static int authenticate_basic_user(request_rec *r) { auth_config_rec *sec = (auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_module); conn_rec *c = r->connection; const char *sent_pw; char *real_pw; char *invalid_pw; int res; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) return res; if (!sec->auth_pwfile) return DECLINED; if (!(real_pw = get_pw(r, c->user, sec->auth_pwfile))) { if (!(sec->auth_authoritative)) return DECLINED; ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "user %s not found: %s", c->user, r->uri); ap_note_basic_auth_failure(r); return AUTH_REQUIRED; } invalid_pw = ap_validate_password(sent_pw, real_pw); if (invalid_pw != NULL) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "user %s: authentication failure for \"%s\": %s", c->user, r->uri, invalid_pw); ap_note_basic_auth_failure(r); return AUTH_REQUIRED; } return OK; }
static int anon_authenticate_basic_user(request_rec *r) { anon_auth_config_rec *sec = (anon_auth_config_rec *) ap_get_module_config(r->per_dir_config, &anon_auth_module); conn_rec *c = r->connection; const char *sent_pw; int res = DECLINED; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) return res; /* Ignore if we are not configured */ if (!sec->auth_anon_passwords) return DECLINED; /* Do we allow an empty userID and/or is it the magic one */ if ((!(c->user[0])) && (sec->auth_anon_nouserid)) { res = OK; } else { auth_anon *p = sec->auth_anon_passwords; res = DECLINED; while ((res == DECLINED) && (p != NULL)) { if (!(strcasecmp(c->user, p->password))) res = OK; p = p->next; } } if ( /* username is OK */ (res == OK) /* password been filled out ? */ && ((!sec->auth_anon_mustemail) || strlen(sent_pw)) /* does the password look like an email address ? */ && ((!sec->auth_anon_verifyemail) || ((strpbrk("@", sent_pw) != NULL) && (strpbrk(".", sent_pw) != NULL)))) { if (sec->auth_anon_logemail && ap_is_initial_req(r)) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r, "Anonymous: Passwd <%s> Accepted", sent_pw ? sent_pw : "\'none\'"); } return OK; } else { if (sec->auth_anon_authoritative) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "Anonymous: Authoritative, Passwd <%s> not accepted", sent_pw ? sent_pw : "\'none\'"); return AUTH_REQUIRED; } /* Drop out the bottom to return DECLINED */ } return DECLINED; }
static PyObject * req_get_basic_auth_pw(requestobject *self, PyObject *args) { const char *pw; request_rec *req; req = self->request_rec; if (! ap_get_basic_auth_pw(req, &pw)) return PyString_FromString(pw); else { Py_INCREF(Py_None); return Py_None; } }
CAMLprim value netcgi2_apache_request_get_basic_auth_pw (value rv) { CAMLparam1 (rv); CAMLlocal1 (c); request_rec *r = Request_rec_val (rv); const char *pw = 0; int i = ap_get_basic_auth_pw (r, &pw); /* no need to free(pw) */ /* Return [i] as the first component of a couple so we can deal with * the possible errors on the Caml side. */ if (i == DECLINED) pw = NULL; /* FIXME */ c = alloc_tuple (2); Store_field(c, 0, Val_int(i)); Store_field(c, 1, Val_optstring(pw)); CAMLreturn (c); }
static int dbm_authenticate_basic_user(request_rec *r) { dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &auth_dbm_module); const char *sent_pw; char *real_pw, *colon_pw; apr_status_t invalid_pw; int res; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) return res; if (!conf->auth_dbmpwfile) return DECLINED; if (!(real_pw = get_dbm_pw(r, r->user, conf->auth_dbmpwfile, conf->auth_dbmtype))) { if (!(conf->auth_dbmauthoritative)) return DECLINED; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "DBM user %s not found: %s", r->user, r->filename); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } /* Password is up to first : if exists */ colon_pw = strchr(real_pw, ':'); if (colon_pw) { *colon_pw = '\0'; } invalid_pw = apr_password_validate(sent_pw, real_pw); if (invalid_pw != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "DBM user %s: authentication failure for \"%s\": " "Password Mismatch", r->user, r->uri); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } return OK; }
static int authenticate_basic_user(request_rec *r) { auth_config_rec *conf = ap_get_module_config(r->per_dir_config, &auth_module); const char *sent_pw; char *real_pw; apr_status_t invalid_pw; int res; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) { return res; } if (!conf->auth_pwfile) { return DECLINED; } if (!(real_pw = get_pw(r, r->user, conf->auth_pwfile))) { if (!(conf->auth_authoritative)) { return DECLINED; } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "user %s not found: %s", r->user, r->uri); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } invalid_pw = apr_password_validate(sent_pw, real_pw); if (invalid_pw != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "user %s: authentication failure for \"%s\": " "Password Mismatch", r->user, r->uri); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } return OK; }
static int dbm_authenticate_basic_user(request_rec *r) { dbm_auth_config_rec *sec = (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config, &dbm_auth_module); conn_rec *c = r->connection; char *sent_pw, *real_pw, *colon_pw; int res; if ((res = ap_get_basic_auth_pw(r, &sent_pw))) return res; if (!sec->auth_dbmpwfile) return DECLINED; if (!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) { if (!(sec->auth_dbmauthoritative)) return DECLINED; ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "DBM user %s not found: %s", c->user, r->filename); ap_note_basic_auth_failure(r); return AUTH_REQUIRED; } /* Password is up to first : if exists */ colon_pw = strchr(real_pw, ':'); if (colon_pw) *colon_pw = '\0'; /* anyone know where the prototype for crypt is? */ if (strcmp(real_pw, (char *) crypt(sent_pw, real_pw))) { ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "user %s: password mismatch: %s", c->user, r->uri); ap_note_basic_auth_failure(r); return AUTH_REQUIRED; } return OK; }
/* Process authentication request from Apache*/ static int pg_authenticate_basic_user(request_rec * r) { pg_auth_config_rec *sec = (pg_auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_pgsql_module); char *val = NULL; char *sent_pw, *real_pw; int res; char *user; if ((res = ap_get_basic_auth_pw(r, (const char **) &sent_pw))) return res; user = r->user; #ifdef DEBUG_AUTH_PGSQL ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "[mod_auth_pgsql.c] - pg_authenticate_basic_user - going to auth user \"%s\" pass \"%s\" uri \"%s\"", user, sent_pw, r->unparsed_uri); #endif /* DEBUG_AUTH_PGSQL */ /* if *password* checking is configured in any way, i.e. then * handle it, if not decline and leave it to the next in line.. * We do not check on dbase, group, userid or host name, as it is * perfectly possible to only do group control and leave * user control to the next guy in line. */ if ((!sec->auth_pg_pwd_table) && (!sec->auth_pg_pwd_field)) { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "[mod_auth_pgsql.c] - missing configuration parameters"); return DECLINED; } pg_errstr[0] = '\0'; if (sec->auth_pg_cache_passwords && (!apr_is_empty_table(sec->cache_pass_table))) { val = (char *) apr_table_get(sec->cache_pass_table, user); if (val) real_pw = val; else real_pw = get_pg_pw(r, user, sec); } else real_pw = get_pg_pw(r, user, sec); if (!real_pw) { if (pg_errstr[0]) { res = HTTP_INTERNAL_SERVER_ERROR; } else { if (sec->auth_pg_authoritative) { /* force error and access denied */ apr_snprintf(pg_errstr, MAX_STRING_LEN, "mod_auth_pgsql: Password for user %s not found (PG-Authoritative)", user); ap_note_basic_auth_failure(r); res = HTTP_UNAUTHORIZED; } else { /* allow fall through to another module */ return DECLINED; } } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); return res; } /* allow no password, if the flag is set and the password * is empty. But be sure to log this. */ if ((sec->auth_pg_nopasswd) && (!strlen(real_pw))) { apr_snprintf(pg_errstr, MAX_STRING_LEN, "[mod_auth_pgsql.c] - Empty password accepted for user \"%s\"", user); ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); pg_log_auth_user(r, sec, user, sent_pw); return OK; }; /* if the flag is off however, keep that kind of stuff at * an arms length. */ if ((!strlen(real_pw)) || (!strlen(sent_pw))) { apr_snprintf(pg_errstr, MAX_STRING_LEN, "[mod_auth_pgsql.c] - Empty password rejected for user \"%s\"", user); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; }; if (sec->auth_pg_encrypted) switch (sec->auth_pg_hash_type) { case AUTH_PG_HASH_TYPE_MD5: sent_pw = auth_pg_md5(sent_pw); break; case AUTH_PG_HASH_TYPE_CRYPT: sent_pw = (char *) crypt(sent_pw, real_pw); break; case AUTH_PG_HASH_TYPE_BASE64: sent_pw = auth_pg_base64(sent_pw); break; } if (sec->auth_pg_hash_type == AUTH_PG_HASH_TYPE_NETEPI) { char *netepi_pw; if (netepi_pw = netepi_pwd_check(sec, r, real_pw, sent_pw)) goto netepi_ok; apr_snprintf(pg_errstr, MAX_STRING_LEN, "PG user %s: password mismatch", user); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; netepi_ok: sent_pw = netepi_pw; } else if ((sec->auth_pg_hash_type == AUTH_PG_HASH_TYPE_MD5 || sec->auth_pg_hash_type == AUTH_PG_HASH_TYPE_BASE64 || sec->auth_pg_pwdignorecase) ? strcasecmp(real_pw, sent_pw) : strcmp(real_pw, sent_pw)) { apr_snprintf(pg_errstr, MAX_STRING_LEN, "PG user %s: password mismatch", user); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "[mod_auth_pgsql.c] - ERROR - %s", pg_errstr); ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } /* store password in the cache */ if (sec->auth_pg_cache_passwords && !val && sec->cache_pass_table) { if ((apr_table_elts(sec->cache_pass_table))->nelts >= MAX_TABLE_LEN) { apr_table_clear(sec->cache_pass_table); } apr_table_set(sec->cache_pass_table, user, real_pw); } pg_log_auth_user(r, sec, user, sent_pw); return OK; }
static int psx_user(request_rec *r) { qEnvApache *renv = NULL; try { qEnvApacheServer *senv = get_psx_srv_env(r); if (!senv) return DECLINED; const char *macro = senv->GetUserMacro(); if (!macro || !*macro) return DECLINED; renv = get_psx_req_env(r); if (!renv) return DECLINED; if (renv->IsAuth == 1) { if (r->main) renv->Free(); return OK; } else if (renv->IsAuth == -1) { return psx_auth_fail(r, renv); } qCtxTmp tmpCtx(renv->GetCtx()); char *user = NULL; const char *pw = NULL; int res=ap_get_basic_auth_pw(r,&pw); if (!res) { #ifdef APACHE2 user = r->user; #else user = r->connection->user; #endif } if (!user) user = ""; tmpCtx.MapObj(user, "username"); if (!pw) pw = ""; tmpCtx.MapObj(pw, "password"); CStr out = tmpCtx.ParseStr(macro); out.Trim(); // ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, AP2STATUS r, "macro: %s, username: %s, password: %s, macro output: %s, macro length: %d, macro char: %x", (const char *) macro, (const char *)user, (const char *)pw, (const char *)out, out.Length(), (unsigned int)*(const char *)out); if (out.IsEmpty()) { renv->IsAuth = -1; return psx_auth_fail(r, renv); } else { if (r->main) renv->Free(); renv->IsAuth = 1; return OK; } } catch (...) { // login code redirected things if (r->status == HTTP_MOVED_TEMPORARILY) { return OK; } if (renv) renv->Free(); smx_log_str(SMXLOGLEVEL_ERROR, "unhandled exception during authentication"); return DECLINED; } }