typedef struct { int authoritative; } authz_webid_config_rec; static void * create_authz_webid_dir_config(apr_pool_t *p, char *dirspec) { authz_webid_config_rec *conf = apr_palloc(p, sizeof(*conf)); conf->authoritative = 1; return conf; } static const command_rec authz_webid_cmds[] = { AP_INIT_FLAG("AuthzWebIDAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(authz_webid_config_rec, authoritative), OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " "lower modules if the WebID is not authorized by this module"), {NULL} }; module AP_MODULE_DECLARE_DATA authz_webid_module; static int http_status_code(request_rec *r, int status_code) { authz_webid_config_rec *conf = ap_get_module_config(r->per_dir_config, &authz_webid_module); if (status_code != OK && !conf->authoritative) { return DECLINED; } else if (status_code != OK) {
/** * POP but delete. */ css_prop_list_t * chxj_css_get_last_prop_list(css_prop_list_stack_t *stack) { css_prop_list_t *tail = (css_prop_list_t *)((apr_size_t)stack->head.ref - (apr_size_t)APR_OFFSETOF(css_prop_list_t, next)); if (tail == &stack->head) { return NULL; } return tail; }
static void* config_create(apr_pool_t* p, char* path) { auth_conf* conf = apr_palloc(p, sizeof(auth_conf)); conf->pool = p; conf->dump = UNSET; conf->url = "localhost%s"; conf->secret = ""; conf->errdoc = NULL; return conf; } static const command_rec config_cmds[] = { AP_INIT_TAKE1(HR_AUTH "-URL", auth_url, NULL, OR_AUTHCFG, HR_AUTH ": Authentication request url."), AP_INIT_TAKE1(HR_AUTH "-Secret", auth_secret, NULL, OR_OPTIONS, HR_AUTH "-Secret: Source file name for MD5."), AP_INIT_TAKE1(HR_AUTH "-ErrorDocument", ap_set_string_slot, (void*)APR_OFFSETOF(auth_conf, errdoc), OR_OPTIONS, HR_AUTH "-ErrorDocument: ErrorDocument."), AP_INIT_FLAG (HR_AUTH "-DumpResult", ap_set_flag_slot, (void*)APR_OFFSETOF(auth_conf, dump), OR_OPTIONS, ""), { NULL }, }; static void register_hooks(apr_pool_t *p) { ap_hook_check_user_id(check_auth_handler, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker(break_request_handler, NULL, NULL, APR_HOOK_MIDDLE); ap_register_output_filter(DUMP_AUTH_RESULT, auth_result_dump_filter, NULL, AP_FTYPE_CONTENT_SET); } /* Dispatch list for API hooks */ module AP_MODULE_DECLARE_DATA auth_httprequest_module = { STANDARD20_MODULE_STUFF,
// Implementation note: don't use l2 (use l3, l4 instead if required) since its // space can be used in case of 64-bit return value. NativeCodePtr compile_create_lil_jni_stub(Method_Handle method, void* func, NativeStubOverride nso) { ASSERT_NO_INTERPRETER; const Class_Handle clss = method->get_class(); bool is_static = method->is_static(); bool is_synchronised = method->is_synchronized(); Method_Signature_Handle msh = method_get_signature(method); unsigned num_args = method->get_num_args(); Type_Info_Handle ret_tih = method_ret_type_get_type_info(msh); VM_Data_Type ret_type = type_info_get_type(ret_tih); unsigned i; unsigned num_ref_args = 0; // among original args, does not include jclass for static methods for(i=0; i<num_args; i++) if (is_reference(method_args_get_type_info(msh, i))) num_ref_args++; //***** Part 1: Entry, Stats, Override, push m2n, allocate space for handles LilCodeStub* cs = lil_parse_code_stub("entry 0:managed:%0m;", method); assert(cs); // Increment stats (total number of calls) #ifdef VM_STATS cs = lil_parse_onto_end(cs, "inc [%0i:pint];", &((Method*)method)->num_accesses); assert(cs); #endif //VM_STATS // Do stub override here if (nso) cs = nso(cs, method); assert(cs); // Increment stats (number of nonoverridden calls) #ifdef VM_STATS cs = lil_parse_onto_end(cs, "inc [%0i:pint];", &((Method*)method)->num_slow_accesses); assert(cs); #endif // Push M2nFrame cs = lil_parse_onto_end(cs, "push_m2n %0i, %1i, handles; locals 3;", method, (POINTER_SIZE_INT)FRAME_JNI); assert(cs); // Allocate space for handles unsigned number_of_object_handles = num_ref_args + (is_static ? 1 : 0); cs = oh_gen_allocate_handles(cs, number_of_object_handles, "l0", "l1"); assert(cs); //***** Part 2: Initialize object handles if (is_static) { void *jlc = clss->get_class_handle(); cs = lil_parse_onto_end(cs, //"ld l1,[%0i:pint];" "ld l1,[%0i:ref];", jlc); assert(cs); cs = oh_gen_init_handle(cs, "l0", 0, "l1", false); assert(cs); } else { cs = oh_gen_init_handle(cs, "l0", 0, "i0", true); } // The remaining handles are for the proper arguments (not including this) // Loop over the arguments, skipping 0th argument for instance methods. If argument is a reference, generate code unsigned hn = 1; for(i=(is_static?0:1); i<num_args; i++) { if (is_reference(method_args_get_type_info(msh, i))) { char buf[20]; sprintf(buf, "i%d", i); cs = oh_gen_init_handle(cs, "l0", hn, buf, true); assert(cs); hn++; } } //***** Part 3: Synchronize if (is_synchronised) { if (is_static) { cs = lil_parse_onto_end(cs, "out stdcall:pint:pint;" "o0=%0i;" "call %1i;" "out stdcall:pint:void;" "o0=r;" "call %2i;", clss, lil_npc_to_fp(vm_helper_get_addr(VM_RT_CLASS_2_JLC)), lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_ENTER))); assert(cs); } else { cs = lil_parse_onto_end(cs, "out stdcall:ref:void;" "o0=i0;" "call %0i;", lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_ENTER))); assert(cs); } } //***** Call JVMTI MethodEntry DebugUtilsTI* ti = VM_Global_State::loader_env->TI; if (ti->isEnabled() && ti->get_global_capability(DebugUtilsTI::TI_GC_ENABLE_METHOD_ENTRY)) { cs = lil_parse_onto_end(cs, "out platform:pint:void;" "o0=%0i:pint;" "call %1i;", (jmethodID)method, jvmti_process_method_entry_event); assert(cs); } //***** Part 4: Enable GC cs = lil_parse_onto_end(cs, "out platform::void;" "call %0i;", hythread_suspend_enable); assert(cs); //***** Part 5: Set up arguments // Setup outputs, set JNIEnv, set class/this handle cs = lil_parse_onto_end(cs, "out jni:%0j;" "l1=ts;" "ld o0,[l1 + %1i:pint];" "o1=l0+%2i;", method, (POINTER_SIZE_INT)APR_OFFSETOF(VM_thread, jni_env), oh_get_handle_offset(0)); assert(cs); // Loop over arguments proper, setting rest of outputs unsigned int arg_base = 1 + (is_static ? 1 : 0); hn = 1; for(i=(is_static?0:1); i<num_args; i++) { if (is_reference(method_args_get_type_info(msh, i))) { POINTER_SIZE_INT handle_offset = oh_get_handle_offset(hn); REFS_RUNTIME_SWITCH_IF #ifdef REFS_RUNTIME_OR_COMPRESSED cs = lil_parse_onto_end(cs, "jc i%0i=%1i:ref,%n;" "o%2i=l0+%3i;" "j %o;" ":%g;" "o%4i=0;" ":%g;", i, VM_Global_State::loader_env->managed_null, arg_base+i, handle_offset, arg_base+i); #endif // REFS_RUNTIME_OR_COMPRESSED REFS_RUNTIME_SWITCH_ELSE #ifdef REFS_RUNTIME_OR_UNCOMPRESSED cs = lil_parse_onto_end(cs, "jc i%0i=0:ref,%n;" "o%1i=l0+%2i;" "j %o;" ":%g;" "o%3i=0;" ":%g;", i, arg_base+i, handle_offset, arg_base+i); #endif // REFS_RUNTIME_OR_UNCOMPRESSED REFS_RUNTIME_SWITCH_ENDIF hn++; } else { cs = lil_parse_onto_end(cs, "o%0i=i%1i;", arg_base+i, i); } assert(cs); } //***** Part 6: Call cs = lil_parse_onto_end(cs, "call %0i;", func); assert(cs); //***** Part 7: Save return, widening if necessary switch (ret_type) { case VM_DATA_TYPE_VOID: break; case VM_DATA_TYPE_INT32: cs = lil_parse_onto_end(cs, "l1=r;"); break; case VM_DATA_TYPE_BOOLEAN: cs = lil_parse_onto_end(cs, "l1=zx1 r;"); break; case VM_DATA_TYPE_INT16: cs = lil_parse_onto_end(cs, "l1=sx2 r;"); break; case VM_DATA_TYPE_INT8: cs = lil_parse_onto_end(cs, "l1=sx1 r;"); break; case VM_DATA_TYPE_CHAR: cs = lil_parse_onto_end(cs, "l1=zx2 r;"); break; default: cs = lil_parse_onto_end(cs, "l1=r;"); break; } assert(cs); //***** Part 8: Disable GC cs = lil_parse_onto_end(cs, "out platform::void;" "call %0i;", hythread_suspend_disable); assert(cs); // Exception offsets POINTER_SIZE_INT eoo = (POINTER_SIZE_INT)&((VM_thread*)0)->thread_exception.exc_object; POINTER_SIZE_INT eco = (POINTER_SIZE_INT)&((VM_thread*)0)->thread_exception.exc_class; //***** Call JVMTI MethodExit if (ti->isEnabled() && ti->get_global_capability(DebugUtilsTI::TI_GC_ENABLE_METHOD_EXIT)) { cs = lil_parse_onto_end(cs, "out platform:pint,g1,g8:void;" "l2=ts;" "ld l2,[l2+%0i:ref];" "jc l2!=0,_mex_exn_raised;" "l2=ts;" "ld l2,[l2+%1i:ref];" "jc l2!=0,_mex_exn_raised;" "o1=%2i:g1;" "o2=l1:g8;" "j _mex_exn_cont;" ":_mex_exn_raised;" "o1=%3i:g1;" "o2=0:g8;" ":_mex_exn_cont;" "o0=%4i:pint;" "call %5i;", eoo, eco, (POINTER_SIZE_INT)JNI_FALSE, (POINTER_SIZE_INT)JNI_TRUE, (jmethodID)method, jvmti_process_method_exit_event); assert(cs); } //***** Part 9: Synchronize if (is_synchronised) { if (is_static) { cs = lil_parse_onto_end(cs, "out stdcall:pint:pint;" "o0=%0i;" "call %1i;" "out stdcall:pint:void;" "o0=r;" "call %2i;", clss, lil_npc_to_fp(vm_helper_get_addr(VM_RT_CLASS_2_JLC)), lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_EXIT))); } else { cs = lil_parse_onto_end(cs, "ld l0,[l0+%0i:ref];" "out stdcall:ref:void; o0=l0; call %1i;", oh_get_handle_offset(0), lil_npc_to_fp(vm_helper_get_addr(VM_RT_MONITOR_EXIT))); } assert(cs); } //***** Part 10: Unhandle the return if it is a reference if (is_reference(ret_tih)) { cs = lil_parse_onto_end(cs, "jc l1=0,ret_done;" "ld l1,[l1+0:ref];" ":ret_done;"); #ifdef REFS_RUNTIME_OR_COMPRESSED REFS_RUNTIME_SWITCH_IF cs = lil_parse_onto_end(cs, "jc l1!=0,done_translating_ret;" "l1=%0i:ref;" ":done_translating_ret;", VM_Global_State::loader_env->managed_null); REFS_RUNTIME_SWITCH_ENDIF #endif // REFS_RUNTIME_OR_UNCOMPRESSED assert(cs); } //***** Part 11: Rethrow exception cs = lil_parse_onto_end(cs, "l0=ts;" "ld l2,[l0+%0i:ref];" "jc l2!=0,_exn_raised;" "ld l2,[l0+%1i:ref];" "jc l2=0,_no_exn;" ":_exn_raised;" "m2n_save_all;" "out platform::void;" "call.noret %2i;" ":_no_exn;", eoo, eco, exn_rethrow); assert(cs); //***** Part 12: Restore return variable, pop_m2n, return if (ret_type != VM_DATA_TYPE_VOID) { cs = lil_parse_onto_end(cs, "r=l1;"); assert(cs); } cs = lil_parse_onto_end(cs, "pop_m2n;" "ret;"); assert(cs); //***** Now generate code assert(lil_is_valid(cs)); NativeCodePtr addr = LilCodeGenerator::get_platform()->compile(cs, clss->get_class_loader()->GetCodePool()); #ifndef NDEBUG char buf[100]; apr_snprintf(buf, sizeof(buf)-1, "jni_stub.%s::%s", clss->get_name()->bytes, method->get_name()->bytes); DUMP_STUB(addr, buf, lil_cs_get_code_size(cs)); #endif #ifdef VM_STATS VM_Statistics::get_vm_stats().jni_stub_bytes += lil_cs_get_code_size(cs); #endif lil_free_code_stub(cs); return addr; } // compile_create_lil_jni_stub
apr_pool_t *pool; apr_thread_t *thread; int counter; int active; apr_socket_t *sockfd; } MosquittoData; typedef struct mosquitto_cfg { char* broker; char* port; } mosquitto_cfg ; static const command_rec mosquitto_cmds[] = { AP_INIT_TAKE1("MosBroker", ap_set_string_slot, (void*) APR_OFFSETOF(mosquitto_cfg, broker), ACCESS_CONF, "Broker") , AP_INIT_TAKE1("MosPort", ap_set_string_slot, (void*) APR_OFFSETOF(mosquitto_cfg, port), ACCESS_CONF, "Port") , {NULL} }; module AP_MODULE_DECLARE_DATA mod_websocket_mosquitto; static void* mosquitto_create_dir_conf(apr_pool_t* pool, char* x) { mosquitto_cfg* dir = apr_pcalloc(pool, sizeof(mosquitto_cfg)); dir->broker = "ha-12.dk.eradus.com"; dir->port = "1883";
apr_status_t mbox_send_footer_includes(request_rec *r, mbox_dir_cfg_t *conf) { if (conf->footer_include_file) { RETURN_NOT_SUCCESS(mbox_send_include_file(r, conf->footer_include_file)); } if (conf->script_path) { ap_rprintf(r, " <script type=\"text/javascript\" src=\"%s\"></script>\n", conf->script_path); } return APR_SUCCESS; } static const command_rec mbox_cmds[] = { AP_INIT_FLAG("mboxindex", ap_set_flag_slot, (void *) APR_OFFSETOF(mbox_dir_cfg_t, enabled), OR_INDEXES, "Enable mod_mbox to create directory listings of .mbox files."), AP_INIT_FLAG("mboxantispam", ap_set_flag_slot, (void *) APR_OFFSETOF(mbox_dir_cfg_t, antispam), OR_INDEXES, "Enable mod_mbox email obfuscation."), AP_INIT_FLAG("mboxhideempty", ap_set_flag_slot, (void *) APR_OFFSETOF(mbox_dir_cfg_t, hide_empty), OR_INDEXES, "Whether to display empty mboxes in index listing."), AP_INIT_TAKE1("mboxrootpath", ap_set_string_slot, (void *) APR_OFFSETOF(mbox_dir_cfg_t, root_path), OR_INDEXES, "Set the path to the site index."), AP_INIT_TAKE1("mboxstyle", ap_set_string_slot, (void *) APR_OFFSETOF(mbox_dir_cfg_t, style_path), OR_INDEXES,
if (authn_dbd_prepare_fn == NULL) { return "You must load mod_dbd to enable AuthDBD functions"; } authn_dbd_acquire_fn = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire); } label = apr_psprintf(cmd->pool, "authn_dbd_%d", ++label_num); authn_dbd_prepare_fn(cmd->server, query, label); /* save the label here for our own use */ return ap_set_string_slot(cmd, cfg, label); } static const command_rec authn_dbd_cmds[] = { AP_INIT_TAKE1("AuthDBDUserPWQuery", authn_dbd_prepare, (void *)APR_OFFSETOF(authn_dbd_conf, user), ACCESS_CONF, "Query used to fetch password for user"), AP_INIT_TAKE1("AuthDBDUserRealmQuery", authn_dbd_prepare, (void *)APR_OFFSETOF(authn_dbd_conf, realm), ACCESS_CONF, "Query used to fetch password for user+realm"), {NULL} }; static authn_status authn_dbd_password(request_rec *r, const char *user, const char *password) { apr_status_t rv; const char *dbd_password = NULL; apr_dbd_prepared_t *statement; apr_dbd_results_t *res = NULL; apr_dbd_row_t *row = NULL;
conf->authoritative = (nconf->authoritative != -1) ? nconf->authoritative : pconf->authoritative; conf->var = (nconf->var != NULL) ? nconf->var : pconf->var; conf->strip_suffix = (nconf->var != NULL || nconf->strip_suffix != NULL) ? nconf->strip_suffix : pconf->strip_suffix; conf->strip_suffix_required = (nconf->var != NULL || nconf->strip_suffix_required != -1) ? nconf->authoritative : pconf->authoritative; return conf; } static const command_rec auth_sslcert_cmds[] = { AP_INIT_FLAG("AuthSSLCertAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(auth_sslcert_config_rec, authoritative), OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " "lower modules if the UserID is not known to this module"), AP_INIT_TAKE1("AuthSSLCertVar", ap_set_string_slot, (void*)APR_OFFSETOF(auth_sslcert_config_rec, var), OR_AUTHCFG, "SSL variable to use as the username"), AP_INIT_TAKE1("AuthSSLCertStripSuffix", ap_set_string_slot, (void*)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix), OR_AUTHCFG, "An optional suffix to strip from the username"), AP_INIT_FLAG("AuthSSLCertStripSuffixRequired", ap_set_flag_slot, (void *)APR_OFFSETOF(auth_sslcert_config_rec, strip_suffix_required), OR_AUTHCFG, "Set to 'Off' to allow certs that don't end with a recognized "
static const char *set_authn_set_int(cmd_parms *cmd, void *offset, const char *f ) { return ap_set_int_slot(cmd, offset, f); } static const char *set_authn_set_string(cmd_parms *cmd, void *offset, const char *f ) { return ap_set_string_slot(cmd, offset, f); } static const command_rec authn_google_cmds[] = { AP_INIT_TAKE12("GoogleAuthUserPath", set_authn_google_slot, (void *)APR_OFFSETOF(authn_google_config_rec, pwfile), OR_AUTHCFG, "Directory containing Google Authenticator credential files"), AP_INIT_TAKE1("GoogleAuthCookieLife", set_authn_set_int, (void *)APR_OFFSETOF(authn_google_config_rec, cookieLife), OR_AUTHCFG, "Life (in seconds) authentication cookie before revalidation required"), AP_INIT_TAKE1("GoogleAuthLogLevel", set_authn_set_int, (void *)APR_OFFSETOF(authn_google_config_rec, debugLevel), OR_AUTHCFG, "Verbosity level of debug output (zero=off)"), AP_INIT_TAKE1("GoogleAuthEntryWindow", set_authn_set_int, (void *)APR_OFFSETOF(authn_google_config_rec, entryWindow), OR_AUTHCFG, "Enable authentication cookies with lifespan given in seconds"), AP_INIT_TAKE1("GoogleAuthDomain", set_authn_set_string, (void *)APR_OFFSETOF(authn_google_config_rec, domain), OR_AUTHCFG, "Custom domain to be set for the authentication cookie"), AP_INIT_TAKE1("GoogleAuthPath", set_authn_set_string, (void *)APR_OFFSETOF(authn_google_config_rec, path),
if (arg[len - 1] != '/') { ap_set_string_slot(cmd, config, apr_pstrcat(cmd->pool, arg, "/", NULL)); conf->prefix_len = len + 1; } else { ap_set_string_slot(cmd, config, arg); conf->prefix_len = len; } return NULL; } static const command_rec auth_token_cmds[] = { AP_INIT_TAKE1("AuthTokenSecret", ap_set_string_slot, (void *)APR_OFFSETOF(auth_token_config_rec, secret), ACCESS_CONF, "secret key to authenticate against"), AP_INIT_TAKE1("AuthTokenPrefix", auth_token_set_prefix_slot, (void *)APR_OFFSETOF(auth_token_config_rec, prefix), ACCESS_CONF, "prefix uri to file storage directory"), AP_INIT_TAKE1("AuthTokenTimeout", ap_set_int_slot, (void *)APR_OFFSETOF(auth_token_config_rec, timeout), ACCESS_CONF, "time to live for tokens"), AP_INIT_FLAG("AuthTokenLimitByIp", ap_set_flag_slot, (void *)APR_OFFSETOF(auth_token_config_rec, checkip), ACCESS_CONF, "enable or disable ip checking"), {NULL} }; module AP_MODULE_DECLARE_DATA auth_token_module;
int send_auth_request(apr_pool_t * p, request_rec * r, int sock, const char *user, const char *pass, char *remotehost); static void *create_authn_dovecot_dir_config(apr_pool_t * p, char *d) { authn_dovecot_config_rec * const conf = apr_pcalloc(p, sizeof(*conf)); ap_assert(conf != NULL); conf->dovecotauthsocket = "/var/run/dovecot/auth-client"; /* just to illustrate the default really */ conf->dovecotauthtimeout = 5; conf->authoritative = 1; // by default we are authoritative return conf; } static const command_rec authn_dovecot_cmds[] = { AP_INIT_TAKE1("AuthDovecotAuthSocket", ap_set_string_slot, (void *)APR_OFFSETOF(authn_dovecot_config_rec, dovecotauthsocket), OR_AUTHCFG, "Dovecot auth deamon listening socket"), AP_INIT_FLAG("AuthDovecotAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_dovecot_config_rec, authoritative), OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " "lower modules if the UserID is not known to this module. " "(default is On)."), AP_INIT_TAKE1("AuthDovecotTimeout", ap_set_int_slot, (void *)APR_OFFSETOF(authn_dovecot_config_rec, dovecotauthtimeout), OR_AUTHCFG, "Timeout waiting for authorization in seconds"), {NULL} }; module AP_MODULE_DECLARE_DATA authn_dovecot_module;
{ if (cmd->server->is_virtual) { return MODULE_NAME_STR ": IronBee directive not allowed in VirtualHost"; } dummy = ap_get_module_config(cmd->server->module_config, &ironbee_module); return ap_set_int_slot(cmd, dummy, p1); } /** * Declares all configuration directives. */ static const command_rec ironbee_cmds[] = { AP_INIT_FLAG( "IronBeeEnable", ironbee_cmd_ibenable, (void *)APR_OFFSETOF(ironbee_config_t, enabled), RSRC_CONF, "enable ironbee module" ), AP_INIT_TAKE1( "IronBeeConfig", ironbee_cmd_ibconfig, (void *)APR_OFFSETOF(ironbee_config_t, config), RSRC_CONF, "specify ironbee configuration file" ), AP_INIT_TAKE1( "IronBeeBufferSize", ironbee_cmd_sz, (void *)APR_OFFSETOF(ironbee_config_t, buf_size), RSRC_CONF,
first = conf->users; conf->users = apr_palloc(cmd->pool, sizeof(*conf->users)); conf->users->user = arg; conf->users->next = first; } } return NULL; } static const command_rec authn_anon_cmds[] = { AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG, "a space-separated list of user IDs"), AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, mustemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, nouserid), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, verifyemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_anon_config_rec, logemail), OR_AUTHCFG, "Limited to 'on' or 'off'"), {NULL} }; module AP_MODULE_DECLARE_DATA authn_anon_module;
void *dir_config, const char *arg) { authn_mongodb_config_rec *conf = dir_config; conf->port = atoi( arg); if (conf->port <=0) { return "invalid AuthMongoPort setting"; } return NULL; } static const command_rec authn_mongodb_cmds[] = { AP_INIT_TAKE1("AuthMongoHost", ap_set_string_slot, (void *)APR_OFFSETOF(authn_mongodb_config_rec, host), OR_AUTHCFG, "hostname to mongo database containing user IDs and passwords (default 127.0.0.1)"), AP_INIT_TAKE1("AuthMongoPort", set_mongodb_port, NULL, OR_AUTHCFG, "Port for mongoDB (default 27017)"), AP_INIT_TAKE1("AuthMongoCollection", ap_set_string_slot, (void *)APR_OFFSETOF(authn_mongodb_config_rec, collection), OR_AUTHCFG, "collection to query (default priv.auth_user)"), AP_INIT_TAKE1("AuthMongoUserField", ap_set_string_slot, (void *)APR_OFFSETOF(authn_mongodb_config_rec, userfield), OR_AUTHCFG, "collection to query (default username)"), AP_INIT_TAKE1("AuthMongoPasswordField", ap_set_string_slot,
} static const char *set_authz_groupfile_slot(cmd_parms *cmd, void *offset, const char *f, const char *t) { if (t && strcmp(t, "standard")) { return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); } return ap_set_file_slot(cmd, offset, f); } static const command_rec authz_groupfile_cmds[] = { AP_INIT_TAKE12("AuthGroupFile", set_authz_groupfile_slot, (void *)APR_OFFSETOF(authz_groupfile_config_rec, groupfile), OR_AUTHCFG, "text file containing group names and member user IDs"), {NULL} }; module AP_MODULE_DECLARE_DATA authz_groupfile_module; #define VARBUF_INIT_LEN 512 #define VARBUF_MAX_LEN (16*1024*1024) static apr_status_t groups_for_user(apr_pool_t *p, char *user, char *grpfile, apr_table_t ** out) { ap_configfile_t *f; apr_table_t *grps = apr_table_make(p, 15); apr_pool_t *sp;
/* apr_byte_t isSSL(const request_rec *r) { #ifdef APACHE2_0 if(0 == apr_strnatcasecmp(ap_http_method(r), "https")) { #else if(0 == apr_strnatcasecmp(ap_http_scheme(r), "https")) { #endif return TRUE; } return FALSE; } */ const command_rec cmds [] = { AP_INIT_TAKE1(OBEY_CONTENT_TYPE, readparam, (void*)APR_OFFSETOF(mod_cfg, mimeSniff), ACCESS_CONF, "Define whether to force browsers to trust the Content-Type header"), AP_INIT_TAKE1(STS_TIMEOUT, readparamsvr, (void*)APR_OFFSETOF(mod_server_cfg, stsTimeout), RSRC_CONF, "Define the Strict-Transport-Security timeout"), AP_INIT_TAKE1(STS_SUBDOMAINS, readparamsvr, (void*)APR_OFFSETOF(mod_server_cfg, includeSubDomains), RSRC_CONF, "Define whether Strict-Transport-Security includes sub-domains"), { NULL } }; module AP_MODULE_DECLARE_DATA secure_headers_module = { STANDARD20_MODULE_STUFF, create_dir_config, merge_dir_config, create_server_config, merge_server_config, cmds, register_hooks };
typedef struct { int authoritative; } authz_owner_config_rec; static void *create_authz_owner_dir_config(apr_pool_t *p, char *d) { authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf)); conf->authoritative = 1; /* keep the fortress secure by default */ return conf; } static const command_rec authz_owner_cmds[] = { AP_INIT_FLAG("AuthzOwnerAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(authz_owner_config_rec, authoritative), OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " "lower modules. (default is On.)"), {NULL} }; module AP_MODULE_DECLARE_DATA authz_owner_module; static int check_file_owner(request_rec *r) { authz_owner_config_rec *conf = ap_get_module_config(r->per_dir_config, &authz_owner_module); int m = r->method_number; register int x; const char *t, *w;
servers = memcached_server_list_append(NULL, w1, port, &r); if(r!=MEMCACHED_SUCCESS) return "memcached_server_list_append() failed."; r = memcached_server_push(conf->memc, servers); if(r!=MEMCACHED_SUCCESS) { memcached_server_list_free(servers); return "memcached_server_push() failed."; } memcached_server_list_free(servers); return NULL; } static const command_rec config_cmds[] = { AP_INIT_FLAG(X_RESIZE, (cmd_func)ap_set_flag_slot, (void*)APR_OFFSETOF(resize_conf, enabled), OR_OPTIONS, "{On|Off}"), AP_INIT_TAKE2(RESIZE "-cache", (cmd_func)append_server, NULL, OR_OPTIONS, "server, port"), AP_INIT_TAKE1(RESIZE "-expire", (cmd_func)ap_set_int_slot, (void*)APR_OFFSETOF(resize_conf, expire), OR_OPTIONS, "expire(sec)"), AP_INIT_TAKE1(RESIZE "-quality", (cmd_func)ap_set_int_slot, (void*)APR_OFFSETOF(resize_conf, jpeg_quality), OR_OPTIONS, "JPEG quality(~100)"), { NULL }, }; static void register_hooks(apr_pool_t *p) { ap_register_output_filter(X_RESIZE, resize_output_filter, NULL, AP_FTYPE_CONTENT_SET); ap_hook_insert_filter(resize_insert_output_filter, NULL, NULL, APR_HOOK_FIRST); } // Dispatch list for API hooks. module AP_MODULE_DECLARE_DATA resizeimage_module = {
} dontdothat_config_rec; static void *create_dontdothat_dir_config(apr_pool_t *pool, char *dir) { dontdothat_config_rec *cfg = apr_pcalloc(pool, sizeof(*cfg)); cfg->base_path = dir; cfg->no_replay = 1; return cfg; } static const command_rec dontdothat_cmds[] = { AP_INIT_TAKE1("DontDoThatConfigFile", ap_set_file_slot, (void *) APR_OFFSETOF(dontdothat_config_rec, config_file), OR_ALL, "Text file containing actions to take for specific requests"), AP_INIT_FLAG("DontDoThatDisallowReplay", ap_set_flag_slot, (void *) APR_OFFSETOF(dontdothat_config_rec, no_replay), OR_ALL, "Disallow replay requests as if they are other recursive requests."), { NULL } }; typedef enum parse_state_t { STATE_BEGINNING, STATE_IN_UPDATE, STATE_IN_SRC_PATH, STATE_IN_DST_PATH, STATE_IN_RECURSIVE } parse_state_t;
conf->nAuth_memCookie_MatchIP_Mode = 1; } else if ((strcasecmp("2", p1) == 0) || (strcasecmp("Via", p1) == 0)) { conf->nAuth_memCookie_MatchIP_Mode = 2; } else if ((strcasecmp("3", p1) == 0) || (strcasecmp("RemoteIP", p1) == 0)) { conf->nAuth_memCookie_MatchIP_Mode = 3; } else { conf->nAuth_memCookie_MatchIP_Mode = 0; } return NULL; } /* apache config fonction of the module */ static const command_rec Auth_memCookie_cmds[] = { AP_INIT_TAKE1("Auth_memCookie_Memcached_AddrPort", ap_set_string_slot, (void *)APR_OFFSETOF(strAuth_memCookie_config_rec, szAuth_memCookie_memCached_addr), OR_AUTHCFG, "ip or host adressei(s) and port (':' separated) of memcache(s) daemon to be used, coma separated"), AP_INIT_TAKE1("Auth_memCookie_SessionTableSize", ap_set_int_slot, (void *)APR_OFFSETOF(strAuth_memCookie_config_rec, nAuth_memCookie_SessionTableSize), OR_AUTHCFG, "Max number of element in session information table. 10 by default"), AP_INIT_FLAG ("Auth_memCookie_SetSessionHTTPHeader", ap_set_flag_slot, (void *)APR_OFFSETOF(strAuth_memCookie_config_rec, nAuth_memCookie_SetSessionHTTPHeader), OR_AUTHCFG, "Set to 'yes' to set session information to http header of the authenticated users, no by default"), AP_INIT_TAKE1("Auth_memCookie_CookieName", ap_set_string_slot, (void *)APR_OFFSETOF(strAuth_memCookie_config_rec, szAuth_memCookie_CookieName), OR_AUTHCFG, "Name of cookie to set"), AP_INIT_TAKE1 ( "Auth_memCookie_MatchIP_Mode", cmd_MatchIP_Mode, NULL, OR_AUTHCFG, "To check cookie ip adresse, Set to '1' to use 'X-Forwarded-For' http header, to '2' to use 'Via' http header, and to '3' to use apache remote_ip. set to '0' by default to desactivate the ip check."), AP_INIT_FLAG ("Auth_memCookie_Authoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(strAuth_memCookie_config_rec, nAuth_memCookie_Authoritative),
AP_INIT_TAKE1("MOD_BUT_COOKIE_EXPIRATION", mod_but_set_cookie_expiration, NULL, RSRC_CONF, "Configure mod_but Cookie Expiration Time"), AP_INIT_FLAG("MOD_BUT_COOKIE_SECURE", mod_but_set_cookie_secure, NULL, RSRC_CONF, "Configure mod_but Cookie Secure Flag"), AP_INIT_FLAG("MOD_BUT_COOKIE_HTTPONLY", mod_but_set_cookie_httponly, NULL, RSRC_CONF, "Configure mod_but HTTPOnly Flag"), AP_INIT_TAKE1("MOD_BUT_SESSION_FREE_URL", mod_but_set_session_free_url, NULL, RSRC_CONF, "Configure mod_but free URL's"), AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT", mod_but_set_session_timeout, NULL, RSRC_CONF, "Configure session timeout"), AP_INIT_TAKE1("MOD_BUT_SESSION_HACKING_ATTEMPT_URL", mod_but_set_session_hacking_attempt_url, NULL, RSRC_CONF, "Configure session timeout URL"), AP_INIT_TAKE1("MOD_BUT_SESSION_INACTIVITY_TIMEOUT", mod_but_set_session_inactivity_timeout, NULL, RSRC_CONF, "Configure session inactivity timeout"), AP_INIT_TAKE1("MOD_BUT_SESSION_INACTIVITY_TIMEOUT_URL", mod_but_set_session_inactivity_timeout_url, NULL, RSRC_CONF, "Configure session inactivity timeout URL"), AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT_URL", mod_but_set_session_expired_url, NULL, RSRC_CONF, "Configure session expired URL"), AP_INIT_TAKE1("MOD_BUT_SESSION_RENEW_URL", mod_but_set_session_renew_url, NULL, RSRC_CONF, "Configure session renew URL"), AP_INIT_TAKE1("MOD_BUT_ALL_SHM_SPACE_USED_URL", mod_but_set_all_shm_used_url, NULL, RSRC_CONF, "Configure No more SHM URL"), AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT_HISTORY", mod_but_set_session_timeout_history, NULL, RSRC_CONF, "Configure session timeout history"), AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY", mod_but_set_session_destroy, NULL, RSRC_CONF, "Configure session destroy URI"), AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY_URL", mod_but_set_session_destroy_url, NULL, RSRC_CONF, "Configure session destroy URL"), AP_INIT_FLAG("MOD_BUT_AUTHORIZATION_ENABLED", mod_but_authorization_enabled_on, NULL, RSRC_CONF, "Authorization is enabled"), AP_INIT_TAKE1("MOD_BUT_LOGON_SERVER_URL", ap_set_string_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_server_url), OR_ALL, "Per Dir Config"), AP_INIT_TAKE1("MOD_BUT_LOGON_REQUIRED", ap_set_string_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_required), OR_ALL, "Per Dir Config"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL", mod_but_global_logon_server_url, NULL, RSRC_CONF, "Configure Global Logon Server URL"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_1", mod_but_global_logon_server_url_1, NULL, RSRC_CONF, "Configure Global Logon Server URL 1"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_2", mod_but_global_logon_server_url_2, NULL, RSRC_CONF, "Configure Global Logon Server URL 2"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_NAME", mod_but_global_logon_auth_cookie_name, NULL, RSRC_CONF, "Configure Global Logon Cookie Name"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_VALUE", mod_but_global_logon_auth_cookie_value, NULL, RSRC_CONF, "Configure Global Logon Cookie Value"), AP_INIT_TAKE1("MOD_BUT_SESSION_STORE_FREE_COOKIES", mod_but_set_session_store_free_cookies, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"), AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_NAME", mod_but_set_service_list_cookie_name, NULL, RSRC_CONF, "Configure Service List Cookie Name"), AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_VALUE", mod_but_set_service_list_cookie_value, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"), AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_AUTH_ERROR_URL", mod_but_set_service_list_error_url, NULL, RSRC_CONF, "Configure error page, if the user is not authorized for a specific request"), AP_INIT_FLAG("MOD_BUT_SERVICE_LIST_ENABLED", mod_but_service_list_enabled_on, NULL, RSRC_CONF, "mod_but service list enabled"), AP_INIT_TAKE1("MOD_BUT_AUTHORIZED_LOGON_URL", mod_but_set_authorized_logon_url, NULL, RSRC_CONF, "Configure regexp url, from where you accept logon cookies"), AP_INIT_TAKE1("MOD_BUT_LOCATION_ID", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_location_id), OR_ALL, "LOCATION_ID Per Dir Config"), AP_INIT_TAKE1("MOD_BUT_AUTH_STRENGTH", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_auth_strength), OR_ALL, "AUTH STRENGTH Per Dir Config"), {NULL}
dbd_prepare = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare); if (dbd_prepare == NULL) { return "You must load mod_dbd to enable AuthzDBD functions"; } dbd_handle = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire); } label = apr_psprintf(cmd->pool, "authz_dbd_%d", ++label_num); dbd_prepare(cmd->server, query, label); /* save the label here for our own use */ return ap_set_string_slot(cmd, cfg, label); } static const command_rec authz_dbd_cmds[] = { AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot, (void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF, "Whether to redirect to referer on successful login"), AP_INIT_TAKE1("AuthzDBDQuery", authz_dbd_prepare, (void*)APR_OFFSETOF(authz_dbd_cfg, query), ACCESS_CONF, "SQL query for DBD Authz or login"), AP_INIT_TAKE1("AuthzDBDRedirectQuery", authz_dbd_prepare, (void*)APR_OFFSETOF(authz_dbd_cfg, redir_query), ACCESS_CONF, "SQL query to get per-user redirect URL after login"), {NULL} }; static int authz_dbd_login(request_rec *r, authz_dbd_cfg *cfg, const char *action) { int rv; const char *newuri = NULL;
status = atoi(arg1); if (!ap_is_HTTP_REDIRECT(status)) { return "DirectoryIndexRedirect only accepts values between 300 and 399"; } } else { return "DirectoryIndexRedirect ON|OFF|permanent|temp|seeother|3xx"; } d->redirect_index = status; return NULL; } static const command_rec dir_cmds[] = { AP_INIT_TAKE1("FallbackResource", ap_set_string_slot, (void*)APR_OFFSETOF(dir_config_rec, dflt), DIR_CMD_PERMS, "Set a default handler"), AP_INIT_RAW_ARGS("DirectoryIndex", add_index, NULL, DIR_CMD_PERMS, "a list of file names"), AP_INIT_FLAG("DirectorySlash", configure_slash, NULL, DIR_CMD_PERMS, "On or Off"), AP_INIT_TAKE1("DirectoryIndexRedirect", configure_redirect, NULL, DIR_CMD_PERMS, "On, Off, or a 3xx status code."), {NULL} }; static void *create_dir_config(apr_pool_t *p, char *dummy) { dir_config_rec *new = apr_pcalloc(p, sizeof(dir_config_rec));
// If 'redirect' is foo/bar, then redirect to it. If it is // foo/bar/%s, then replace the %s with r->uri. static void compose_and_set_redirect(request_rec *r, const char* redirect) { char* composed_redirect = NULL; char* encoded_uri = NULL; if (ap_strstr_c(redirect, "%s")) { encoded_uri = apreq_escape(r->pool, r->unparsed_uri, strlen(r->unparsed_uri)); composed_redirect = apr_psprintf(r->pool, redirect, r->unparsed_uri); } apr_table_setn(r->headers_out, "Location", composed_redirect ? composed_redirect : redirect); } static const command_rec cookie_auth_cmds[] = { AP_INIT_TAKE1("AuthCookieName", ap_set_string_slot, (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_cookie), OR_AUTHCFG, "auth cookie name"), AP_INIT_TAKE1("AuthCookieEnv", ap_set_string_slot, (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_env), OR_AUTHCFG, "environment variable name for optional auxiliary auth info"), AP_INIT_TAKE1("AuthCookieEnvRedirect", ap_set_string_slot, (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_env_redirect), OR_AUTHCFG, "path to redirect to if optional auxiliary auth info is missing in cookie"), AP_INIT_TAKE1("AuthCookieUnauthRedirect", ap_set_string_slot, (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_unauth_redirect), OR_AUTHCFG, "path to redirect to if authentication cookie is not set"), AP_INIT_TAKE1("AuthCookieEncrypt", ap_set_string_slot, (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_encrypt), OR_AUTHCFG, "secret key used to DES-encrypt the cookie"), AP_INIT_FLAG("AuthCookieOverride", ap_set_flag_slot, (void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_override),
AP_INIT_FLAG( "MOD_BUT_COOKIE_HTTPONLY", but_config_cookie_httponly, NULL, RSRC_CONF, "Configure mod_but HTTPOnly Flag"), AP_INIT_TAKE1("MOD_BUT_SESSION_FREE_URL", but_config_session_free_url, NULL, RSRC_CONF, "Configure mod_but free URL's"), AP_INIT_TAKE1("MOD_BUT_SESSION_HARD_TIMEOUT", but_config_session_hard_timeout, NULL, RSRC_CONF, "Configure session hard timeout"), AP_INIT_TAKE1("MOD_BUT_SESSION_INACTIVITY_TIMEOUT", but_config_session_inactivity_timeout, NULL, RSRC_CONF, "Configure session inactivity timeout"), AP_INIT_TAKE1("MOD_BUT_SESSION_TIMEOUT_URL", but_config_session_expired_url, NULL, RSRC_CONF, "Configure session expired URL"), AP_INIT_TAKE1("MOD_BUT_SESSION_RENEW_URL", but_config_session_renew_url, NULL, RSRC_CONF, "Configure session renew URL"), AP_INIT_TAKE1("MOD_BUT_ALL_SHM_SPACE_USED_URL", but_config_all_shm_used_url, NULL, RSRC_CONF, "Configure No more SHM URL"), AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY", but_config_session_destroy, NULL, RSRC_CONF, "Configure session destroy URI"), AP_INIT_TAKE1("MOD_BUT_SESSION_DESTROY_URL", but_config_session_destroy_url, NULL, RSRC_CONF, "Configure session destroy URL"), AP_INIT_FLAG( "MOD_BUT_AUTHORIZATION_ENABLED", but_config_authorization_enabled_on, NULL, RSRC_CONF, "Authorization is enabled"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL", but_config_global_logon_server_url, NULL, RSRC_CONF, "Configure Global Logon Server URL"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_1", but_config_global_logon_server_url_1, NULL, RSRC_CONF, "Configure Global Logon Server URL 1"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_SERVER_URL_2", but_config_global_logon_server_url_2, NULL, RSRC_CONF, "Configure Global Logon Server URL 2"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_NAME", but_config_global_logon_auth_cookie_name, NULL, RSRC_CONF, "Configure Global Logon Cookie Name"), AP_INIT_TAKE1("MOD_BUT_GLOBAL_LOGON_AUTH_COOKIE_VALUE", but_config_global_logon_auth_cookie_value, NULL, RSRC_CONF, "Configure Global Logon Cookie Value"), AP_INIT_TAKE1("MOD_BUT_SESSION_STORE_FREE_COOKIES", but_config_session_store_free_cookies, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"), AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_NAME", but_config_service_list_cookie_name, NULL, RSRC_CONF, "Configure Service List Cookie Name"), AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_COOKIE_VALUE", but_config_service_list_cookie_value, NULL, RSRC_CONF, "Configure Cookies, which are not handled by the session store"), AP_INIT_TAKE1("MOD_BUT_SERVICE_LIST_AUTH_ERROR_URL", but_config_service_list_error_url, NULL, RSRC_CONF, "Configure error page, if the user is not authorized for a specific request"), AP_INIT_FLAG( "MOD_BUT_SERVICE_LIST_ENABLED", but_config_service_list_enabled, NULL, RSRC_CONF, "mod_but service list enabled"), AP_INIT_TAKE1("MOD_BUT_AUTHORIZED_LOGON_URL", but_config_authorized_logon_url, NULL, RSRC_CONF, "Configure regexp url, from where you accept logon cookies"), AP_INIT_TAKE1("MOD_BUT_URL_AFTER_RENEW", but_config_url_after_renew, NULL, RSRC_CONF, "Configure url after the session is renewed"), /* per directory/location configuration */ AP_INIT_TAKE1("MOD_BUT_LOGON_SERVER_URL", ap_set_string_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_server_url), OR_ALL, "Logon server relative URL for this directory"), AP_INIT_FLAG( "MOD_BUT_LOGON_REQUIRED", ap_set_flag_slot, (void*)APR_OFFSETOF(mod_but_dir_t, logon_required), OR_ALL, "Logon requred for this directory?"), AP_INIT_TAKE1("MOD_BUT_LOCATION_ID", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_location_id), OR_ALL, "Unique location ID for this directory"), AP_INIT_TAKE1("MOD_BUT_AUTH_STRENGTH", ap_set_int_slot, (void*)APR_OFFSETOF(mod_but_dir_t, mod_but_auth_strength), OR_ALL, "Authentication strength required for this directory"), { NULL } };
} else { conf->sendfile = arg; } return NULL; } static const command_rec scgi_cmds[] = { AP_INIT_TAKE1("ProxySCGISendfile", scgi_set_send_file, NULL, RSRC_CONF|ACCESS_CONF, "The name of the X-Sendfile peudo response header or " "On or Off"), AP_INIT_FLAG("ProxySCGIInternalRedirect", ap_set_flag_slot, (void*)APR_OFFSETOF(scgi_config, internal_redirect), RSRC_CONF|ACCESS_CONF, "Off if internal redirect responses should not be accepted"), {NULL} }; static void register_hooks(apr_pool_t *p) { proxy_hook_scheme_handler(scgi_handler, NULL, NULL, APR_HOOK_FIRST); proxy_hook_canon_handler(scgi_canon, NULL, NULL, APR_HOOK_FIRST); APR_OPTIONAL_HOOK(proxy, request_status, scgi_request_status, NULL, NULL, APR_HOOK_MIDDLE); }
/*===========================================================================*/ static css_selector_t * s_search_selector_regexp(Doc *doc, request_rec *r, apr_pool_t *pool, css_stylesheet_t *stylesheet, const char *pattern_str1, const char *pattern_str2, Node *node) { Node *node_sv = node; css_selector_t *ret_sel = NULL; css_selector_t *tail; css_selector_t *cur; ap_regex_t *pattern1 = chxj_ap_pregcomp(pool, pattern_str1, AP_REG_EXTENDED|AP_REG_ICASE); ap_regex_t *pattern2 = chxj_ap_pregcomp(pool, pattern_str2, AP_REG_EXTENDED|AP_REG_ICASE); ap_regex_t *pattern3 = chxj_ap_pregcomp(pool, "^.*([>+ ])([^>+ ]+?)$", AP_REG_EXTENDED|AP_REG_ICASE); ap_regex_t *pattern4 = chxj_ap_pregcomp(pool, "^([^.#]+?)?(\\.[^#]+?)?(#.+?)?$", AP_REG_EXTENDED|AP_REG_ICASE); tail = (css_selector_t *)((apr_size_t)stylesheet->selector_head.ref - (apr_size_t)APR_OFFSETOF(css_selector_t, next)); for (cur = tail; cur != &stylesheet->selector_head; cur = (css_selector_t *)((apr_size_t)cur->ref - (apr_size_t)APR_OFFSETOF(css_selector_t, next))) { ap_regmatch_t match[256]; if (chxj_ap_regexec(pattern1, cur->name, pattern1->re_nsub + 1, match, 0) == 0) { ret_sel = cur; goto end_of_search; } else if (chxj_ap_regexec(pattern2, cur->name, pattern2->re_nsub + 1, match, 0) == 0) { char *src = apr_pstrdup(pool, cur->name); char *one = chxj_ap_pregsub(pool, "$1",src, pattern2->re_nsub + 1, match); int loop = 0; do { *strrchr(src, *one) = 0; switch (*one) { case '>': /* Child selectors */ if (chxj_ap_regexec(pattern3, src, pattern3->re_nsub + 1, match, 0) == 0) { one = chxj_ap_pregsub(pool, "$1",src, pattern3->re_nsub + 1, match); char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, strrchr(src, *one)+1, pattern4, node->parent); if (ret) { node = node->parent; loop = 1; } } else { char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, src, pattern4, node->parent); if (ret) { ret_sel = cur; goto end_of_search; } loop = 0; } break; case '+': /* Adjacent sibling selectors */ if (chxj_ap_regexec(pattern3, src, pattern3->re_nsub + 1, match, 0) == 0) { one = chxj_ap_pregsub(pool, "$1",src, pattern3->re_nsub + 1, match); char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, strrchr(src, *one)+1, pattern4, node->prev); if (ret) { loop = 1; node = node->prev; break; } } else { if (! node->prev) { ret_sel = NULL; goto end_of_search; } char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, src, pattern4, node->prev); if (ret) { ret_sel = cur; goto end_of_search; } } break; case ' ': /* Descendant selectors */ if (chxj_ap_regexec(pattern3, src, pattern3->re_nsub + 1, match, 0) == 0) { one = chxj_ap_pregsub(pool, "$1",src, pattern3->re_nsub + 1, match); for (; node && node->parent; node = node->parent) { if (strcasecmp(node->name, "ROOT") == 0 || strcasecmp(node->parent->name, "ROOT") == 0) { loop = 0; break; } char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, strrchr(src, *one)+1, pattern4, node->parent); if (ret) { loop = 1; node = node->parent; break; } } } else { for (; node && node->parent; node = node->parent) { if (strcasecmp(node->name, "ROOT") == 0 || strcasecmp(node->parent->name, "ROOT") == 0) { loop = 0; break; } char *ret = s_cmp_now_node_vs_current_style(doc, r, pool, src, pattern4, node->parent); if (ret) { ret_sel = cur; goto end_of_search; } } } break; default: loop = 0; } } while(loop); node = node_sv; } } end_of_search: chxj_ap_pregfree(pool, pattern1); chxj_ap_pregfree(pool, pattern2); chxj_ap_pregfree(pool, pattern3); chxj_ap_pregfree(pool, pattern4); return ret_sel; }
static void authn_yubikey_register_hooks(apr_pool_t *p) { //static const char *const aszSucc[] = { "mod_authz_user.c", NULL }; //ap_hook_auth_checker(authz_check_yubi_user, NULL, aszSucc, APR_HOOK_MIDDLE); /* No content handler for this one */ //ap_hook_handler(authn_yubikey_handler, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_header_parser(checkInitial, NULL, NULL, APR_HOOK_MIDDLE); ap_register_provider(p, AUTHN_PROVIDER_GROUP, "yubikey", "0", &authn_yubikey_provider); ap_hook_post_config(init_mod_yk, NULL, NULL, APR_HOOK_MIDDLE); } static const command_rec authn_yubikey_cmds[] = { AP_INIT_TAKE1("AuthYubiKeyTmpFile", ap_set_file_slot, (void*) APR_OFFSETOF(yubiauth_dir_cfg, tmpAuthDbFilename), ACCESS_CONF, "The temporary filename for authenticated users"), AP_INIT_TAKE1("AuthYubiKeyUserFile", ap_set_file_slot, (void*) APR_OFFSETOF(yubiauth_dir_cfg, userAuthDbFilename), ACCESS_CONF, "The filename for allowed users"), AP_INIT_TAKE1("AuthYubiKeyTimeout", ap_set_int_slot, (void*) APR_OFFSETOF(yubiauth_dir_cfg, timeoutSeconds), ACCESS_CONF, "The timeout when users have to reauthenticate (Default 43200 seconds [12h])"), AP_INIT_TAKE1("AuthYkValidationProtocol", ap_set_string_slot, (void*) APR_OFFSETOF(yubiauth_dir_cfg, validationProtocol), ACCESS_CONF, "The protocol of the URL of the location where the key can be" \ "authenticated"), AP_INIT_TAKE1("AuthYkValidationHost", ap_set_string_slot, (void*) APR_OFFSETOF(yubiauth_dir_cfg, validationHost), ACCESS_CONF, "The host of the URL of the location where the key can be" \ "authenticated"),
while (last->next) { last = last->next; } last->next = newp; } return NULL; } static const command_rec auth_basic_cmds[] = { AP_INIT_ITERATE("AuthBasicProvider", add_authn_provider, NULL, OR_AUTHCFG, "specify the auth providers for a directory or location"), AP_INIT_FLAG("AuthBasicAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(auth_basic_config_rec, authoritative), OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " "lower modules if the UserID is not known to this module"), {NULL} }; module AP_MODULE_DECLARE_DATA auth_basic_module; /* These functions return 0 if client is OK, and proper error status * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we * couldn't figure out how to tell if the client is authorized or not. * * If they return DECLINED, and all other modules also decline, that's * treated by the server core as a configuration error, logged and
} static const char *set_auth_slot(cmd_parms *cmd, void *offset, const char *f, const char *t) { if (t && strcmp(t, "standard")) { return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); } return ap_set_file_slot(cmd, offset, f); } static const command_rec auth_cmds[] = { AP_INIT_TAKE12("AuthUserFile", set_auth_slot, (void *)APR_OFFSETOF(auth_config_rec, auth_pwfile), OR_AUTHCFG, "text file containing user IDs and passwords"), AP_INIT_TAKE12("AuthGroupFile", set_auth_slot, (void *)APR_OFFSETOF(auth_config_rec, auth_grpfile), OR_AUTHCFG, "text file containing group names and member user IDs"), AP_INIT_FLAG("AuthAuthoritative", ap_set_flag_slot, (void *)APR_OFFSETOF(auth_config_rec, auth_authoritative), OR_AUTHCFG, "Set to 'no' to allow access control to be passed along to " "lower modules if the UserID is not known to this module"), {NULL} }; module AP_MODULE_DECLARE_DATA auth_module;