#endif
static const command_rec privileges_cmds[] = {
AP_INIT_TAKE1("VHostUser", vhost_user, NULL, RSRC_CONF,
"Userid under which the virtualhost will run"),
AP_INIT_TAKE1("VHostGroup", vhost_group, NULL, RSRC_CONF,
"Group under which the virtualhost will run"),
AP_INIT_FLAG("VHostSecure", vhost_secure, NULL, RSRC_CONF,
"Run in enhanced security mode (default ON)"),
AP_INIT_TAKE1("VHostCGIMode", vhost_cgimode, NULL, RSRC_CONF,
"Enable fork+exec for this virtualhost (Off|Secure|On)"),
AP_INIT_FLAG("DTracePrivileges", dtraceenable, NULL, RSRC_CONF,
"Enable DTrace"),
AP_INIT_TAKE1("PrivilegesMode", privs_mode, NULL, RSRC_CONF|ACCESS_CONF,
"tradeoff performance vs security (fast or secure)"),
#ifdef BIG_SECURITY_HOLE
AP_INIT_ITERATE("VHostPrivs", vhost_privs, NULL, RSRC_CONF,
"Privileges available in the (virtual) server"),
AP_INIT_ITERATE("VHostCGIPrivs", vhost_cgiprivs, NULL, RSRC_CONF,
"Privileges available to external programs"),
#endif
{NULL}
};
AP_DECLARE_MODULE(privileges) = {
STANDARD20_MODULE_STUFF,
privileges_create_dir_cfg,
privileges_merge_dir_cfg,
privileges_create_cfg,
privileges_merge_cfg,
privileges_cmds,
privileges_hooks
};
return NULL;
}
#endif /* NO_DLOPEN */
static void register_hooks(apr_pool_t *p)
{
#ifndef NO_DLOPEN
APR_REGISTER_OPTIONAL_FN(ap_find_loaded_module_symbol);
ap_hook_test_config(dump_loaded_modules, NULL, NULL, APR_HOOK_MIDDLE);
#endif
}
static const command_rec so_cmds[] = {
AP_INIT_TAKE2("LoadModule", load_module, NULL, RSRC_CONF | EXEC_ON_READ,
"a module name and the name of a shared object file to load it from"),
AP_INIT_ITERATE("LoadFile", load_file, NULL, RSRC_CONF | EXEC_ON_READ,
"shared object file or library to load into the server at runtime"),
{ NULL }
};
module AP_MODULE_DECLARE_DATA so_module = {
STANDARD20_MODULE_STUFF,
NULL, /* create per-dir config */
NULL, /* merge per-dir config */
so_sconf_create, /* server config */
NULL, /* merge server config */
so_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};
geoip_use_first_non_private_x_forwarded_for_ip, NULL,
RSRC_CONF,
"For more IP's in X-Forwarded-For, use the first non private IP"),
AP_INIT_FLAG("GeoIPUseFirstXForwardedForIP",
geoip_use_first_x_forwarded_for_ip, NULL, RSRC_CONF,
"For more IP's in X-Forwarded-For, use the first"),
AP_INIT_FLAG("GeoIPUseLastXForwardedForIP",
geoip_use_last_x_forwarded_for_ip, NULL, RSRC_CONF,
"For more IP's in X-Forwarded-For, use the last"),
AP_INIT_FLAG("GeoIPEnable", set_geoip_enable, NULL,
RSRC_CONF | OR_FILEINFO, "Turn on mod_geoip"),
AP_INIT_FLAG("GeoIPEnableUTF8", set_geoip_enable_utf8, NULL, RSRC_CONF,
"Turn on utf8 characters for city names"),
AP_INIT_TAKE12("GeoIPDBFile", set_geoip_filename, NULL, RSRC_CONF,
"Path to GeoIP Data File"),
AP_INIT_ITERATE("GeoIPOutput", set_geoip_output_mode, NULL, RSRC_CONF,
"Specify output method(s)"),
{NULL}
};
static void geoip_register_hooks(apr_pool_t * p)
{
/* make sure we run before mod_rewrite's handler */
static const char *const aszSucc[] =
{ "mod_setenvif.c", "mod_rewrite.c", NULL };
/* we have two entry points, the header_parser hook, right before
* the authentication hook used for Dirctory specific enabled geoiplookups
* or right before directory rewrite rules.
*/
ap_hook_header_parser(geoip_per_dir, NULL, aszSucc, APR_HOOK_FIRST);
NULL,
RSRC_CONF | ACCESS_CONF | OR_FILEINFO,
"Enable/Disable the Triger output filter"),
AP_INIT_FLAG("TrigerInherit",
set_inherit,
NULL,
RSRC_CONF | ACCESS_CONF | OR_FILEINFO,
"Inherit main server configurations or not. Only affect TrigerContentType, TrigerHTML, and TrigerCheckLength."),
AP_INIT_FLAG("TrigerFullCheck",
set_full_chk,
NULL,
RSRC_CONF | ACCESS_CONF | OR_FILEINFO,
"Search each data bucket while no more than TrigerCheckLength, default is only check the first and last data buckets."),
AP_INIT_ITERATE("TrigerContentType",
set_ctypes,
NULL,
RSRC_CONF | ACCESS_CONF | OR_FILEINFO,
"Which types response that we will inject our HTML fragment, default are 'text/html' and 'application/xhtml+xml'."),
AP_INIT_TAKE1("TrigerHTML",
set_js,
NULL,
RSRC_CONF | ACCESS_CONF | OR_FILEINFO,
"HTML fragment that Triger will insert into responses bodies after <head> tag or before </body> tag, or simple at the end if neither tags found."),
AP_INIT_TAKE1("TrigerCheckLength",
set_chk_len,
NULL,
RSRC_CONF | ACCESS_CONF | OR_FILEINFO,
"How long contents we check to find tags so we know where to innsert our js coedes, f.g., <head> and </body>. Default is 256."),
{
NULL}
};
(void *)APR_OFFSETOF(logsql_state, cookie_table_name), RSRC_CONF,
"The database table that holds the cookie info")
,
/* Log format */
AP_INIT_TAKE1("LogSQLTransferLogFormat", set_logformat_slot,
NULL, RSRC_CONF,
"Instruct the module what information to log to the database transfer log")
,
/* Machine ID */
AP_INIT_TAKE1("LogSQLMachineID", set_global_string_slot,
(void *)APR_OFFSETOF(global_config_t, machid), RSRC_CONF,
"Machine ID that the module will log, useful in web clusters to differentiate machines")
,
/* Limits on logging */
AP_INIT_ITERATE("LogSQLRequestAccept", add_server_string_slot,
(void *)APR_OFFSETOF(logsql_state, transfer_accept_list), RSRC_CONF,
"List of URIs to accept for logging. Accesses that don't match will not be logged")
,
AP_INIT_ITERATE("LogSQLRequestIgnore", add_server_string_slot,
(void *)APR_OFFSETOF(logsql_state, transfer_ignore_list), RSRC_CONF,
"List of URIs to ignore. Accesses that match will not be logged to database")
,
AP_INIT_ITERATE("LogSQLRemhostIgnore", add_server_string_slot,
(void *)APR_OFFSETOF(logsql_state, remhost_ignore_list), RSRC_CONF,
"List of remote hosts to ignore. Accesses that match will not be logged to database")
,
/* Special loggin table configuration */
AP_INIT_TAKE1("LogSQLWhichCookie", set_server_string_slot,
(void *)APR_OFFSETOF(logsql_state, cookie_name), RSRC_CONF,
"The single cookie that you want logged in the access_log when using the 'c' config directive")
,
else if (add->chain) {
conf->chain = add->chain;
}
else {
conf->chain = base->chain;
}
return conf;
}
static const command_rec filter_cmds[] = {
AP_INIT_TAKE12("FilterDeclare", filter_declare, NULL, OR_OPTIONS,
"filter-name [filter-type]"),
AP_INIT_TAKE3("FilterProvider", filter_provider, NULL, OR_OPTIONS,
"filter-name provider-name match-expression"),
AP_INIT_ITERATE("FilterChain", filter_chain, NULL, OR_OPTIONS,
"list of filter names with optional [+-=!@]"),
AP_INIT_TAKE2("FilterTrace", filter_debug, NULL, RSRC_CONF | ACCESS_CONF,
"filter-name debug-level"),
AP_INIT_TAKE_ARGV("AddOutputFilterByType", filter_bytype, NULL, OR_FILEINFO,
"output filter name followed by one or more content-types"),
#ifndef NO_PROTOCOL
AP_INIT_TAKE23("FilterProtocol", filter_protocol, NULL, OR_OPTIONS,
"filter-name [provider-name] protocol-args"),
#endif
{ NULL }
};
AP_DECLARE_MODULE(filter) = {
STANDARD20_MODULE_STUFF,
filter_config,
filter_merge,
AP_INIT_TAKE1("QS2CookieDomain", set_config_value, NULL, OR_FILEINFO,
"domain to which this cookie applies"),
AP_INIT_TAKE1("QS2CookieMaxSize", set_config_value, NULL, OR_FILEINFO,
"maximum size to allow for all the key/value pairs in this request"),
AP_INIT_TAKE1("QS2CookiePrefix", set_config_value, NULL, OR_FILEINFO,
"prefix all cookie keys with this string"),
AP_INIT_TAKE1("QS2CookieName", set_config_value, NULL, OR_FILEINFO,
"this will be the cookie name, unless QS2CookieNameFrom is set"),
AP_INIT_TAKE1("QS2CookieNameFrom", set_config_value, NULL, OR_FILEINFO,
"the cookie name will come from this query paramater"),
AP_INIT_TAKE1("QS2CookiePairDelimiter", set_config_value, NULL, OR_FILEINFO,
"pairs of key/values will be delimited by this character"),
AP_INIT_TAKE1("QS2CookieKeyValueDelimiter",
set_config_value, NULL, OR_FILEINFO,
"key and value will be delimited by this character"),
AP_INIT_ITERATE( "QS2CookieIgnore", set_config_value, NULL, OR_FILEINFO,
"list of query string keys that will not be set in the cookie" ),
{NULL}
};
/* ********************************************
Register module to Apache
******************************************** */
static void register_hooks(apr_pool_t *p)
{ /* code gets skipped if modules return a status code from
their fixup hooks, so be sure to run REALLY first. See:
http://svn.apache.org/viewvc?view=revision&revision=1154620
*/
ap_hook_fixups( hook, NULL, NULL, APR_HOOK_REALLY_FIRST );
ap_lingering_close(backconn);
c->aborted = 1;
c->keepalive = AP_CONN_CLOSE;
return OK;
}
static void ap_proxy_connect_register_hook(apr_pool_t *p)
{
proxy_hook_scheme_handler(proxy_connect_handler, NULL, NULL, APR_HOOK_MIDDLE);
proxy_hook_canon_handler(proxy_connect_canon, NULL, NULL, APR_HOOK_MIDDLE);
}
static const command_rec cmds[] =
{
AP_INIT_ITERATE("AllowCONNECT", set_allowed_ports, NULL, RSRC_CONF,
"A list of ports or port ranges which CONNECT may connect to"),
{NULL}
};
AP_DECLARE_MODULE(proxy_connect) = {
STANDARD20_MODULE_STUFF,
NULL, /* create per-directory config structure */
NULL, /* merge per-directory config structures */
create_config, /* create per-server config structure */
merge_config, /* merge per-server config structures */
cmds, /* command apr_table_t */
ap_proxy_connect_register_hook /* register hooks */
};
"name of the header to use for the client IP"),
AP_INIT_FLAG( "CookieTracking", set_config_enable, NULL, OR_FILEINFO,
"whether or not to enable cookies"),
AP_INIT_FLAG( "CookieSendHeader", set_config_enable, NULL, OR_FILEINFO,
"whether or not to enable cookies"),
AP_INIT_TAKE1("CookieHeaderName", set_config_value, NULL, OR_FILEINFO,
"name of the incoming/outgoing header to set to the cookie value"),
AP_INIT_TAKE1("CookieNoteName", set_config_value, NULL, OR_FILEINFO,
"name of the note to set to for the Apache logs"),
AP_INIT_TAKE1("CookieDNTValue", set_config_value, NULL, OR_FILEINFO,
"value to use when setting a DNT cookie"),
AP_INIT_FLAG( "CookieSetDNTCookie", set_config_enable, NULL, OR_FILEINFO,
"whether or not to set a DNT cookie if the DNT header is present"),
AP_INIT_FLAG( "CookieDNTComply", set_config_enable, NULL, OR_FILEINFO,
"whether or not to comply with browser Do Not Track settings"),
AP_INIT_ITERATE( "CookieDNTExempt", set_config_value, NULL, OR_FILEINFO,
"list of cookie values that will not be changed to DNT" ),
{NULL}
};
static void register_hooks(apr_pool_t *p)
{ /* code gets skipped if modules return a status code from
their fixup hooks, so be sure to run REALLY first. See:
http://svn.apache.org/viewvc?view=revision&revision=1154620
*/
ap_hook_fixups( spot_cookie, NULL, NULL, APR_HOOK_REALLY_FIRST );
}
module AP_MODULE_DECLARE_DATA cookietrack_module = {
STANDARD20_MODULE_STUFF,
make_cookietrack_settings, /* dir config creater */
NULL, /* dir merger --- default is to override */
if (arg)
conf->redir_scheme = "https";
else
conf->redir_scheme = "http";
return NULL;
}
/** Command list (configuration parameters) */
static const command_rec dav_ns_cmds[] =
{
AP_INIT_TAKE1 ("NSDMLite", dav_ns_cmd_dmlite, NULL, RSRC_CONF,
"DMLite configuration file"),
AP_INIT_TAKE1 ("NSType", dav_ns_cmd_node_type, NULL, RSRC_CONF,
"Node type"),
AP_INIT_ITERATE("NSFlags", dav_ns_cmd_flags, NULL, ACCESS_CONF,
"Directory flags"),
AP_INIT_TAKE1 ("NSAnon", dav_ns_cmd_anon, NULL, ACCESS_CONF,
"Anonymous user for fallback"),
AP_INIT_TAKE1 ("NSMaxReplicas", dav_ns_cmd_replicas, NULL, ACCESS_CONF,
"Maximum number of simultaneous replicas to push into the redirect"),
AP_INIT_ITERATE("NSTrustedDNS", dav_ns_cmd_trusted, NULL, ACCESS_CONF,
"List of trusted DN"),
AP_INIT_FLAG ("NSSecureRedirect", dav_ns_secureredir, NULL, ACCESS_CONF,
"If On, https will be used. If Off, http."),
{NULL}
};
/**
* Called to initialize each children
* @param pool
* @param server
AP_INIT_TAKE1("DOSSiteInterval", get_site_interval, NULL, RSRC_CONF,
"Set site interval"),
AP_INIT_TAKE1("DOSBlockingPeriod", get_blocking_period, NULL, RSRC_CONF,
"Set blocking period for detected DoS IPs"),
AP_INIT_TAKE1("DOSEmailNotify", get_email_notify, NULL, RSRC_CONF,
"Set email notification"),
AP_INIT_TAKE1("DOSLogDir", get_log_dir, NULL, RSRC_CONF,
"Set log dir"),
AP_INIT_TAKE1("DOSSystemCommand", get_system_command, NULL, RSRC_CONF,
"Set system command on DoS"),
AP_INIT_ITERATE("DOSWhitelist", whitelist, NULL, RSRC_CONF,
"IP-addresses wildcards to whitelist"),
{ NULL }
};
static void register_hooks(apr_pool_t *p) {
ap_hook_access_checker(access_checker, NULL, NULL, APR_HOOK_MIDDLE);
apr_pool_cleanup_register(p, NULL, apr_pool_cleanup_null, destroy_hit_list);
};
module AP_MODULE_DECLARE_DATA evasive20_module =
{
STANDARD20_MODULE_STUFF,
NULL,
NULL,
create_hit_list,
static const char *webgfarm_set_basepath(cmd_parms *cmd, void *dummy, const char *arg) {
webgfarm_config *wconfig = ap_get_module_config(cmd->server->module_config, &webgfarm_module);
wconfig->basepath = arg;
wconfig->basepathlen = strlen(arg);
return NULL;
}
static const command_rec webgfarm_cmds[] = {
AP_INIT_FLAG("webgfarm", webgfarm_set_enable, NULL, RSRC_CONF, "Run webgfarm on this host"),
AP_INIT_TAKE1("webgfarmbase", webgfarm_set_basepath, NULL, RSRC_CONF, "Setting webgfarm BasePath"),
AP_INIT_FLAG("webgfarmredirectSSL", webgfarm_set_redirect_ssl, NULL, RSRC_CONF, "SSL Redirect"),
AP_INIT_FLAG("webgfarmreadredirect", webgfarm_set_read_redirect, NULL, RSRC_CONF, "Redirect Mode"),
AP_INIT_FLAG("webgfarmwriteredirect", webgfarm_set_write_redirect, NULL, RSRC_CONF, "Redirect Mode"),
AP_INIT_TAKE1("webgfarmlocalhostname", webgfarm_set_localhostname, NULL, RSRC_CONF, "Localhost name"),
AP_INIT_ITERATE("webgfarmredirectto", webgfarm_set_redirect_to, NULL, RSRC_CONF, "Redirect To[hostname:port]"), {
NULL
}
};
AP_DECLARE_MODULE(webgfarm) = {
STANDARD20_MODULE_STUFF,
NULL, /* create per-dir config structures */
NULL, /* merge per-dir config structures */
webgfarm_create_server_config, /* create per-server config structures */
NULL, /* merge per-server config structures */
webgfarm_cmds, /* table of config file commands */
webgfarm_register_hooks
};
else if (filter->mode == INPUT_FILTER) {
/* XXX need a way to ensure uniqueness among all filters */
ap_register_input_filter(filter->name, ef_input_filter, NULL, filter->ftype);
}
else {
ap_assert(1 != 1); /* we set the field wrong somehow */
}
return NULL;
}
static const command_rec cmds[] =
{
AP_INIT_ITERATE("ExtFilterOptions",
add_options,
NULL,
ACCESS_CONF, /* same as SetInputFilter/SetOutputFilter */
"valid options: DebugLevel=n, LogStderr, NoLogStderr"),
AP_INIT_RAW_ARGS("ExtFilterDefine",
define_filter,
NULL,
RSRC_CONF,
"Define an external filter"),
{NULL}
};
static int ef_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *main_s)
{
main_server = main_s;
return OK;
}
static const command_rec cmds[] =
{
AP_INIT_TAKE1("CharsetSourceEnc",
add_charset_source,
NULL,
OR_FILEINFO,
"source (html,cgi,ssi) file charset"),
AP_INIT_TAKE1("CharsetDefault",
add_charset_default,
NULL,
OR_FILEINFO,
"name of default charset"),
AP_INIT_ITERATE("CharsetOptions",
add_charset_options,
NULL,
OR_FILEINFO,
"valid options: ImplicitAdd, NoImplicitAdd, TranslateAllMimeTypes, "
"NoTranslateAllMimeTypes"),
{NULL}
};
static void charset_register_hooks(apr_pool_t *p)
{
ap_hook_fixups(find_code_page, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_insert_filter(xlate_insert_filter, NULL, NULL, APR_HOOK_REALLY_LAST);
ap_register_output_filter(XLATEOUT_FILTER_NAME, xlate_out_filter, NULL,
AP_FTYPE_RESOURCE);
ap_register_input_filter(XLATEIN_FILTER_NAME, xlate_in_filter, NULL,
AP_FTYPE_RESOURCE);
}
compile_command_flag,
NULL,
OR_FILEINFO,
"On|Off - Enable/Disable the use of PATH_INFO for compile command checking (default: Off)"
),
AP_INIT_ITERATE2(
"AddCompileCommand",
compile_command_add_extension,
NULL,
OR_FILEINFO,
"A compile command to execute (e.g., '/usr/bin/coffee -cp %s'), followed by one or more file extensions"
),
AP_INIT_ITERATE(
"RemoveCompileCommand",
compile_command_remove_extension,
NULL,
OR_FILEINFO,
"One or more file extensions"
)
};
static apr_status_t ap_compile_output_filter(ap_filter_t *filter, apr_bucket_brigade *input_brigade) {
request_rec *request = filter->r;
if ( ! request->filename) {
return ap_pass_brigade(filter->next, input_brigade);
}
const char *resource_name;
compile_config_t *directory_config = (compile_config_t*) ap_get_module_config(request->per_dir_config, &compile_module);
compile_config_t *server_config = (compile_config_t*) ap_get_module_config(request->server->module_config, &compile_module);
compile_config_t *config = compile_merge_config(request->pool, server_config, directory_config);
if (config->use_path_info) {
return apr_pstrdup(cmd->pool, msgbuf);
}
}
else { /* no slash, didn't look like an IP address => must be a host */
return "An IP address was expected";
}
return NULL;
}
/**
* Array describing structure of configuration directives
*/
static command_rec cmds[] = {
AP_INIT_FLAG("RewriteIPResetHeader", reset_header_config_cmd, NULL, RSRC_CONF, "Reset HTTP-Header in this SSL vhost?"),
AP_INIT_ITERATE("RewriteIPAllow", allow_config_cmd, NULL, RSRC_CONF, "IP-address wildcards"),
{NULL}
};
/**
* Set up startup-time initialization
*/
static int post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
{
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started");
return OK;
}
/**
* Find remote_addr in ACL
*/
// after the configuration ...
ap_hook_post_config(psm_initialize, NULL, NULL, APR_HOOK_LAST);
// before each request processing ...
ap_hook_handler(psm_input_handler, NULL, NULL, APR_HOOK_REALLY_FIRST);
// register filter and add it in a insert_filter handler
ap_register_output_filter(PSM_OUTPUT_FILTER_NAME, psm_output_filter, NULL, AP_FTYPE_RESOURCE);
ap_hook_insert_filter(psm_insert_output_filter, NULL, NULL, APR_HOOK_MIDDLE);
}
// Module's directives
const command_rec psm_directives[] =
{
AP_INIT_FLAG("PrivateStateManager", psm_set_enabled, NULL, OR_FILEINFO, "On or Off to enable or disable (default) the module."),
AP_INIT_TAKE1("PrivateStateManagerDriver", psm_set_driver, NULL, RSRC_CONF, "Driver (name) to use for private state storage."),
AP_INIT_ITERATE("PrivateStateManagerDriverParams", psm_set_driver_params, NULL, RSRC_CONF, "Driver proprietary configuration."),
{ NULL }
};
module AP_MODULE_DECLARE_DATA psm_module =
{
STANDARD20_MODULE_STUFF,
psm_config_directory_create,
psm_config_directory_merge,
psm_config_server_create,
psm_config_server_merge,
psm_directives,
psm_hooks_register
};
);
r->connection->aborted = 1;
return HTTP_INTERNAL_SERVER_ERROR;
}
return thread_status;
}
static const command_rec process_security_cmds[] = {
AP_INIT_FLAG("PSExAll", set_all_ext, NULL, ACCESS_CONF | RSRC_CONF, "Set Enable All Extensions On / Off. (default Off)"),
AP_INIT_TAKE1("PSMode", set_mode, NULL, RSRC_CONF | ACCESS_CONF, "stat only. you can custmize this code."),
AP_INIT_TAKE2("PSMinUidGid", set_minuidgid, NULL, RSRC_CONF, "Minimal uid and gid."),
AP_INIT_TAKE2("PSDefaultUidGid", set_defuidgid, NULL, RSRC_CONF, "Default uid and gid."),
AP_INIT_ITERATE("PSExtensions", set_extensions, NULL, ACCESS_CONF | RSRC_CONF, "Set Enable Extensions."),
{NULL}
};
static void register_hooks(apr_pool_t *p)
{
ap_hook_post_config(process_security_init, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_handler(process_security_handler, NULL, NULL, APR_HOOK_REALLY_FIRST);
}
module AP_MODULE_DECLARE_DATA process_security_module = {
STANDARD20_MODULE_STUFF,
create_dir_config, /* dir config creater */
NULL, /* dir merger */
}
else {
authn_provider_list *last = conf->providers;
while (last->next) {
last = last->next;
}
last->next = newp;
}
return NULL;
}
static const command_rec auth_basic_cmds[] =
{
AP_INIT_ITERATE("AuthBasicProvider", add_authn_provider, NULL, OR_AUTHCFG,
"specify the auth providers for a directory or location"),
AP_INIT_FLAG("AuthBasicAuthoritative", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_basic_config_rec, authoritative),
OR_AUTHCFG,
"Set to 'Off' to allow access control to be passed along to "
"lower modules if the UserID is not known to this module"),
{NULL}
};
module AP_MODULE_DECLARE_DATA auth_basic_module;
/* These functions return 0 if client is OK, and proper error status
* if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or
* HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we
* couldn't figure out how to tell if the client is authorized or not.
*
"AuthOpenIDDBLocation <string>"),
AP_INIT_TAKE1("AuthOpenIDLoginPage", (CMD_HAND_TYPE) set_modauthopenid_login_page, NULL, OR_AUTHCFG,
"AuthOpenIDLoginPage <url string>"),
AP_INIT_TAKE1("AuthOpenIDSSOURL", (CMD_HAND_TYPE) set_modauthopenid_sso_url, NULL, OR_AUTHCFG,
"AuthOpenIDSSOURL <url string>"),
AP_INIT_TAKE1("AuthOpenIDSSOUserBase", (CMD_HAND_TYPE) set_modauthopenid_sso_user_base, NULL, OR_AUTHCFG,
"AuthOpenIDSSOUserBase <url string>"),
AP_INIT_TAKE1("AuthOpenIDTrustRoot", (CMD_HAND_TYPE) set_modauthopenid_trust_root, NULL, OR_AUTHCFG,
"AuthOpenIDTrustRoot <trust root to use>"),
AP_INIT_TAKE1("AuthOpenIDCookieName", (CMD_HAND_TYPE) set_modauthopenid_cookie_name, NULL, OR_AUTHCFG,
"AuthOpenIDCookieName <name of cookie to use>"),
AP_INIT_TAKE1("AuthOpenIDCookiePath", (CMD_HAND_TYPE) set_modauthopenid_cookie_path, NULL, OR_AUTHCFG,
"AuthOpenIDCookiePath <path of cookie to use>"),
AP_INIT_FLAG("AuthOpenIDUseCookie", (CMD_HAND_TYPE) set_modauthopenid_usecookie, NULL, OR_AUTHCFG,
"AuthOpenIDUseCookie <On | Off> - use session auth?"),
AP_INIT_ITERATE("AuthOpenIDTrusted", (CMD_HAND_TYPE) add_modauthopenid_trusted, NULL, OR_AUTHCFG,
"AuthOpenIDTrusted <a list of trusted identity providers>"),
AP_INIT_ITERATE("AuthOpenIDDistrusted", (CMD_HAND_TYPE) add_modauthopenid_distrusted, NULL, OR_AUTHCFG,
"AuthOpenIDDistrusted <a blacklist list of identity providers>"),
AP_INIT_TAKE1("AuthOpenIDServerName", (CMD_HAND_TYPE) set_modauthopenid_server_name, NULL, OR_AUTHCFG,
"AuthOpenIDServerName <server name and port prefix>"),
AP_INIT_TAKE1("AuthOpenIDUserProgram", (CMD_HAND_TYPE) set_modauthopenid_auth_program, NULL, OR_AUTHCFG,
"AuthOpenIDUserProgram <full path to authentication program>"),
{NULL}
};
// Get the full URI of the request_rec's request location
// clean_params specifies whether or not all openid.* and modauthopenid.* params should be cleared
static void full_uri(request_rec *r, std::string& result, modauthopenid_config *s_cfg, bool clean_params=false) {
std::string hostname(r->hostname);
std::string uri(r->uri);
apr_port_t i_port = ap_get_server_port(r);
} zipread_config_rec;
static const char *zipread_addindex(cmd_parms *cmd, void *dummy, const char *arg)
{
zipread_config_rec *d = dummy;
if (!d->index_names) {
d->index_names = apr_array_make(cmd->pool, 2, sizeof(char *));
}
*(const char **)apr_array_push(d->index_names) = arg;
return NULL;
}
static const command_rec zipread_cmds[] =
{
AP_INIT_ITERATE("ZipReadDirIndex", zipread_addindex, NULL, OR_INDEXES, "a list of file names to handle as indexes"),
{ NULL }
};
// allocate new private config structure
static void *create_zipread_config(apr_pool_t *p, void *s)
{
zipread_config_rec *n = apr_pcalloc(p, sizeof(zipread_config_rec));
n->index_names = NULL;
return (void*)n;
}
// merge two private config structures
static void *merge_zipread_configs(apr_pool_t *p, void *basev, void *addv)
{
assert(basev);
{
authnz_crowd_dir_config *config = (authnz_crowd_dir_config *) mconfig;
return set_flag_once(parms, &(config->create_sso), &(config->create_sso_set), on);
}
static const command_rec commands[] =
{
AP_INIT_FLAG("AuthzCrowdAuthoritative", set_authz_crowd_authoritative, NULL, OR_AUTHCFG,
"'On' if Crowd should be considered authoritative for denying authorisation; "
"'Off' if a lower-level provider can override authorisation denial by Crowd (default = On)"),
AP_INIT_TAKE1("CrowdAppName", set_crowd_app_name, NULL, OR_AUTHCFG,
"The name of this application, as configured in Crowd"),
AP_INIT_TAKE1("CrowdAppPassword", set_crowd_app_password, NULL, OR_AUTHCFG,
"The password of this application, as configured in Crowd"),
AP_INIT_ITERATE("CrowdBasicAuthEncoding", set_crowd_basic_auth_encoding, NULL, OR_AUTHCFG,
"The list of character encodings that will be used to interpret Basic authentication credentials "
"(default is ISO-8859-1 only"),
AP_INIT_TAKE1("CrowdTimeout", set_crowd_timeout, NULL, OR_AUTHCFG,
"The maximum length of time, in seconds, to wait for a response from Crowd (default or 0 = no timeout)"),
AP_INIT_TAKE1("CrowdURL", set_crowd_url, NULL, OR_AUTHCFG, "The base URL of the Crowd server"),
AP_INIT_TAKE1("CrowdCacheMaxAge", set_crowd_cache_max_age, NULL, RSRC_CONF,
"The maximum length of time that successful results from Crowd can be cached, in seconds"
" (default = 60 seconds)"),
AP_INIT_TAKE1("CrowdCacheMaxEntries", set_crowd_cache_max_entries, NULL, RSRC_CONF,
"The maximum number of successful results from Crowd that can be cached at any time"
" (default = 500, 0 = disable cache)"),
AP_INIT_FLAG("CrowdAcceptSSO", set_crowd_accept_sso, NULL, OR_AUTHCFG,
"'On' if single-sign on cookies should be accepted; 'Off' otherwise (default = On)"),
AP_INIT_FLAG("CrowdCreateSSO", set_crowd_create_sso, NULL, OR_AUTHCFG,
"'On' if single-sign on cookies should be created; 'Off' otherwise (default = On)"),
{NULL}
AP_INIT_FLAG("GssapiSSLonly", mag_ssl_only, NULL, OR_AUTHCFG,
"Work only if connection is SSL Secured"),
AP_INIT_FLAG("GssapiLocalName", mag_map_to_local, NULL, OR_AUTHCFG,
"Translate principals to local names"),
AP_INIT_FLAG("GssapiConnectionBound", mag_conn_ctx, NULL, OR_AUTHCFG,
"Authentication is bound to the TCP connection"),
AP_INIT_FLAG("GssapiUseSessions", mag_use_sess, NULL, OR_AUTHCFG,
"Authentication uses mod_sessions to hold status"),
AP_INIT_RAW_ARGS("GssapiSessionKey", mag_sess_key, NULL, OR_AUTHCFG,
"Key Used to seal session data."),
#ifdef HAVE_GSS_ACQUIRE_CRED_FROM
AP_INIT_FLAG("GssapiUseS4U2Proxy", mag_use_s4u2p, NULL, OR_AUTHCFG,
"Initializes credentials for s4u2proxy usage"),
#endif
#ifdef HAVE_GSS_STORE_CRED_INTO
AP_INIT_ITERATE("GssapiCredStore", mag_cred_store, NULL, OR_AUTHCFG,
"Credential Store"),
AP_INIT_RAW_ARGS("GssapiDelegCcacheDir", mag_deleg_ccache_dir, NULL,
OR_AUTHCFG, "Directory to store delegated credentials"),
#endif
{ NULL }
};
static void
mag_register_hooks(apr_pool_t *p)
{
ap_hook_check_user_id(mag_auth, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_post_config(mag_post_config, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_pre_connection(mag_pre_connection, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA auth_gssapi_module =
}
conf->chroot_dir = chroot_dir;
conf->document_root = document_root;
chroot_used |= RUID_CHROOT_USED;
return NULL;
}
/* configure options in httpd.conf */
static const command_rec ruid_cmds[] = {
AP_INIT_TAKE1 ("RMode", set_mode, NULL, RSRC_CONF | ACCESS_CONF, "Set mode to config or stat (default: config)"),
AP_INIT_TAKE2 ("RUidGid", set_uidgid, NULL, RSRC_CONF | ACCESS_CONF, "Minimal uid or gid file/dir, else set[ug]id to default (User,Group)"),
AP_INIT_ITERATE ("RGroups", set_groups, NULL, RSRC_CONF | ACCESS_CONF, "Set additional groups"),
AP_INIT_TAKE2 ("RDefaultUidGid", set_defuidgid, NULL, RSRC_CONF, "If uid or gid is < than RMinUidGid set[ug]id to this uid gid"),
AP_INIT_TAKE2 ("RMinUidGid", set_minuidgid, NULL, RSRC_CONF, "Minimal uid or gid file/dir, else set[ug]id to default (RDefaultUidGid)"),
AP_INIT_TAKE2 ("RDocumentChRoot", set_documentchroot, NULL, RSRC_CONF, "Set chroot directory and the document root inside"),
{NULL, {NULL}, NULL, 0, NO_ARGS, NULL}
};
/* run in post config hook ( we are parent process and we are uid 0) */
static int ruid_init (apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
{
UNUSED(p);
UNUSED(plog);
UNUSED(ptemp);
void *data;
conn->proxy_ips
? "Using %s as client's IP by proxies %s"
: "Using %s as client's IP by internal proxies",
conn->proxied_ip, conn->proxy_ips);
return OK;
}
static const command_rec reverseproxy_cmds[] =
{
AP_INIT_FLAG("ReverseProxyEnable", reveseproxy_enable, NULL, RSRC_CONF,
"Enable mod_reverseproxy"),
AP_INIT_TAKE1("ReverseProxyRemoteIPHeader", header_name_set, NULL, RSRC_CONF,
"Specifies a request header to trust as the client IP, "
"Overrides the default one"),
AP_INIT_ITERATE("ReverseProxyRemoteIPTrusted", proxies_set, 0, RSRC_CONF,
"Specifies one or more proxies which are trusted "
"to present IP headers. Overrides the defaults."),
{ NULL }
};
static void register_hooks(apr_pool_t *p)
{
// We need to run very early so as to not trip up mod_security.
// Hence, this little trick, as mod_security runs at APR_HOOK_REALLY_FIRST.
ap_hook_post_read_request(reverseproxy_modify_connection, NULL, NULL, APR_HOOK_REALLY_FIRST - 10);
}
module AP_MODULE_DECLARE_DATA reverseproxy_module = {
STANDARD20_MODULE_STUFF,
NULL, /* create per-directory config structure */
NULL, /* merge per-directory config structures */
: "Using %s as client's IP by internal proxies",
req->remote_ip, req->proxy_ips);
return OK;
}
static const command_rec remoteip_cmds[] =
{
AP_INIT_TAKE1("RemoteIPHeader", header_name_set, NULL, RSRC_CONF,
"Specifies a request header to trust as the client IP, "
"e.g. X-Forwarded-For"),
AP_INIT_TAKE1("RemoteIPProxiesHeader", proxies_header_name_set,
NULL, RSRC_CONF,
"Specifies a request header to record proxy IP's, "
"e.g. X-Forwarded-By; if not given then do not record"),
AP_INIT_ITERATE("RemoteIPTrustedProxy", proxies_set, 0, RSRC_CONF,
"Specifies one or more proxies which are trusted "
"to present IP headers"),
AP_INIT_ITERATE("RemoteIPInternalProxy", proxies_set, (void*)1, RSRC_CONF,
"Specifies one or more internal (transparent) proxies "
"which are trusted to present IP headers"),
AP_INIT_TAKE1("RemoteIPTrustedProxyList", proxylist_read, 0,
RSRC_CONF | EXEC_ON_READ,
"The filename to read the list of trusted proxies, "
"see the RemoteIPTrustedProxy directive"),
AP_INIT_TAKE1("RemoteIPInternalProxyList", proxylist_read, (void*)1,
RSRC_CONF | EXEC_ON_READ,
"The filename to read the list of internal proxies, "
"see the RemoteIPInternalProxy directive"),
{ NULL }
};
const char* errorURI;
const char* errorCSS;
int debug;
} dir_cfg;
static const char* cfg_set_filetype(cmd_parms* cmd, void* cfg, const char* val);
static void* create_dir_conf(apr_pool_t* pool, char* x);
static void make_hooks(apr_pool_t *pool);
static const command_rec cmds[]={
AP_INIT_FLAG("Make", ap_set_flag_slot, (void*)APR_OFFSETOF(dir_cfg,onoff), OR_ALL,"Enable mod_make"),
AP_INIT_TAKE1("MakeSourceRoot", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,sourceRoot), OR_ALL,"Source root"),
AP_INIT_TAKE1("MakeFilename", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,makefileName), OR_ALL,"Make filename (i.e., Makefile)"),
AP_INIT_TAKE1("MakeProgram", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,makeProgram), OR_ALL,"Make binary"),
AP_INIT_TAKE1("MakeOptions", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,makeOptions), OR_ALL,"Make options"),
AP_INIT_ITERATE("MakeIncludeFileTypes", cfg_set_filetype, (void*)APR_OFFSETOF(dir_cfg,includeFileTypes),OR_ALL,"Include file types"),
AP_INIT_ITERATE("MakeExcludeFileTypes", cfg_set_filetype, (void*)APR_OFFSETOF(dir_cfg,excludeFileTypes),OR_ALL,"Exclude file types"),
// AP_INIT_TAKE1("MakeExcludeRegex", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,excludeRegex), OR_ALL,"Exclude regex"),
AP_INIT_TAKE1("MakeErrorURI", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,errorURI), OR_ALL,"Error URI"),
AP_INIT_TAKE1("MakeErrorCSS", ap_set_string_slot, (void*)APR_OFFSETOF(dir_cfg,errorCSS), OR_ALL,"Error CSS"),
AP_INIT_FLAG("MakeDebug", ap_set_flag_slot, (void*)APR_OFFSETOF(dir_cfg,debug), OR_ALL,"Enable mod_make debug mode"),
{NULL}
};
module AP_MODULE_DECLARE_DATA make_module = {
STANDARD20_MODULE_STUFF,
create_dir_conf,
NULL,
NULL,
NULL,
cmds,
}
/* Call appropriate handler */
if (!r->header_only) {
if (match->is_mmapped == TRUE)
rc = mmap_handler(r, match);
else
rc = sendfile_handler(r, match);
}
return rc;
}
static command_rec file_cache_cmds[] =
{
AP_INIT_ITERATE("cachefile", cachefilehandle, NULL, RSRC_CONF,
"A space separated list of files to add to the file handle cache at config time"),
AP_INIT_ITERATE("mmapfile", cachefilemmap, NULL, RSRC_CONF,
"A space separated list of files to mmap at config time"),
{NULL}
};
static void register_hooks(apr_pool_t *p)
{
ap_hook_handler(file_cache_handler, NULL, NULL, APR_HOOK_LAST);
ap_hook_post_config(file_cache_post_config, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_translate_name(file_cache_xlat, NULL, NULL, APR_HOOK_MIDDLE);
/* This trick doesn't work apparently because the translate hooks
are single shot. If the core_hook returns OK, then our hook is
not called.
ap_hook_translate_name(file_cache_xlat, aszPre, NULL, APR_HOOK_MIDDLE);
*/
rpaf_sethttps,
NULL,
RSRC_CONF,
"Let mod_rpaf set the HTTPS environment variable from the X-HTTPS header"
),
AP_INIT_FLAG(
"RPAF_SetPort",
rpaf_setport,
NULL,
RSRC_CONF,
"Let mod_rpaf set the server port from the X-Port header"
),
AP_INIT_ITERATE(
"RPAF_ProxyIPs",
rpaf_set_proxy_ip,
NULL,
RSRC_CONF,
"IP(s) of Proxy server setting X-Forwarded-For header"
),
AP_INIT_TAKE1(
"RPAF_Header",
rpaf_set_headername,
NULL,
RSRC_CONF,
"Which header to look for when trying to find the real ip of the client in a proxy setup"
),
{ NULL }
};
static void register_hooks(apr_pool_t *p) {
ap_hook_post_read_request(change_remote_ip, NULL, NULL, APR_HOOK_FIRST);
conf->anyuserid = 1;
}
else {
first = conf->users;
conf->users = apr_palloc(cmd->pool, sizeof(*conf->users));
conf->users->user = arg;
conf->users->next = first;
}
}
return NULL;
}
static const command_rec authn_anon_cmds[] =
{
AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG,
"a space-separated list of user IDs"),
AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, mustemail),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, nouserid),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, verifyemail),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_anon_config_rec, logemail),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
{NULL}
};
