC_CONF, "Define whether Strict-Transport-Security includes sub-domains"),
{ NULL }
};
module AP_MODULE_DECLARE_DATA secure_headers_module = {
STANDARD20_MODULE_STUFF,
create_dir_config,
merge_dir_config,
create_server_config,
merge_server_config,
cmds,
register_hooks
};
typedef struct {
int authoritative;
} authz_owner_config_rec;
static void *create_authz_owner_dir_config(apr_pool_t *p, char *d)
{
authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf));
conf->authoritative = 1; /* keep the fortress secure by default */
return conf;
}
static const command_rec authz_owner_cmds[] =
{
AP_INIT_FLAG("AuthzOwnerAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(authz_owner_config_rec, authoritative),
OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules. (default is On.)"),
{NULL}
};
module AP_MODULE_DECLARE_DATA authz_owner_module;
static int check_file_owner(request_rec *r)
{
authz_owner_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authz_owner_module);
int m = r->method_number;
register int x;
const char *t, *w;
servers = memcached_server_list_append(NULL, w1, port, &r);
if(r!=MEMCACHED_SUCCESS) return "memcached_server_list_append() failed.";
r = memcached_server_push(conf->memc, servers);
if(r!=MEMCACHED_SUCCESS) {
memcached_server_list_free(servers);
return "memcached_server_push() failed.";
}
memcached_server_list_free(servers);
return NULL;
}
static const command_rec config_cmds[] = {
AP_INIT_FLAG(X_RESIZE, (cmd_func)ap_set_flag_slot, (void*)APR_OFFSETOF(resize_conf, enabled), OR_OPTIONS, "{On|Off}"),
AP_INIT_TAKE2(RESIZE "-cache", (cmd_func)append_server, NULL, OR_OPTIONS, "server, port"),
AP_INIT_TAKE1(RESIZE "-expire", (cmd_func)ap_set_int_slot, (void*)APR_OFFSETOF(resize_conf, expire), OR_OPTIONS, "expire(sec)"),
AP_INIT_TAKE1(RESIZE "-quality", (cmd_func)ap_set_int_slot, (void*)APR_OFFSETOF(resize_conf, jpeg_quality), OR_OPTIONS, "JPEG quality(~100)"),
{ NULL },
};
static void register_hooks(apr_pool_t *p)
{
ap_register_output_filter(X_RESIZE, resize_output_filter, NULL, AP_FTYPE_CONTENT_SET);
ap_hook_insert_filter(resize_insert_output_filter, NULL, NULL, APR_HOOK_FIRST);
}
// Dispatch list for API hooks.
module AP_MODULE_DECLARE_DATA resizeimage_module = {
} dontdothat_config_rec;
static void *create_dontdothat_dir_config(apr_pool_t *pool, char *dir)
{
dontdothat_config_rec *cfg = apr_pcalloc(pool, sizeof(*cfg));
cfg->base_path = dir;
cfg->no_replay = 1;
return cfg;
}
static const command_rec dontdothat_cmds[] =
{
AP_INIT_TAKE1("DontDoThatConfigFile", ap_set_file_slot,
(void *) APR_OFFSETOF(dontdothat_config_rec, config_file),
OR_ALL,
"Text file containing actions to take for specific requests"),
AP_INIT_FLAG("DontDoThatDisallowReplay", ap_set_flag_slot,
(void *) APR_OFFSETOF(dontdothat_config_rec, no_replay),
OR_ALL, "Disallow replay requests as if they are other recursive requests."),
{ NULL }
};
typedef enum parse_state_t {
STATE_BEGINNING,
STATE_IN_UPDATE,
STATE_IN_SRC_PATH,
STATE_IN_DST_PATH,
STATE_IN_RECURSIVE
} parse_state_t;
conf->nAuth_memCookie_MatchIP_Mode = 1;
} else if ((strcasecmp("2", p1) == 0) || (strcasecmp("Via", p1) == 0)) {
conf->nAuth_memCookie_MatchIP_Mode = 2;
} else if ((strcasecmp("3", p1) == 0) || (strcasecmp("RemoteIP", p1) == 0)) {
conf->nAuth_memCookie_MatchIP_Mode = 3;
} else {
conf->nAuth_memCookie_MatchIP_Mode = 0;
}
return NULL;
}
/* apache config fonction of the module */
static const command_rec Auth_memCookie_cmds[] =
{
AP_INIT_TAKE1("Auth_memCookie_Memcached_AddrPort", ap_set_string_slot,
(void *)APR_OFFSETOF(strAuth_memCookie_config_rec, szAuth_memCookie_memCached_addr),
OR_AUTHCFG, "ip or host adressei(s) and port (':' separated) of memcache(s) daemon to be used, coma separated"),
AP_INIT_TAKE1("Auth_memCookie_SessionTableSize", ap_set_int_slot,
(void *)APR_OFFSETOF(strAuth_memCookie_config_rec, nAuth_memCookie_SessionTableSize),
OR_AUTHCFG, "Max number of element in session information table. 10 by default"),
AP_INIT_FLAG ("Auth_memCookie_SetSessionHTTPHeader", ap_set_flag_slot,
(void *)APR_OFFSETOF(strAuth_memCookie_config_rec, nAuth_memCookie_SetSessionHTTPHeader),
OR_AUTHCFG, "Set to 'yes' to set session information to http header of the authenticated users, no by default"),
AP_INIT_TAKE1("Auth_memCookie_CookieName", ap_set_string_slot,
(void *)APR_OFFSETOF(strAuth_memCookie_config_rec, szAuth_memCookie_CookieName),
OR_AUTHCFG, "Name of cookie to set"),
AP_INIT_TAKE1 ( "Auth_memCookie_MatchIP_Mode", cmd_MatchIP_Mode,
NULL,
OR_AUTHCFG, "To check cookie ip adresse, Set to '1' to use 'X-Forwarded-For' http header, to '2' to use 'Via' http header, and to '3' to use apache remote_ip. set to '0' by default to desactivate the ip check."),
AP_INIT_FLAG ("Auth_memCookie_Authoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(strAuth_memCookie_config_rec, nAuth_memCookie_Authoritative),
AP_INIT_TAKE1("MOD_BUT_COOKIE_EXPIRATION", mod_but_set_cookie_expiration, NULL, RSRC_CONF, "Configure mod_but Cookie Expiration Time"),
AP_INIT_FLAG("MOD_BUT_COOKIE_SECURE", mod_but_set_cookie_secure, NULL, RSRC_CONF, "Configure mod_but Cookie Secure Flag"),
AP_INIT_FLAG("MOD_BUT_COOKIE_HTTPONLY", mod_but_set_cookie_httponly, NULL, RSRC_CONF, "Configure mod_but HTTPOnly Flag"),
AP_INIT_TAKE1("MOD_BUT_SESSION_FREE_URL", mod_but_set_session_free_url, NULL, RSRC_CONF, "Configure mod_but free URL's"),
AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT", mod_but_set_session_timeout, NULL, RSRC_CONF, "Configure session timeout"),
AP_INIT_TAKE1("MOD_BUT_SESSION_HACKING_ATTEMPT_URL", mod_but_set_session_hacking_attempt_url, NULL, RSRC_CONF, "Configure session timeout URL"),
AP_INIT_TAKE1("MOD_BUT_SESSION_INACTIVITY_TIMEOUT", mod_but_set_session_inactivity_timeout, NULL, RSRC_CONF, "Configure session inactivity timeout"),
AP_INIT_TAKE1("MOD_BUT_SESSION_INACTIVITY_TIMEOUT_URL", mod_but_set_session_inactivity_timeout_url, NULL, RSRC_CONF, "Configure session inactivity timeout URL"),
AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT_URL", mod_but_set_session_expired_url, NULL, RSRC_CONF, "Configure session expired URL"),
AP_INIT_TAKE1("MOD_BUT_SESSION_RENEW_URL", mod_but_set_session_renew_url, NULL, RSRC_CONF, "Configure session renew URL"),
AP_INIT_TAKE1("MOD_BUT_ALL_SHM_SPACE_USED_URL", mod_but_set_all_shm_used_url, NULL, RSRC_CONF, "Configure No more SHM URL"),
AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT_HISTORY", mod_but_set_session_timeout_history, NULL, RSRC_CONF, "Configure session timeout history"),
AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY", mod_but_set_session_destroy, NULL, RSRC_CONF, "Configure session destroy URI"),
AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY_URL", mod_but_set_session_destroy_url, NULL, RSRC_CONF, "Configure session destroy URL"),
AP_INIT_FLAG("MOD_BUT_AUTHORIZATION_ENABLED", mod_but_authorization_enabled_on, NULL, RSRC_CONF, "Authorization is enabled"),
AP_INIT_TAKE1("MOD_BUT_LOGON_SERVER_URL", ap_set_string_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_server_url), OR_ALL, "Per Dir Config"),
AP_INIT_TAKE1("MOD_BUT_LOGON_REQUIRED", ap_set_string_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_required), OR_ALL, "Per Dir Config"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL", mod_but_global_logon_server_url, NULL, RSRC_CONF, "Configure Global Logon Server URL"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_1", mod_but_global_logon_server_url_1, NULL, RSRC_CONF, "Configure Global Logon Server URL 1"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_2", mod_but_global_logon_server_url_2, NULL, RSRC_CONF, "Configure Global Logon Server URL 2"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_NAME", mod_but_global_logon_auth_cookie_name, NULL, RSRC_CONF, "Configure Global Logon Cookie Name"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_VALUE", mod_but_global_logon_auth_cookie_value, NULL, RSRC_CONF, "Configure Global Logon Cookie Value"),
AP_INIT_TAKE1("MOD_BUT_SESSION_STORE_FREE_COOKIES", mod_but_set_session_store_free_cookies, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"),
AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_NAME", mod_but_set_service_list_cookie_name, NULL, RSRC_CONF, "Configure Service List Cookie Name"),
AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_VALUE", mod_but_set_service_list_cookie_value, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"),
AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_AUTH_ERROR_URL", mod_but_set_service_list_error_url, NULL, RSRC_CONF, "Configure error page, if the user is not authorized for a specific request"),
AP_INIT_FLAG("MOD_BUT_SERVICE_LIST_ENABLED", mod_but_service_list_enabled_on, NULL, RSRC_CONF, "mod_but service list enabled"),
AP_INIT_TAKE1("MOD_BUT_AUTHORIZED_LOGON_URL", mod_but_set_authorized_logon_url, NULL, RSRC_CONF, "Configure regexp url, from where you accept logon cookies"),
AP_INIT_TAKE1("MOD_BUT_LOCATION_ID", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_location_id), OR_ALL, "LOCATION_ID Per Dir Config"),
AP_INIT_TAKE1("MOD_BUT_AUTH_STRENGTH", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_auth_strength), OR_ALL, "AUTH STRENGTH Per Dir Config"),
{NULL}
dbd_prepare = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
if (dbd_prepare == NULL) {
return "You must load mod_dbd to enable AuthzDBD functions";
}
dbd_handle = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
}
label = apr_psprintf(cmd->pool, "authz_dbd_%d", ++label_num);
dbd_prepare(cmd->server, query, label);
/* save the label here for our own use */
return ap_set_string_slot(cmd, cfg, label);
}
static const command_rec authz_dbd_cmds[] = {
AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot,
(void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF,
"Whether to redirect to referer on successful login"),
AP_INIT_TAKE1("AuthzDBDQuery", authz_dbd_prepare,
(void*)APR_OFFSETOF(authz_dbd_cfg, query), ACCESS_CONF,
"SQL query for DBD Authz or login"),
AP_INIT_TAKE1("AuthzDBDRedirectQuery", authz_dbd_prepare,
(void*)APR_OFFSETOF(authz_dbd_cfg, redir_query), ACCESS_CONF,
"SQL query to get per-user redirect URL after login"),
{NULL}
};
static int authz_dbd_login(request_rec *r, authz_dbd_cfg *cfg,
const char *action)
{
int rv;
const char *newuri = NULL;
status = atoi(arg1);
if (!ap_is_HTTP_REDIRECT(status)) {
return "DirectoryIndexRedirect only accepts values between 300 and 399";
}
}
else {
return "DirectoryIndexRedirect ON|OFF|permanent|temp|seeother|3xx";
}
d->redirect_index = status;
return NULL;
}
static const command_rec dir_cmds[] =
{
AP_INIT_TAKE1("FallbackResource", ap_set_string_slot,
(void*)APR_OFFSETOF(dir_config_rec, dflt),
DIR_CMD_PERMS, "Set a default handler"),
AP_INIT_RAW_ARGS("DirectoryIndex", add_index, NULL, DIR_CMD_PERMS,
"a list of file names"),
AP_INIT_FLAG("DirectorySlash", configure_slash, NULL, DIR_CMD_PERMS,
"On or Off"),
AP_INIT_TAKE1("DirectoryIndexRedirect", configure_redirect,
NULL, DIR_CMD_PERMS, "On, Off, or a 3xx status code."),
{NULL}
};
static void *create_dir_config(apr_pool_t *p, char *dummy)
{
dir_config_rec *new = apr_pcalloc(p, sizeof(dir_config_rec));
// If 'redirect' is foo/bar, then redirect to it. If it is
// foo/bar/%s, then replace the %s with r->uri.
static void compose_and_set_redirect(request_rec *r, const char* redirect) {
char* composed_redirect = NULL;
char* encoded_uri = NULL;
if (ap_strstr_c(redirect, "%s")) {
encoded_uri = apreq_escape(r->pool, r->unparsed_uri, strlen(r->unparsed_uri));
composed_redirect = apr_psprintf(r->pool, redirect, r->unparsed_uri);
}
apr_table_setn(r->headers_out, "Location", composed_redirect ? composed_redirect : redirect);
}
static const command_rec cookie_auth_cmds[] =
{
AP_INIT_TAKE1("AuthCookieName", ap_set_string_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_cookie),
OR_AUTHCFG, "auth cookie name"),
AP_INIT_TAKE1("AuthCookieEnv", ap_set_string_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_env),
OR_AUTHCFG, "environment variable name for optional auxiliary auth info"),
AP_INIT_TAKE1("AuthCookieEnvRedirect", ap_set_string_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_env_redirect),
OR_AUTHCFG, "path to redirect to if optional auxiliary auth info is missing in cookie"),
AP_INIT_TAKE1("AuthCookieUnauthRedirect", ap_set_string_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_unauth_redirect),
OR_AUTHCFG, "path to redirect to if authentication cookie is not set"),
AP_INIT_TAKE1("AuthCookieEncrypt", ap_set_string_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_encrypt),
OR_AUTHCFG, "secret key used to DES-encrypt the cookie"),
AP_INIT_FLAG("AuthCookieOverride", ap_set_flag_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_override),
AP_INIT_FLAG( "MOD_BUT_COOKIE_HTTPONLY", but_config_cookie_httponly, NULL, RSRC_CONF, "Configure mod_but HTTPOnly Flag"),
AP_INIT_TAKE1("MOD_BUT_SESSION_FREE_URL", but_config_session_free_url, NULL, RSRC_CONF, "Configure mod_but free URL's"),
AP_INIT_TAKE1("MOD_BUT_SESSION_HARD_TIMEOUT", but_config_session_hard_timeout, NULL, RSRC_CONF, "Configure session hard timeout"),
AP_INIT_TAKE1("MOD_BUT_SESSION_INACTIVITY_TIMEOUT", but_config_session_inactivity_timeout, NULL, RSRC_CONF, "Configure session inactivity timeout"),
AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT_URL", but_config_session_expired_url, NULL, RSRC_CONF, "Configure session expired URL"),
AP_INIT_TAKE1("MOD_BUT_SESSION_RENEW_URL", but_config_session_renew_url, NULL, RSRC_CONF, "Configure session renew URL"),
AP_INIT_TAKE1("MOD_BUT_ALL_SHM_SPACE_USED_URL", but_config_all_shm_used_url, NULL, RSRC_CONF, "Configure No more SHM URL"),
AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY", but_config_session_destroy, NULL, RSRC_CONF, "Configure session destroy URI"),
AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY_URL", but_config_session_destroy_url, NULL, RSRC_CONF, "Configure session destroy URL"),
AP_INIT_FLAG( "MOD_BUT_AUTHORIZATION_ENABLED", but_config_authorization_enabled_on, NULL, RSRC_CONF, "Authorization is enabled"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL", but_config_global_logon_server_url, NULL, RSRC_CONF, "Configure Global Logon Server URL"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_1", but_config_global_logon_server_url_1, NULL, RSRC_CONF, "Configure Global Logon Server URL 1"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_2", but_config_global_logon_server_url_2, NULL, RSRC_CONF, "Configure Global Logon Server URL 2"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_NAME", but_config_global_logon_auth_cookie_name, NULL, RSRC_CONF, "Configure Global Logon Cookie Name"),
AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_VALUE", but_config_global_logon_auth_cookie_value, NULL, RSRC_CONF, "Configure Global Logon Cookie Value"),
AP_INIT_TAKE1("MOD_BUT_SESSION_STORE_FREE_COOKIES", but_config_session_store_free_cookies, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"),
AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_NAME", but_config_service_list_cookie_name, NULL, RSRC_CONF, "Configure Service List Cookie Name"),
AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_VALUE", but_config_service_list_cookie_value, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"),
AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_AUTH_ERROR_URL", but_config_service_list_error_url, NULL, RSRC_CONF, "Configure error page, if the user is not authorized for a specific request"),
AP_INIT_FLAG( "MOD_BUT_SERVICE_LIST_ENABLED", but_config_service_list_enabled, NULL, RSRC_CONF, "mod_but service list enabled"),
AP_INIT_TAKE1("MOD_BUT_AUTHORIZED_LOGON_URL", but_config_authorized_logon_url, NULL, RSRC_CONF, "Configure regexp url, from where you accept logon cookies"),
AP_INIT_TAKE1("MOD_BUT_URL_AFTER_RENEW", but_config_url_after_renew, NULL, RSRC_CONF, "Configure url after the session is renewed"),
/* per directory/location configuration */
AP_INIT_TAKE1("MOD_BUT_LOGON_SERVER_URL", ap_set_string_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_server_url), OR_ALL, "Logon server relative URL for this directory"),
AP_INIT_FLAG( "MOD_BUT_LOGON_REQUIRED", ap_set_flag_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_required), OR_ALL, "Logon requred for this directory?"),
AP_INIT_TAKE1("MOD_BUT_LOCATION_ID", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_location_id), OR_ALL, "Unique location ID for this directory"),
AP_INIT_TAKE1("MOD_BUT_AUTH_STRENGTH", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_auth_strength), OR_ALL, "Authentication strength required for this directory"),
{ NULL }
};
}
else {
conf->sendfile = arg;
}
return NULL;
}
static const command_rec scgi_cmds[] =
{
AP_INIT_TAKE1("ProxySCGISendfile", scgi_set_send_file, NULL,
RSRC_CONF|ACCESS_CONF,
"The name of the X-Sendfile peudo response header or "
"On or Off"),
AP_INIT_FLAG("ProxySCGIInternalRedirect", ap_set_flag_slot,
(void*)APR_OFFSETOF(scgi_config, internal_redirect),
RSRC_CONF|ACCESS_CONF,
"Off if internal redirect responses should not be accepted"),
{NULL}
};
static void register_hooks(apr_pool_t *p)
{
proxy_hook_scheme_handler(scgi_handler, NULL, NULL, APR_HOOK_FIRST);
proxy_hook_canon_handler(scgi_canon, NULL, NULL, APR_HOOK_FIRST);
APR_OPTIONAL_HOOK(proxy, request_status, scgi_request_status, NULL, NULL,
APR_HOOK_MIDDLE);
}
/*===========================================================================*/
static css_selector_t *
s_search_selector_regexp(Doc *doc, request_rec *r, apr_pool_t *pool, css_stylesheet_t *stylesheet, const char *pattern_str1, const char *pattern_str2, Node *node)
{
Node *node_sv = node;
css_selector_t *ret_sel = NULL;
css_selector_t *tail;
css_selector_t *cur;
ap_regex_t *pattern1 = chxj_ap_pregcomp(pool, pattern_str1, AP_REG_EXTENDED|AP_REG_ICASE);
ap_regex_t *pattern2 = chxj_ap_pregcomp(pool, pattern_str2, AP_REG_EXTENDED|AP_REG_ICASE);
ap_regex_t *pattern3 = chxj_ap_pregcomp(pool, "^.*([>+ ])([^>+ ]+?)$", AP_REG_EXTENDED|AP_REG_ICASE);
ap_regex_t *pattern4 = chxj_ap_pregcomp(pool, "^([^.#]+?)?(\\.[^#]+?)?(#.+?)?$", AP_REG_EXTENDED|AP_REG_ICASE);
tail = (css_selector_t *)((apr_size_t)stylesheet->selector_head.ref - (apr_size_t)APR_OFFSETOF(css_selector_t, next));
for (cur = tail;
cur != &stylesheet->selector_head;
cur = (css_selector_t *)((apr_size_t)cur->ref - (apr_size_t)APR_OFFSETOF(css_selector_t, next))) {
ap_regmatch_t match[256];
if (chxj_ap_regexec(pattern1, cur->name, pattern1->re_nsub + 1, match, 0) == 0) {
ret_sel = cur;
goto end_of_search;
}
else
if (chxj_ap_regexec(pattern2, cur->name, pattern2->re_nsub + 1, match, 0) == 0) {
char *src = apr_pstrdup(pool, cur->name);
char *one = chxj_ap_pregsub(pool, "$1",src, pattern2->re_nsub + 1, match);
int loop = 0;
do {
*strrchr(src, *one) = 0;
switch (*one) {
case '>': /* Child selectors */
if (chxj_ap_regexec(pattern3, src, pattern3->re_nsub + 1, match, 0) == 0) {
one = chxj_ap_pregsub(pool, "$1",src, pattern3->re_nsub + 1, match);
char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, strrchr(src, *one)+1, pattern4, node->parent);
if (ret) {
node = node->parent;
loop = 1;
}
}
else {
char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, src, pattern4, node->parent);
if (ret) {
ret_sel = cur;
goto end_of_search;
}
loop = 0;
}
break;
case '+': /* Adjacent sibling selectors */
if (chxj_ap_regexec(pattern3, src, pattern3->re_nsub + 1, match, 0) == 0) {
one = chxj_ap_pregsub(pool, "$1",src, pattern3->re_nsub + 1, match);
char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, strrchr(src, *one)+1, pattern4, node->prev);
if (ret) {
loop = 1;
node = node->prev;
break;
}
}
else {
if (! node->prev) {
ret_sel = NULL;
goto end_of_search;
}
char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, src, pattern4, node->prev);
if (ret) {
ret_sel = cur;
goto end_of_search;
}
}
break;
case ' ': /* Descendant selectors */
if (chxj_ap_regexec(pattern3, src, pattern3->re_nsub + 1, match, 0) == 0) {
one = chxj_ap_pregsub(pool, "$1",src, pattern3->re_nsub + 1, match);
for (; node && node->parent; node = node->parent) {
if (strcasecmp(node->name, "ROOT") == 0 || strcasecmp(node->parent->name, "ROOT") == 0) {
loop = 0;
break;
}
char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, strrchr(src, *one)+1, pattern4, node->parent);
if (ret) {
loop = 1;
node = node->parent;
break;
}
}
}
else {
for (; node && node->parent; node = node->parent) {
if (strcasecmp(node->name, "ROOT") == 0 || strcasecmp(node->parent->name, "ROOT") == 0) {
loop = 0;
break;
}
char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, src, pattern4, node->parent);
if (ret) {
ret_sel = cur;
goto end_of_search;
}
}
}
break;
default:
loop = 0;
}
} while(loop);
node = node_sv;
}
}
end_of_search:
chxj_ap_pregfree(pool, pattern1);
chxj_ap_pregfree(pool, pattern2);
chxj_ap_pregfree(pool, pattern3);
chxj_ap_pregfree(pool, pattern4);
return ret_sel;
}
static void authn_yubikey_register_hooks(apr_pool_t *p)
{
//static const char *const aszSucc[] = { "mod_authz_user.c", NULL };
//ap_hook_auth_checker(authz_check_yubi_user, NULL, aszSucc, APR_HOOK_MIDDLE);
/* No content handler for this one */
//ap_hook_handler(authn_yubikey_handler, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_header_parser(checkInitial, NULL, NULL, APR_HOOK_MIDDLE);
ap_register_provider(p, AUTHN_PROVIDER_GROUP, "yubikey", "0", &authn_yubikey_provider);
ap_hook_post_config(init_mod_yk, NULL, NULL, APR_HOOK_MIDDLE);
}
static const command_rec authn_yubikey_cmds[] = {
AP_INIT_TAKE1("AuthYubiKeyTmpFile", ap_set_file_slot,
(void*) APR_OFFSETOF(yubiauth_dir_cfg, tmpAuthDbFilename),
ACCESS_CONF, "The temporary filename for authenticated users"),
AP_INIT_TAKE1("AuthYubiKeyUserFile", ap_set_file_slot,
(void*) APR_OFFSETOF(yubiauth_dir_cfg, userAuthDbFilename),
ACCESS_CONF, "The filename for allowed users"),
AP_INIT_TAKE1("AuthYubiKeyTimeout", ap_set_int_slot,
(void*) APR_OFFSETOF(yubiauth_dir_cfg, timeoutSeconds),
ACCESS_CONF, "The timeout when users have to reauthenticate (Default 43200 seconds [12h])"),
AP_INIT_TAKE1("AuthYkValidationProtocol", ap_set_string_slot,
(void*) APR_OFFSETOF(yubiauth_dir_cfg, validationProtocol),
ACCESS_CONF, "The protocol of the URL of the location where the key can be" \
"authenticated"),
AP_INIT_TAKE1("AuthYkValidationHost", ap_set_string_slot,
(void*) APR_OFFSETOF(yubiauth_dir_cfg, validationHost),
ACCESS_CONF, "The host of the URL of the location where the key can be" \
"authenticated"),
while (last->next) {
last = last->next;
}
last->next = newp;
}
return NULL;
}
static const command_rec auth_basic_cmds[] =
{
AP_INIT_ITERATE("AuthBasicProvider", add_authn_provider, NULL, OR_AUTHCFG,
"specify the auth providers for a directory or location"),
AP_INIT_FLAG("AuthBasicAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_basic_config_rec, authoritative),
OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module"),
{NULL}
};
module AP_MODULE_DECLARE_DATA auth_basic_module;
/* These functions return 0 if client is OK, and proper error status
* if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or
* HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we
* couldn't figure out how to tell if the client is authorized or not.
*
* If they return DECLINED, and all other modules also decline, that's
* treated by the server core as a configuration error, logged and
}
static const char *set_auth_slot(cmd_parms *cmd, void *offset, const char *f,
const char *t)
{
if (t && strcmp(t, "standard")) {
return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
}
return ap_set_file_slot(cmd, offset, f);
}
static const command_rec auth_cmds[] =
{
AP_INIT_TAKE12("AuthUserFile", set_auth_slot,
(void *)APR_OFFSETOF(auth_config_rec, auth_pwfile),
OR_AUTHCFG, "text file containing user IDs and passwords"),
AP_INIT_TAKE12("AuthGroupFile", set_auth_slot,
(void *)APR_OFFSETOF(auth_config_rec, auth_grpfile),
OR_AUTHCFG,
"text file containing group names and member user IDs"),
AP_INIT_FLAG("AuthAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_config_rec, auth_authoritative),
OR_AUTHCFG,
"Set to 'no' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module"),
{NULL}
};
module AP_MODULE_DECLARE_DATA auth_module;
