--- mod_auth_nds.c 2002-09-25 02:25:36.000000000 +0200 +++ mod_auth_nds.c.oden 2005-12-15 22:40:25.000000000 +0100 @@ -26,6 +26,10 @@ * Contributors: * Clifton Woolley <jwoolley@wlu.edu> * + * apache1 code removal, apr 1.2.2 and apache 2.2.0 fixes by: + * Oden Eriksson <oeriksson@mandriva.com> + * + * */ /* module configuration hints @@ -48,7 +52,6 @@ #include "http_protocol.h" #include "http_request.h" #include "apr_strings.h" -#include "apr_compat.h" #define log_debug(msg) ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, \ 0, r->server, msg) @@ -68,74 +71,21 @@ struct ncp_conn *conn; } nds_auth_config_rec; -#if defined(EAPI) && defined(EAPI_MM) -struct { - int on; - int fdns; /* are we caching name->FDN mappings? */ - time_t ttl; /* TTL in seconds for cache entries */ - table *password; /* username -> md5 encrypted password */ - table *time; /* username -> last update time */ - table *fdn; /* contextless name -> FDN */ -} nds_cache = { - TRUE, /* must be initialised to TRUE */ - FALSE, - 300, - NULL, - NULL, - NULL -}; - -/* global var(s) */ -pool *sp; -#endif - - -static void nds_auth_init(server_rec *s, apr_pool_t *p) -{ - -#if defined(EAPI) && defined(EAPI_MM) - - if (nds_cache.on == FALSE) { - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, s, - "NDSCache: cache disabled in configuration"); - return; - } - - nds_cache.on = ap_shared_pool_possible(); - - if (nds_cache.on == TRUE) { - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, s, - "NDSCache: Status -> ON"); - } else { - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, s, - "NDSCache: Status -> OFF -- could not initialize shared pool"); - return; - } - - sp = ap_make_shared_sub_pool(p); - - nds_cache.password = ap_make_table(sp, 75); - nds_cache.time = ap_make_table(sp, 75); - if (nds_cache.fdns == TRUE) - nds_cache.fdn = ap_make_table(sp, 75); - - srand((int)time(NULL)); -#endif +static void nds_auth_init(server_rec *s, apr_pool_t *p) { } - static void *nds_auth_crdconf(apr_pool_t * p, char *d) { - nds_auth_config_rec *sec = ap_pcalloc(p, sizeof(nds_auth_config_rec)); + nds_auth_config_rec *sec = apr_pcalloc(p, sizeof(nds_auth_config_rec)); sec->auth_authoritative = 1; /* let's be authoritative by default */ sec->require_pass = 0; /* allow empty passwords */ sec->require_ssl = 1; /* require SSL connection */ sec->context_override = 1; /* include parent's search list by default*/ sec->auth_expired_uri = NULL; sec->auth_failmessage = NULL; - sec->auth_servers = ap_make_array(p, 3, sizeof(char *)); - sec->contexts = ap_make_array(p, 1, sizeof(char *)); + sec->auth_servers = apr_array_make(p, 3, sizeof(char *)); + sec->contexts = apr_array_make(p, 1, sizeof(char *)); sec->conn = NULL; return sec; @@ -146,7 +96,7 @@ { nds_auth_config_rec *parent = (nds_auth_config_rec *) parentv; nds_auth_config_rec *child = (nds_auth_config_rec *) childv; - nds_auth_config_rec *new = (nds_auth_config_rec *)ap_pcalloc + nds_auth_config_rec *new = (nds_auth_config_rec *)apr_pcalloc (p, sizeof(nds_auth_config_rec)); new->auth_authoritative = child->auth_authoritative; @@ -164,7 +114,7 @@ ? child->contexts : (child->contexts == NULL) ? parent->contexts - : ap_append_arrays(p,parent->contexts, + : apr_array_append(p,parent->contexts, child->contexts); new->auth_expired_uri = (child->auth_expired_uri == NULL) @@ -174,110 +124,6 @@ return (void *)new; } - -#if defined(EAPI) && defined(EAPI_MM) -static int nds_cache_check(const char *username, const char *password, request_rec *r) -{ - int retval = 0; - char *lcpass; - const char *c_pass; - time_t c_time; - ap_pool_lock_mode lock_mode = AP_POOL_RD; - - lcpass = apr_pstrdup(r->pool, password); - ap_str_tolower(lcpass); - - ap_acquire_pool(sp, lock_mode); - c_pass = ap_table_get(nds_cache.password, username); - c_time = (time_t)ap_table_get(nds_cache.time, username); - - if (c_pass != NULL) { - if (ap_validate_password(lcpass, c_pass) == NULL) { - /* cached password matches, now check time */ - if ((time(NULL) - c_time) <= nds_cache.ttl) { - retval = 1; /* success */ - } - } - } - - ap_release_pool(sp); - - return (retval); -} - - -static void nds_cache_add(char *username, const char *password, request_rec *r) -{ - char *lcpass; - char salt[9]; - char hash[120]; - ap_pool_lock_mode lock_mode = AP_POOL_RW; - - lcpass = apr_pstrdup(r->pool, password); - ap_str_tolower(lcpass); - - ap_to64(&salt[0], rand(), 8); - salt[8] = '\0'; - ap_MD5Encode((const unsigned char *)lcpass, (const unsigned char *)salt, - hash, sizeof(hash)); - - ap_acquire_pool(sp, lock_mode); - ap_table_set(nds_cache.password, username, hash); - ap_table_setn(nds_cache.time, apr_pstrdup(sp, username), (char *)time(NULL)); - - ap_release_pool(sp); -} - - -static void nds_cache_purge(request_rec *r) -{ - ap_pool_lock_mode lock_mode = AP_POOL_RW; - array_header *arr, *fdn_arr; - int i, j; - time_t c_time; - table_entry *te, *fdn_te; - - ap_acquire_pool(sp, lock_mode); - arr = ap_table_elts(nds_cache.time); - te = (table_entry *)arr->elts; - - for (i = 0; i < arr->nelts; i++) { - if (!te[i].key) - continue; - c_time = (time_t)te[i].val; - - if ((nds_cache.ttl - (time(NULL) - c_time)) <= 0) { - if (nds_cache.fdns == TRUE) { - fdn_arr = ap_table_elts(nds_cache.fdn); - fdn_te = (table_entry *)fdn_arr->elts; - for (j = 0; j < fdn_arr->nelts; j++) { - if (!fdn_te[j].key) - continue; - if (strcmp(te[i].key, fdn_te[j].val) == 0) { - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, - r->server, "NDSCache: deleting expired " - "name->FDN mapping: %s to %s", - fdn_te[j].key, fdn_te[j].val); - ap_table_unset(nds_cache.fdn, fdn_te[j].key); - j = -1; - continue; - } - } - } - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, r->server, - "NDSCache: deleting expired entry for %s", te[i].key); - ap_table_unset(nds_cache.time, te[i].key); - ap_table_unset(nds_cache.password, te[i].key); - } - } - - ap_release_pool(sp); - - return; -} -#endif - - static int is_valid_user(request_rec *r, char *user, char *userfile) { ap_configfile_t *f; @@ -318,43 +164,20 @@ static const char *nds_cache_set_timeout(cmd_parms *cmd, nds_auth_config_rec *struct_ptr, char *arg) { -#if defined(EAPI) && defined(EAPI_MM) - time_t ttl = atoi(arg); - - nds_cache.ttl = ttl; - - if (ttl <= 0) - nds_cache.on = FALSE; - - return NULL; - -#else return "AuthNDSCacheTimeout: You must compile w/ EAPI+MM to use the cache!"; -#endif } static const char *nds_cache_set_unique_cns(cmd_parms *cmd, nds_auth_config_rec *struct_ptr, char *arg) { -#if defined(EAPI) && defined(EAPI_MM) - - if (arg) - nds_cache.fdns = TRUE; - else - nds_cache.fdns = FALSE; - - return NULL; - -#else return "AuthNDSUniqueCNs: You must compile w/ EAPI+MM to use the cache!"; -#endif } static const char *add_server(cmd_parms *cmd, nds_auth_config_rec *struct_ptr, char *arg) { - char **ptr = (char **)ap_push_array(struct_ptr->auth_servers); + char **ptr = (char **)apr_array_push(struct_ptr->auth_servers); *ptr = apr_pstrdup(cmd->pool, arg); return NULL; } @@ -362,7 +185,7 @@ static const char *add_search_context(cmd_parms *cmd, nds_auth_config_rec *struct_ptr, char *arg) { - char **ptr = (char **)ap_push_array(struct_ptr->contexts); + char **ptr = (char **)apr_array_push(struct_ptr->contexts); *ptr = apr_pstrdup(cmd->pool, arg); return NULL; } @@ -378,12 +201,6 @@ ncp_close(sec->conn); sec->conn = NULL; } - -#if defined(EAPI) && defined(EAPI_MM) - if (nds_cache.on == TRUE) - nds_cache_purge(r); -#endif - } @@ -406,9 +223,6 @@ char *uname; char server[NW_MAX_SERVER_NAME_LEN]; char *ssl_on = NULL; -#if defined(EAPI) && defined(EAPI_MM) - char *s = NULL; -#endif // ap_register_cleanup(r->pool, (void *)r, cleanup_handler, ap_null_cleanup); @@ -419,7 +233,7 @@ if (sec->require_ssl && sec->auth_failmessage) ap_custom_response(r, HTTP_FORBIDDEN, sec->auth_failmessage); - ssl_on = (char*)ap_table_get (r->subprocess_env, "HTTPS"); + ssl_on = (char*)apr_table_get (r->subprocess_env, "HTTPS"); /* Check if SSL is required */ if ((sec->require_ssl) && !ssl_on) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, 0, r,"SSL connection required"); @@ -460,37 +274,6 @@ return HTTP_UNAUTHORIZED; } -#if defined(EAPI) && defined(EAPI_MM) - if (nds_cache.on == TRUE) { - ap_pool_lock_mode lock_mode = AP_POOL_RD; - if ((*r->user != '.') && (nds_cache.fdns == TRUE)) { - /* check for name->FDN match */ - ap_acquire_pool(sp, lock_mode); - s = apr_pstrdup(r->pool, ap_table_get(nds_cache.fdn, r->user)); - ap_release_pool(sp); - if (s == NULL) { - /* the cache only contains FDNs, so there's no point */ - goto SKIP_PW_CHECK; - } else { - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, r->server, - "NDSCache: FDN %s found for %s", s, r->user); - r->user = s; - } - } - - if (nds_cache_check(r->user, sent_pw, r)) { - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, r->server, - "NDSCache: passwords match for %s", r->user); - goto SUCCESS; - } else { - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, r->server, - "NDSCache: no password match for %s", r->user); - } - } - - SKIP_PW_CHECK: -#endif - /* has a server been specified or do we need to find one? */ if (sec->auth_servers->nelts != 0) { servers = (char **)sec->auth_servers->elts; @@ -546,8 +329,8 @@ uname = (*r->user == '.') ? r->user : (*contexts[i] == '.') - ? ap_pstrcat(r->pool, ".", r->user, contexts[i], NULL) - : ap_pstrcat(r->pool, ".", r->user, ".", contexts[i], NULL); + ? apr_pstrcat(r->pool, ".", r->user, contexts[i], NULL) + : apr_pstrcat(r->pool, ".", r->user, ".", contexts[i], NULL); ++uname; if (strlen(uname) >= sizeof(user_u) / sizeof(unsigned short)) { @@ -567,37 +350,6 @@ if (!err) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, r, "Found FDN %s for %s", uname, r->user); -#if defined(EAPI) && defined(EAPI_MM) - if ((nds_cache.on == TRUE) && (*r->user != '.')) { - ap_pool_lock_mode lock_mode = AP_POOL_RD; - if (nds_cache.fdns == TRUE) { - lock_mode = AP_POOL_RW; - ap_acquire_pool(sp, lock_mode); - ap_table_set(nds_cache.fdn, r->user, uname); - ap_release_pool(sp); - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, - r->server, "NDSCache: cached FDN %s for %s", - uname, r->user); - } - - lock_mode = AP_POOL_RD; - ap_acquire_pool(sp, lock_mode); - - if (nds_cache_check(uname, sent_pw, r)) { - ap_release_pool(sp); - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, - r->server, "NDSCache: passwords match for %s", - uname); - goto SUCCESS; - } else { - ap_release_pool(sp); - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, - r->server, - "NDSCache: no password match for %s", - uname); - } - } -#endif r->user = uname; break; } @@ -632,8 +384,7 @@ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, 0, r, "user %s restricted from this address: %s", r->user, r->uri); break; case (NWE_ACCT_DISABLED): - ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, 0, r, "user %s - account disabled: %s", r->user, r->uri); + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, 0, r, "user %s account disabled: %s", r->user, r->uri); break; case (NWE_PASSWORD_INVALID): ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, 0, r, "user %s password expired & no grace logins: %s", r->user, r->uri); @@ -655,15 +406,7 @@ return HTTP_UNAUTHORIZED; } -#if defined(EAPI) && defined(EAPI_MM) - if (nds_cache.on == TRUE) { - nds_cache_add(r->user, sent_pw, r); - ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, r->server, - "NDSCache: %s added to cache", r->user); - } - SUCCESS: -#endif - ap_table_set(r->subprocess_env, "AUTH_USERDN", r->user); + apr_table_set(r->subprocess_env, "AUTH_USERDN", r->user); log_debug("Authentication successful"); return OK; @@ -788,33 +531,33 @@ static const command_rec nds_auth_cmds[] = { AP_INIT_TAKE1("AuthNDSUserFile", ap_set_file_slot, - (void *) APR_XtOffsetOf(nds_auth_config_rec, auth_userfile), + (void *) APR_OFFSETOF(nds_auth_config_rec, auth_userfile), OR_AUTHCFG, "text file containing acceptable usernames"), AP_INIT_TAKE12("AuthNDSServer", add_server, NULL, OR_AUTHCFG, "List of NetWare servers to authenticate to"), AP_INIT_FLAG("AuthNDSAuthoritative", ap_set_flag_slot, - (void *) APR_XtOffsetOf(nds_auth_config_rec, auth_authoritative), + (void *) APR_OFFSETOF(nds_auth_config_rec, auth_authoritative), OR_AUTHCFG, "If set to 'Off', access control will be passed to lower modules if the UserID is unknown to this module"), AP_INIT_FLAG("AuthNDSRequirePW", ap_set_flag_slot, - (void *) APR_XtOffsetOf(nds_auth_config_rec, require_pass), + (void *) APR_OFFSETOF(nds_auth_config_rec, require_pass), OR_AUTHCFG, "If set to 'On', users with blank passwords cannot authenticate."), AP_INIT_FLAG("AuthNDSRequireSSL", ap_set_flag_slot, - (void *) APR_XtOffsetOf(nds_auth_config_rec, require_ssl), + (void *) APR_OFFSETOF(nds_auth_config_rec, require_ssl), OR_AUTHCFG, "If set to 'On', SSL connection to the browser must be established."), AP_INIT_TAKE1("AuthNDSExpiredURI", ap_set_string_slot, - (void *) APR_XtOffsetOf(nds_auth_config_rec, auth_expired_uri), + (void *) APR_OFFSETOF(nds_auth_config_rec, auth_expired_uri), OR_AUTHCFG, "If set, users with expired passwords will be redirected to this URI"), AP_INIT_TAKE12("AuthNDSContext", add_search_context, NULL, OR_AUTHCFG, "Adds search context(s) for contextless logins"), AP_INIT_FLAG("AuthNDSContextOverride", ap_set_flag_slot, - (void *) APR_XtOffsetOf(nds_auth_config_rec, context_override), + (void *) APR_OFFSETOF(nds_auth_config_rec, context_override), OR_AUTHCFG, "If set to 'On', parent's search contexts will be ignored." ), AP_INIT_TAKE1("AuthNDSCacheTimeout", nds_cache_set_timeout, NULL, RSRC_CONF, "Timeout (in seconds) for NDS user->password cache"), AP_INIT_FLAG("AuthNDSUniqueCNs", nds_cache_set_unique_cns, NULL, RSRC_CONF, "If set, CN->FDN results will be cached"), AP_INIT_TAKE1("AuthNDSFailMessage", ap_set_string_slot, - (void *) APR_XtOffsetOf(nds_auth_config_rec, auth_failmessage), + (void *) APR_OFFSETOF(nds_auth_config_rec, auth_failmessage), OR_AUTHCFG, "text message or redirect URL when authorization failure occurs"), {NULL} };