summaryrefslogtreecommitdiffstats
path: root/rubbos/app/httpd-2.0.64/modules/aaa
diff options
context:
space:
mode:
authorhongbotian <hongbo.tianhongbo@huawei.com>2015-11-30 01:45:08 -0500
committerhongbotian <hongbo.tianhongbo@huawei.com>2015-11-30 01:45:08 -0500
commite8ec7aa8e38a93f5b034ac74cebce5de23710317 (patch)
treeaa031937bf856c1f8d6ad7877b8d2cb0224da5ef /rubbos/app/httpd-2.0.64/modules/aaa
parentcc40af334e619bb549038238507407866f774f8f (diff)
upload http
JIRA: BOTTLENECK-10 Change-Id: I7598427ff904df438ce77c2819ee48ac75ffa8da Signed-off-by: hongbotian <hongbo.tianhongbo@huawei.com>
Diffstat (limited to 'rubbos/app/httpd-2.0.64/modules/aaa')
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.deps0
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.indent.pro54
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.abin0 -> 42550 bytes
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.la35
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.obin0 -> 42400 bytes
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.abin0 -> 45548 bytes
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.la35
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.obin0 -> 45400 bytes
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/Makefile8
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/Makefile.in3
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthanon248
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthdbm248
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/NWGNUdigest248
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/NWGNUmakefile246
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/config.m423
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_access.c304
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_access.dsp128
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_access.exp1
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_access.la35
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_access.lo12
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_access.obin0 -> 42400 bytes
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.c315
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.dsp128
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.exp1
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.la35
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.lo12
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.obin0 -> 45400 bytes
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.c238
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.dsp128
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.exp1
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.c293
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.dsp128
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.exp1
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.c2108
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.dsp128
-rw-r--r--rubbos/app/httpd-2.0.64/modules/aaa/modules.mk7
36 files changed, 5151 insertions, 0 deletions
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.deps b/rubbos/app/httpd-2.0.64/modules/aaa/.deps
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.deps
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.indent.pro b/rubbos/app/httpd-2.0.64/modules/aaa/.indent.pro
new file mode 100644
index 00000000..a9fbe9f9
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.indent.pro
@@ -0,0 +1,54 @@
+-i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
+-TBUFF
+-TFILE
+-TTRANS
+-TUINT4
+-T_trans
+-Tallow_options_t
+-Tapache_sfio
+-Tarray_header
+-Tbool_int
+-Tbuf_area
+-Tbuff_struct
+-Tbuffy
+-Tcmd_how
+-Tcmd_parms
+-Tcommand_rec
+-Tcommand_struct
+-Tconn_rec
+-Tcore_dir_config
+-Tcore_server_config
+-Tdir_maker_func
+-Tevent
+-Tglobals_s
+-Thandler_func
+-Thandler_rec
+-Tjoblist_s
+-Tlisten_rec
+-Tmerger_func
+-Tmode_t
+-Tmodule
+-Tmodule_struct
+-Tmutex
+-Tn_long
+-Tother_child_rec
+-Toverrides_t
+-Tparent_score
+-Tpid_t
+-Tpiped_log
+-Tpool
+-Trequest_rec
+-Trequire_line
+-Trlim_t
+-Tscoreboard
+-Tsemaphore
+-Tserver_addr_rec
+-Tserver_rec
+-Tserver_rec_chain
+-Tshort_score
+-Ttable
+-Ttable_entry
+-Tthread
+-Tu_wide_int
+-Tvtime_t
+-Twide_int
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.a b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.a
new file mode 100644
index 00000000..a27c9f74
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.a
Binary files differ
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.la b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.la
new file mode 100644
index 00000000..5a1eaebf
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.la
@@ -0,0 +1,35 @@
+# mod_access.la - a libtool library file
+# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18)
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='mod_access.a'
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib'
+
+# Version information for mod_access.
+current=
+age=
+revision=
+
+# Is this an already installed library?
+installed=no
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=yes
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir=''
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.o b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.o
new file mode 100644
index 00000000..0ec5a0db
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.o
Binary files differ
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.a b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.a
new file mode 100644
index 00000000..6f42abe3
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.a
Binary files differ
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.la b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.la
new file mode 100644
index 00000000..5ffae20b
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.la
@@ -0,0 +1,35 @@
+# mod_auth.la - a libtool library file
+# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18)
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='mod_auth.a'
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib'
+
+# Version information for mod_auth.
+current=
+age=
+revision=
+
+# Is this an already installed library?
+installed=no
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=yes
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir=''
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.o b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.o
new file mode 100644
index 00000000..8a0feeac
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.o
Binary files differ
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/Makefile b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile
new file mode 100644
index 00000000..e6fa8f2f
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile
@@ -0,0 +1,8 @@
+top_srcdir = /bottlenecks/rubbos/app/httpd-2.0.64
+top_builddir = /bottlenecks/rubbos/app/httpd-2.0.64
+srcdir = /bottlenecks/rubbos/app/httpd-2.0.64/modules/aaa
+builddir = /bottlenecks/rubbos/app/httpd-2.0.64/modules/aaa
+VPATH = /bottlenecks/rubbos/app/httpd-2.0.64/modules/aaa
+
+include $(top_srcdir)/build/special.mk
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/Makefile.in b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile.in
new file mode 100644
index 00000000..167b343d
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile.in
@@ -0,0 +1,3 @@
+
+include $(top_srcdir)/build/special.mk
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthanon b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthanon
new file mode 100644
index 00000000..6881d8a6
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthanon
@@ -0,0 +1,248 @@
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(APR)/include \
+ $(APRUTIL)/include \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = authanon
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Authentication Anonymous Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = AuthAnon Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/authanon.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_auth_anon.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ auth_anon_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthdbm b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthdbm
new file mode 100644
index 00000000..fe05c3d1
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthdbm
@@ -0,0 +1,248 @@
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(APR)/include \
+ $(APRUTIL)/include \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = authdbm
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Database Authentication Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = AuthDBM Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/authdbm.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_auth_dbm.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ auth_dbm_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUdigest b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUdigest
new file mode 100644
index 00000000..cf41db72
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUdigest
@@ -0,0 +1,248 @@
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# Get the 'head' of the build environment if necessary. This includes default
+# targets and paths to tools
+#
+
+ifndef EnvironmentDefined
+include $(AP_WORK)\build\NWGNUhead.inc
+endif
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(APR)/include \
+ $(APRUTIL)/include \
+ $(AP_WORK)/include \
+ $(NWOS) \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME = digest
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION = Digest Authentication Module
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME = Digest Module
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE = 8192
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM = _LibCPrelude
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM = _LibCPostlude
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/digest.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(OBJDIR)/mod_auth_digest.o \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ libcpre.o \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ aprlib \
+ libc \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ @$(APR)/aprlib.imp \
+ @$(NWOS)/httpd.imp \
+ @libc.imp \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ auth_digest_module \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUmakefile b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUmakefile
new file mode 100644
index 00000000..fc72c735
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUmakefile
@@ -0,0 +1,246 @@
+#
+# Declare the sub-directories to be built here
+#
+
+SUBDIRS = \
+ $(EOLIST)
+
+#
+# Get the 'head' of the build environment. This includes default targets and
+# paths to tools
+#
+
+include $(AP_WORK)\build\NWGNUhead.inc
+
+#
+# build this level's files
+
+#
+# Make sure all needed macro's are defined
+#
+
+#
+# These directories will be at the beginning of the include list, followed by
+# INCDIRS
+#
+XINCDIRS += \
+ $(EOLIST)
+
+#
+# These flags will come after CFLAGS
+#
+XCFLAGS += \
+ $(EOLIST)
+
+#
+# These defines will come after DEFINES
+#
+XDEFINES += \
+ $(EOLIST)
+
+#
+# These flags will be added to the link.opt file
+#
+XLFLAGS += \
+ $(EOLIST)
+
+#
+# These values will be appended to the correct variables based on the value of
+# RELEASE
+#
+ifeq "$(RELEASE)" "debug"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "noopt"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+ifeq "$(RELEASE)" "release"
+XINCDIRS += \
+ $(EOLIST)
+
+XCFLAGS += \
+ $(EOLIST)
+
+XDEFINES += \
+ $(EOLIST)
+
+XLFLAGS += \
+ $(EOLIST)
+endif
+
+#
+# These are used by the link target if an NLM is being generated
+# This is used by the link 'name' directive to name the nlm. If left blank
+# TARGET_nlm (see below) will be used.
+#
+NLM_NAME =
+
+#
+# This is used by the link '-desc ' directive.
+# If left blank, NLM_NAME will be used.
+#
+NLM_DESCRIPTION =
+
+#
+# This is used by the '-threadname' directive. If left blank,
+# NLM_NAME Thread will be used.
+#
+NLM_THREAD_NAME =
+
+#
+# If this is specified, it will override VERSION value in
+# $(AP_WORK)\build\NWGNUenvironment.inc
+#
+NLM_VERSION =
+
+#
+# If this is specified, it will override the default of 64K
+#
+NLM_STACK_SIZE =
+
+
+#
+# If this is specified it will be used by the link '-entry' directive
+#
+NLM_ENTRY_SYM =
+
+#
+# If this is specified it will be used by the link '-exit' directive
+#
+NLM_EXIT_SYM =
+
+#
+# If this is specified it will be used by the link '-check' directive
+#
+NLM_CHECK_SYM =
+
+#
+# If these are specified it will be used by the link '-flags' directive
+#
+NLM_FLAGS =
+
+#
+# If this is specified it will be linked in with the XDCData option in the def
+# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled
+# by setting APACHE_UNIPROC in the environment
+#
+XDCDATA =
+
+#
+# If there is an NLM target, put it here
+#
+TARGET_nlm = \
+ $(OBJDIR)/authanon.nlm \
+ $(OBJDIR)/authdbm.nlm \
+ $(OBJDIR)/digest.nlm \
+ $(EOLIST)
+
+#
+# If there is an LIB target, put it here
+#
+TARGET_lib = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the NLM target above.
+# Paths must all use the '/' character
+#
+FILES_nlm_objs = \
+ $(EOLIST)
+
+#
+# These are the LIB files needed to create the NLM target above.
+# These will be added as a library command in the link.opt file.
+#
+FILES_nlm_libs = \
+ $(EOLIST)
+
+#
+# These are the modules that the above NLM target depends on to load.
+# These will be added as a module command in the link.opt file.
+#
+FILES_nlm_modules = \
+ $(EOLIST)
+
+#
+# If the nlm has a msg file, put it's path here
+#
+FILE_nlm_msg =
+
+#
+# If the nlm has a hlp file put it's path here
+#
+FILE_nlm_hlp =
+
+#
+# If this is specified, it will override $(NWOS)\copyright.txt.
+#
+FILE_nlm_copyright =
+
+#
+# Any additional imports go here
+#
+FILES_nlm_Ximports = \
+ $(EOLIST)
+
+#
+# Any symbols exported to here
+#
+FILES_nlm_exports = \
+ $(EOLIST)
+
+#
+# These are the OBJ files needed to create the LIB target above.
+# Paths must all use the '/' character
+#
+FILES_lib_objs = \
+ $(EOLIST)
+
+#
+# implement targets and dependancies (leave this section alone)
+#
+
+libs :: $(OBJDIR) $(TARGET_lib)
+
+nlms :: libs $(TARGET_nlm)
+
+#
+# Updated this target to create necessary directories and copy files to the
+# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
+#
+install :: nlms FORCE
+ copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.*
+
+#
+# Any specialized rules here
+#
+
+#
+# Include the 'tail' makefile that has targets that depend on variables defined
+# in this makefile
+#
+
+include $(AP_WORK)\build\NWGNUtail.inc
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/config.m4 b/rubbos/app/httpd-2.0.64/modules/aaa/config.m4
new file mode 100644
index 00000000..4440f67e
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/config.m4
@@ -0,0 +1,23 @@
+dnl modules enabled in this directory by default
+
+dnl APACHE_MODULE(name, helptext[, objects[, structname[, default[, config]]]])
+
+APACHE_MODPATH_INIT(aaa)
+
+APACHE_MODULE(access, host-based access control, , , yes)
+APACHE_MODULE(auth, user-based access control, , , yes)
+APACHE_MODULE(auth_anon, anonymous user access, , , most)
+APACHE_MODULE(auth_dbm, DBM-based access databases, , , most)
+
+APACHE_MODULE(auth_digest, RFC2617 Digest authentication, , , most, [
+ APR_CHECK_APR_DEFINE(APR_HAS_RANDOM)
+ if test $ac_cv_define_APR_HAS_RANDOM = "no"; then
+ echo "You need APR random support to use mod_auth_digest."
+ echo "Look at APR configure options --with-egd and --with-devrandom."
+ enable_auth_digest="no"
+ fi
+])
+
+APR_ADDTO(LT_LDFLAGS,-export-dynamic)
+
+APACHE_MODPATH_FINISH
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.c
new file mode 100644
index 00000000..348289ab
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.c
@@ -0,0 +1,304 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Security options etc.
+ *
+ * Module derived from code originally written by Rob McCool
+ *
+ */
+
+#include "apr_strings.h"
+#include "apr_network_io.h"
+#include "apr_lib.h"
+
+#define APR_WANT_STRFUNC
+#define APR_WANT_BYTEFUNC
+#include "apr_want.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_core.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "http_request.h"
+
+#if APR_HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+enum allowdeny_type {
+ T_ENV,
+ T_ALL,
+ T_IP,
+ T_HOST,
+ T_FAIL
+};
+
+typedef struct {
+ apr_int64_t limited;
+ union {
+ char *from;
+ apr_ipsubnet_t *ip;
+ } x;
+ enum allowdeny_type type;
+} allowdeny;
+
+/* things in the 'order' array */
+#define DENY_THEN_ALLOW 0
+#define ALLOW_THEN_DENY 1
+#define MUTUAL_FAILURE 2
+
+typedef struct {
+ int order[METHODS];
+ apr_array_header_t *allows;
+ apr_array_header_t *denys;
+} access_dir_conf;
+
+module AP_MODULE_DECLARE_DATA access_module;
+
+static void *create_access_dir_config(apr_pool_t *p, char *dummy)
+{
+ int i;
+ access_dir_conf *conf =
+ (access_dir_conf *)apr_pcalloc(p, sizeof(access_dir_conf));
+
+ for (i = 0; i < METHODS; ++i) {
+ conf->order[i] = DENY_THEN_ALLOW;
+ }
+ conf->allows = apr_array_make(p, 1, sizeof(allowdeny));
+ conf->denys = apr_array_make(p, 1, sizeof(allowdeny));
+
+ return (void *)conf;
+}
+
+static const char *order(cmd_parms *cmd, void *dv, const char *arg)
+{
+ access_dir_conf *d = (access_dir_conf *) dv;
+ int i, o;
+
+ if (!strcasecmp(arg, "allow,deny"))
+ o = ALLOW_THEN_DENY;
+ else if (!strcasecmp(arg, "deny,allow"))
+ o = DENY_THEN_ALLOW;
+ else if (!strcasecmp(arg, "mutual-failure"))
+ o = MUTUAL_FAILURE;
+ else
+ return "unknown order";
+
+ for (i = 0; i < METHODS; ++i)
+ if (cmd->limited & (AP_METHOD_BIT << i))
+ d->order[i] = o;
+
+ return NULL;
+}
+
+static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from,
+ const char *where_c)
+{
+ access_dir_conf *d = (access_dir_conf *) dv;
+ allowdeny *a;
+ char *where = apr_pstrdup(cmd->pool, where_c);
+ char *s;
+ char msgbuf[120];
+ apr_status_t rv;
+
+ if (strcasecmp(from, "from"))
+ return "allow and deny must be followed by 'from'";
+
+ a = (allowdeny *) apr_array_push(cmd->info ? d->allows : d->denys);
+ a->x.from = where;
+ a->limited = cmd->limited;
+
+ if (!strncasecmp(where, "env=", 4)) {
+ a->type = T_ENV;
+ a->x.from += 4;
+
+ }
+ else if (!strcasecmp(where, "all")) {
+ a->type = T_ALL;
+ }
+ else if ((s = strchr(where, '/'))) {
+ *s++ = '\0';
+ rv = apr_ipsubnet_create(&a->x.ip, where, s, cmd->pool);
+ if(APR_STATUS_IS_EINVAL(rv)) {
+ /* looked nothing like an IP address */
+ return "An IP address was expected";
+ }
+ else if (rv != APR_SUCCESS) {
+ apr_strerror(rv, msgbuf, sizeof msgbuf);
+ return apr_pstrdup(cmd->pool, msgbuf);
+ }
+ a->type = T_IP;
+ }
+ else if (!APR_STATUS_IS_EINVAL(rv = apr_ipsubnet_create(&a->x.ip, where, NULL, cmd->pool))) {
+ if (rv != APR_SUCCESS) {
+ apr_strerror(rv, msgbuf, sizeof msgbuf);
+ return apr_pstrdup(cmd->pool, msgbuf);
+ }
+ a->type = T_IP;
+ }
+ else { /* no slash, didn't look like an IP address => must be a host */
+ a->type = T_HOST;
+ }
+
+ return NULL;
+}
+
+static char its_an_allow;
+
+static const command_rec access_cmds[] =
+{
+ AP_INIT_TAKE1("order", order, NULL, OR_LIMIT,
+ "'allow,deny', 'deny,allow', or 'mutual-failure'"),
+ AP_INIT_ITERATE2("allow", allow_cmd, &its_an_allow, OR_LIMIT,
+ "'from' followed by hostnames or IP-address wildcards"),
+ AP_INIT_ITERATE2("deny", allow_cmd, NULL, OR_LIMIT,
+ "'from' followed by hostnames or IP-address wildcards"),
+ {NULL}
+};
+
+static int in_domain(const char *domain, const char *what)
+{
+ int dl = strlen(domain);
+ int wl = strlen(what);
+
+ if ((wl - dl) >= 0) {
+ if (strcasecmp(domain, &what[wl - dl]) != 0)
+ return 0;
+
+ /* Make sure we matched an *entire* subdomain --- if the user
+ * said 'allow from good.com', we don't want people from nogood.com
+ * to be able to get in.
+ */
+
+ if (wl == dl)
+ return 1; /* matched whole thing */
+ else
+ return (domain[0] == '.' || what[wl - dl - 1] == '.');
+ }
+ else
+ return 0;
+}
+
+static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method)
+{
+
+ allowdeny *ap = (allowdeny *) a->elts;
+ apr_int64_t mmask = (AP_METHOD_BIT << method);
+ int i;
+ int gothost = 0;
+ const char *remotehost = NULL;
+
+ for (i = 0; i < a->nelts; ++i) {
+ if (!(mmask & ap[i].limited))
+ continue;
+
+ switch (ap[i].type) {
+ case T_ENV:
+ if (apr_table_get(r->subprocess_env, ap[i].x.from)) {
+ return 1;
+ }
+ break;
+
+ case T_ALL:
+ return 1;
+
+ case T_IP:
+ if (apr_ipsubnet_test(ap[i].x.ip, r->connection->remote_addr)) {
+ return 1;
+ }
+ break;
+
+ case T_HOST:
+ if (!gothost) {
+ int remotehost_is_ip;
+
+ remotehost = ap_get_remote_host(r->connection, r->per_dir_config,
+ REMOTE_DOUBLE_REV, &remotehost_is_ip);
+
+ if ((remotehost == NULL) || remotehost_is_ip)
+ gothost = 1;
+ else
+ gothost = 2;
+ }
+
+ if ((gothost == 2) && in_domain(ap[i].x.from, remotehost))
+ return 1;
+ break;
+
+ case T_FAIL:
+ /* do nothing? */
+ break;
+ }
+ }
+
+ return 0;
+}
+
+static int check_dir_access(request_rec *r)
+{
+ int method = r->method_number;
+ int ret = OK;
+ access_dir_conf *a = (access_dir_conf *)
+ ap_get_module_config(r->per_dir_config, &access_module);
+
+ if (a->order[method] == ALLOW_THEN_DENY) {
+ ret = HTTP_FORBIDDEN;
+ if (find_allowdeny(r, a->allows, method))
+ ret = OK;
+ if (find_allowdeny(r, a->denys, method))
+ ret = HTTP_FORBIDDEN;
+ }
+ else if (a->order[method] == DENY_THEN_ALLOW) {
+ if (find_allowdeny(r, a->denys, method))
+ ret = HTTP_FORBIDDEN;
+ if (find_allowdeny(r, a->allows, method))
+ ret = OK;
+ }
+ else {
+ if (find_allowdeny(r, a->allows, method)
+ && !find_allowdeny(r, a->denys, method))
+ ret = OK;
+ else
+ ret = HTTP_FORBIDDEN;
+ }
+
+ if (ret == HTTP_FORBIDDEN
+ && (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "client denied by server configuration: %s",
+ r->filename);
+ }
+
+ return ret;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+ ap_hook_access_checker(check_dir_access,NULL,NULL,APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA access_module =
+{
+ STANDARD20_MODULE_STUFF,
+ create_access_dir_config, /* dir config creater */
+ NULL, /* dir merger --- default is to override */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ access_cmds,
+ register_hooks /* register hooks */
+};
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.dsp
new file mode 100644
index 00000000..eae26a6d
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.dsp
@@ -0,0 +1,128 @@
+# Microsoft Developer Studio Project File - Name="mod_access" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_access - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_access.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_access.mak" CFG="mod_access - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_access - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_access - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_access - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_access_src" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so /opt:ref
+
+!ELSEIF "$(CFG)" == "mod_access - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_access_src" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_access - Win32 Release"
+# Name "mod_access - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_access.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_access.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_access - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_access.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_access.so "access_module for Apache" ../../include/ap_release.h > .\mod_access.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_access - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_access.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_access.so "access_module for Apache" ../../include/ap_release.h > .\mod_access.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.exp
new file mode 100644
index 00000000..f8aff339
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.exp
@@ -0,0 +1 @@
+access_module
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.la b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.la
new file mode 100644
index 00000000..5a1eaebf
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.la
@@ -0,0 +1,35 @@
+# mod_access.la - a libtool library file
+# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18)
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='mod_access.a'
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib'
+
+# Version information for mod_access.
+current=
+age=
+revision=
+
+# Is this an already installed library?
+installed=no
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=yes
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir=''
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.lo b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.lo
new file mode 100644
index 00000000..c09fcac0
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.lo
@@ -0,0 +1,12 @@
+# mod_access.lo - a libtool object file
+# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18)
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object='.libs/mod_access.o'
+
+# Name of the non-PIC object.
+non_pic_object='mod_access.o'
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.o b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.o
new file mode 100644
index 00000000..0ec5a0db
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.o
Binary files differ
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.c
new file mode 100644
index 00000000..43f65306
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.c
@@ -0,0 +1,315 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * http_auth: authentication
+ *
+ * Rob McCool
+ *
+ * Adapted to Apache by rst.
+ *
+ * dirkx - Added Authoritative control to allow passing on to lower
+ * modules if and only if the userid is not known to this
+ * module. A known user with a faulty or absent password still
+ * causes an AuthRequired. The default is 'Authoritative', i.e.
+ * no control is passed along.
+ */
+
+#include "apr_strings.h"
+#include "apr_md5.h" /* for apr_password_validate */
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "http_request.h"
+
+
+typedef struct {
+ char *auth_pwfile;
+ char *auth_grpfile;
+ int auth_authoritative;
+} auth_config_rec;
+
+static void *create_auth_dir_config(apr_pool_t *p, char *d)
+{
+ auth_config_rec *conf = apr_palloc(p, sizeof(*conf));
+
+ conf->auth_pwfile = NULL; /* just to illustrate the default really */
+ conf->auth_grpfile = NULL; /* unless you have a broken HP cc */
+ conf->auth_authoritative = 1; /* keep the fortress secure by default */
+ return conf;
+}
+
+static const char *set_auth_slot(cmd_parms *cmd, void *offset, const char *f,
+ const char *t)
+{
+ if (t && strcmp(t, "standard")) {
+ return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
+ }
+
+ return ap_set_file_slot(cmd, offset, f);
+}
+
+static const command_rec auth_cmds[] =
+{
+ AP_INIT_TAKE12("AuthUserFile", set_auth_slot,
+ (void *)APR_OFFSETOF(auth_config_rec, auth_pwfile),
+ OR_AUTHCFG, "text file containing user IDs and passwords"),
+ AP_INIT_TAKE12("AuthGroupFile", set_auth_slot,
+ (void *)APR_OFFSETOF(auth_config_rec, auth_grpfile),
+ OR_AUTHCFG,
+ "text file containing group names and member user IDs"),
+ AP_INIT_FLAG("AuthAuthoritative", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(auth_config_rec, auth_authoritative),
+ OR_AUTHCFG,
+ "Set to 'no' to allow access control to be passed along to "
+ "lower modules if the UserID is not known to this module"),
+ {NULL}
+};
+
+module AP_MODULE_DECLARE_DATA auth_module;
+
+static char *get_pw(request_rec *r, char *user, char *auth_pwfile)
+{
+ ap_configfile_t *f;
+ char l[MAX_STRING_LEN];
+ const char *rpw, *w;
+ apr_status_t status;
+
+ if ((status = ap_pcfg_openfile(&f, r->pool, auth_pwfile)) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+ "Could not open password file: %s", auth_pwfile);
+ return NULL;
+ }
+ while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
+ if ((l[0] == '#') || (!l[0])) {
+ continue;
+ }
+ rpw = l;
+ w = ap_getword(r->pool, &rpw, ':');
+
+ if (!strcmp(user, w)) {
+ ap_cfg_closefile(f);
+ return ap_getword(r->pool, &rpw, ':');
+ }
+ }
+ ap_cfg_closefile(f);
+ return NULL;
+}
+
+static apr_table_t *groups_for_user(request_rec *r, char *user, char *grpfile)
+{
+ apr_pool_t *p = r->pool;
+ ap_configfile_t *f;
+ apr_table_t *grps = apr_table_make(p, 15);
+ apr_pool_t *sp;
+ char l[MAX_STRING_LEN];
+ const char *group_name, *ll, *w;
+ apr_status_t status;
+
+ if ((status = ap_pcfg_openfile(&f, p, grpfile)) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+ "Could not open group file: %s", grpfile);
+ return NULL;
+ }
+
+ apr_pool_create(&sp, p);
+
+ while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
+ if ((l[0] == '#') || (!l[0])) {
+ continue;
+ }
+ ll = l;
+ apr_pool_clear(sp);
+
+ group_name = ap_getword(sp, &ll, ':');
+
+ while (ll[0]) {
+ w = ap_getword_conf(sp, &ll);
+ if (!strcmp(w, user)) {
+ apr_table_setn(grps, apr_pstrdup(p, group_name), "in");
+ break;
+ }
+ }
+ }
+ ap_cfg_closefile(f);
+ apr_pool_destroy(sp);
+ return grps;
+}
+
+/* These functions return 0 if client is OK, and proper error status
+ * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or
+ * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we
+ * couldn't figure out how to tell if the client is authorized or not.
+ *
+ * If they return DECLINED, and all other modules also decline, that's
+ * treated by the server core as a configuration error, logged and
+ * reported as such.
+ */
+
+/* Determine user ID, and check if it really is that user, for HTTP
+ * basic authentication...
+ */
+
+static int authenticate_basic_user(request_rec *r)
+{
+ auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_module);
+ const char *sent_pw;
+ char *real_pw;
+ apr_status_t invalid_pw;
+ int res;
+
+ if ((res = ap_get_basic_auth_pw(r, &sent_pw))) {
+ return res;
+ }
+
+ if (!conf->auth_pwfile) {
+ return DECLINED;
+ }
+
+ if (!(real_pw = get_pw(r, r->user, conf->auth_pwfile))) {
+ if (!(conf->auth_authoritative)) {
+ return DECLINED;
+ }
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "user %s not found: %s", r->user, r->uri);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ invalid_pw = apr_password_validate(sent_pw, real_pw);
+ if (invalid_pw != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "user %s: authentication failure for \"%s\": "
+ "Password Mismatch",
+ r->user, r->uri);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ return OK;
+}
+
+/* Checking ID */
+
+static int check_user_access(request_rec *r)
+{
+ auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_module);
+ char *user = r->user;
+ int m = r->method_number;
+ int method_restricted = 0;
+ register int x;
+ const char *t, *w;
+ apr_table_t *grpstatus;
+ const apr_array_header_t *reqs_arr = ap_requires(r);
+ require_line *reqs;
+
+ /* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive,
+ * then any user will do.
+ */
+ if (!reqs_arr) {
+ return OK;
+ }
+ reqs = (require_line *)reqs_arr->elts;
+
+ if (conf->auth_grpfile) {
+ grpstatus = groups_for_user(r, user, conf->auth_grpfile);
+ }
+ else {
+ grpstatus = NULL;
+ }
+
+ for (x = 0; x < reqs_arr->nelts; x++) {
+
+ if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
+ continue;
+ }
+
+ method_restricted = 1;
+
+ t = reqs[x].requirement;
+ w = ap_getword_white(r->pool, &t);
+ if (!strcmp(w, "valid-user")) {
+ return OK;
+ }
+ if (!strcmp(w, "user")) {
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (!strcmp(user, w)) {
+ return OK;
+ }
+ }
+ }
+ else if (!strcmp(w, "group")) {
+ if (!grpstatus) {
+ return DECLINED; /* DBM group? Something else? */
+ }
+
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (apr_table_get(grpstatus, w)) {
+ return OK;
+ }
+ }
+ }
+ else if (conf->auth_authoritative) {
+ /* if we aren't authoritative, any require directive could be
+ * valid even if we don't grok it. However, if we are
+ * authoritative, we can warn the user they did something wrong.
+ * That something could be a missing "AuthAuthoritative off", but
+ * more likely is a typo in the require directive.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "access to %s failed, reason: unknown require "
+ "directive:\"%s\"", r->uri, reqs[x].requirement);
+ }
+ }
+
+ if (!method_restricted) {
+ return OK;
+ }
+
+ if (!(conf->auth_authoritative)) {
+ return DECLINED;
+ }
+
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "access to %s failed, reason: user %s not allowed access",
+ r->uri, user);
+
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+ ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE);
+ ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA auth_module =
+{
+ STANDARD20_MODULE_STUFF,
+ create_auth_dir_config, /* dir config creater */
+ NULL, /* dir merger --- default is to override */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ auth_cmds, /* command apr_table_t */
+ register_hooks /* register hooks */
+};
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.dsp
new file mode 100644
index 00000000..ce7d0c77
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.dsp
@@ -0,0 +1,128 @@
+# Microsoft Developer Studio Project File - Name="mod_auth" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_auth - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth.mak" CFG="mod_auth - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_auth - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_auth - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_auth - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth_src" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so /opt:ref
+
+!ELSEIF "$(CFG)" == "mod_auth - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_auth - Win32 Release"
+# Name "mod_auth - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_auth.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_auth.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_auth - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth.so "auth_module for Apache" ../../include/ap_release.h > .\mod_auth.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_auth - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth.so "auth_module for Apache" ../../include/ap_release.h > .\mod_auth.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.exp
new file mode 100644
index 00000000..76adad0a
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.exp
@@ -0,0 +1 @@
+auth_module
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.la b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.la
new file mode 100644
index 00000000..5ffae20b
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.la
@@ -0,0 +1,35 @@
+# mod_auth.la - a libtool library file
+# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18)
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname=''
+
+# Names of this library.
+library_names=''
+
+# The name of the static archive.
+old_library='mod_auth.a'
+
+# Libraries that this one depends upon.
+dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib'
+
+# Version information for mod_auth.
+current=
+age=
+revision=
+
+# Is this an already installed library?
+installed=no
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=yes
+
+# Files to dlopen/dlpreopen
+dlopen=''
+dlpreopen=''
+
+# Directory that this library needs to be installed in:
+libdir=''
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.lo b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.lo
new file mode 100644
index 00000000..907d0402
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.lo
@@ -0,0 +1,12 @@
+# mod_auth.lo - a libtool object file
+# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18)
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object='.libs/mod_auth.o'
+
+# Name of the non-PIC object.
+non_pic_object='mod_auth.o'
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.o b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.o
new file mode 100644
index 00000000..8a0feeac
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.o
Binary files differ
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.c
new file mode 100644
index 00000000..b5137d5f
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.c
@@ -0,0 +1,238 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * http_auth: authentication
+ *
+ * Rob McCool & Brian Behlendorf.
+ *
+ * Adapted to Apache by rst.
+ *
+ * Version 0.5 May 1996
+ *
+ * Modified by Dirk.vanGulik@jrc.it to
+ *
+ * Adapted to allow anonymous logins, just like with Anon-FTP, when
+ * one gives the magic user name 'anonymous' and ones email address
+ * as the password.
+ *
+ * Just add the following tokes to your <directory> setup:
+ *
+ * Anonymous magic-userid [magic-userid]...
+ *
+ * Anonymous_MustGiveEmail [ on | off ] default = on
+ * Anonymous_LogEmail [ on | off ] default = on
+ * Anonymous_VerifyEmail [ on | off ] default = off
+ * Anonymous_NoUserId [ on | off ] default = off
+ * Anonymous_Authoritative [ on | off ] default = off
+ *
+ * The magic user id is something like 'anonymous', it is NOT case sensitive.
+ *
+ * The MustGiveEmail flag can be used to force users to enter something
+ * in the password field (like an email address). Default is on.
+ *
+ * Furthermore the 'NoUserID' flag can be set to allow completely empty
+ * usernames in as well; this can be is convenient as a single return
+ * in broken GUIs like W95 is often given by the user. The Default is off.
+ *
+ * Dirk.vanGulik@jrc.it; http://ewse.ceo.org; http://me-www.jrc.it/~dirkx
+ *
+ */
+
+#include "apr_strings.h"
+
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_request.h"
+#include "http_protocol.h"
+
+typedef struct anon_auth {
+ char *password;
+ struct anon_auth *next;
+} anon_auth;
+
+typedef struct {
+ anon_auth *anon_auth_passwords;
+ int anon_auth_nouserid;
+ int anon_auth_logemail;
+ int anon_auth_verifyemail;
+ int anon_auth_mustemail;
+ int anon_auth_authoritative;
+} anon_auth_config_rec;
+
+static void *create_anon_auth_dir_config(apr_pool_t *p, char *d)
+{
+ anon_auth_config_rec *conf = apr_palloc(p, sizeof(*conf));
+
+ /* just to illustrate the defaults really. */
+ conf->anon_auth_passwords = NULL;
+
+ conf->anon_auth_nouserid = 0;
+ conf->anon_auth_logemail = 1;
+ conf->anon_auth_verifyemail = 0;
+ conf->anon_auth_mustemail = 1;
+ conf->anon_auth_authoritative = 0;
+ return conf;
+}
+
+static const char *anon_set_string_slots(cmd_parms *cmd,
+ void *my_config, const char *arg)
+{
+ anon_auth_config_rec *conf = my_config;
+ anon_auth *first;
+
+ if (!(*arg))
+ return "Anonymous string cannot be empty, use Anonymous_NoUserId instead";
+
+ /* squeeze in a record */
+ first = conf->anon_auth_passwords;
+
+ if (!(conf->anon_auth_passwords = apr_palloc(cmd->pool, sizeof(anon_auth))) ||
+ !(conf->anon_auth_passwords->password = apr_pstrdup(cmd->pool, arg)))
+ return "Failed to claim memory for an anonymous password...";
+
+ /* and repair the next */
+ conf->anon_auth_passwords->next = first;
+
+ return NULL;
+}
+
+static const command_rec anon_auth_cmds[] =
+{
+ AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG,
+ "a space-separated list of user IDs"),
+ AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_mustemail),
+ OR_AUTHCFG, "Limited to 'on' or 'off'"),
+ AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_nouserid),
+ OR_AUTHCFG, "Limited to 'on' or 'off'"),
+ AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_verifyemail),
+ OR_AUTHCFG, "Limited to 'on' or 'off'"),
+ AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_logemail),
+ OR_AUTHCFG, "Limited to 'on' or 'off'"),
+ AP_INIT_FLAG("Anonymous_Authoritative", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_authoritative),
+ OR_AUTHCFG, "Limited to 'on' or 'off'"),
+ {NULL}
+};
+
+module AP_MODULE_DECLARE_DATA auth_anon_module;
+
+static int anon_authenticate_basic_user(request_rec *r)
+{
+ anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_anon_module);
+ const char *sent_pw;
+ int res = DECLINED;
+
+ if ((res = ap_get_basic_auth_pw(r, &sent_pw))) {
+ return res;
+ }
+
+ /* Ignore if we are not configured */
+ if (!conf->anon_auth_passwords) {
+ return DECLINED;
+ }
+
+ /* Do we allow an empty userID and/or is it the magic one
+ */
+
+ if ((!(r->user[0])) && (conf->anon_auth_nouserid)) {
+ res = OK;
+ }
+ else {
+ anon_auth *p = conf->anon_auth_passwords;
+ res = DECLINED;
+ while ((res == DECLINED) && (p != NULL)) {
+ if (!(strcasecmp(r->user, p->password))) {
+ res = OK;
+ }
+ p = p->next;
+ }
+ }
+ if (
+ /* username is OK */
+ (res == OK)
+ /* password been filled out ? */
+ && ((!conf->anon_auth_mustemail) || strlen(sent_pw))
+ /* does the password look like an email address ? */
+ && ((!conf->anon_auth_verifyemail)
+ || ((strpbrk("@", sent_pw) != NULL)
+ && (strpbrk(".", sent_pw) != NULL)))) {
+ if (conf->anon_auth_logemail && ap_is_initial_req(r)) {
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r,
+ "Anonymous: Passwd <%s> Accepted",
+ sent_pw ? sent_pw : "\'none\'");
+ }
+ return OK;
+ }
+ else {
+ if (conf->anon_auth_authoritative) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_SUCCESS, r,
+ "Anonymous: Authoritative, Passwd <%s> not accepted",
+ sent_pw ? sent_pw : "\'none\'");
+ return HTTP_UNAUTHORIZED;
+ }
+ /* Drop out the bottom to return DECLINED */
+ }
+
+ return DECLINED;
+}
+
+static int check_anon_access(request_rec *r)
+{
+#ifdef NOTYET
+ conn_rec *c = r->connection;
+ anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_anon_module);
+
+ if (!conf->anon_auth) {
+ return DECLINED;
+ }
+
+ if (strcasecmp(r->connection->user, conf->anon_auth)) {
+ return DECLINED;
+ }
+
+ return OK;
+#endif
+ return DECLINED;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+ ap_hook_check_user_id(anon_authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE);
+ ap_hook_auth_checker(check_anon_access,NULL,NULL,APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA auth_anon_module =
+{
+ STANDARD20_MODULE_STUFF,
+ create_anon_auth_dir_config, /* dir config creater */
+ NULL, /* dir merger ensure strictness */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ anon_auth_cmds, /* command apr_table_t */
+ register_hooks /* register hooks */
+};
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.dsp
new file mode 100644
index 00000000..9ac81797
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.dsp
@@ -0,0 +1,128 @@
+# Microsoft Developer Studio Project File - Name="mod_auth_anon" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_auth_anon - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth_anon.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth_anon.mak" CFG="mod_auth_anon - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_auth_anon - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_auth_anon - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_auth_anon - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth_anon_src" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so /opt:ref
+
+!ELSEIF "$(CFG)" == "mod_auth_anon - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth_anon_src" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_auth_anon - Win32 Release"
+# Name "mod_auth_anon - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_auth_anon.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_auth_anon.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_auth_anon - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth_anon.so "auth_anon_module for Apache" ../../include/ap_release.h > .\mod_auth_anon.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_auth_anon - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth_anon.so "auth_anon_module for Apache" ../../include/ap_release.h > .\mod_auth_anon.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.exp
new file mode 100644
index 00000000..63282532
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.exp
@@ -0,0 +1 @@
+auth_anon_module
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.c
new file mode 100644
index 00000000..e7c2cc9a
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.c
@@ -0,0 +1,293 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * http_auth: authentication
+ *
+ * Rob McCool & Brian Behlendorf.
+ *
+ * Adapted to Apache by rst.
+ *
+ * dirkx - Added Authoritative control to allow passing on to lower
+ * modules if and only if the userid is not known to this
+ * module. A known user with a faulty or absent password still
+ * causes an AuthRequired. The default is 'Authoritative', i.e.
+ * no control is passed along.
+ */
+
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+#include "apr_strings.h"
+#include "apr_dbm.h"
+#include "apr_md5.h" /* for apr_password_validate */
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/
+
+
+typedef struct {
+ char *auth_dbmpwfile;
+ char *auth_dbmgrpfile;
+ char *auth_dbmtype;
+ int auth_dbmauthoritative;
+} dbm_auth_config_rec;
+
+static void *create_dbm_auth_dir_config(apr_pool_t *p, char *d)
+{
+ dbm_auth_config_rec *conf = apr_palloc(p, sizeof(*conf));
+
+ conf->auth_dbmpwfile = NULL;
+ conf->auth_dbmgrpfile = NULL;
+ conf->auth_dbmtype = "default";
+ conf->auth_dbmauthoritative = 1; /* fortress is secure by default */
+
+ return conf;
+}
+
+static const char *set_dbm_slot(cmd_parms *cmd, void *offset,
+ const char *f, const char *t)
+{
+ if (!t || strcmp(t, "dbm"))
+ return DECLINE_CMD;
+
+ return ap_set_file_slot(cmd, offset, f);
+}
+
+static const char *set_dbm_type(cmd_parms *cmd,
+ void *dir_config,
+ const char *arg)
+{
+ dbm_auth_config_rec *conf = dir_config;
+
+ conf->auth_dbmtype = apr_pstrdup(cmd->pool, arg);
+ return NULL;
+}
+
+static const command_rec dbm_auth_cmds[] =
+{
+ AP_INIT_TAKE1("AuthDBMUserFile", ap_set_file_slot,
+ (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmpwfile),
+ OR_AUTHCFG, "dbm database file containing user IDs and passwords"),
+ AP_INIT_TAKE1("AuthDBMGroupFile", ap_set_file_slot,
+ (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmgrpfile),
+ OR_AUTHCFG, "dbm database file containing group names and member user IDs"),
+ AP_INIT_TAKE12("AuthUserFile", set_dbm_slot,
+ (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmpwfile),
+ OR_AUTHCFG, NULL),
+ AP_INIT_TAKE12("AuthGroupFile", set_dbm_slot,
+ (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmgrpfile),
+ OR_AUTHCFG, NULL),
+ AP_INIT_TAKE1("AuthDBMType", set_dbm_type,
+ NULL,
+ OR_AUTHCFG, "what type of DBM file the user file is"),
+ AP_INIT_FLAG("AuthDBMAuthoritative", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmauthoritative),
+ OR_AUTHCFG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"),
+ {NULL}
+};
+
+module AP_MODULE_DECLARE_DATA auth_dbm_module;
+
+static char *get_dbm_pw(request_rec *r,
+ char *user,
+ char *auth_dbmpwfile,
+ char *dbtype)
+{
+ apr_dbm_t *f;
+ apr_datum_t d, q;
+ char *pw = NULL;
+ apr_status_t retval;
+ q.dptr = user;
+#ifndef NETSCAPE_DBM_COMPAT
+ q.dsize = strlen(q.dptr);
+#else
+ q.dsize = strlen(q.dptr) + 1;
+#endif
+
+ retval = apr_dbm_open_ex(&f, dbtype, auth_dbmpwfile, APR_DBM_READONLY,
+ APR_OS_DEFAULT, r->pool);
+ if (retval != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, retval, r,
+ "could not open dbm (type %s) auth file: %s", dbtype,
+ auth_dbmpwfile);
+ return NULL;
+ }
+ if (apr_dbm_fetch(f, q, &d) == APR_SUCCESS && d.dptr) {
+ pw = apr_palloc(r->pool, d.dsize + 1);
+ strncpy(pw, d.dptr, d.dsize);
+ pw[d.dsize] = '\0'; /* Terminate the string */
+ }
+
+ apr_dbm_close(f);
+ return pw;
+}
+
+/* We do something strange with the group file. If the group file
+ * contains any : we assume the format is
+ * key=username value=":"groupname [":"anything here is ignored]
+ * otherwise we now (0.8.14+) assume that the format is
+ * key=username value=groupname
+ * The first allows the password and group files to be the same
+ * physical DBM file; key=username value=password":"groupname[":"anything]
+ *
+ * mark@telescope.org, 22Sep95
+ */
+
+static char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile,
+ char *dbtype)
+{
+ char *grp_data = get_dbm_pw(r, user, auth_dbmgrpfile,dbtype);
+ char *grp_colon;
+ char *grp_colon2;
+
+ if (grp_data == NULL)
+ return NULL;
+
+ if ((grp_colon = strchr(grp_data, ':')) != NULL) {
+ grp_colon2 = strchr(++grp_colon, ':');
+ if (grp_colon2)
+ *grp_colon2 = '\0';
+ return grp_colon;
+ }
+ return grp_data;
+}
+
+static int dbm_authenticate_basic_user(request_rec *r)
+{
+ dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_dbm_module);
+ const char *sent_pw;
+ char *real_pw, *colon_pw;
+ apr_status_t invalid_pw;
+ int res;
+
+ if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
+ return res;
+
+ if (!conf->auth_dbmpwfile)
+ return DECLINED;
+
+ if (!(real_pw = get_dbm_pw(r, r->user, conf->auth_dbmpwfile,
+ conf->auth_dbmtype))) {
+ if (!(conf->auth_dbmauthoritative))
+ return DECLINED;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "DBM user %s not found: %s", r->user, r->filename);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ /* Password is up to first : if exists */
+ colon_pw = strchr(real_pw, ':');
+ if (colon_pw) {
+ *colon_pw = '\0';
+ }
+ invalid_pw = apr_password_validate(sent_pw, real_pw);
+ if (invalid_pw != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "DBM user %s: authentication failure for \"%s\": "
+ "Password Mismatch",
+ r->user, r->uri);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ return OK;
+}
+
+/* Checking ID */
+
+static int dbm_check_auth(request_rec *r)
+{
+ dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &auth_dbm_module);
+ char *user = r->user;
+ int m = r->method_number;
+
+ const apr_array_header_t *reqs_arr = ap_requires(r);
+ require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
+
+ register int x;
+ const char *t;
+ char *w;
+
+ if (!conf->auth_dbmgrpfile)
+ return DECLINED;
+ if (!reqs_arr)
+ return DECLINED;
+
+ for (x = 0; x < reqs_arr->nelts; x++) {
+
+ if (!(reqs[x].method_mask & (AP_METHOD_BIT << m)))
+ continue;
+
+ t = reqs[x].requirement;
+ w = ap_getword_white(r->pool, &t);
+
+ if (!strcmp(w, "group") && conf->auth_dbmgrpfile) {
+ const char *orig_groups, *groups;
+ char *v;
+
+ if (!(groups = get_dbm_grp(r, user, conf->auth_dbmgrpfile,
+ conf->auth_dbmtype))) {
+ if (!(conf->auth_dbmauthoritative))
+ return DECLINED;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "user %s not in DBM group file %s: %s",
+ user, conf->auth_dbmgrpfile, r->filename);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ orig_groups = groups;
+ while (t[0]) {
+ w = ap_getword_white(r->pool, &t);
+ groups = orig_groups;
+ while (groups[0]) {
+ v = ap_getword(r->pool, &groups, ',');
+ if (!strcmp(v, w))
+ return OK;
+ }
+ }
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "user %s not in right group: %s",
+ user, r->filename);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+
+ return DECLINED;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+ ap_hook_check_user_id(dbm_authenticate_basic_user, NULL, NULL,
+ APR_HOOK_MIDDLE);
+ ap_hook_auth_checker(dbm_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA auth_dbm_module =
+{
+ STANDARD20_MODULE_STUFF,
+ create_dbm_auth_dir_config, /* dir config creater */
+ NULL, /* dir merger --- default is to override */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ dbm_auth_cmds, /* command apr_table_t */
+ register_hooks /* register hooks */
+};
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.dsp
new file mode 100644
index 00000000..d55e0c9b
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.dsp
@@ -0,0 +1,128 @@
+# Microsoft Developer Studio Project File - Name="mod_auth_dbm" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_auth_dbm - Win32 Release
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth_dbm.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth_dbm.mak" CFG="mod_auth_dbm - Win32 Release"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_auth_dbm - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_auth_dbm - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_auth_dbm - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_AUTH_DBM_USE_APR" /Fd"Release\mod_auth_dbm_src" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so /opt:ref
+
+!ELSEIF "$(CFG)" == "mod_auth_dbm - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_AUTH_DBM_USE_APR" /Fd"Debug\mod_auth_dbm_src" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_auth_dbm - Win32 Release"
+# Name "mod_auth_dbm - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_auth_dbm.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_auth_dbm.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_auth_dbm - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth_dbm.so "auth_dbm_module for Apache" ../../include/ap_release.h > .\mod_auth_dbm.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_auth_dbm - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth_dbm.so "auth_dbm_module for Apache" ../../include/ap_release.h > .\mod_auth_dbm.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.exp
new file mode 100644
index 00000000..7038e804
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.exp
@@ -0,0 +1 @@
+auth_dbm_module
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.c
new file mode 100644
index 00000000..9f4c655a
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.c
@@ -0,0 +1,2108 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * mod_auth_digest: MD5 digest authentication
+ *
+ * Originally by Alexei Kosut <akosut@nueva.pvt.k12.ca.us>
+ * Updated to RFC-2617 by Ronald Tschalär <ronald@innovation.ch>
+ * based on mod_auth, by Rob McCool and Robert S. Thau
+ *
+ * This module an updated version of modules/standard/mod_digest.c
+ * It is still fairly new and problems may turn up - submit problem
+ * reports to the Apache bug-database, or send them directly to me
+ * at ronald@innovation.ch.
+ *
+ * Requires either /dev/random (or equivalent) or the truerand library,
+ * available for instance from
+ * ftp://research.att.com/dist/mab/librand.shar
+ *
+ * Open Issues:
+ * - qop=auth-int (when streams and trailer support available)
+ * - nonce-format configurability
+ * - Proxy-Authorization-Info header is set by this module, but is
+ * currently ignored by mod_proxy (needs patch to mod_proxy)
+ * - generating the secret takes a while (~ 8 seconds) if using the
+ * truerand library
+ * - The source of the secret should be run-time directive (with server
+ * scope: RSRC_CONF). However, that could be tricky when trying to
+ * choose truerand vs. file...
+ * - shared-mem not completely tested yet. Seems to work ok for me,
+ * but... (definitely won't work on Windoze)
+ * - Sharing a realm among multiple servers has following problems:
+ * o Server name and port can't be included in nonce-hash
+ * (we need two nonce formats, which must be configured explicitly)
+ * o Nonce-count check can't be for equal, or then nonce-count checking
+ * must be disabled. What we could do is the following:
+ * (expected < received) ? set expected = received : issue error
+ * The only problem is that it allows replay attacks when somebody
+ * captures a packet sent to one server and sends it to another
+ * one. Should we add "AuthDigestNcCheck Strict"?
+ * - expired nonces give amaya fits.
+ */
+
+#include "apr_sha1.h"
+#include "apr_base64.h"
+#include "apr_lib.h"
+#include "apr_time.h"
+#include "apr_errno.h"
+#include "apr_global_mutex.h"
+#include "apr_strings.h"
+
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_request.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "apr_uri.h"
+#include "util_md5.h"
+#include "apr_shm.h"
+#include "apr_rmm.h"
+
+/* Disable shmem until pools/init gets sorted out
+ * remove following two lines when fixed
+ */
+#undef APR_HAS_SHARED_MEMORY
+#define APR_HAS_SHARED_MEMORY 0
+
+/* struct to hold the configuration info */
+
+typedef struct digest_config_struct {
+ const char *dir_name;
+ const char *pwfile;
+ const char *grpfile;
+ const char *realm;
+ char **qop_list;
+ apr_sha1_ctx_t nonce_ctx;
+ apr_time_t nonce_lifetime;
+ const char *nonce_format;
+ int check_nc;
+ const char *algorithm;
+ char *uri_list;
+ const char *ha1;
+} digest_config_rec;
+
+
+#define DFLT_ALGORITHM "MD5"
+
+#define DFLT_NONCE_LIFE apr_time_from_sec(300)
+#define NEXTNONCE_DELTA apr_time_from_sec(30)
+
+
+#define NONCE_TIME_LEN (((sizeof(apr_time_t)+2)/3)*4)
+#define NONCE_HASH_LEN (2*APR_SHA1_DIGESTSIZE)
+#define NONCE_LEN (int )(NONCE_TIME_LEN + NONCE_HASH_LEN)
+
+#define SECRET_LEN 20
+
+
+/* client list definitions */
+
+typedef struct hash_entry {
+ unsigned long key; /* the key for this entry */
+ struct hash_entry *next; /* next entry in the bucket */
+ unsigned long nonce_count; /* for nonce-count checking */
+ char ha1[2*MD5_DIGESTSIZE+1]; /* for algorithm=MD5-sess */
+ char last_nonce[NONCE_LEN+1]; /* for one-time nonce's */
+} client_entry;
+
+static struct hash_table {
+ client_entry **table;
+ unsigned long tbl_len;
+ unsigned long num_entries;
+ unsigned long num_created;
+ unsigned long num_removed;
+ unsigned long num_renewed;
+} *client_list;
+
+
+/* struct to hold a parsed Authorization header */
+
+enum hdr_sts { NO_HEADER, NOT_DIGEST, INVALID, VALID };
+
+typedef struct digest_header_struct {
+ const char *scheme;
+ const char *realm;
+ const char *username;
+ char *nonce;
+ const char *uri;
+ const char *method;
+ const char *digest;
+ const char *algorithm;
+ const char *cnonce;
+ const char *opaque;
+ unsigned long opaque_num;
+ const char *message_qop;
+ const char *nonce_count;
+ /* the following fields are not (directly) from the header */
+ apr_time_t nonce_time;
+ enum hdr_sts auth_hdr_sts;
+ const char *raw_request_uri;
+ apr_uri_t *psd_request_uri;
+ int needed_auth;
+ client_entry *client;
+} digest_header_rec;
+
+
+/* (mostly) nonce stuff */
+
+typedef union time_union {
+ apr_time_t time;
+ unsigned char arr[sizeof(apr_time_t)];
+} time_rec;
+
+static unsigned char secret[SECRET_LEN];
+
+/* client-list, opaque, and one-time-nonce stuff */
+
+static apr_shm_t *client_shm = NULL;
+static apr_rmm_t *client_rmm = NULL;
+static unsigned long *opaque_cntr;
+static apr_time_t *otn_counter; /* one-time-nonce counter */
+static apr_global_mutex_t *client_lock = NULL;
+static apr_global_mutex_t *opaque_lock = NULL;
+static char client_lock_name[L_tmpnam];
+static char opaque_lock_name[L_tmpnam];
+
+#define DEF_SHMEM_SIZE 1000L /* ~ 12 entries */
+#define DEF_NUM_BUCKETS 15L
+#define HASH_DEPTH 5
+
+static long shmem_size = DEF_SHMEM_SIZE;
+static long num_buckets = DEF_NUM_BUCKETS;
+
+
+module AP_MODULE_DECLARE_DATA auth_digest_module;
+
+/*
+ * initialization code
+ */
+
+static apr_status_t cleanup_tables(void *not_used)
+{
+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
+ "Digest: cleaning up shared memory");
+ fflush(stderr);
+
+ if (client_shm) {
+ apr_shm_destroy(client_shm);
+ client_shm = NULL;
+ }
+
+ if (client_lock) {
+ apr_global_mutex_destroy(client_lock);
+ client_lock = NULL;
+ }
+
+ if (opaque_lock) {
+ apr_global_mutex_destroy(opaque_lock);
+ opaque_lock = NULL;
+ }
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t initialize_secret(server_rec *s)
+{
+ apr_status_t status;
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
+ "Digest: generating secret for digest authentication ...");
+
+#if APR_HAS_RANDOM
+ status = apr_generate_random_bytes(secret, sizeof(secret));
+#else
+#error APR random number support is missing; you probably need to install the truerand library.
+#endif
+
+ if (status != APR_SUCCESS) {
+ char buf[120];
+ ap_log_error(APLOG_MARK, APLOG_CRIT, status, s,
+ "Digest: error generating secret: %s",
+ apr_strerror(status, buf, sizeof(buf)));
+ return status;
+ }
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, "Digest: done");
+
+ return APR_SUCCESS;
+}
+
+static void log_error_and_cleanup(char *msg, apr_status_t sts, server_rec *s)
+{
+ ap_log_error(APLOG_MARK, APLOG_ERR, sts, s,
+ "Digest: %s - all nonce-count checking, one-time nonces, and "
+ "MD5-sess algorithm disabled", msg);
+
+ cleanup_tables(NULL);
+}
+
+#if APR_HAS_SHARED_MEMORY
+
+static void initialize_tables(server_rec *s, apr_pool_t *ctx)
+{
+ unsigned long idx;
+ apr_status_t sts;
+
+ /* set up client list */
+
+ sts = apr_shm_create(&client_shm, shmem_size, tmpnam(NULL), ctx);
+ if (sts != APR_SUCCESS) {
+ log_error_and_cleanup("failed to create shared memory segments", sts, s);
+ return;
+ }
+
+ client_list = apr_rmm_malloc(client_rmm, sizeof(*client_list) +
+ sizeof(client_entry*)*num_buckets);
+ if (!client_list) {
+ log_error_and_cleanup("failed to allocate shared memory", -1, s);
+ return;
+ }
+ client_list->table = (client_entry**) (client_list + 1);
+ for (idx = 0; idx < num_buckets; idx++) {
+ client_list->table[idx] = NULL;
+ }
+ client_list->tbl_len = num_buckets;
+ client_list->num_entries = 0;
+
+ tmpnam(client_lock_name);
+ /* FIXME: get the client_lock_name from a directive so we're portable
+ * to non-process-inheriting operating systems, like Win32. */
+ sts = apr_global_mutex_create(&client_lock, client_lock_name,
+ APR_LOCK_DEFAULT, ctx);
+ if (sts != APR_SUCCESS) {
+ log_error_and_cleanup("failed to create lock (client_lock)", sts, s);
+ return;
+ }
+
+
+ /* setup opaque */
+
+ opaque_cntr = apr_rmm_malloc(client_rmm, sizeof(*opaque_cntr));
+ if (opaque_cntr == NULL) {
+ log_error_and_cleanup("failed to allocate shared memory", -1, s);
+ return;
+ }
+ *opaque_cntr = 1UL;
+
+ tmpnam(opaque_lock_name);
+ /* FIXME: get the opaque_lock_name from a directive so we're portable
+ * to non-process-inheriting operating systems, like Win32. */
+ sts = apr_global_mutex_create(&opaque_lock, opaque_lock_name,
+ APR_LOCK_DEFAULT, ctx);
+ if (sts != APR_SUCCESS) {
+ log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s);
+ return;
+ }
+
+
+ /* setup one-time-nonce counter */
+
+ otn_counter = apr_rmm_malloc(client_rmm, sizeof(*otn_counter));
+ if (otn_counter == NULL) {
+ log_error_and_cleanup("failed to allocate shared memory", -1, s);
+ return;
+ }
+ *otn_counter = 0;
+ /* no lock here */
+
+
+ /* success */
+ return;
+}
+
+#endif /* APR_HAS_SHARED_MEMORY */
+
+
+static int initialize_module(apr_pool_t *p, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *s)
+{
+ void *data;
+ const char *userdata_key = "auth_digest_init";
+
+ /* initialize_module() will be called twice, and if it's a DSO
+ * then all static data from the first call will be lost. Only
+ * set up our static data on the second call. */
+ apr_pool_userdata_get(&data, userdata_key, s->process->pool);
+ if (!data) {
+ apr_pool_userdata_set((const void *)1, userdata_key,
+ apr_pool_cleanup_null, s->process->pool);
+ return OK;
+ }
+ if (initialize_secret(s) != APR_SUCCESS) {
+ return !OK;
+ }
+
+#if APR_HAS_SHARED_MEMORY
+ /* Note: this stuff is currently fixed for the lifetime of the server,
+ * i.e. even across restarts. This means that A) any shmem-size
+ * configuration changes are ignored, and B) certain optimizations,
+ * such as only allocating the smallest necessary entry for each
+ * client, can't be done. However, the alternative is a nightmare:
+ * we can't call apr_shm_destroy on a graceful restart because there
+ * will be children using the tables, and we also don't know when the
+ * last child dies. Therefore we can never clean up the old stuff,
+ * creating a creeping memory leak.
+ */
+ initialize_tables(s, p);
+ apr_pool_cleanup_register(p, NULL, cleanup_tables, apr_pool_cleanup_null);
+#endif /* APR_HAS_SHARED_MEMORY */
+ return OK;
+}
+
+static void initialize_child(apr_pool_t *p, server_rec *s)
+{
+ apr_status_t sts;
+
+ if (!client_shm) {
+ return;
+ }
+
+ /* FIXME: get the client_lock_name from a directive so we're portable
+ * to non-process-inheriting operating systems, like Win32. */
+ sts = apr_global_mutex_child_init(&client_lock, client_lock_name, p);
+ if (sts != APR_SUCCESS) {
+ log_error_and_cleanup("failed to create lock (client_lock)", sts, s);
+ return;
+ }
+ /* FIXME: get the opaque_lock_name from a directive so we're portable
+ * to non-process-inheriting operating systems, like Win32. */
+ sts = apr_global_mutex_child_init(&opaque_lock, opaque_lock_name, p);
+ if (sts != APR_SUCCESS) {
+ log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s);
+ return;
+ }
+}
+
+/*
+ * configuration code
+ */
+
+static void *create_digest_dir_config(apr_pool_t *p, char *dir)
+{
+ digest_config_rec *conf;
+
+ if (dir == NULL) {
+ return NULL;
+ }
+
+ conf = (digest_config_rec *) apr_pcalloc(p, sizeof(digest_config_rec));
+ if (conf) {
+ conf->qop_list = apr_palloc(p, sizeof(char*));
+ conf->qop_list[0] = NULL;
+ conf->nonce_lifetime = DFLT_NONCE_LIFE;
+ conf->dir_name = apr_pstrdup(p, dir);
+ conf->algorithm = DFLT_ALGORITHM;
+ }
+
+ return conf;
+}
+
+static const char *set_realm(cmd_parms *cmd, void *config, const char *realm)
+{
+ digest_config_rec *conf = (digest_config_rec *) config;
+
+ /* The core already handles the realm, but it's just too convenient to
+ * grab it ourselves too and cache some setups. However, we need to
+ * let the core get at it too, which is why we decline at the end -
+ * this relies on the fact that http_core is last in the list.
+ */
+ conf->realm = realm;
+
+ /* we precompute the part of the nonce hash that is constant (well,
+ * the host:port would be too, but that varies for .htaccess files
+ * and directives outside a virtual host section)
+ */
+ apr_sha1_init(&conf->nonce_ctx);
+ apr_sha1_update_binary(&conf->nonce_ctx, secret, sizeof(secret));
+ apr_sha1_update_binary(&conf->nonce_ctx, (const unsigned char *) realm,
+ strlen(realm));
+
+ return DECLINE_CMD;
+}
+
+static const char *set_digest_file(cmd_parms *cmd, void *config,
+ const char *file)
+{
+ ((digest_config_rec *) config)->pwfile = file;
+ return NULL;
+}
+
+static const char *set_group_file(cmd_parms *cmd, void *config,
+ const char *file)
+{
+ ((digest_config_rec *) config)->grpfile = file;
+ return NULL;
+}
+
+static const char *set_qop(cmd_parms *cmd, void *config, const char *op)
+{
+ digest_config_rec *conf = (digest_config_rec *) config;
+ char **tmp;
+ int cnt;
+
+ if (!strcasecmp(op, "none")) {
+ if (conf->qop_list[0] == NULL) {
+ conf->qop_list = apr_palloc(cmd->pool, 2 * sizeof(char*));
+ conf->qop_list[1] = NULL;
+ }
+ conf->qop_list[0] = "none";
+ return NULL;
+ }
+
+ if (!strcasecmp(op, "auth-int")) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server,
+ "Digest: WARNING: qop `auth-int' currently only works "
+ "correctly for responses with no entity");
+ }
+ else if (strcasecmp(op, "auth")) {
+ return apr_pstrcat(cmd->pool, "Unrecognized qop: ", op, NULL);
+ }
+
+ for (cnt = 0; conf->qop_list[cnt] != NULL; cnt++)
+ ;
+
+ tmp = apr_palloc(cmd->pool, (cnt + 2) * sizeof(char*));
+ memcpy(tmp, conf->qop_list, cnt*sizeof(char*));
+ tmp[cnt] = apr_pstrdup(cmd->pool, op);
+ tmp[cnt+1] = NULL;
+ conf->qop_list = tmp;
+
+ return NULL;
+}
+
+static const char *set_nonce_lifetime(cmd_parms *cmd, void *config,
+ const char *t)
+{
+ char *endptr;
+ long lifetime;
+
+ lifetime = strtol(t, &endptr, 10);
+ if (endptr < (t+strlen(t)) && !apr_isspace(*endptr)) {
+ return apr_pstrcat(cmd->pool,
+ "Invalid time in AuthDigestNonceLifetime: ",
+ t, NULL);
+ }
+
+ ((digest_config_rec *) config)->nonce_lifetime = apr_time_from_sec(lifetime);
+ return NULL;
+}
+
+static const char *set_nonce_format(cmd_parms *cmd, void *config,
+ const char *fmt)
+{
+ ((digest_config_rec *) config)->nonce_format = fmt;
+ return "AuthDigestNonceFormat is not implemented (yet)";
+}
+
+static const char *set_nc_check(cmd_parms *cmd, void *config, int flag)
+{
+ if (flag && !client_shm)
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
+ cmd->server, "Digest: WARNING: nonce-count checking "
+ "is not supported on platforms without shared-memory "
+ "support - disabling check");
+
+ ((digest_config_rec *) config)->check_nc = flag;
+ return NULL;
+}
+
+static const char *set_algorithm(cmd_parms *cmd, void *config, const char *alg)
+{
+ if (!strcasecmp(alg, "MD5-sess")) {
+ if (!client_shm) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
+ cmd->server, "Digest: WARNING: algorithm `MD5-sess' "
+ "is not supported on platforms without shared-memory "
+ "support - reverting to MD5");
+ alg = "MD5";
+ }
+ }
+ else if (strcasecmp(alg, "MD5")) {
+ return apr_pstrcat(cmd->pool, "Invalid algorithm in AuthDigestAlgorithm: ", alg, NULL);
+ }
+
+ ((digest_config_rec *) config)->algorithm = alg;
+ return NULL;
+}
+
+static const char *set_uri_list(cmd_parms *cmd, void *config, const char *uri)
+{
+ digest_config_rec *c = (digest_config_rec *) config;
+ if (c->uri_list) {
+ c->uri_list[strlen(c->uri_list)-1] = '\0';
+ c->uri_list = apr_pstrcat(cmd->pool, c->uri_list, " ", uri, "\"", NULL);
+ }
+ else {
+ c->uri_list = apr_pstrcat(cmd->pool, ", domain=\"", uri, "\"", NULL);
+ }
+ return NULL;
+}
+
+static const char *set_shmem_size(cmd_parms *cmd, void *config,
+ const char *size_str)
+{
+ char *endptr;
+ long size, min;
+
+ size = strtol(size_str, &endptr, 10);
+ while (apr_isspace(*endptr)) endptr++;
+ if (*endptr == '\0' || *endptr == 'b' || *endptr == 'B') {
+ ;
+ }
+ else if (*endptr == 'k' || *endptr == 'K') {
+ size *= 1024;
+ }
+ else if (*endptr == 'm' || *endptr == 'M') {
+ size *= 1048576;
+ }
+ else {
+ return apr_pstrcat(cmd->pool, "Invalid size in AuthDigestShmemSize: ",
+ size_str, NULL);
+ }
+
+ min = sizeof(*client_list) + sizeof(client_entry*) + sizeof(client_entry);
+ if (size < min) {
+ return apr_psprintf(cmd->pool, "size in AuthDigestShmemSize too small: "
+ "%ld < %ld", size, min);
+ }
+
+ shmem_size = size;
+ num_buckets = (size - sizeof(*client_list)) /
+ (sizeof(client_entry*) + HASH_DEPTH * sizeof(client_entry));
+ if (num_buckets == 0) {
+ num_buckets = 1;
+ }
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server,
+ "Digest: Set shmem-size: %ld, num-buckets: %ld", shmem_size,
+ num_buckets);
+
+ return NULL;
+}
+
+static const command_rec digest_cmds[] =
+{
+ AP_INIT_TAKE1("AuthName", set_realm, NULL, OR_AUTHCFG,
+ "The authentication realm (e.g. \"Members Only\")"),
+ AP_INIT_TAKE1("AuthDigestFile", set_digest_file, NULL, OR_AUTHCFG,
+ "The name of the file containing the usernames and password hashes"),
+ AP_INIT_TAKE1("AuthDigestGroupFile", set_group_file, NULL, OR_AUTHCFG,
+ "The name of the file containing the group names and members"),
+ AP_INIT_ITERATE("AuthDigestQop", set_qop, NULL, OR_AUTHCFG,
+ "A list of quality-of-protection options"),
+ AP_INIT_TAKE1("AuthDigestNonceLifetime", set_nonce_lifetime, NULL, OR_AUTHCFG,
+ "Maximum lifetime of the server nonce (seconds)"),
+ AP_INIT_TAKE1("AuthDigestNonceFormat", set_nonce_format, NULL, OR_AUTHCFG,
+ "The format to use when generating the server nonce"),
+ AP_INIT_FLAG("AuthDigestNcCheck", set_nc_check, NULL, OR_AUTHCFG,
+ "Whether or not to check the nonce-count sent by the client"),
+ AP_INIT_TAKE1("AuthDigestAlgorithm", set_algorithm, NULL, OR_AUTHCFG,
+ "The algorithm used for the hash calculation"),
+ AP_INIT_ITERATE("AuthDigestDomain", set_uri_list, NULL, OR_AUTHCFG,
+ "A list of URI's which belong to the same protection space as the current URI"),
+ AP_INIT_TAKE1("AuthDigestShmemSize", set_shmem_size, NULL, RSRC_CONF,
+ "The amount of shared memory to allocate for keeping track of clients"),
+ {NULL}
+};
+
+
+/*
+ * client list code
+ *
+ * Each client is assigned a number, which is transfered in the opaque
+ * field of the WWW-Authenticate and Authorization headers. The number
+ * is just a simple counter which is incremented for each new client.
+ * Clients can't forge this number because it is hashed up into the
+ * server nonce, and that is checked.
+ *
+ * The clients are kept in a simple hash table, which consists of an
+ * array of client_entry's, each with a linked list of entries hanging
+ * off it. The client's number modulo the size of the array gives the
+ * bucket number.
+ *
+ * The clients are garbage collected whenever a new client is allocated
+ * but there is not enough space left in the shared memory segment. A
+ * simple semi-LRU is used for this: whenever a client entry is accessed
+ * it is moved to the beginning of the linked list in its bucket (this
+ * also makes for faster lookups for current clients). The garbage
+ * collecter then just removes the oldest entry (i.e. the one at the
+ * end of the list) in each bucket.
+ *
+ * The main advantages of the above scheme are that it's easy to implement
+ * and it keeps the hash table evenly balanced (i.e. same number of entries
+ * in each bucket). The major disadvantage is that you may be throwing
+ * entries out which are in active use. This is not tragic, as these
+ * clients will just be sent a new client id (opaque field) and nonce
+ * with a stale=true (i.e. it will just look like the nonce expired,
+ * thereby forcing an extra round trip). If the shared memory segment
+ * has enough headroom over the current client set size then this should
+ * not occur too often.
+ *
+ * To help tune the size of the shared memory segment (and see if the
+ * above algorithm is really sufficient) a set of counters is kept
+ * indicating the number of clients held, the number of garbage collected
+ * clients, and the number of erroneously purged clients. These are printed
+ * out at each garbage collection run. Note that access to the counters is
+ * not synchronized because they are just indicaters, and whether they are
+ * off by a few doesn't matter; and for the same reason no attempt is made
+ * to guarantee the num_renewed is correct in the face of clients spoofing
+ * the opaque field.
+ */
+
+/*
+ * Get the client given its client number (the key). Returns the entry,
+ * or NULL if it's not found.
+ *
+ * Access to the list itself is synchronized via locks. However, access
+ * to the entry returned by get_client() is NOT synchronized. This means
+ * that there are potentially problems if a client uses multiple,
+ * simultaneous connections to access url's within the same protection
+ * space. However, these problems are not new: when using multiple
+ * connections you have no guarantee of the order the requests are
+ * processed anyway, so you have problems with the nonce-count and
+ * one-time nonces anyway.
+ */
+static client_entry *get_client(unsigned long key, const request_rec *r)
+{
+ int bucket;
+ client_entry *entry, *prev = NULL;
+
+
+ if (!key || !client_shm) return NULL;
+
+ bucket = key % client_list->tbl_len;
+ entry = client_list->table[bucket];
+
+ apr_global_mutex_lock(client_lock);
+
+ while (entry && key != entry->key) {
+ prev = entry;
+ entry = entry->next;
+ }
+
+ if (entry && prev) { /* move entry to front of list */
+ prev->next = entry->next;
+ entry->next = client_list->table[bucket];
+ client_list->table[bucket] = entry;
+ }
+
+ apr_global_mutex_unlock(client_lock);
+
+ if (entry) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "get_client(): client %lu found", key);
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "get_client(): client %lu not found", key);
+ }
+
+ return entry;
+}
+
+
+/* A simple garbage-collecter to remove unused clients. It removes the
+ * last entry in each bucket and updates the counters. Returns the
+ * number of removed entries.
+ */
+static long gc(void)
+{
+ client_entry *entry, *prev;
+ unsigned long num_removed = 0, idx;
+
+ /* garbage collect all last entries */
+
+ for (idx = 0; idx < client_list->tbl_len; idx++) {
+ entry = client_list->table[idx];
+ prev = NULL;
+ while (entry->next) { /* find last entry */
+ prev = entry;
+ entry = entry->next;
+ }
+ if (prev) {
+ prev->next = NULL; /* cut list */
+ }
+ else {
+ client_list->table[idx] = NULL;
+ }
+ if (entry) { /* remove entry */
+ apr_rmm_free(client_rmm, (apr_rmm_off_t)entry);
+ num_removed++;
+ }
+ }
+
+ /* update counters and log */
+
+ client_list->num_entries -= num_removed;
+ client_list->num_removed += num_removed;
+
+ return num_removed;
+}
+
+
+/*
+ * Add a new client to the list. Returns the entry if successful, NULL
+ * otherwise. This triggers the garbage collection if memory is low.
+ */
+static client_entry *add_client(unsigned long key, client_entry *info,
+ server_rec *s)
+{
+ int bucket;
+ client_entry *entry;
+
+
+ if (!key || !client_shm) {
+ return NULL;
+ }
+
+ bucket = key % client_list->tbl_len;
+ entry = client_list->table[bucket];
+
+ apr_global_mutex_lock(client_lock);
+
+ /* try to allocate a new entry */
+
+ entry = (client_entry *)apr_rmm_malloc(client_rmm, sizeof(client_entry));
+ if (!entry) {
+ long num_removed = gc();
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "Digest: gc'd %ld client entries. Total new clients: "
+ "%ld; Total removed clients: %ld; Total renewed clients: "
+ "%ld", num_removed,
+ client_list->num_created - client_list->num_renewed,
+ client_list->num_removed, client_list->num_renewed);
+ entry = (client_entry *)apr_rmm_malloc(client_rmm, sizeof(client_entry));
+ if (!entry) {
+ return NULL; /* give up */
+ }
+ }
+
+ /* now add the entry */
+
+ memcpy(entry, info, sizeof(client_entry));
+ entry->key = key;
+ entry->next = client_list->table[bucket];
+ client_list->table[bucket] = entry;
+ client_list->num_created++;
+ client_list->num_entries++;
+
+ apr_global_mutex_unlock(client_lock);
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ "allocated new client %lu", key);
+
+ return entry;
+}
+
+
+/*
+ * Authorization header parser code
+ */
+
+/* Parse the Authorization header, if it exists */
+static int get_digest_rec(request_rec *r, digest_header_rec *resp)
+{
+ const char *auth_line;
+ apr_size_t l;
+ int vk = 0, vv = 0;
+ char *key, *value;
+
+ auth_line = apr_table_get(r->headers_in,
+ (PROXYREQ_PROXY == r->proxyreq)
+ ? "Proxy-Authorization"
+ : "Authorization");
+ if (!auth_line) {
+ resp->auth_hdr_sts = NO_HEADER;
+ return !OK;
+ }
+
+ resp->scheme = ap_getword_white(r->pool, &auth_line);
+ if (strcasecmp(resp->scheme, "Digest")) {
+ resp->auth_hdr_sts = NOT_DIGEST;
+ return !OK;
+ }
+
+ l = strlen(auth_line);
+
+ key = apr_palloc(r->pool, l+1);
+ value = apr_palloc(r->pool, l+1);
+
+ while (auth_line[0] != '\0') {
+
+ /* find key */
+
+ while (apr_isspace(auth_line[0])) {
+ auth_line++;
+ }
+ vk = 0;
+ while (auth_line[0] != '=' && auth_line[0] != ','
+ && auth_line[0] != '\0' && !apr_isspace(auth_line[0])) {
+ key[vk++] = *auth_line++;
+ }
+ key[vk] = '\0';
+ while (apr_isspace(auth_line[0])) {
+ auth_line++;
+ }
+
+ /* find value */
+
+ if (auth_line[0] == '=') {
+ auth_line++;
+ while (apr_isspace(auth_line[0])) {
+ auth_line++;
+ }
+
+ vv = 0;
+ if (auth_line[0] == '\"') { /* quoted string */
+ auth_line++;
+ while (auth_line[0] != '\"' && auth_line[0] != '\0') {
+ if (auth_line[0] == '\\' && auth_line[1] != '\0') {
+ auth_line++; /* escaped char */
+ }
+ value[vv++] = *auth_line++;
+ }
+ if (auth_line[0] != '\0') {
+ auth_line++;
+ }
+ }
+ else { /* token */
+ while (auth_line[0] != ',' && auth_line[0] != '\0'
+ && !apr_isspace(auth_line[0])) {
+ value[vv++] = *auth_line++;
+ }
+ }
+ value[vv] = '\0';
+ }
+
+ while (auth_line[0] != ',' && auth_line[0] != '\0') {
+ auth_line++;
+ }
+ if (auth_line[0] != '\0') {
+ auth_line++;
+ }
+
+ if (!strcasecmp(key, "username"))
+ resp->username = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "realm"))
+ resp->realm = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "nonce"))
+ resp->nonce = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "uri"))
+ resp->uri = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "response"))
+ resp->digest = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "algorithm"))
+ resp->algorithm = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "cnonce"))
+ resp->cnonce = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "opaque"))
+ resp->opaque = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "qop"))
+ resp->message_qop = apr_pstrdup(r->pool, value);
+ else if (!strcasecmp(key, "nc"))
+ resp->nonce_count = apr_pstrdup(r->pool, value);
+ }
+
+ if (!resp->username || !resp->realm || !resp->nonce || !resp->uri
+ || !resp->digest
+ || (resp->message_qop && (!resp->cnonce || !resp->nonce_count))) {
+ resp->auth_hdr_sts = INVALID;
+ return !OK;
+ }
+
+ if (resp->opaque) {
+ resp->opaque_num = (unsigned long) strtol(resp->opaque, NULL, 16);
+ }
+
+ resp->auth_hdr_sts = VALID;
+ return OK;
+}
+
+
+/* Because the browser may preemptively send auth info, incrementing the
+ * nonce-count when it does, and because the client does not get notified
+ * if the URI didn't need authentication after all, we need to be sure to
+ * update the nonce-count each time we receive an Authorization header no
+ * matter what the final outcome of the request. Furthermore this is a
+ * convenient place to get the request-uri (before any subrequests etc
+ * are initiated) and to initialize the request_config.
+ *
+ * Note that this must be called after mod_proxy had its go so that
+ * r->proxyreq is set correctly.
+ */
+static int parse_hdr_and_update_nc(request_rec *r)
+{
+ digest_header_rec *resp;
+ int res;
+
+ if (!ap_is_initial_req(r)) {
+ return DECLINED;
+ }
+
+ resp = apr_pcalloc(r->pool, sizeof(digest_header_rec));
+ resp->raw_request_uri = r->unparsed_uri;
+ resp->psd_request_uri = &r->parsed_uri;
+ resp->needed_auth = 0;
+ resp->method = r->method;
+ ap_set_module_config(r->request_config, &auth_digest_module, resp);
+
+ res = get_digest_rec(r, resp);
+ resp->client = get_client(resp->opaque_num, r);
+ if (res == OK && resp->client) {
+ resp->client->nonce_count++;
+ }
+
+ return DECLINED;
+}
+
+
+/*
+ * Nonce generation code
+ */
+
+/* The hash part of the nonce is a SHA-1 hash of the time, realm, server host
+ * and port, opaque, and our secret.
+ */
+static void gen_nonce_hash(char *hash, const char *timestr, const char *opaque,
+ const server_rec *server,
+ const digest_config_rec *conf)
+{
+ const char *hex = "0123456789abcdef";
+ unsigned char sha1[APR_SHA1_DIGESTSIZE];
+ apr_sha1_ctx_t ctx;
+ int idx;
+
+ memcpy(&ctx, &conf->nonce_ctx, sizeof(ctx));
+ /*
+ apr_sha1_update_binary(&ctx, (const unsigned char *) server->server_hostname,
+ strlen(server->server_hostname));
+ apr_sha1_update_binary(&ctx, (const unsigned char *) &server->port,
+ sizeof(server->port));
+ */
+ apr_sha1_update_binary(&ctx, (const unsigned char *) timestr, strlen(timestr));
+ if (opaque) {
+ apr_sha1_update_binary(&ctx, (const unsigned char *) opaque,
+ strlen(opaque));
+ }
+ apr_sha1_final(sha1, &ctx);
+
+ for (idx=0; idx<APR_SHA1_DIGESTSIZE; idx++) {
+ *hash++ = hex[sha1[idx] >> 4];
+ *hash++ = hex[sha1[idx] & 0xF];
+ }
+
+ *hash++ = '\0';
+}
+
+
+/* The nonce has the format b64(time)+hash .
+ */
+static const char *gen_nonce(apr_pool_t *p, apr_time_t now, const char *opaque,
+ const server_rec *server,
+ const digest_config_rec *conf)
+{
+ char *nonce = apr_palloc(p, NONCE_LEN+1);
+ int len;
+ time_rec t;
+
+ if (conf->nonce_lifetime != 0) {
+ t.time = now;
+ }
+ else if (otn_counter) {
+ /* this counter is not synch'd, because it doesn't really matter
+ * if it counts exactly.
+ */
+ t.time = (*otn_counter)++;
+ }
+ else {
+ /* XXX: WHAT IS THIS CONSTANT? */
+ t.time = 42;
+ }
+ len = apr_base64_encode_binary(nonce, t.arr, sizeof(t.arr));
+ gen_nonce_hash(nonce+NONCE_TIME_LEN, nonce, opaque, server, conf);
+
+ return nonce;
+}
+
+
+/*
+ * Opaque and hash-table management
+ */
+
+/*
+ * Generate a new client entry, add it to the list, and return the
+ * entry. Returns NULL if failed.
+ */
+static client_entry *gen_client(const request_rec *r)
+{
+ unsigned long op;
+ client_entry new_entry = { 0, NULL, 0, "", "" }, *entry;
+
+ if (!opaque_cntr) {
+ return NULL;
+ }
+
+ apr_global_mutex_lock(opaque_lock);
+ op = (*opaque_cntr)++;
+ apr_global_mutex_lock(opaque_lock);
+
+ if (!(entry = add_client(op, &new_entry, r->server))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: failed to allocate client entry - ignoring "
+ "client");
+ return NULL;
+ }
+
+ return entry;
+}
+
+
+/*
+ * MD5-sess code.
+ *
+ * If you want to use algorithm=MD5-sess you must write get_userpw_hash()
+ * yourself (see below). The dummy provided here just uses the hash from
+ * the auth-file, i.e. it is only useful for testing client implementations
+ * of MD5-sess .
+ */
+
+/*
+ * get_userpw_hash() will be called each time a new session needs to be
+ * generated and is expected to return the equivalent of
+ *
+ * h_urp = ap_md5(r->pool,
+ * apr_pstrcat(r->pool, username, ":", ap_auth_name(r), ":", passwd))
+ * ap_md5(r->pool,
+ * (unsigned char *) apr_pstrcat(r->pool, h_urp, ":", resp->nonce, ":",
+ * resp->cnonce, NULL));
+ *
+ * or put differently, it must return
+ *
+ * MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce)
+ *
+ * If something goes wrong, the failure must be logged and NULL returned.
+ *
+ * You must implement this yourself, which will probably consist of code
+ * contacting the password server with the necessary information (typically
+ * the username, realm, nonce, and cnonce) and receiving the hash from it.
+ *
+ * TBD: This function should probably be in a seperate source file so that
+ * people need not modify mod_auth_digest.c each time they install a new
+ * version of apache.
+ */
+static const char *get_userpw_hash(const request_rec *r,
+ const digest_header_rec *resp,
+ const digest_config_rec *conf)
+{
+ return ap_md5(r->pool,
+ (unsigned char *) apr_pstrcat(r->pool, conf->ha1, ":", resp->nonce,
+ ":", resp->cnonce, NULL));
+}
+
+
+/* Retrieve current session H(A1). If there is none and "generate" is
+ * true then a new session for MD5-sess is generated and stored in the
+ * client struct; if generate is false, or a new session could not be
+ * generated then NULL is returned (in case of failure to generate the
+ * failure reason will have been logged already).
+ */
+static const char *get_session_HA1(const request_rec *r,
+ digest_header_rec *resp,
+ const digest_config_rec *conf,
+ int generate)
+{
+ const char *ha1 = NULL;
+
+ /* return the current sessions if there is one */
+ if (resp->opaque && resp->client && resp->client->ha1[0]) {
+ return resp->client->ha1;
+ }
+ else if (!generate) {
+ return NULL;
+ }
+
+ /* generate a new session */
+ if (!resp->client) {
+ resp->client = gen_client(r);
+ }
+ if (resp->client) {
+ ha1 = get_userpw_hash(r, resp, conf);
+ if (ha1) {
+ memcpy(resp->client->ha1, ha1, sizeof(resp->client->ha1));
+ }
+ }
+
+ return ha1;
+}
+
+
+static void clear_session(const digest_header_rec *resp)
+{
+ if (resp->client) {
+ resp->client->ha1[0] = '\0';
+ }
+}
+
+/*
+ * Authorization challenge generation code (for WWW-Authenticate)
+ */
+
+static const char *ltox(apr_pool_t *p, unsigned long num)
+{
+ if (num != 0) {
+ return apr_psprintf(p, "%lx", num);
+ }
+ else {
+ return "";
+ }
+}
+
+static void note_digest_auth_failure(request_rec *r,
+ const digest_config_rec *conf,
+ digest_header_rec *resp, int stale)
+{
+ const char *qop, *opaque, *opaque_param, *domain, *nonce;
+ int cnt;
+
+ /* Setup qop */
+
+ if (conf->qop_list[0] == NULL) {
+ qop = ", qop=\"auth\"";
+ }
+ else if (!strcasecmp(conf->qop_list[0], "none")) {
+ qop = "";
+ }
+ else {
+ qop = apr_pstrcat(r->pool, ", qop=\"", conf->qop_list[0], NULL);
+ for (cnt = 1; conf->qop_list[cnt] != NULL; cnt++) {
+ qop = apr_pstrcat(r->pool, qop, ",", conf->qop_list[cnt], NULL);
+ }
+ qop = apr_pstrcat(r->pool, qop, "\"", NULL);
+ }
+
+ /* Setup opaque */
+
+ if (resp->opaque == NULL) {
+ /* new client */
+ if ((conf->check_nc || conf->nonce_lifetime == 0
+ || !strcasecmp(conf->algorithm, "MD5-sess"))
+ && (resp->client = gen_client(r)) != NULL) {
+ opaque = ltox(r->pool, resp->client->key);
+ }
+ else {
+ opaque = ""; /* opaque not needed */
+ }
+ }
+ else if (resp->client == NULL) {
+ /* client info was gc'd */
+ resp->client = gen_client(r);
+ if (resp->client != NULL) {
+ opaque = ltox(r->pool, resp->client->key);
+ stale = 1;
+ client_list->num_renewed++;
+ }
+ else {
+ opaque = ""; /* ??? */
+ }
+ }
+ else {
+ opaque = resp->opaque;
+ /* we're generating a new nonce, so reset the nonce-count */
+ resp->client->nonce_count = 0;
+ }
+
+ if (opaque[0]) {
+ opaque_param = apr_pstrcat(r->pool, ", opaque=\"", opaque, "\"", NULL);
+ }
+ else {
+ opaque_param = NULL;
+ }
+
+ /* Setup nonce */
+
+ nonce = gen_nonce(r->pool, r->request_time, opaque, r->server, conf);
+ if (resp->client && conf->nonce_lifetime == 0) {
+ memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);
+ }
+
+ /* Setup MD5-sess stuff. Note that we just clear out the session
+ * info here, since we can't generate a new session until the request
+ * from the client comes in with the cnonce.
+ */
+
+ if (!strcasecmp(conf->algorithm, "MD5-sess")) {
+ clear_session(resp);
+ }
+
+ /* setup domain attribute. We want to send this attribute wherever
+ * possible so that the client won't send the Authorization header
+ * unneccessarily (it's usually > 200 bytes!).
+ */
+
+ /* don't send domain
+ * - for proxy requests
+ * - if it's no specified
+ */
+ if (r->proxyreq || !conf->uri_list) {
+ domain = NULL;
+ }
+ else {
+ domain = conf->uri_list;
+ }
+
+ apr_table_mergen(r->err_headers_out,
+ (PROXYREQ_PROXY == r->proxyreq)
+ ? "Proxy-Authenticate" : "WWW-Authenticate",
+ apr_psprintf(r->pool, "Digest realm=\"%s\", "
+ "nonce=\"%s\", algorithm=%s%s%s%s%s",
+ ap_auth_name(r), nonce, conf->algorithm,
+ opaque_param ? opaque_param : "",
+ domain ? domain : "",
+ stale ? ", stale=true" : "", qop));
+
+}
+
+
+/*
+ * Authorization header verification code
+ */
+
+static const char *get_hash(request_rec *r, const char *user,
+ const char *realm, const char *auth_pwfile)
+{
+ ap_configfile_t *f;
+ char l[MAX_STRING_LEN];
+ const char *rpw;
+ char *w, *x;
+ apr_status_t sts;
+
+ if ((sts = ap_pcfg_openfile(&f, r->pool, auth_pwfile)) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, sts, r,
+ "Digest: Could not open password file: %s", auth_pwfile);
+ return NULL;
+ }
+ while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
+ if ((l[0] == '#') || (!l[0])) {
+ continue;
+ }
+ rpw = l;
+ w = ap_getword(r->pool, &rpw, ':');
+ x = ap_getword(r->pool, &rpw, ':');
+
+ if (x && w && !strcmp(user, w) && !strcmp(realm, x)) {
+ ap_cfg_closefile(f);
+ return apr_pstrdup(r->pool, rpw);
+ }
+ }
+ ap_cfg_closefile(f);
+ return NULL;
+}
+
+static int check_nc(const request_rec *r, const digest_header_rec *resp,
+ const digest_config_rec *conf)
+{
+ unsigned long nc;
+ const char *snc = resp->nonce_count;
+ char *endptr;
+
+ if (!conf->check_nc || !client_shm) {
+ return OK;
+ }
+
+ nc = strtol(snc, &endptr, 16);
+ if (endptr < (snc+strlen(snc)) && !apr_isspace(*endptr)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: invalid nc %s received - not a number", snc);
+ return !OK;
+ }
+
+ if (!resp->client) {
+ return !OK;
+ }
+
+ if (nc != resp->client->nonce_count) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: Warning, possible replay attack: nonce-count "
+ "check failed: %lu != %lu", nc,
+ resp->client->nonce_count);
+ return !OK;
+ }
+
+ return OK;
+}
+
+static int check_nonce(request_rec *r, digest_header_rec *resp,
+ const digest_config_rec *conf)
+{
+ apr_time_t dt;
+ int len;
+ time_rec nonce_time;
+ char tmp, hash[NONCE_HASH_LEN+1];
+
+ if (strlen(resp->nonce) != NONCE_LEN) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: invalid nonce %s received - length is not %d",
+ resp->nonce, NONCE_LEN);
+ note_digest_auth_failure(r, conf, resp, 1);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ tmp = resp->nonce[NONCE_TIME_LEN];
+ resp->nonce[NONCE_TIME_LEN] = '\0';
+ len = apr_base64_decode_binary(nonce_time.arr, resp->nonce);
+ gen_nonce_hash(hash, resp->nonce, resp->opaque, r->server, conf);
+ resp->nonce[NONCE_TIME_LEN] = tmp;
+ resp->nonce_time = nonce_time.time;
+
+ if (strcmp(hash, resp->nonce+NONCE_TIME_LEN)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: invalid nonce %s received - hash is not %s",
+ resp->nonce, hash);
+ note_digest_auth_failure(r, conf, resp, 1);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ dt = r->request_time - nonce_time.time;
+ if (conf->nonce_lifetime > 0 && dt < 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: invalid nonce %s received - user attempted "
+ "time travel", resp->nonce);
+ note_digest_auth_failure(r, conf, resp, 1);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ if (conf->nonce_lifetime > 0) {
+ if (dt > conf->nonce_lifetime) {
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,r,
+ "Digest: user %s: nonce expired (%.2f seconds old "
+ "- max lifetime %.2f) - sending new nonce",
+ r->user, (double)apr_time_sec(dt),
+ (double)apr_time_sec(conf->nonce_lifetime));
+ note_digest_auth_failure(r, conf, resp, 1);
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+ else if (conf->nonce_lifetime == 0 && resp->client) {
+ if (memcmp(resp->client->last_nonce, resp->nonce, NONCE_LEN)) {
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+ "Digest: user %s: one-time-nonce mismatch - sending "
+ "new nonce", r->user);
+ note_digest_auth_failure(r, conf, resp, 1);
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+ /* else (lifetime < 0) => never expires */
+
+ return OK;
+}
+
+/* The actual MD5 code... whee */
+
+/* RFC-2069 */
+static const char *old_digest(const request_rec *r,
+ const digest_header_rec *resp, const char *ha1)
+{
+ const char *ha2;
+
+ ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
+ resp->uri, NULL));
+ return ap_md5(r->pool,
+ (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
+ ":", ha2, NULL));
+}
+
+/* RFC-2617 */
+static const char *new_digest(const request_rec *r,
+ digest_header_rec *resp,
+ const digest_config_rec *conf)
+{
+ const char *ha1, *ha2, *a2;
+
+ if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
+ ha1 = get_session_HA1(r, resp, conf, 1);
+ if (!ha1) {
+ return NULL;
+ }
+ }
+ else {
+ ha1 = conf->ha1;
+ }
+
+ if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) {
+ a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, ":",
+ ap_md5(r->pool, (const unsigned char*) ""), NULL);
+ /* TBD */
+ }
+ else {
+ a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
+ }
+ ha2 = ap_md5(r->pool, (const unsigned char *)a2);
+
+ return ap_md5(r->pool,
+ (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
+ ":", resp->nonce_count, ":",
+ resp->cnonce, ":",
+ resp->message_qop, ":", ha2,
+ NULL));
+}
+
+
+static void copy_uri_components(apr_uri_t *dst,
+ apr_uri_t *src, request_rec *r) {
+ if (src->scheme && src->scheme[0] != '\0') {
+ dst->scheme = src->scheme;
+ }
+ else {
+ dst->scheme = (char *) "http";
+ }
+
+ if (src->hostname && src->hostname[0] != '\0') {
+ dst->hostname = apr_pstrdup(r->pool, src->hostname);
+ ap_unescape_url(dst->hostname);
+ }
+ else {
+ dst->hostname = (char *) ap_get_server_name(r);
+ }
+
+ if (src->port_str && src->port_str[0] != '\0') {
+ dst->port = src->port;
+ }
+ else {
+ dst->port = ap_get_server_port(r);
+ }
+
+ if (src->path && src->path[0] != '\0') {
+ dst->path = apr_pstrdup(r->pool, src->path);
+ ap_unescape_url(dst->path);
+ }
+ else {
+ dst->path = src->path;
+ }
+
+ if (src->query && src->query[0] != '\0') {
+ dst->query = apr_pstrdup(r->pool, src->query);
+ ap_unescape_url(dst->query);
+ }
+ else {
+ dst->query = src->query;
+ }
+
+ dst->hostinfo = src->hostinfo;
+}
+
+/* These functions return 0 if client is OK, and proper error status
+ * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or
+ * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we
+ * couldn't figure out how to tell if the client is authorized or not.
+ *
+ * If they return DECLINED, and all other modules also decline, that's
+ * treated by the server core as a configuration error, logged and
+ * reported as such.
+ */
+
+/* Determine user ID, and check if the attributes are correct, if it
+ * really is that user, if the nonce is correct, etc.
+ */
+
+static int authenticate_digest_user(request_rec *r)
+{
+ digest_config_rec *conf;
+ digest_header_rec *resp;
+ request_rec *mainreq;
+ const char *t;
+ int res;
+
+ /* do we require Digest auth for this URI? */
+
+ if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest")) {
+ return DECLINED;
+ }
+
+ if (!ap_auth_name(r)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: need AuthName: %s", r->uri);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+
+ /* get the client response and mark */
+
+ mainreq = r;
+ while (mainreq->main != NULL) {
+ mainreq = mainreq->main;
+ }
+ while (mainreq->prev != NULL) {
+ mainreq = mainreq->prev;
+ }
+ resp = (digest_header_rec *) ap_get_module_config(mainreq->request_config,
+ &auth_digest_module);
+ resp->needed_auth = 1;
+
+
+ /* get our conf */
+
+ conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config,
+ &auth_digest_module);
+
+
+ /* check for existence and syntax of Auth header */
+
+ if (resp->auth_hdr_sts != VALID) {
+ if (resp->auth_hdr_sts == NOT_DIGEST) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: client used wrong authentication scheme "
+ "`%s': %s", resp->scheme, r->uri);
+ }
+ else if (resp->auth_hdr_sts == INVALID) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: missing user, realm, nonce, uri, digest, "
+ "cnonce, or nonce_count in authorization header: %s",
+ r->uri);
+ }
+ /* else (resp->auth_hdr_sts == NO_HEADER) */
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ r->user = (char *) resp->username;
+ r->ap_auth_type = (char *) "Digest";
+
+ /* check the auth attributes */
+
+ if (strcmp(resp->uri, resp->raw_request_uri)) {
+ /* Hmm, the simple match didn't work (probably a proxy modified the
+ * request-uri), so lets do a more sophisticated match
+ */
+ apr_uri_t r_uri, d_uri;
+
+ copy_uri_components(&r_uri, resp->psd_request_uri, r);
+ if (apr_uri_parse(r->pool, resp->uri, &d_uri) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: invalid uri <%s> in Authorization header",
+ resp->uri);
+ return HTTP_BAD_REQUEST;
+ }
+
+ if (d_uri.hostname) {
+ ap_unescape_url(d_uri.hostname);
+ }
+ if (d_uri.path) {
+ ap_unescape_url(d_uri.path);
+ }
+ if (d_uri.query) {
+ ap_unescape_url(d_uri.query);
+ }
+ else if (r_uri.query) {
+ /* MSIE compatibility hack. MSIE has some RFC issues - doesn't
+ * include the query string in the uri Authorization component
+ * or when computing the response component. the second part
+ * works out ok, since we can hash the header and get the same
+ * result. however, the uri from the request line won't match
+ * the uri Authorization component since the header lacks the
+ * query string, leaving us incompatable with a (broken) MSIE.
+ *
+ * the workaround is to fake a query string match if in the proper
+ * environment - BrowserMatch MSIE, for example. the cool thing
+ * is that if MSIE ever fixes itself the simple match ought to
+ * work and this code won't be reached anyway, even if the
+ * environment is set.
+ */
+
+ if (apr_table_get(r->subprocess_env,
+ "AuthDigestEnableQueryStringHack")) {
+ d_uri.query = r_uri.query;
+ }
+ }
+
+ if (r->method_number == M_CONNECT) {
+ if (!r_uri.hostinfo || strcmp(resp->uri, r_uri.hostinfo)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: uri mismatch - <%s> does not match "
+ "request-uri <%s>", resp->uri, r_uri.hostinfo);
+ return HTTP_BAD_REQUEST;
+ }
+ }
+ else if (
+ /* check hostname matches, if present */
+ (d_uri.hostname && d_uri.hostname[0] != '\0'
+ && strcasecmp(d_uri.hostname, r_uri.hostname))
+ /* check port matches, if present */
+ || (d_uri.port_str && d_uri.port != r_uri.port)
+ /* check that server-port is default port if no port present */
+ || (d_uri.hostname && d_uri.hostname[0] != '\0'
+ && !d_uri.port_str && r_uri.port != ap_default_port(r))
+ /* check that path matches */
+ || (d_uri.path != r_uri.path
+ /* either exact match */
+ && (!d_uri.path || !r_uri.path
+ || strcmp(d_uri.path, r_uri.path))
+ /* or '*' matches empty path in scheme://host */
+ && !(d_uri.path && !r_uri.path && resp->psd_request_uri->hostname
+ && d_uri.path[0] == '*' && d_uri.path[1] == '\0'))
+ /* check that query matches */
+ || (d_uri.query != r_uri.query
+ && (!d_uri.query || !r_uri.query
+ || strcmp(d_uri.query, r_uri.query)))
+ ) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: uri mismatch - <%s> does not match "
+ "request-uri <%s>", resp->uri, resp->raw_request_uri);
+ return HTTP_BAD_REQUEST;
+ }
+ }
+
+ if (resp->opaque && resp->opaque_num == 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: received invalid opaque - got `%s'",
+ resp->opaque);
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ if (strcmp(resp->realm, conf->realm)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: realm mismatch - got `%s' but expected `%s'",
+ resp->realm, conf->realm);
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ if (resp->algorithm != NULL
+ && strcasecmp(resp->algorithm, "MD5")
+ && strcasecmp(resp->algorithm, "MD5-sess")) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: unknown algorithm `%s' received: %s",
+ resp->algorithm, r->uri);
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ if (!conf->pwfile) {
+ return DECLINED;
+ }
+
+ if (!(conf->ha1 = get_hash(r, r->user, conf->realm, conf->pwfile))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: user `%s' in realm `%s' not found: %s",
+ r->user, conf->realm, r->uri);
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+
+
+ if (resp->message_qop == NULL) {
+ /* old (rfc-2069) style digest */
+ if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: user %s: password mismatch: %s", r->user,
+ r->uri);
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+ else {
+ const char *exp_digest;
+ int match = 0, idx;
+ for (idx = 0; conf->qop_list[idx] != NULL; idx++) {
+ if (!strcasecmp(conf->qop_list[idx], resp->message_qop)) {
+ match = 1;
+ break;
+ }
+ }
+
+ if (!match
+ && !(conf->qop_list[0] == NULL
+ && !strcasecmp(resp->message_qop, "auth"))) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: invalid qop `%s' received: %s",
+ resp->message_qop, r->uri);
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ exp_digest = new_digest(r, resp, conf);
+ if (!exp_digest) {
+ /* we failed to allocate a client struct */
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ if (strcmp(resp->digest, exp_digest)) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: user %s: password mismatch: %s", r->user,
+ r->uri);
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+ }
+
+ if (check_nc(r, resp, conf) != OK) {
+ note_digest_auth_failure(r, conf, resp, 0);
+ return HTTP_UNAUTHORIZED;
+ }
+
+ /* Note: this check is done last so that a "stale=true" can be
+ generated if the nonce is old */
+ if ((res = check_nonce(r, resp, conf))) {
+ return res;
+ }
+
+ return OK;
+}
+
+
+/*
+ * Checking ID
+ */
+
+static apr_table_t *groups_for_user(request_rec *r, const char *user,
+ const char *grpfile)
+{
+ ap_configfile_t *f;
+ apr_table_t *grps = apr_table_make(r->pool, 15);
+ apr_pool_t *sp;
+ char l[MAX_STRING_LEN];
+ const char *group_name, *ll, *w;
+ apr_status_t sts;
+
+ if ((sts = ap_pcfg_openfile(&f, r->pool, grpfile)) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, sts, r,
+ "Digest: Could not open group file: %s", grpfile);
+ return NULL;
+ }
+
+ if (apr_pool_create(&sp, r->pool) != APR_SUCCESS) {
+ return NULL;
+ }
+
+ while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
+ if ((l[0] == '#') || (!l[0])) {
+ continue;
+ }
+ ll = l;
+ apr_pool_clear(sp);
+
+ group_name = ap_getword(sp, &ll, ':');
+
+ while (ll[0]) {
+ w = ap_getword_conf(sp, &ll);
+ if (!strcmp(w, user)) {
+ apr_table_setn(grps, apr_pstrdup(r->pool, group_name), "in");
+ break;
+ }
+ }
+ }
+
+ ap_cfg_closefile(f);
+ apr_pool_destroy(sp);
+ return grps;
+}
+
+
+static int digest_check_auth(request_rec *r)
+{
+ const digest_config_rec *conf =
+ (digest_config_rec *) ap_get_module_config(r->per_dir_config,
+ &auth_digest_module);
+ const char *user = r->user;
+ int m = r->method_number;
+ int method_restricted = 0;
+ register int x;
+ const char *t, *w;
+ apr_table_t *grpstatus;
+ const apr_array_header_t *reqs_arr;
+ require_line *reqs;
+
+ if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest")) {
+ return DECLINED;
+ }
+
+ reqs_arr = ap_requires(r);
+ /* If there is no "requires" directive, then any user will do.
+ */
+ if (!reqs_arr) {
+ return OK;
+ }
+ reqs = (require_line *) reqs_arr->elts;
+
+ if (conf->grpfile) {
+ grpstatus = groups_for_user(r, user, conf->grpfile);
+ }
+ else {
+ grpstatus = NULL;
+ }
+
+ for (x = 0; x < reqs_arr->nelts; x++) {
+
+ if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
+ continue;
+ }
+
+ method_restricted = 1;
+
+ t = reqs[x].requirement;
+ w = ap_getword_white(r->pool, &t);
+ if (!strcasecmp(w, "valid-user")) {
+ return OK;
+ }
+ else if (!strcasecmp(w, "user")) {
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (!strcmp(user, w)) {
+ return OK;
+ }
+ }
+ }
+ else if (!strcasecmp(w, "group")) {
+ if (!grpstatus) {
+ return DECLINED;
+ }
+
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (apr_table_get(grpstatus, w)) {
+ return OK;
+ }
+ }
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: access to %s failed, reason: unknown "
+ "require directive \"%s\"",
+ r->uri, reqs[x].requirement);
+ return DECLINED;
+ }
+ }
+
+ if (!method_restricted) {
+ return OK;
+ }
+
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: access to %s failed, reason: user %s not "
+ "allowed access", r->uri, user);
+
+ note_digest_auth_failure(r, conf,
+ (digest_header_rec *) ap_get_module_config(r->request_config,
+ &auth_digest_module),
+ 0);
+ return HTTP_UNAUTHORIZED;
+}
+
+
+/*
+ * Authorization-Info header code
+ */
+
+#ifdef SEND_DIGEST
+static const char *hdr(const apr_table_t *tbl, const char *name)
+{
+ const char *val = apr_table_get(tbl, name);
+ if (val) {
+ return val;
+ }
+ else {
+ return "";
+ }
+}
+#endif
+
+static int add_auth_info(request_rec *r)
+{
+ const digest_config_rec *conf =
+ (digest_config_rec *) ap_get_module_config(r->per_dir_config,
+ &auth_digest_module);
+ digest_header_rec *resp =
+ (digest_header_rec *) ap_get_module_config(r->request_config,
+ &auth_digest_module);
+ const char *ai = NULL, *digest = NULL, *nextnonce = "";
+
+ if (resp == NULL || !resp->needed_auth || conf == NULL) {
+ return OK;
+ }
+
+
+ /* rfc-2069 digest
+ */
+ if (resp->message_qop == NULL) {
+ /* old client, so calc rfc-2069 digest */
+
+#ifdef SEND_DIGEST
+ /* most of this totally bogus because the handlers don't set the
+ * headers until the final handler phase (I wonder why this phase
+ * is called fixup when there's almost nothing you can fix up...)
+ *
+ * Because it's basically impossible to get this right (e.g. the
+ * Content-length is never set yet when we get here, and we can't
+ * calc the entity hash) it's best to just leave this #def'd out.
+ */
+ char date[APR_RFC822_DATE_LEN];
+ apr_rfc822_date(date, r->request_time);
+ char *entity_info =
+ ap_md5(r->pool,
+ (unsigned char *) apr_pstrcat(r->pool, resp->raw_request_uri,
+ ":",
+ r->content_type ? r->content_type : ap_default_type(r), ":",
+ hdr(r->headers_out, "Content-Length"), ":",
+ r->content_encoding ? r->content_encoding : "", ":",
+ hdr(r->headers_out, "Last-Modified"), ":",
+ r->no_cache && !apr_table_get(r->headers_out, "Expires") ?
+ date :
+ hdr(r->headers_out, "Expires"),
+ NULL));
+ digest =
+ ap_md5(r->pool,
+ (unsigned char *)apr_pstrcat(r->pool, conf->ha1, ":",
+ resp->nonce, ":",
+ r->method, ":",
+ date, ":",
+ entity_info, ":",
+ ap_md5(r->pool, (unsigned char *) ""), /* H(entity) - TBD */
+ NULL));
+#endif
+ }
+
+
+ /* setup nextnonce
+ */
+ if (conf->nonce_lifetime > 0) {
+ /* send nextnonce if current nonce will expire in less than 30 secs */
+ if ((r->request_time - resp->nonce_time) > (conf->nonce_lifetime-NEXTNONCE_DELTA)) {
+ nextnonce = apr_pstrcat(r->pool, ", nextnonce=\"",
+ gen_nonce(r->pool, r->request_time,
+ resp->opaque, r->server, conf),
+ "\"", NULL);
+ if (resp->client)
+ resp->client->nonce_count = 0;
+ }
+ }
+ else if (conf->nonce_lifetime == 0 && resp->client) {
+ const char *nonce = gen_nonce(r->pool, 0, resp->opaque, r->server,
+ conf);
+ nextnonce = apr_pstrcat(r->pool, ", nextnonce=\"", nonce, "\"", NULL);
+ memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);
+ }
+ /* else nonce never expires, hence no nextnonce */
+
+
+ /* do rfc-2069 digest
+ */
+ if (conf->qop_list[0] && !strcasecmp(conf->qop_list[0], "none")
+ && resp->message_qop == NULL) {
+ /* use only RFC-2069 format */
+ if (digest) {
+ ai = apr_pstrcat(r->pool, "digest=\"", digest, "\"", nextnonce,NULL);
+ }
+ else {
+ ai = nextnonce;
+ }
+ }
+ else {
+ const char *resp_dig, *ha1, *a2, *ha2;
+
+ /* calculate rspauth attribute
+ */
+ if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
+ ha1 = get_session_HA1(r, resp, conf, 0);
+ if (!ha1) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Digest: internal error: couldn't find session "
+ "info for user %s", resp->username);
+ return !OK;
+ }
+ }
+ else {
+ ha1 = conf->ha1;
+ }
+
+ if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) {
+ a2 = apr_pstrcat(r->pool, ":", resp->uri, ":",
+ ap_md5(r->pool,(const unsigned char *) ""), NULL);
+ /* TBD */
+ }
+ else {
+ a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL);
+ }
+ ha2 = ap_md5(r->pool, (const unsigned char *)a2);
+
+ resp_dig = ap_md5(r->pool,
+ (unsigned char *)apr_pstrcat(r->pool, ha1, ":",
+ resp->nonce, ":",
+ resp->nonce_count, ":",
+ resp->cnonce, ":",
+ resp->message_qop ?
+ resp->message_qop : "",
+ ":", ha2, NULL));
+
+ /* assemble Authentication-Info header
+ */
+ ai = apr_pstrcat(r->pool,
+ "rspauth=\"", resp_dig, "\"",
+ nextnonce,
+ resp->cnonce ? ", cnonce=\"" : "",
+ resp->cnonce
+ ? ap_escape_quotes(r->pool, resp->cnonce)
+ : "",
+ resp->cnonce ? "\"" : "",
+ resp->nonce_count ? ", nc=" : "",
+ resp->nonce_count ? resp->nonce_count : "",
+ resp->message_qop ? ", qop=" : "",
+ resp->message_qop ? resp->message_qop : "",
+ digest ? "digest=\"" : "",
+ digest ? digest : "",
+ digest ? "\"" : "",
+ NULL);
+ }
+
+ if (ai && ai[0]) {
+ apr_table_mergen(r->headers_out,
+ (PROXYREQ_PROXY == r->proxyreq)
+ ? "Proxy-Authentication-Info"
+ : "Authentication-Info",
+ ai);
+ }
+
+ return OK;
+}
+
+
+static void register_hooks(apr_pool_t *p)
+{
+ static const char * const cfgPost[]={ "http_core.c", NULL };
+ static const char * const parsePre[]={ "mod_proxy.c", NULL };
+
+ ap_hook_post_config(initialize_module, NULL, cfgPost, APR_HOOK_MIDDLE);
+ ap_hook_child_init(initialize_child, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_post_read_request(parse_hdr_and_update_nc, parsePre, NULL, APR_HOOK_MIDDLE);
+ ap_hook_check_user_id(authenticate_digest_user, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_auth_checker(digest_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_fixups(add_auth_info, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA auth_digest_module =
+{
+ STANDARD20_MODULE_STUFF,
+ create_digest_dir_config, /* dir config creater */
+ NULL, /* dir merger --- default is to override */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ digest_cmds, /* command table */
+ register_hooks /* register hooks */
+};
+
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.dsp
new file mode 100644
index 00000000..74daf60b
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.dsp
@@ -0,0 +1,128 @@
+# Microsoft Developer Studio Project File - Name="mod_auth_digest" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102
+
+CFG=mod_auth_digest - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth_digest.mak".
+!MESSAGE
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE
+!MESSAGE NMAKE /f "mod_auth_digest.mak" CFG="mod_auth_digest - Win32 Debug"
+!MESSAGE
+!MESSAGE Possible choices for configuration are:
+!MESSAGE
+!MESSAGE "mod_auth_digest - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE "mod_auth_digest - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library")
+!MESSAGE
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF "$(CFG)" == "mod_auth_digest - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth_digest_src" /FD /c
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so /opt:ref
+
+!ELSEIF "$(CFG)" == "mod_auth_digest - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c
+# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth_digest_src" /FD /c
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL"
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so
+# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so
+
+!ENDIF
+
+# Begin Target
+
+# Name "mod_auth_digest - Win32 Release"
+# Name "mod_auth_digest - Win32 Debug"
+# Begin Source File
+
+SOURCE=.\mod_auth_digest.c
+# End Source File
+# Begin Source File
+
+SOURCE=.\mod_auth_digest.rc
+# End Source File
+# Begin Source File
+
+SOURCE=..\..\build\win32\win32ver.awk
+
+!IF "$(CFG)" == "mod_auth_digest - Win32 Release"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth_digest.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth_digest.so "auth_digest_module for Apache" ../../include/ap_release.h > .\mod_auth_digest.rc
+
+# End Custom Build
+
+!ELSEIF "$(CFG)" == "mod_auth_digest - Win32 Debug"
+
+# PROP Ignore_Default_Tool 1
+# Begin Custom Build - Creating Version Resource
+InputPath=..\..\build\win32\win32ver.awk
+
+".\mod_auth_digest.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)"
+ awk -f ../../build/win32/win32ver.awk mod_auth_digest.so "auth_digest_module for Apache" ../../include/ap_release.h > .\mod_auth_digest.rc
+
+# End Custom Build
+
+!ENDIF
+
+# End Source File
+# End Target
+# End Project
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/modules.mk b/rubbos/app/httpd-2.0.64/modules/aaa/modules.mk
new file mode 100644
index 00000000..79900dea
--- /dev/null
+++ b/rubbos/app/httpd-2.0.64/modules/aaa/modules.mk
@@ -0,0 +1,7 @@
+mod_access.la: mod_access.lo
+ $(MOD_LINK) mod_access.lo $(MOD_ACCESS_LDADD)
+mod_auth.la: mod_auth.lo
+ $(MOD_LINK) mod_auth.lo $(MOD_AUTH_LDADD)
+DISTCLEAN_TARGETS = modules.mk
+static = mod_access.la mod_auth.la
+shared =