diff options
Diffstat (limited to 'rubbos/app/httpd-2.0.64/modules/aaa')
36 files changed, 5151 insertions, 0 deletions
diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.deps b/rubbos/app/httpd-2.0.64/modules/aaa/.deps new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.deps diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.indent.pro b/rubbos/app/httpd-2.0.64/modules/aaa/.indent.pro new file mode 100644 index 00000000..a9fbe9f9 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.indent.pro @@ -0,0 +1,54 @@ +-i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1 +-TBUFF +-TFILE +-TTRANS +-TUINT4 +-T_trans +-Tallow_options_t +-Tapache_sfio +-Tarray_header +-Tbool_int +-Tbuf_area +-Tbuff_struct +-Tbuffy +-Tcmd_how +-Tcmd_parms +-Tcommand_rec +-Tcommand_struct +-Tconn_rec +-Tcore_dir_config +-Tcore_server_config +-Tdir_maker_func +-Tevent +-Tglobals_s +-Thandler_func +-Thandler_rec +-Tjoblist_s +-Tlisten_rec +-Tmerger_func +-Tmode_t +-Tmodule +-Tmodule_struct +-Tmutex +-Tn_long +-Tother_child_rec +-Toverrides_t +-Tparent_score +-Tpid_t +-Tpiped_log +-Tpool +-Trequest_rec +-Trequire_line +-Trlim_t +-Tscoreboard +-Tsemaphore +-Tserver_addr_rec +-Tserver_rec +-Tserver_rec_chain +-Tshort_score +-Ttable +-Ttable_entry +-Tthread +-Tu_wide_int +-Tvtime_t +-Twide_int diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.a b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.a Binary files differnew file mode 100644 index 00000000..a27c9f74 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.a diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.la b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.la new file mode 100644 index 00000000..5a1eaebf --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.la @@ -0,0 +1,35 @@ +# mod_access.la - a libtool library file +# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18) +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='' + +# Names of this library. +library_names='' + +# The name of the static archive. +old_library='mod_access.a' + +# Libraries that this one depends upon. +dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib' + +# Version information for mod_access. +current= +age= +revision= + +# Is this an already installed library? +installed=no + +# Should we warn about portability when linking against -modules? +shouldnotlink=yes + +# Files to dlopen/dlpreopen +dlopen='' +dlpreopen='' + +# Directory that this library needs to be installed in: +libdir='' diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.o b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.o Binary files differnew file mode 100644 index 00000000..0ec5a0db --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_access.o diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.a b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.a Binary files differnew file mode 100644 index 00000000..6f42abe3 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.a diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.la b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.la new file mode 100644 index 00000000..5ffae20b --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.la @@ -0,0 +1,35 @@ +# mod_auth.la - a libtool library file +# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18) +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='' + +# Names of this library. +library_names='' + +# The name of the static archive. +old_library='mod_auth.a' + +# Libraries that this one depends upon. +dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib' + +# Version information for mod_auth. +current= +age= +revision= + +# Is this an already installed library? +installed=no + +# Should we warn about portability when linking against -modules? +shouldnotlink=yes + +# Files to dlopen/dlpreopen +dlopen='' +dlpreopen='' + +# Directory that this library needs to be installed in: +libdir='' diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.o b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.o Binary files differnew file mode 100644 index 00000000..8a0feeac --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/.libs/mod_auth.o diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/Makefile b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile new file mode 100644 index 00000000..e6fa8f2f --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile @@ -0,0 +1,8 @@ +top_srcdir = /bottlenecks/rubbos/app/httpd-2.0.64 +top_builddir = /bottlenecks/rubbos/app/httpd-2.0.64 +srcdir = /bottlenecks/rubbos/app/httpd-2.0.64/modules/aaa +builddir = /bottlenecks/rubbos/app/httpd-2.0.64/modules/aaa +VPATH = /bottlenecks/rubbos/app/httpd-2.0.64/modules/aaa + +include $(top_srcdir)/build/special.mk + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/Makefile.in b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile.in new file mode 100644 index 00000000..167b343d --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/Makefile.in @@ -0,0 +1,3 @@ + +include $(top_srcdir)/build/special.mk + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthanon b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthanon new file mode 100644 index 00000000..6881d8a6 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthanon @@ -0,0 +1,248 @@ +# +# Make sure all needed macro's are defined +# + +# +# Get the 'head' of the build environment if necessary. This includes default +# targets and paths to tools +# + +ifndef EnvironmentDefined +include $(AP_WORK)\build\NWGNUhead.inc +endif + +# +# These directories will be at the beginning of the include list, followed by +# INCDIRS +# +XINCDIRS += \ + $(APR)/include \ + $(APRUTIL)/include \ + $(AP_WORK)/include \ + $(NWOS) \ + $(EOLIST) + +# +# These flags will come after CFLAGS +# +XCFLAGS += \ + $(EOLIST) + +# +# These defines will come after DEFINES +# +XDEFINES += \ + $(EOLIST) + +# +# These flags will be added to the link.opt file +# +XLFLAGS += \ + $(EOLIST) + +# +# These values will be appended to the correct variables based on the value of +# RELEASE +# +ifeq "$(RELEASE)" "debug" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "noopt" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "release" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +# +# These are used by the link target if an NLM is being generated +# This is used by the link 'name' directive to name the nlm. If left blank +# TARGET_nlm (see below) will be used. +# +NLM_NAME = authanon + +# +# This is used by the link '-desc ' directive. +# If left blank, NLM_NAME will be used. +# +NLM_DESCRIPTION = Authentication Anonymous Module + +# +# This is used by the '-threadname' directive. If left blank, +# NLM_NAME Thread will be used. +# +NLM_THREAD_NAME = AuthAnon Module + +# +# If this is specified, it will override VERSION value in +# $(AP_WORK)\build\NWGNUenvironment.inc +# +NLM_VERSION = + +# +# If this is specified, it will override the default of 64K +# +NLM_STACK_SIZE = 8192 + + +# +# If this is specified it will be used by the link '-entry' directive +# +NLM_ENTRY_SYM = _LibCPrelude + +# +# If this is specified it will be used by the link '-exit' directive +# +NLM_EXIT_SYM = _LibCPostlude + +# +# If this is specified it will be used by the link '-check' directive +# +NLM_CHECK_SYM = + +# +# If these are specified it will be used by the link '-flags' directive +# +NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION + +# +# If this is specified it will be linked in with the XDCData option in the def +# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled +# by setting APACHE_UNIPROC in the environment +# +XDCDATA = + +# +# If there is an NLM target, put it here +# +TARGET_nlm = \ + $(OBJDIR)/authanon.nlm \ + $(EOLIST) + +# +# If there is an LIB target, put it here +# +TARGET_lib = \ + $(EOLIST) + +# +# These are the OBJ files needed to create the NLM target above. +# Paths must all use the '/' character +# +FILES_nlm_objs = \ + $(OBJDIR)/mod_auth_anon.o \ + $(EOLIST) + +# +# These are the LIB files needed to create the NLM target above. +# These will be added as a library command in the link.opt file. +# +FILES_nlm_libs = \ + libcpre.o \ + $(EOLIST) + +# +# These are the modules that the above NLM target depends on to load. +# These will be added as a module command in the link.opt file. +# +FILES_nlm_modules = \ + aprlib \ + libc \ + $(EOLIST) + +# +# If the nlm has a msg file, put it's path here +# +FILE_nlm_msg = + +# +# If the nlm has a hlp file put it's path here +# +FILE_nlm_hlp = + +# +# If this is specified, it will override $(NWOS)\copyright.txt. +# +FILE_nlm_copyright = + +# +# Any additional imports go here +# +FILES_nlm_Ximports = \ + @$(APR)/aprlib.imp \ + @$(NWOS)/httpd.imp \ + @libc.imp \ + $(EOLIST) + +# +# Any symbols exported to here +# +FILES_nlm_exports = \ + auth_anon_module \ + $(EOLIST) + +# +# These are the OBJ files needed to create the LIB target above. +# Paths must all use the '/' character +# +FILES_lib_objs = \ + $(EOLIST) + +# +# implement targets and dependancies (leave this section alone) +# + +libs :: $(OBJDIR) $(TARGET_lib) + +nlms :: libs $(TARGET_nlm) + +# +# Updated this target to create necessary directories and copy files to the +# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) +# +install :: nlms FORCE + +# +# Any specialized rules here +# + +# +# Include the 'tail' makefile that has targets that depend on variables defined +# in this makefile +# + +include $(AP_WORK)\build\NWGNUtail.inc + + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthdbm b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthdbm new file mode 100644 index 00000000..fe05c3d1 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUauthdbm @@ -0,0 +1,248 @@ +# +# Make sure all needed macro's are defined +# + +# +# Get the 'head' of the build environment if necessary. This includes default +# targets and paths to tools +# + +ifndef EnvironmentDefined +include $(AP_WORK)\build\NWGNUhead.inc +endif + +# +# These directories will be at the beginning of the include list, followed by +# INCDIRS +# +XINCDIRS += \ + $(APR)/include \ + $(APRUTIL)/include \ + $(AP_WORK)/include \ + $(NWOS) \ + $(EOLIST) + +# +# These flags will come after CFLAGS +# +XCFLAGS += \ + $(EOLIST) + +# +# These defines will come after DEFINES +# +XDEFINES += \ + $(EOLIST) + +# +# These flags will be added to the link.opt file +# +XLFLAGS += \ + $(EOLIST) + +# +# These values will be appended to the correct variables based on the value of +# RELEASE +# +ifeq "$(RELEASE)" "debug" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "noopt" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "release" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +# +# These are used by the link target if an NLM is being generated +# This is used by the link 'name' directive to name the nlm. If left blank +# TARGET_nlm (see below) will be used. +# +NLM_NAME = authdbm + +# +# This is used by the link '-desc ' directive. +# If left blank, NLM_NAME will be used. +# +NLM_DESCRIPTION = Database Authentication Module + +# +# This is used by the '-threadname' directive. If left blank, +# NLM_NAME Thread will be used. +# +NLM_THREAD_NAME = AuthDBM Module + +# +# If this is specified, it will override VERSION value in +# $(AP_WORK)\build\NWGNUenvironment.inc +# +NLM_VERSION = + +# +# If this is specified, it will override the default of 64K +# +NLM_STACK_SIZE = 8192 + + +# +# If this is specified it will be used by the link '-entry' directive +# +NLM_ENTRY_SYM = _LibCPrelude + +# +# If this is specified it will be used by the link '-exit' directive +# +NLM_EXIT_SYM = _LibCPostlude + +# +# If this is specified it will be used by the link '-check' directive +# +NLM_CHECK_SYM = + +# +# If these are specified it will be used by the link '-flags' directive +# +NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION + +# +# If this is specified it will be linked in with the XDCData option in the def +# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled +# by setting APACHE_UNIPROC in the environment +# +XDCDATA = + +# +# If there is an NLM target, put it here +# +TARGET_nlm = \ + $(OBJDIR)/authdbm.nlm \ + $(EOLIST) + +# +# If there is an LIB target, put it here +# +TARGET_lib = \ + $(EOLIST) + +# +# These are the OBJ files needed to create the NLM target above. +# Paths must all use the '/' character +# +FILES_nlm_objs = \ + $(OBJDIR)/mod_auth_dbm.o \ + $(EOLIST) + +# +# These are the LIB files needed to create the NLM target above. +# These will be added as a library command in the link.opt file. +# +FILES_nlm_libs = \ + libcpre.o \ + $(EOLIST) + +# +# These are the modules that the above NLM target depends on to load. +# These will be added as a module command in the link.opt file. +# +FILES_nlm_modules = \ + aprlib \ + libc \ + $(EOLIST) + +# +# If the nlm has a msg file, put it's path here +# +FILE_nlm_msg = + +# +# If the nlm has a hlp file put it's path here +# +FILE_nlm_hlp = + +# +# If this is specified, it will override $(NWOS)\copyright.txt. +# +FILE_nlm_copyright = + +# +# Any additional imports go here +# +FILES_nlm_Ximports = \ + @$(APR)/aprlib.imp \ + @$(NWOS)/httpd.imp \ + @libc.imp \ + $(EOLIST) + +# +# Any symbols exported to here +# +FILES_nlm_exports = \ + auth_dbm_module \ + $(EOLIST) + +# +# These are the OBJ files needed to create the LIB target above. +# Paths must all use the '/' character +# +FILES_lib_objs = \ + $(EOLIST) + +# +# implement targets and dependancies (leave this section alone) +# + +libs :: $(OBJDIR) $(TARGET_lib) + +nlms :: libs $(TARGET_nlm) + +# +# Updated this target to create necessary directories and copy files to the +# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) +# +install :: nlms FORCE + +# +# Any specialized rules here +# + +# +# Include the 'tail' makefile that has targets that depend on variables defined +# in this makefile +# + +include $(AP_WORK)\build\NWGNUtail.inc + + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUdigest b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUdigest new file mode 100644 index 00000000..cf41db72 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUdigest @@ -0,0 +1,248 @@ +# +# Make sure all needed macro's are defined +# + +# +# Get the 'head' of the build environment if necessary. This includes default +# targets and paths to tools +# + +ifndef EnvironmentDefined +include $(AP_WORK)\build\NWGNUhead.inc +endif + +# +# These directories will be at the beginning of the include list, followed by +# INCDIRS +# +XINCDIRS += \ + $(APR)/include \ + $(APRUTIL)/include \ + $(AP_WORK)/include \ + $(NWOS) \ + $(EOLIST) + +# +# These flags will come after CFLAGS +# +XCFLAGS += \ + $(EOLIST) + +# +# These defines will come after DEFINES +# +XDEFINES += \ + $(EOLIST) + +# +# These flags will be added to the link.opt file +# +XLFLAGS += \ + $(EOLIST) + +# +# These values will be appended to the correct variables based on the value of +# RELEASE +# +ifeq "$(RELEASE)" "debug" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "noopt" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "release" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +# +# These are used by the link target if an NLM is being generated +# This is used by the link 'name' directive to name the nlm. If left blank +# TARGET_nlm (see below) will be used. +# +NLM_NAME = digest + +# +# This is used by the link '-desc ' directive. +# If left blank, NLM_NAME will be used. +# +NLM_DESCRIPTION = Digest Authentication Module + +# +# This is used by the '-threadname' directive. If left blank, +# NLM_NAME Thread will be used. +# +NLM_THREAD_NAME = Digest Module + +# +# If this is specified, it will override VERSION value in +# $(AP_WORK)\build\NWGNUenvironment.inc +# +NLM_VERSION = + +# +# If this is specified, it will override the default of 64K +# +NLM_STACK_SIZE = 8192 + + +# +# If this is specified it will be used by the link '-entry' directive +# +NLM_ENTRY_SYM = _LibCPrelude + +# +# If this is specified it will be used by the link '-exit' directive +# +NLM_EXIT_SYM = _LibCPostlude + +# +# If this is specified it will be used by the link '-check' directive +# +NLM_CHECK_SYM = + +# +# If these are specified it will be used by the link '-flags' directive +# +NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION + +# +# If this is specified it will be linked in with the XDCData option in the def +# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled +# by setting APACHE_UNIPROC in the environment +# +XDCDATA = + +# +# If there is an NLM target, put it here +# +TARGET_nlm = \ + $(OBJDIR)/digest.nlm \ + $(EOLIST) + +# +# If there is an LIB target, put it here +# +TARGET_lib = \ + $(EOLIST) + +# +# These are the OBJ files needed to create the NLM target above. +# Paths must all use the '/' character +# +FILES_nlm_objs = \ + $(OBJDIR)/mod_auth_digest.o \ + $(EOLIST) + +# +# These are the LIB files needed to create the NLM target above. +# These will be added as a library command in the link.opt file. +# +FILES_nlm_libs = \ + libcpre.o \ + $(EOLIST) + +# +# These are the modules that the above NLM target depends on to load. +# These will be added as a module command in the link.opt file. +# +FILES_nlm_modules = \ + aprlib \ + libc \ + $(EOLIST) + +# +# If the nlm has a msg file, put it's path here +# +FILE_nlm_msg = + +# +# If the nlm has a hlp file put it's path here +# +FILE_nlm_hlp = + +# +# If this is specified, it will override $(NWOS)\copyright.txt. +# +FILE_nlm_copyright = + +# +# Any additional imports go here +# +FILES_nlm_Ximports = \ + @$(APR)/aprlib.imp \ + @$(NWOS)/httpd.imp \ + @libc.imp \ + $(EOLIST) + +# +# Any symbols exported to here +# +FILES_nlm_exports = \ + auth_digest_module \ + $(EOLIST) + +# +# These are the OBJ files needed to create the LIB target above. +# Paths must all use the '/' character +# +FILES_lib_objs = \ + $(EOLIST) + +# +# implement targets and dependancies (leave this section alone) +# + +libs :: $(OBJDIR) $(TARGET_lib) + +nlms :: libs $(TARGET_nlm) + +# +# Updated this target to create necessary directories and copy files to the +# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) +# +install :: nlms FORCE + +# +# Any specialized rules here +# + +# +# Include the 'tail' makefile that has targets that depend on variables defined +# in this makefile +# + +include $(AP_WORK)\build\NWGNUtail.inc + + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUmakefile b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUmakefile new file mode 100644 index 00000000..fc72c735 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/NWGNUmakefile @@ -0,0 +1,246 @@ +# +# Declare the sub-directories to be built here +# + +SUBDIRS = \ + $(EOLIST) + +# +# Get the 'head' of the build environment. This includes default targets and +# paths to tools +# + +include $(AP_WORK)\build\NWGNUhead.inc + +# +# build this level's files + +# +# Make sure all needed macro's are defined +# + +# +# These directories will be at the beginning of the include list, followed by +# INCDIRS +# +XINCDIRS += \ + $(EOLIST) + +# +# These flags will come after CFLAGS +# +XCFLAGS += \ + $(EOLIST) + +# +# These defines will come after DEFINES +# +XDEFINES += \ + $(EOLIST) + +# +# These flags will be added to the link.opt file +# +XLFLAGS += \ + $(EOLIST) + +# +# These values will be appended to the correct variables based on the value of +# RELEASE +# +ifeq "$(RELEASE)" "debug" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "noopt" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +ifeq "$(RELEASE)" "release" +XINCDIRS += \ + $(EOLIST) + +XCFLAGS += \ + $(EOLIST) + +XDEFINES += \ + $(EOLIST) + +XLFLAGS += \ + $(EOLIST) +endif + +# +# These are used by the link target if an NLM is being generated +# This is used by the link 'name' directive to name the nlm. If left blank +# TARGET_nlm (see below) will be used. +# +NLM_NAME = + +# +# This is used by the link '-desc ' directive. +# If left blank, NLM_NAME will be used. +# +NLM_DESCRIPTION = + +# +# This is used by the '-threadname' directive. If left blank, +# NLM_NAME Thread will be used. +# +NLM_THREAD_NAME = + +# +# If this is specified, it will override VERSION value in +# $(AP_WORK)\build\NWGNUenvironment.inc +# +NLM_VERSION = + +# +# If this is specified, it will override the default of 64K +# +NLM_STACK_SIZE = + + +# +# If this is specified it will be used by the link '-entry' directive +# +NLM_ENTRY_SYM = + +# +# If this is specified it will be used by the link '-exit' directive +# +NLM_EXIT_SYM = + +# +# If this is specified it will be used by the link '-check' directive +# +NLM_CHECK_SYM = + +# +# If these are specified it will be used by the link '-flags' directive +# +NLM_FLAGS = + +# +# If this is specified it will be linked in with the XDCData option in the def +# file instead of the default of $(NWOS)/apache.xdc. XDCData can be disabled +# by setting APACHE_UNIPROC in the environment +# +XDCDATA = + +# +# If there is an NLM target, put it here +# +TARGET_nlm = \ + $(OBJDIR)/authanon.nlm \ + $(OBJDIR)/authdbm.nlm \ + $(OBJDIR)/digest.nlm \ + $(EOLIST) + +# +# If there is an LIB target, put it here +# +TARGET_lib = \ + $(EOLIST) + +# +# These are the OBJ files needed to create the NLM target above. +# Paths must all use the '/' character +# +FILES_nlm_objs = \ + $(EOLIST) + +# +# These are the LIB files needed to create the NLM target above. +# These will be added as a library command in the link.opt file. +# +FILES_nlm_libs = \ + $(EOLIST) + +# +# These are the modules that the above NLM target depends on to load. +# These will be added as a module command in the link.opt file. +# +FILES_nlm_modules = \ + $(EOLIST) + +# +# If the nlm has a msg file, put it's path here +# +FILE_nlm_msg = + +# +# If the nlm has a hlp file put it's path here +# +FILE_nlm_hlp = + +# +# If this is specified, it will override $(NWOS)\copyright.txt. +# +FILE_nlm_copyright = + +# +# Any additional imports go here +# +FILES_nlm_Ximports = \ + $(EOLIST) + +# +# Any symbols exported to here +# +FILES_nlm_exports = \ + $(EOLIST) + +# +# These are the OBJ files needed to create the LIB target above. +# Paths must all use the '/' character +# +FILES_lib_objs = \ + $(EOLIST) + +# +# implement targets and dependancies (leave this section alone) +# + +libs :: $(OBJDIR) $(TARGET_lib) + +nlms :: libs $(TARGET_nlm) + +# +# Updated this target to create necessary directories and copy files to the +# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples) +# +install :: nlms FORCE + copy $(OBJDIR)\*.nlm $(INSTALL)\Apache2\modules\*.* + +# +# Any specialized rules here +# + +# +# Include the 'tail' makefile that has targets that depend on variables defined +# in this makefile +# + +include $(AP_WORK)\build\NWGNUtail.inc + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/config.m4 b/rubbos/app/httpd-2.0.64/modules/aaa/config.m4 new file mode 100644 index 00000000..4440f67e --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/config.m4 @@ -0,0 +1,23 @@ +dnl modules enabled in this directory by default + +dnl APACHE_MODULE(name, helptext[, objects[, structname[, default[, config]]]]) + +APACHE_MODPATH_INIT(aaa) + +APACHE_MODULE(access, host-based access control, , , yes) +APACHE_MODULE(auth, user-based access control, , , yes) +APACHE_MODULE(auth_anon, anonymous user access, , , most) +APACHE_MODULE(auth_dbm, DBM-based access databases, , , most) + +APACHE_MODULE(auth_digest, RFC2617 Digest authentication, , , most, [ + APR_CHECK_APR_DEFINE(APR_HAS_RANDOM) + if test $ac_cv_define_APR_HAS_RANDOM = "no"; then + echo "You need APR random support to use mod_auth_digest." + echo "Look at APR configure options --with-egd and --with-devrandom." + enable_auth_digest="no" + fi +]) + +APR_ADDTO(LT_LDFLAGS,-export-dynamic) + +APACHE_MODPATH_FINISH diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.c new file mode 100644 index 00000000..348289ab --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.c @@ -0,0 +1,304 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Security options etc. + * + * Module derived from code originally written by Rob McCool + * + */ + +#include "apr_strings.h" +#include "apr_network_io.h" +#include "apr_lib.h" + +#define APR_WANT_STRFUNC +#define APR_WANT_BYTEFUNC +#include "apr_want.h" + +#include "ap_config.h" +#include "httpd.h" +#include "http_core.h" +#include "http_config.h" +#include "http_log.h" +#include "http_request.h" + +#if APR_HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +enum allowdeny_type { + T_ENV, + T_ALL, + T_IP, + T_HOST, + T_FAIL +}; + +typedef struct { + apr_int64_t limited; + union { + char *from; + apr_ipsubnet_t *ip; + } x; + enum allowdeny_type type; +} allowdeny; + +/* things in the 'order' array */ +#define DENY_THEN_ALLOW 0 +#define ALLOW_THEN_DENY 1 +#define MUTUAL_FAILURE 2 + +typedef struct { + int order[METHODS]; + apr_array_header_t *allows; + apr_array_header_t *denys; +} access_dir_conf; + +module AP_MODULE_DECLARE_DATA access_module; + +static void *create_access_dir_config(apr_pool_t *p, char *dummy) +{ + int i; + access_dir_conf *conf = + (access_dir_conf *)apr_pcalloc(p, sizeof(access_dir_conf)); + + for (i = 0; i < METHODS; ++i) { + conf->order[i] = DENY_THEN_ALLOW; + } + conf->allows = apr_array_make(p, 1, sizeof(allowdeny)); + conf->denys = apr_array_make(p, 1, sizeof(allowdeny)); + + return (void *)conf; +} + +static const char *order(cmd_parms *cmd, void *dv, const char *arg) +{ + access_dir_conf *d = (access_dir_conf *) dv; + int i, o; + + if (!strcasecmp(arg, "allow,deny")) + o = ALLOW_THEN_DENY; + else if (!strcasecmp(arg, "deny,allow")) + o = DENY_THEN_ALLOW; + else if (!strcasecmp(arg, "mutual-failure")) + o = MUTUAL_FAILURE; + else + return "unknown order"; + + for (i = 0; i < METHODS; ++i) + if (cmd->limited & (AP_METHOD_BIT << i)) + d->order[i] = o; + + return NULL; +} + +static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from, + const char *where_c) +{ + access_dir_conf *d = (access_dir_conf *) dv; + allowdeny *a; + char *where = apr_pstrdup(cmd->pool, where_c); + char *s; + char msgbuf[120]; + apr_status_t rv; + + if (strcasecmp(from, "from")) + return "allow and deny must be followed by 'from'"; + + a = (allowdeny *) apr_array_push(cmd->info ? d->allows : d->denys); + a->x.from = where; + a->limited = cmd->limited; + + if (!strncasecmp(where, "env=", 4)) { + a->type = T_ENV; + a->x.from += 4; + + } + else if (!strcasecmp(where, "all")) { + a->type = T_ALL; + } + else if ((s = strchr(where, '/'))) { + *s++ = '\0'; + rv = apr_ipsubnet_create(&a->x.ip, where, s, cmd->pool); + if(APR_STATUS_IS_EINVAL(rv)) { + /* looked nothing like an IP address */ + return "An IP address was expected"; + } + else if (rv != APR_SUCCESS) { + apr_strerror(rv, msgbuf, sizeof msgbuf); + return apr_pstrdup(cmd->pool, msgbuf); + } + a->type = T_IP; + } + else if (!APR_STATUS_IS_EINVAL(rv = apr_ipsubnet_create(&a->x.ip, where, NULL, cmd->pool))) { + if (rv != APR_SUCCESS) { + apr_strerror(rv, msgbuf, sizeof msgbuf); + return apr_pstrdup(cmd->pool, msgbuf); + } + a->type = T_IP; + } + else { /* no slash, didn't look like an IP address => must be a host */ + a->type = T_HOST; + } + + return NULL; +} + +static char its_an_allow; + +static const command_rec access_cmds[] = +{ + AP_INIT_TAKE1("order", order, NULL, OR_LIMIT, + "'allow,deny', 'deny,allow', or 'mutual-failure'"), + AP_INIT_ITERATE2("allow", allow_cmd, &its_an_allow, OR_LIMIT, + "'from' followed by hostnames or IP-address wildcards"), + AP_INIT_ITERATE2("deny", allow_cmd, NULL, OR_LIMIT, + "'from' followed by hostnames or IP-address wildcards"), + {NULL} +}; + +static int in_domain(const char *domain, const char *what) +{ + int dl = strlen(domain); + int wl = strlen(what); + + if ((wl - dl) >= 0) { + if (strcasecmp(domain, &what[wl - dl]) != 0) + return 0; + + /* Make sure we matched an *entire* subdomain --- if the user + * said 'allow from good.com', we don't want people from nogood.com + * to be able to get in. + */ + + if (wl == dl) + return 1; /* matched whole thing */ + else + return (domain[0] == '.' || what[wl - dl - 1] == '.'); + } + else + return 0; +} + +static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method) +{ + + allowdeny *ap = (allowdeny *) a->elts; + apr_int64_t mmask = (AP_METHOD_BIT << method); + int i; + int gothost = 0; + const char *remotehost = NULL; + + for (i = 0; i < a->nelts; ++i) { + if (!(mmask & ap[i].limited)) + continue; + + switch (ap[i].type) { + case T_ENV: + if (apr_table_get(r->subprocess_env, ap[i].x.from)) { + return 1; + } + break; + + case T_ALL: + return 1; + + case T_IP: + if (apr_ipsubnet_test(ap[i].x.ip, r->connection->remote_addr)) { + return 1; + } + break; + + case T_HOST: + if (!gothost) { + int remotehost_is_ip; + + remotehost = ap_get_remote_host(r->connection, r->per_dir_config, + REMOTE_DOUBLE_REV, &remotehost_is_ip); + + if ((remotehost == NULL) || remotehost_is_ip) + gothost = 1; + else + gothost = 2; + } + + if ((gothost == 2) && in_domain(ap[i].x.from, remotehost)) + return 1; + break; + + case T_FAIL: + /* do nothing? */ + break; + } + } + + return 0; +} + +static int check_dir_access(request_rec *r) +{ + int method = r->method_number; + int ret = OK; + access_dir_conf *a = (access_dir_conf *) + ap_get_module_config(r->per_dir_config, &access_module); + + if (a->order[method] == ALLOW_THEN_DENY) { + ret = HTTP_FORBIDDEN; + if (find_allowdeny(r, a->allows, method)) + ret = OK; + if (find_allowdeny(r, a->denys, method)) + ret = HTTP_FORBIDDEN; + } + else if (a->order[method] == DENY_THEN_ALLOW) { + if (find_allowdeny(r, a->denys, method)) + ret = HTTP_FORBIDDEN; + if (find_allowdeny(r, a->allows, method)) + ret = OK; + } + else { + if (find_allowdeny(r, a->allows, method) + && !find_allowdeny(r, a->denys, method)) + ret = OK; + else + ret = HTTP_FORBIDDEN; + } + + if (ret == HTTP_FORBIDDEN + && (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "client denied by server configuration: %s", + r->filename); + } + + return ret; +} + +static void register_hooks(apr_pool_t *p) +{ + ap_hook_access_checker(check_dir_access,NULL,NULL,APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA access_module = +{ + STANDARD20_MODULE_STUFF, + create_access_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + access_cmds, + register_hooks /* register hooks */ +}; diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.dsp new file mode 100644 index 00000000..eae26a6d --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.dsp @@ -0,0 +1,128 @@ +# Microsoft Developer Studio Project File - Name="mod_access" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=mod_access - Win32 Release +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "mod_access.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "mod_access.mak" CFG="mod_access - Win32 Release" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "mod_access - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_access - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "mod_access - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_access_src" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so /opt:ref + +!ELSEIF "$(CFG)" == "mod_access - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_access_src" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_access.so" /base:@..\..\os\win32\BaseAddr.ref,mod_access.so + +!ENDIF + +# Begin Target + +# Name "mod_access - Win32 Release" +# Name "mod_access - Win32 Debug" +# Begin Source File + +SOURCE=.\mod_access.c +# End Source File +# Begin Source File + +SOURCE=.\mod_access.rc +# End Source File +# Begin Source File + +SOURCE=..\..\build\win32\win32ver.awk + +!IF "$(CFG)" == "mod_access - Win32 Release" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_access.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_access.so "access_module for Apache" ../../include/ap_release.h > .\mod_access.rc + +# End Custom Build + +!ELSEIF "$(CFG)" == "mod_access - Win32 Debug" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_access.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_access.so "access_module for Apache" ../../include/ap_release.h > .\mod_access.rc + +# End Custom Build + +!ENDIF + +# End Source File +# End Target +# End Project diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.exp new file mode 100644 index 00000000..f8aff339 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.exp @@ -0,0 +1 @@ +access_module diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.la b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.la new file mode 100644 index 00000000..5a1eaebf --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.la @@ -0,0 +1,35 @@ +# mod_access.la - a libtool library file +# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18) +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='' + +# Names of this library. +library_names='' + +# The name of the static archive. +old_library='mod_access.a' + +# Libraries that this one depends upon. +dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib' + +# Version information for mod_access. +current= +age= +revision= + +# Is this an already installed library? +installed=no + +# Should we warn about portability when linking against -modules? +shouldnotlink=yes + +# Files to dlopen/dlpreopen +dlopen='' +dlpreopen='' + +# Directory that this library needs to be installed in: +libdir='' diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.lo b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.lo new file mode 100644 index 00000000..c09fcac0 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.lo @@ -0,0 +1,12 @@ +# mod_access.lo - a libtool object file +# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18) +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# Name of the PIC object. +pic_object='.libs/mod_access.o' + +# Name of the non-PIC object. +non_pic_object='mod_access.o' + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.o b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.o Binary files differnew file mode 100644 index 00000000..0ec5a0db --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_access.o diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.c new file mode 100644 index 00000000..43f65306 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.c @@ -0,0 +1,315 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * http_auth: authentication + * + * Rob McCool + * + * Adapted to Apache by rst. + * + * dirkx - Added Authoritative control to allow passing on to lower + * modules if and only if the userid is not known to this + * module. A known user with a faulty or absent password still + * causes an AuthRequired. The default is 'Authoritative', i.e. + * no control is passed along. + */ + +#include "apr_strings.h" +#include "apr_md5.h" /* for apr_password_validate */ + +#include "ap_config.h" +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_log.h" +#include "http_protocol.h" +#include "http_request.h" + + +typedef struct { + char *auth_pwfile; + char *auth_grpfile; + int auth_authoritative; +} auth_config_rec; + +static void *create_auth_dir_config(apr_pool_t *p, char *d) +{ + auth_config_rec *conf = apr_palloc(p, sizeof(*conf)); + + conf->auth_pwfile = NULL; /* just to illustrate the default really */ + conf->auth_grpfile = NULL; /* unless you have a broken HP cc */ + conf->auth_authoritative = 1; /* keep the fortress secure by default */ + return conf; +} + +static const char *set_auth_slot(cmd_parms *cmd, void *offset, const char *f, + const char *t) +{ + if (t && strcmp(t, "standard")) { + return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); + } + + return ap_set_file_slot(cmd, offset, f); +} + +static const command_rec auth_cmds[] = +{ + AP_INIT_TAKE12("AuthUserFile", set_auth_slot, + (void *)APR_OFFSETOF(auth_config_rec, auth_pwfile), + OR_AUTHCFG, "text file containing user IDs and passwords"), + AP_INIT_TAKE12("AuthGroupFile", set_auth_slot, + (void *)APR_OFFSETOF(auth_config_rec, auth_grpfile), + OR_AUTHCFG, + "text file containing group names and member user IDs"), + AP_INIT_FLAG("AuthAuthoritative", ap_set_flag_slot, + (void *)APR_OFFSETOF(auth_config_rec, auth_authoritative), + OR_AUTHCFG, + "Set to 'no' to allow access control to be passed along to " + "lower modules if the UserID is not known to this module"), + {NULL} +}; + +module AP_MODULE_DECLARE_DATA auth_module; + +static char *get_pw(request_rec *r, char *user, char *auth_pwfile) +{ + ap_configfile_t *f; + char l[MAX_STRING_LEN]; + const char *rpw, *w; + apr_status_t status; + + if ((status = ap_pcfg_openfile(&f, r->pool, auth_pwfile)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, + "Could not open password file: %s", auth_pwfile); + return NULL; + } + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + rpw = l; + w = ap_getword(r->pool, &rpw, ':'); + + if (!strcmp(user, w)) { + ap_cfg_closefile(f); + return ap_getword(r->pool, &rpw, ':'); + } + } + ap_cfg_closefile(f); + return NULL; +} + +static apr_table_t *groups_for_user(request_rec *r, char *user, char *grpfile) +{ + apr_pool_t *p = r->pool; + ap_configfile_t *f; + apr_table_t *grps = apr_table_make(p, 15); + apr_pool_t *sp; + char l[MAX_STRING_LEN]; + const char *group_name, *ll, *w; + apr_status_t status; + + if ((status = ap_pcfg_openfile(&f, p, grpfile)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, + "Could not open group file: %s", grpfile); + return NULL; + } + + apr_pool_create(&sp, p); + + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + ll = l; + apr_pool_clear(sp); + + group_name = ap_getword(sp, &ll, ':'); + + while (ll[0]) { + w = ap_getword_conf(sp, &ll); + if (!strcmp(w, user)) { + apr_table_setn(grps, apr_pstrdup(p, group_name), "in"); + break; + } + } + } + ap_cfg_closefile(f); + apr_pool_destroy(sp); + return grps; +} + +/* These functions return 0 if client is OK, and proper error status + * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or + * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we + * couldn't figure out how to tell if the client is authorized or not. + * + * If they return DECLINED, and all other modules also decline, that's + * treated by the server core as a configuration error, logged and + * reported as such. + */ + +/* Determine user ID, and check if it really is that user, for HTTP + * basic authentication... + */ + +static int authenticate_basic_user(request_rec *r) +{ + auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_module); + const char *sent_pw; + char *real_pw; + apr_status_t invalid_pw; + int res; + + if ((res = ap_get_basic_auth_pw(r, &sent_pw))) { + return res; + } + + if (!conf->auth_pwfile) { + return DECLINED; + } + + if (!(real_pw = get_pw(r, r->user, conf->auth_pwfile))) { + if (!(conf->auth_authoritative)) { + return DECLINED; + } + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s not found: %s", r->user, r->uri); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + invalid_pw = apr_password_validate(sent_pw, real_pw); + if (invalid_pw != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s: authentication failure for \"%s\": " + "Password Mismatch", + r->user, r->uri); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + return OK; +} + +/* Checking ID */ + +static int check_user_access(request_rec *r) +{ + auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_module); + char *user = r->user; + int m = r->method_number; + int method_restricted = 0; + register int x; + const char *t, *w; + apr_table_t *grpstatus; + const apr_array_header_t *reqs_arr = ap_requires(r); + require_line *reqs; + + /* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive, + * then any user will do. + */ + if (!reqs_arr) { + return OK; + } + reqs = (require_line *)reqs_arr->elts; + + if (conf->auth_grpfile) { + grpstatus = groups_for_user(r, user, conf->auth_grpfile); + } + else { + grpstatus = NULL; + } + + for (x = 0; x < reqs_arr->nelts; x++) { + + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { + continue; + } + + method_restricted = 1; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + if (!strcmp(w, "valid-user")) { + return OK; + } + if (!strcmp(w, "user")) { + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (!strcmp(user, w)) { + return OK; + } + } + } + else if (!strcmp(w, "group")) { + if (!grpstatus) { + return DECLINED; /* DBM group? Something else? */ + } + + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (apr_table_get(grpstatus, w)) { + return OK; + } + } + } + else if (conf->auth_authoritative) { + /* if we aren't authoritative, any require directive could be + * valid even if we don't grok it. However, if we are + * authoritative, we can warn the user they did something wrong. + * That something could be a missing "AuthAuthoritative off", but + * more likely is a typo in the require directive. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: unknown require " + "directive:\"%s\"", r->uri, reqs[x].requirement); + } + } + + if (!method_restricted) { + return OK; + } + + if (!(conf->auth_authoritative)) { + return DECLINED; + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: user %s not allowed access", + r->uri, user); + + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; +} + +static void register_hooks(apr_pool_t *p) +{ + ap_hook_check_user_id(authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); + ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA auth_module = +{ + STANDARD20_MODULE_STUFF, + create_auth_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + auth_cmds, /* command apr_table_t */ + register_hooks /* register hooks */ +}; diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.dsp new file mode 100644 index 00000000..ce7d0c77 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.dsp @@ -0,0 +1,128 @@ +# Microsoft Developer Studio Project File - Name="mod_auth" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=mod_auth - Win32 Release +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "mod_auth.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "mod_auth.mak" CFG="mod_auth - Win32 Release" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "mod_auth - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "mod_auth - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth_src" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so /opt:ref + +!ELSEIF "$(CFG)" == "mod_auth - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth.so + +!ENDIF + +# Begin Target + +# Name "mod_auth - Win32 Release" +# Name "mod_auth - Win32 Debug" +# Begin Source File + +SOURCE=.\mod_auth.c +# End Source File +# Begin Source File + +SOURCE=.\mod_auth.rc +# End Source File +# Begin Source File + +SOURCE=..\..\build\win32\win32ver.awk + +!IF "$(CFG)" == "mod_auth - Win32 Release" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth.so "auth_module for Apache" ../../include/ap_release.h > .\mod_auth.rc + +# End Custom Build + +!ELSEIF "$(CFG)" == "mod_auth - Win32 Debug" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth.so "auth_module for Apache" ../../include/ap_release.h > .\mod_auth.rc + +# End Custom Build + +!ENDIF + +# End Source File +# End Target +# End Project diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.exp new file mode 100644 index 00000000..76adad0a --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.exp @@ -0,0 +1 @@ +auth_module diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.la b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.la new file mode 100644 index 00000000..5ffae20b --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.la @@ -0,0 +1,35 @@ +# mod_auth.la - a libtool library file +# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18) +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='' + +# Names of this library. +library_names='' + +# The name of the static archive. +old_library='mod_auth.a' + +# Libraries that this one depends upon. +dependency_libs=' -L/bottlenecks/rubbos/app/httpd-2.0.64/srclib/apr-util/xml/expat/lib' + +# Version information for mod_auth. +current= +age= +revision= + +# Is this an already installed library? +installed=no + +# Should we warn about portability when linking against -modules? +shouldnotlink=yes + +# Files to dlopen/dlpreopen +dlopen='' +dlpreopen='' + +# Directory that this library needs to be installed in: +libdir='' diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.lo b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.lo new file mode 100644 index 00000000..907d0402 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.lo @@ -0,0 +1,12 @@ +# mod_auth.lo - a libtool object file +# Generated by ltmain.sh - GNU libtool 1.5.26 (1.1220.2.493 2008/02/01 16:58:18) +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# Name of the PIC object. +pic_object='.libs/mod_auth.o' + +# Name of the non-PIC object. +non_pic_object='mod_auth.o' + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.o b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.o Binary files differnew file mode 100644 index 00000000..8a0feeac --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth.o diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.c new file mode 100644 index 00000000..b5137d5f --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.c @@ -0,0 +1,238 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * http_auth: authentication + * + * Rob McCool & Brian Behlendorf. + * + * Adapted to Apache by rst. + * + * Version 0.5 May 1996 + * + * Modified by Dirk.vanGulik@jrc.it to + * + * Adapted to allow anonymous logins, just like with Anon-FTP, when + * one gives the magic user name 'anonymous' and ones email address + * as the password. + * + * Just add the following tokes to your <directory> setup: + * + * Anonymous magic-userid [magic-userid]... + * + * Anonymous_MustGiveEmail [ on | off ] default = on + * Anonymous_LogEmail [ on | off ] default = on + * Anonymous_VerifyEmail [ on | off ] default = off + * Anonymous_NoUserId [ on | off ] default = off + * Anonymous_Authoritative [ on | off ] default = off + * + * The magic user id is something like 'anonymous', it is NOT case sensitive. + * + * The MustGiveEmail flag can be used to force users to enter something + * in the password field (like an email address). Default is on. + * + * Furthermore the 'NoUserID' flag can be set to allow completely empty + * usernames in as well; this can be is convenient as a single return + * in broken GUIs like W95 is often given by the user. The Default is off. + * + * Dirk.vanGulik@jrc.it; http://ewse.ceo.org; http://me-www.jrc.it/~dirkx + * + */ + +#include "apr_strings.h" + +#define APR_WANT_STRFUNC +#include "apr_want.h" + +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_log.h" +#include "http_request.h" +#include "http_protocol.h" + +typedef struct anon_auth { + char *password; + struct anon_auth *next; +} anon_auth; + +typedef struct { + anon_auth *anon_auth_passwords; + int anon_auth_nouserid; + int anon_auth_logemail; + int anon_auth_verifyemail; + int anon_auth_mustemail; + int anon_auth_authoritative; +} anon_auth_config_rec; + +static void *create_anon_auth_dir_config(apr_pool_t *p, char *d) +{ + anon_auth_config_rec *conf = apr_palloc(p, sizeof(*conf)); + + /* just to illustrate the defaults really. */ + conf->anon_auth_passwords = NULL; + + conf->anon_auth_nouserid = 0; + conf->anon_auth_logemail = 1; + conf->anon_auth_verifyemail = 0; + conf->anon_auth_mustemail = 1; + conf->anon_auth_authoritative = 0; + return conf; +} + +static const char *anon_set_string_slots(cmd_parms *cmd, + void *my_config, const char *arg) +{ + anon_auth_config_rec *conf = my_config; + anon_auth *first; + + if (!(*arg)) + return "Anonymous string cannot be empty, use Anonymous_NoUserId instead"; + + /* squeeze in a record */ + first = conf->anon_auth_passwords; + + if (!(conf->anon_auth_passwords = apr_palloc(cmd->pool, sizeof(anon_auth))) || + !(conf->anon_auth_passwords->password = apr_pstrdup(cmd->pool, arg))) + return "Failed to claim memory for an anonymous password..."; + + /* and repair the next */ + conf->anon_auth_passwords->next = first; + + return NULL; +} + +static const command_rec anon_auth_cmds[] = +{ + AP_INIT_ITERATE("Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG, + "a space-separated list of user IDs"), + AP_INIT_FLAG("Anonymous_MustGiveEmail", ap_set_flag_slot, + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_mustemail), + OR_AUTHCFG, "Limited to 'on' or 'off'"), + AP_INIT_FLAG("Anonymous_NoUserId", ap_set_flag_slot, + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_nouserid), + OR_AUTHCFG, "Limited to 'on' or 'off'"), + AP_INIT_FLAG("Anonymous_VerifyEmail", ap_set_flag_slot, + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_verifyemail), + OR_AUTHCFG, "Limited to 'on' or 'off'"), + AP_INIT_FLAG("Anonymous_LogEmail", ap_set_flag_slot, + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_logemail), + OR_AUTHCFG, "Limited to 'on' or 'off'"), + AP_INIT_FLAG("Anonymous_Authoritative", ap_set_flag_slot, + (void *)APR_OFFSETOF(anon_auth_config_rec, anon_auth_authoritative), + OR_AUTHCFG, "Limited to 'on' or 'off'"), + {NULL} +}; + +module AP_MODULE_DECLARE_DATA auth_anon_module; + +static int anon_authenticate_basic_user(request_rec *r) +{ + anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_anon_module); + const char *sent_pw; + int res = DECLINED; + + if ((res = ap_get_basic_auth_pw(r, &sent_pw))) { + return res; + } + + /* Ignore if we are not configured */ + if (!conf->anon_auth_passwords) { + return DECLINED; + } + + /* Do we allow an empty userID and/or is it the magic one + */ + + if ((!(r->user[0])) && (conf->anon_auth_nouserid)) { + res = OK; + } + else { + anon_auth *p = conf->anon_auth_passwords; + res = DECLINED; + while ((res == DECLINED) && (p != NULL)) { + if (!(strcasecmp(r->user, p->password))) { + res = OK; + } + p = p->next; + } + } + if ( + /* username is OK */ + (res == OK) + /* password been filled out ? */ + && ((!conf->anon_auth_mustemail) || strlen(sent_pw)) + /* does the password look like an email address ? */ + && ((!conf->anon_auth_verifyemail) + || ((strpbrk("@", sent_pw) != NULL) + && (strpbrk(".", sent_pw) != NULL)))) { + if (conf->anon_auth_logemail && ap_is_initial_req(r)) { + ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS, r, + "Anonymous: Passwd <%s> Accepted", + sent_pw ? sent_pw : "\'none\'"); + } + return OK; + } + else { + if (conf->anon_auth_authoritative) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, + "Anonymous: Authoritative, Passwd <%s> not accepted", + sent_pw ? sent_pw : "\'none\'"); + return HTTP_UNAUTHORIZED; + } + /* Drop out the bottom to return DECLINED */ + } + + return DECLINED; +} + +static int check_anon_access(request_rec *r) +{ +#ifdef NOTYET + conn_rec *c = r->connection; + anon_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_anon_module); + + if (!conf->anon_auth) { + return DECLINED; + } + + if (strcasecmp(r->connection->user, conf->anon_auth)) { + return DECLINED; + } + + return OK; +#endif + return DECLINED; +} + +static void register_hooks(apr_pool_t *p) +{ + ap_hook_check_user_id(anon_authenticate_basic_user,NULL,NULL,APR_HOOK_MIDDLE); + ap_hook_auth_checker(check_anon_access,NULL,NULL,APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA auth_anon_module = +{ + STANDARD20_MODULE_STUFF, + create_anon_auth_dir_config, /* dir config creater */ + NULL, /* dir merger ensure strictness */ + NULL, /* server config */ + NULL, /* merge server config */ + anon_auth_cmds, /* command apr_table_t */ + register_hooks /* register hooks */ +}; diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.dsp new file mode 100644 index 00000000..9ac81797 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.dsp @@ -0,0 +1,128 @@ +# Microsoft Developer Studio Project File - Name="mod_auth_anon" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=mod_auth_anon - Win32 Release +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "mod_auth_anon.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "mod_auth_anon.mak" CFG="mod_auth_anon - Win32 Release" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "mod_auth_anon - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth_anon - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "mod_auth_anon - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth_anon_src" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so /opt:ref + +!ELSEIF "$(CFG)" == "mod_auth_anon - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth_anon_src" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_anon.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_anon.so + +!ENDIF + +# Begin Target + +# Name "mod_auth_anon - Win32 Release" +# Name "mod_auth_anon - Win32 Debug" +# Begin Source File + +SOURCE=.\mod_auth_anon.c +# End Source File +# Begin Source File + +SOURCE=.\mod_auth_anon.rc +# End Source File +# Begin Source File + +SOURCE=..\..\build\win32\win32ver.awk + +!IF "$(CFG)" == "mod_auth_anon - Win32 Release" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_anon.so "auth_anon_module for Apache" ../../include/ap_release.h > .\mod_auth_anon.rc + +# End Custom Build + +!ELSEIF "$(CFG)" == "mod_auth_anon - Win32 Debug" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth_anon.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_anon.so "auth_anon_module for Apache" ../../include/ap_release.h > .\mod_auth_anon.rc + +# End Custom Build + +!ENDIF + +# End Source File +# End Target +# End Project diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.exp new file mode 100644 index 00000000..63282532 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_anon.exp @@ -0,0 +1 @@ +auth_anon_module diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.c new file mode 100644 index 00000000..e7c2cc9a --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.c @@ -0,0 +1,293 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * http_auth: authentication + * + * Rob McCool & Brian Behlendorf. + * + * Adapted to Apache by rst. + * + * dirkx - Added Authoritative control to allow passing on to lower + * modules if and only if the userid is not known to this + * module. A known user with a faulty or absent password still + * causes an AuthRequired. The default is 'Authoritative', i.e. + * no control is passed along. + */ + +#define APR_WANT_STRFUNC +#include "apr_want.h" +#include "apr_strings.h" +#include "apr_dbm.h" +#include "apr_md5.h" /* for apr_password_validate */ + +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_log.h" +#include "http_protocol.h" +#include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ + + +typedef struct { + char *auth_dbmpwfile; + char *auth_dbmgrpfile; + char *auth_dbmtype; + int auth_dbmauthoritative; +} dbm_auth_config_rec; + +static void *create_dbm_auth_dir_config(apr_pool_t *p, char *d) +{ + dbm_auth_config_rec *conf = apr_palloc(p, sizeof(*conf)); + + conf->auth_dbmpwfile = NULL; + conf->auth_dbmgrpfile = NULL; + conf->auth_dbmtype = "default"; + conf->auth_dbmauthoritative = 1; /* fortress is secure by default */ + + return conf; +} + +static const char *set_dbm_slot(cmd_parms *cmd, void *offset, + const char *f, const char *t) +{ + if (!t || strcmp(t, "dbm")) + return DECLINE_CMD; + + return ap_set_file_slot(cmd, offset, f); +} + +static const char *set_dbm_type(cmd_parms *cmd, + void *dir_config, + const char *arg) +{ + dbm_auth_config_rec *conf = dir_config; + + conf->auth_dbmtype = apr_pstrdup(cmd->pool, arg); + return NULL; +} + +static const command_rec dbm_auth_cmds[] = +{ + AP_INIT_TAKE1("AuthDBMUserFile", ap_set_file_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmpwfile), + OR_AUTHCFG, "dbm database file containing user IDs and passwords"), + AP_INIT_TAKE1("AuthDBMGroupFile", ap_set_file_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmgrpfile), + OR_AUTHCFG, "dbm database file containing group names and member user IDs"), + AP_INIT_TAKE12("AuthUserFile", set_dbm_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmpwfile), + OR_AUTHCFG, NULL), + AP_INIT_TAKE12("AuthGroupFile", set_dbm_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmgrpfile), + OR_AUTHCFG, NULL), + AP_INIT_TAKE1("AuthDBMType", set_dbm_type, + NULL, + OR_AUTHCFG, "what type of DBM file the user file is"), + AP_INIT_FLAG("AuthDBMAuthoritative", ap_set_flag_slot, + (void *)APR_OFFSETOF(dbm_auth_config_rec, auth_dbmauthoritative), + OR_AUTHCFG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"), + {NULL} +}; + +module AP_MODULE_DECLARE_DATA auth_dbm_module; + +static char *get_dbm_pw(request_rec *r, + char *user, + char *auth_dbmpwfile, + char *dbtype) +{ + apr_dbm_t *f; + apr_datum_t d, q; + char *pw = NULL; + apr_status_t retval; + q.dptr = user; +#ifndef NETSCAPE_DBM_COMPAT + q.dsize = strlen(q.dptr); +#else + q.dsize = strlen(q.dptr) + 1; +#endif + + retval = apr_dbm_open_ex(&f, dbtype, auth_dbmpwfile, APR_DBM_READONLY, + APR_OS_DEFAULT, r->pool); + if (retval != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, retval, r, + "could not open dbm (type %s) auth file: %s", dbtype, + auth_dbmpwfile); + return NULL; + } + if (apr_dbm_fetch(f, q, &d) == APR_SUCCESS && d.dptr) { + pw = apr_palloc(r->pool, d.dsize + 1); + strncpy(pw, d.dptr, d.dsize); + pw[d.dsize] = '\0'; /* Terminate the string */ + } + + apr_dbm_close(f); + return pw; +} + +/* We do something strange with the group file. If the group file + * contains any : we assume the format is + * key=username value=":"groupname [":"anything here is ignored] + * otherwise we now (0.8.14+) assume that the format is + * key=username value=groupname + * The first allows the password and group files to be the same + * physical DBM file; key=username value=password":"groupname[":"anything] + * + * mark@telescope.org, 22Sep95 + */ + +static char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile, + char *dbtype) +{ + char *grp_data = get_dbm_pw(r, user, auth_dbmgrpfile,dbtype); + char *grp_colon; + char *grp_colon2; + + if (grp_data == NULL) + return NULL; + + if ((grp_colon = strchr(grp_data, ':')) != NULL) { + grp_colon2 = strchr(++grp_colon, ':'); + if (grp_colon2) + *grp_colon2 = '\0'; + return grp_colon; + } + return grp_data; +} + +static int dbm_authenticate_basic_user(request_rec *r) +{ + dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_dbm_module); + const char *sent_pw; + char *real_pw, *colon_pw; + apr_status_t invalid_pw; + int res; + + if ((res = ap_get_basic_auth_pw(r, &sent_pw))) + return res; + + if (!conf->auth_dbmpwfile) + return DECLINED; + + if (!(real_pw = get_dbm_pw(r, r->user, conf->auth_dbmpwfile, + conf->auth_dbmtype))) { + if (!(conf->auth_dbmauthoritative)) + return DECLINED; + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "DBM user %s not found: %s", r->user, r->filename); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + /* Password is up to first : if exists */ + colon_pw = strchr(real_pw, ':'); + if (colon_pw) { + *colon_pw = '\0'; + } + invalid_pw = apr_password_validate(sent_pw, real_pw); + if (invalid_pw != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "DBM user %s: authentication failure for \"%s\": " + "Password Mismatch", + r->user, r->uri); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + return OK; +} + +/* Checking ID */ + +static int dbm_check_auth(request_rec *r) +{ + dbm_auth_config_rec *conf = ap_get_module_config(r->per_dir_config, + &auth_dbm_module); + char *user = r->user; + int m = r->method_number; + + const apr_array_header_t *reqs_arr = ap_requires(r); + require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; + + register int x; + const char *t; + char *w; + + if (!conf->auth_dbmgrpfile) + return DECLINED; + if (!reqs_arr) + return DECLINED; + + for (x = 0; x < reqs_arr->nelts; x++) { + + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) + continue; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + + if (!strcmp(w, "group") && conf->auth_dbmgrpfile) { + const char *orig_groups, *groups; + char *v; + + if (!(groups = get_dbm_grp(r, user, conf->auth_dbmgrpfile, + conf->auth_dbmtype))) { + if (!(conf->auth_dbmauthoritative)) + return DECLINED; + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s not in DBM group file %s: %s", + user, conf->auth_dbmgrpfile, r->filename); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + orig_groups = groups; + while (t[0]) { + w = ap_getword_white(r->pool, &t); + groups = orig_groups; + while (groups[0]) { + v = ap_getword(r->pool, &groups, ','); + if (!strcmp(v, w)) + return OK; + } + } + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s not in right group: %s", + user, r->filename); + ap_note_basic_auth_failure(r); + return HTTP_UNAUTHORIZED; + } + } + + return DECLINED; +} + +static void register_hooks(apr_pool_t *p) +{ + ap_hook_check_user_id(dbm_authenticate_basic_user, NULL, NULL, + APR_HOOK_MIDDLE); + ap_hook_auth_checker(dbm_check_auth, NULL, NULL, APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA auth_dbm_module = +{ + STANDARD20_MODULE_STUFF, + create_dbm_auth_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + dbm_auth_cmds, /* command apr_table_t */ + register_hooks /* register hooks */ +}; diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.dsp new file mode 100644 index 00000000..d55e0c9b --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.dsp @@ -0,0 +1,128 @@ +# Microsoft Developer Studio Project File - Name="mod_auth_dbm" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=mod_auth_dbm - Win32 Release +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "mod_auth_dbm.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "mod_auth_dbm.mak" CFG="mod_auth_dbm - Win32 Release" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "mod_auth_dbm - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth_dbm - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "mod_auth_dbm - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_AUTH_DBM_USE_APR" /Fd"Release\mod_auth_dbm_src" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so /opt:ref + +!ELSEIF "$(CFG)" == "mod_auth_dbm - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "AP_AUTH_DBM_USE_APR" /Fd"Debug\mod_auth_dbm_src" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_dbm.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_dbm.so + +!ENDIF + +# Begin Target + +# Name "mod_auth_dbm - Win32 Release" +# Name "mod_auth_dbm - Win32 Debug" +# Begin Source File + +SOURCE=.\mod_auth_dbm.c +# End Source File +# Begin Source File + +SOURCE=.\mod_auth_dbm.rc +# End Source File +# Begin Source File + +SOURCE=..\..\build\win32\win32ver.awk + +!IF "$(CFG)" == "mod_auth_dbm - Win32 Release" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_dbm.so "auth_dbm_module for Apache" ../../include/ap_release.h > .\mod_auth_dbm.rc + +# End Custom Build + +!ELSEIF "$(CFG)" == "mod_auth_dbm - Win32 Debug" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth_dbm.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_dbm.so "auth_dbm_module for Apache" ../../include/ap_release.h > .\mod_auth_dbm.rc + +# End Custom Build + +!ENDIF + +# End Source File +# End Target +# End Project diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.exp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.exp new file mode 100644 index 00000000..7038e804 --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_dbm.exp @@ -0,0 +1 @@ +auth_dbm_module diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.c b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.c new file mode 100644 index 00000000..9f4c655a --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.c @@ -0,0 +1,2108 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * mod_auth_digest: MD5 digest authentication + * + * Originally by Alexei Kosut <akosut@nueva.pvt.k12.ca.us> + * Updated to RFC-2617 by Ronald Tschalär <ronald@innovation.ch> + * based on mod_auth, by Rob McCool and Robert S. Thau + * + * This module an updated version of modules/standard/mod_digest.c + * It is still fairly new and problems may turn up - submit problem + * reports to the Apache bug-database, or send them directly to me + * at ronald@innovation.ch. + * + * Requires either /dev/random (or equivalent) or the truerand library, + * available for instance from + * ftp://research.att.com/dist/mab/librand.shar + * + * Open Issues: + * - qop=auth-int (when streams and trailer support available) + * - nonce-format configurability + * - Proxy-Authorization-Info header is set by this module, but is + * currently ignored by mod_proxy (needs patch to mod_proxy) + * - generating the secret takes a while (~ 8 seconds) if using the + * truerand library + * - The source of the secret should be run-time directive (with server + * scope: RSRC_CONF). However, that could be tricky when trying to + * choose truerand vs. file... + * - shared-mem not completely tested yet. Seems to work ok for me, + * but... (definitely won't work on Windoze) + * - Sharing a realm among multiple servers has following problems: + * o Server name and port can't be included in nonce-hash + * (we need two nonce formats, which must be configured explicitly) + * o Nonce-count check can't be for equal, or then nonce-count checking + * must be disabled. What we could do is the following: + * (expected < received) ? set expected = received : issue error + * The only problem is that it allows replay attacks when somebody + * captures a packet sent to one server and sends it to another + * one. Should we add "AuthDigestNcCheck Strict"? + * - expired nonces give amaya fits. + */ + +#include "apr_sha1.h" +#include "apr_base64.h" +#include "apr_lib.h" +#include "apr_time.h" +#include "apr_errno.h" +#include "apr_global_mutex.h" +#include "apr_strings.h" + +#define APR_WANT_STRFUNC +#include "apr_want.h" + +#include "ap_config.h" +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_request.h" +#include "http_log.h" +#include "http_protocol.h" +#include "apr_uri.h" +#include "util_md5.h" +#include "apr_shm.h" +#include "apr_rmm.h" + +/* Disable shmem until pools/init gets sorted out + * remove following two lines when fixed + */ +#undef APR_HAS_SHARED_MEMORY +#define APR_HAS_SHARED_MEMORY 0 + +/* struct to hold the configuration info */ + +typedef struct digest_config_struct { + const char *dir_name; + const char *pwfile; + const char *grpfile; + const char *realm; + char **qop_list; + apr_sha1_ctx_t nonce_ctx; + apr_time_t nonce_lifetime; + const char *nonce_format; + int check_nc; + const char *algorithm; + char *uri_list; + const char *ha1; +} digest_config_rec; + + +#define DFLT_ALGORITHM "MD5" + +#define DFLT_NONCE_LIFE apr_time_from_sec(300) +#define NEXTNONCE_DELTA apr_time_from_sec(30) + + +#define NONCE_TIME_LEN (((sizeof(apr_time_t)+2)/3)*4) +#define NONCE_HASH_LEN (2*APR_SHA1_DIGESTSIZE) +#define NONCE_LEN (int )(NONCE_TIME_LEN + NONCE_HASH_LEN) + +#define SECRET_LEN 20 + + +/* client list definitions */ + +typedef struct hash_entry { + unsigned long key; /* the key for this entry */ + struct hash_entry *next; /* next entry in the bucket */ + unsigned long nonce_count; /* for nonce-count checking */ + char ha1[2*MD5_DIGESTSIZE+1]; /* for algorithm=MD5-sess */ + char last_nonce[NONCE_LEN+1]; /* for one-time nonce's */ +} client_entry; + +static struct hash_table { + client_entry **table; + unsigned long tbl_len; + unsigned long num_entries; + unsigned long num_created; + unsigned long num_removed; + unsigned long num_renewed; +} *client_list; + + +/* struct to hold a parsed Authorization header */ + +enum hdr_sts { NO_HEADER, NOT_DIGEST, INVALID, VALID }; + +typedef struct digest_header_struct { + const char *scheme; + const char *realm; + const char *username; + char *nonce; + const char *uri; + const char *method; + const char *digest; + const char *algorithm; + const char *cnonce; + const char *opaque; + unsigned long opaque_num; + const char *message_qop; + const char *nonce_count; + /* the following fields are not (directly) from the header */ + apr_time_t nonce_time; + enum hdr_sts auth_hdr_sts; + const char *raw_request_uri; + apr_uri_t *psd_request_uri; + int needed_auth; + client_entry *client; +} digest_header_rec; + + +/* (mostly) nonce stuff */ + +typedef union time_union { + apr_time_t time; + unsigned char arr[sizeof(apr_time_t)]; +} time_rec; + +static unsigned char secret[SECRET_LEN]; + +/* client-list, opaque, and one-time-nonce stuff */ + +static apr_shm_t *client_shm = NULL; +static apr_rmm_t *client_rmm = NULL; +static unsigned long *opaque_cntr; +static apr_time_t *otn_counter; /* one-time-nonce counter */ +static apr_global_mutex_t *client_lock = NULL; +static apr_global_mutex_t *opaque_lock = NULL; +static char client_lock_name[L_tmpnam]; +static char opaque_lock_name[L_tmpnam]; + +#define DEF_SHMEM_SIZE 1000L /* ~ 12 entries */ +#define DEF_NUM_BUCKETS 15L +#define HASH_DEPTH 5 + +static long shmem_size = DEF_SHMEM_SIZE; +static long num_buckets = DEF_NUM_BUCKETS; + + +module AP_MODULE_DECLARE_DATA auth_digest_module; + +/* + * initialization code + */ + +static apr_status_t cleanup_tables(void *not_used) +{ + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, + "Digest: cleaning up shared memory"); + fflush(stderr); + + if (client_shm) { + apr_shm_destroy(client_shm); + client_shm = NULL; + } + + if (client_lock) { + apr_global_mutex_destroy(client_lock); + client_lock = NULL; + } + + if (opaque_lock) { + apr_global_mutex_destroy(opaque_lock); + opaque_lock = NULL; + } + + return APR_SUCCESS; +} + +static apr_status_t initialize_secret(server_rec *s) +{ + apr_status_t status; + + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, + "Digest: generating secret for digest authentication ..."); + +#if APR_HAS_RANDOM + status = apr_generate_random_bytes(secret, sizeof(secret)); +#else +#error APR random number support is missing; you probably need to install the truerand library. +#endif + + if (status != APR_SUCCESS) { + char buf[120]; + ap_log_error(APLOG_MARK, APLOG_CRIT, status, s, + "Digest: error generating secret: %s", + apr_strerror(status, buf, sizeof(buf))); + return status; + } + + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, "Digest: done"); + + return APR_SUCCESS; +} + +static void log_error_and_cleanup(char *msg, apr_status_t sts, server_rec *s) +{ + ap_log_error(APLOG_MARK, APLOG_ERR, sts, s, + "Digest: %s - all nonce-count checking, one-time nonces, and " + "MD5-sess algorithm disabled", msg); + + cleanup_tables(NULL); +} + +#if APR_HAS_SHARED_MEMORY + +static void initialize_tables(server_rec *s, apr_pool_t *ctx) +{ + unsigned long idx; + apr_status_t sts; + + /* set up client list */ + + sts = apr_shm_create(&client_shm, shmem_size, tmpnam(NULL), ctx); + if (sts != APR_SUCCESS) { + log_error_and_cleanup("failed to create shared memory segments", sts, s); + return; + } + + client_list = apr_rmm_malloc(client_rmm, sizeof(*client_list) + + sizeof(client_entry*)*num_buckets); + if (!client_list) { + log_error_and_cleanup("failed to allocate shared memory", -1, s); + return; + } + client_list->table = (client_entry**) (client_list + 1); + for (idx = 0; idx < num_buckets; idx++) { + client_list->table[idx] = NULL; + } + client_list->tbl_len = num_buckets; + client_list->num_entries = 0; + + tmpnam(client_lock_name); + /* FIXME: get the client_lock_name from a directive so we're portable + * to non-process-inheriting operating systems, like Win32. */ + sts = apr_global_mutex_create(&client_lock, client_lock_name, + APR_LOCK_DEFAULT, ctx); + if (sts != APR_SUCCESS) { + log_error_and_cleanup("failed to create lock (client_lock)", sts, s); + return; + } + + + /* setup opaque */ + + opaque_cntr = apr_rmm_malloc(client_rmm, sizeof(*opaque_cntr)); + if (opaque_cntr == NULL) { + log_error_and_cleanup("failed to allocate shared memory", -1, s); + return; + } + *opaque_cntr = 1UL; + + tmpnam(opaque_lock_name); + /* FIXME: get the opaque_lock_name from a directive so we're portable + * to non-process-inheriting operating systems, like Win32. */ + sts = apr_global_mutex_create(&opaque_lock, opaque_lock_name, + APR_LOCK_DEFAULT, ctx); + if (sts != APR_SUCCESS) { + log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s); + return; + } + + + /* setup one-time-nonce counter */ + + otn_counter = apr_rmm_malloc(client_rmm, sizeof(*otn_counter)); + if (otn_counter == NULL) { + log_error_and_cleanup("failed to allocate shared memory", -1, s); + return; + } + *otn_counter = 0; + /* no lock here */ + + + /* success */ + return; +} + +#endif /* APR_HAS_SHARED_MEMORY */ + + +static int initialize_module(apr_pool_t *p, apr_pool_t *plog, + apr_pool_t *ptemp, server_rec *s) +{ + void *data; + const char *userdata_key = "auth_digest_init"; + + /* initialize_module() will be called twice, and if it's a DSO + * then all static data from the first call will be lost. Only + * set up our static data on the second call. */ + apr_pool_userdata_get(&data, userdata_key, s->process->pool); + if (!data) { + apr_pool_userdata_set((const void *)1, userdata_key, + apr_pool_cleanup_null, s->process->pool); + return OK; + } + if (initialize_secret(s) != APR_SUCCESS) { + return !OK; + } + +#if APR_HAS_SHARED_MEMORY + /* Note: this stuff is currently fixed for the lifetime of the server, + * i.e. even across restarts. This means that A) any shmem-size + * configuration changes are ignored, and B) certain optimizations, + * such as only allocating the smallest necessary entry for each + * client, can't be done. However, the alternative is a nightmare: + * we can't call apr_shm_destroy on a graceful restart because there + * will be children using the tables, and we also don't know when the + * last child dies. Therefore we can never clean up the old stuff, + * creating a creeping memory leak. + */ + initialize_tables(s, p); + apr_pool_cleanup_register(p, NULL, cleanup_tables, apr_pool_cleanup_null); +#endif /* APR_HAS_SHARED_MEMORY */ + return OK; +} + +static void initialize_child(apr_pool_t *p, server_rec *s) +{ + apr_status_t sts; + + if (!client_shm) { + return; + } + + /* FIXME: get the client_lock_name from a directive so we're portable + * to non-process-inheriting operating systems, like Win32. */ + sts = apr_global_mutex_child_init(&client_lock, client_lock_name, p); + if (sts != APR_SUCCESS) { + log_error_and_cleanup("failed to create lock (client_lock)", sts, s); + return; + } + /* FIXME: get the opaque_lock_name from a directive so we're portable + * to non-process-inheriting operating systems, like Win32. */ + sts = apr_global_mutex_child_init(&opaque_lock, opaque_lock_name, p); + if (sts != APR_SUCCESS) { + log_error_and_cleanup("failed to create lock (opaque_lock)", sts, s); + return; + } +} + +/* + * configuration code + */ + +static void *create_digest_dir_config(apr_pool_t *p, char *dir) +{ + digest_config_rec *conf; + + if (dir == NULL) { + return NULL; + } + + conf = (digest_config_rec *) apr_pcalloc(p, sizeof(digest_config_rec)); + if (conf) { + conf->qop_list = apr_palloc(p, sizeof(char*)); + conf->qop_list[0] = NULL; + conf->nonce_lifetime = DFLT_NONCE_LIFE; + conf->dir_name = apr_pstrdup(p, dir); + conf->algorithm = DFLT_ALGORITHM; + } + + return conf; +} + +static const char *set_realm(cmd_parms *cmd, void *config, const char *realm) +{ + digest_config_rec *conf = (digest_config_rec *) config; + + /* The core already handles the realm, but it's just too convenient to + * grab it ourselves too and cache some setups. However, we need to + * let the core get at it too, which is why we decline at the end - + * this relies on the fact that http_core is last in the list. + */ + conf->realm = realm; + + /* we precompute the part of the nonce hash that is constant (well, + * the host:port would be too, but that varies for .htaccess files + * and directives outside a virtual host section) + */ + apr_sha1_init(&conf->nonce_ctx); + apr_sha1_update_binary(&conf->nonce_ctx, secret, sizeof(secret)); + apr_sha1_update_binary(&conf->nonce_ctx, (const unsigned char *) realm, + strlen(realm)); + + return DECLINE_CMD; +} + +static const char *set_digest_file(cmd_parms *cmd, void *config, + const char *file) +{ + ((digest_config_rec *) config)->pwfile = file; + return NULL; +} + +static const char *set_group_file(cmd_parms *cmd, void *config, + const char *file) +{ + ((digest_config_rec *) config)->grpfile = file; + return NULL; +} + +static const char *set_qop(cmd_parms *cmd, void *config, const char *op) +{ + digest_config_rec *conf = (digest_config_rec *) config; + char **tmp; + int cnt; + + if (!strcasecmp(op, "none")) { + if (conf->qop_list[0] == NULL) { + conf->qop_list = apr_palloc(cmd->pool, 2 * sizeof(char*)); + conf->qop_list[1] = NULL; + } + conf->qop_list[0] = "none"; + return NULL; + } + + if (!strcasecmp(op, "auth-int")) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server, + "Digest: WARNING: qop `auth-int' currently only works " + "correctly for responses with no entity"); + } + else if (strcasecmp(op, "auth")) { + return apr_pstrcat(cmd->pool, "Unrecognized qop: ", op, NULL); + } + + for (cnt = 0; conf->qop_list[cnt] != NULL; cnt++) + ; + + tmp = apr_palloc(cmd->pool, (cnt + 2) * sizeof(char*)); + memcpy(tmp, conf->qop_list, cnt*sizeof(char*)); + tmp[cnt] = apr_pstrdup(cmd->pool, op); + tmp[cnt+1] = NULL; + conf->qop_list = tmp; + + return NULL; +} + +static const char *set_nonce_lifetime(cmd_parms *cmd, void *config, + const char *t) +{ + char *endptr; + long lifetime; + + lifetime = strtol(t, &endptr, 10); + if (endptr < (t+strlen(t)) && !apr_isspace(*endptr)) { + return apr_pstrcat(cmd->pool, + "Invalid time in AuthDigestNonceLifetime: ", + t, NULL); + } + + ((digest_config_rec *) config)->nonce_lifetime = apr_time_from_sec(lifetime); + return NULL; +} + +static const char *set_nonce_format(cmd_parms *cmd, void *config, + const char *fmt) +{ + ((digest_config_rec *) config)->nonce_format = fmt; + return "AuthDigestNonceFormat is not implemented (yet)"; +} + +static const char *set_nc_check(cmd_parms *cmd, void *config, int flag) +{ + if (flag && !client_shm) + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, + cmd->server, "Digest: WARNING: nonce-count checking " + "is not supported on platforms without shared-memory " + "support - disabling check"); + + ((digest_config_rec *) config)->check_nc = flag; + return NULL; +} + +static const char *set_algorithm(cmd_parms *cmd, void *config, const char *alg) +{ + if (!strcasecmp(alg, "MD5-sess")) { + if (!client_shm) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, + cmd->server, "Digest: WARNING: algorithm `MD5-sess' " + "is not supported on platforms without shared-memory " + "support - reverting to MD5"); + alg = "MD5"; + } + } + else if (strcasecmp(alg, "MD5")) { + return apr_pstrcat(cmd->pool, "Invalid algorithm in AuthDigestAlgorithm: ", alg, NULL); + } + + ((digest_config_rec *) config)->algorithm = alg; + return NULL; +} + +static const char *set_uri_list(cmd_parms *cmd, void *config, const char *uri) +{ + digest_config_rec *c = (digest_config_rec *) config; + if (c->uri_list) { + c->uri_list[strlen(c->uri_list)-1] = '\0'; + c->uri_list = apr_pstrcat(cmd->pool, c->uri_list, " ", uri, "\"", NULL); + } + else { + c->uri_list = apr_pstrcat(cmd->pool, ", domain=\"", uri, "\"", NULL); + } + return NULL; +} + +static const char *set_shmem_size(cmd_parms *cmd, void *config, + const char *size_str) +{ + char *endptr; + long size, min; + + size = strtol(size_str, &endptr, 10); + while (apr_isspace(*endptr)) endptr++; + if (*endptr == '\0' || *endptr == 'b' || *endptr == 'B') { + ; + } + else if (*endptr == 'k' || *endptr == 'K') { + size *= 1024; + } + else if (*endptr == 'm' || *endptr == 'M') { + size *= 1048576; + } + else { + return apr_pstrcat(cmd->pool, "Invalid size in AuthDigestShmemSize: ", + size_str, NULL); + } + + min = sizeof(*client_list) + sizeof(client_entry*) + sizeof(client_entry); + if (size < min) { + return apr_psprintf(cmd->pool, "size in AuthDigestShmemSize too small: " + "%ld < %ld", size, min); + } + + shmem_size = size; + num_buckets = (size - sizeof(*client_list)) / + (sizeof(client_entry*) + HASH_DEPTH * sizeof(client_entry)); + if (num_buckets == 0) { + num_buckets = 1; + } + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, + "Digest: Set shmem-size: %ld, num-buckets: %ld", shmem_size, + num_buckets); + + return NULL; +} + +static const command_rec digest_cmds[] = +{ + AP_INIT_TAKE1("AuthName", set_realm, NULL, OR_AUTHCFG, + "The authentication realm (e.g. \"Members Only\")"), + AP_INIT_TAKE1("AuthDigestFile", set_digest_file, NULL, OR_AUTHCFG, + "The name of the file containing the usernames and password hashes"), + AP_INIT_TAKE1("AuthDigestGroupFile", set_group_file, NULL, OR_AUTHCFG, + "The name of the file containing the group names and members"), + AP_INIT_ITERATE("AuthDigestQop", set_qop, NULL, OR_AUTHCFG, + "A list of quality-of-protection options"), + AP_INIT_TAKE1("AuthDigestNonceLifetime", set_nonce_lifetime, NULL, OR_AUTHCFG, + "Maximum lifetime of the server nonce (seconds)"), + AP_INIT_TAKE1("AuthDigestNonceFormat", set_nonce_format, NULL, OR_AUTHCFG, + "The format to use when generating the server nonce"), + AP_INIT_FLAG("AuthDigestNcCheck", set_nc_check, NULL, OR_AUTHCFG, + "Whether or not to check the nonce-count sent by the client"), + AP_INIT_TAKE1("AuthDigestAlgorithm", set_algorithm, NULL, OR_AUTHCFG, + "The algorithm used for the hash calculation"), + AP_INIT_ITERATE("AuthDigestDomain", set_uri_list, NULL, OR_AUTHCFG, + "A list of URI's which belong to the same protection space as the current URI"), + AP_INIT_TAKE1("AuthDigestShmemSize", set_shmem_size, NULL, RSRC_CONF, + "The amount of shared memory to allocate for keeping track of clients"), + {NULL} +}; + + +/* + * client list code + * + * Each client is assigned a number, which is transfered in the opaque + * field of the WWW-Authenticate and Authorization headers. The number + * is just a simple counter which is incremented for each new client. + * Clients can't forge this number because it is hashed up into the + * server nonce, and that is checked. + * + * The clients are kept in a simple hash table, which consists of an + * array of client_entry's, each with a linked list of entries hanging + * off it. The client's number modulo the size of the array gives the + * bucket number. + * + * The clients are garbage collected whenever a new client is allocated + * but there is not enough space left in the shared memory segment. A + * simple semi-LRU is used for this: whenever a client entry is accessed + * it is moved to the beginning of the linked list in its bucket (this + * also makes for faster lookups for current clients). The garbage + * collecter then just removes the oldest entry (i.e. the one at the + * end of the list) in each bucket. + * + * The main advantages of the above scheme are that it's easy to implement + * and it keeps the hash table evenly balanced (i.e. same number of entries + * in each bucket). The major disadvantage is that you may be throwing + * entries out which are in active use. This is not tragic, as these + * clients will just be sent a new client id (opaque field) and nonce + * with a stale=true (i.e. it will just look like the nonce expired, + * thereby forcing an extra round trip). If the shared memory segment + * has enough headroom over the current client set size then this should + * not occur too often. + * + * To help tune the size of the shared memory segment (and see if the + * above algorithm is really sufficient) a set of counters is kept + * indicating the number of clients held, the number of garbage collected + * clients, and the number of erroneously purged clients. These are printed + * out at each garbage collection run. Note that access to the counters is + * not synchronized because they are just indicaters, and whether they are + * off by a few doesn't matter; and for the same reason no attempt is made + * to guarantee the num_renewed is correct in the face of clients spoofing + * the opaque field. + */ + +/* + * Get the client given its client number (the key). Returns the entry, + * or NULL if it's not found. + * + * Access to the list itself is synchronized via locks. However, access + * to the entry returned by get_client() is NOT synchronized. This means + * that there are potentially problems if a client uses multiple, + * simultaneous connections to access url's within the same protection + * space. However, these problems are not new: when using multiple + * connections you have no guarantee of the order the requests are + * processed anyway, so you have problems with the nonce-count and + * one-time nonces anyway. + */ +static client_entry *get_client(unsigned long key, const request_rec *r) +{ + int bucket; + client_entry *entry, *prev = NULL; + + + if (!key || !client_shm) return NULL; + + bucket = key % client_list->tbl_len; + entry = client_list->table[bucket]; + + apr_global_mutex_lock(client_lock); + + while (entry && key != entry->key) { + prev = entry; + entry = entry->next; + } + + if (entry && prev) { /* move entry to front of list */ + prev->next = entry->next; + entry->next = client_list->table[bucket]; + client_list->table[bucket] = entry; + } + + apr_global_mutex_unlock(client_lock); + + if (entry) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "get_client(): client %lu found", key); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "get_client(): client %lu not found", key); + } + + return entry; +} + + +/* A simple garbage-collecter to remove unused clients. It removes the + * last entry in each bucket and updates the counters. Returns the + * number of removed entries. + */ +static long gc(void) +{ + client_entry *entry, *prev; + unsigned long num_removed = 0, idx; + + /* garbage collect all last entries */ + + for (idx = 0; idx < client_list->tbl_len; idx++) { + entry = client_list->table[idx]; + prev = NULL; + while (entry->next) { /* find last entry */ + prev = entry; + entry = entry->next; + } + if (prev) { + prev->next = NULL; /* cut list */ + } + else { + client_list->table[idx] = NULL; + } + if (entry) { /* remove entry */ + apr_rmm_free(client_rmm, (apr_rmm_off_t)entry); + num_removed++; + } + } + + /* update counters and log */ + + client_list->num_entries -= num_removed; + client_list->num_removed += num_removed; + + return num_removed; +} + + +/* + * Add a new client to the list. Returns the entry if successful, NULL + * otherwise. This triggers the garbage collection if memory is low. + */ +static client_entry *add_client(unsigned long key, client_entry *info, + server_rec *s) +{ + int bucket; + client_entry *entry; + + + if (!key || !client_shm) { + return NULL; + } + + bucket = key % client_list->tbl_len; + entry = client_list->table[bucket]; + + apr_global_mutex_lock(client_lock); + + /* try to allocate a new entry */ + + entry = (client_entry *)apr_rmm_malloc(client_rmm, sizeof(client_entry)); + if (!entry) { + long num_removed = gc(); + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Digest: gc'd %ld client entries. Total new clients: " + "%ld; Total removed clients: %ld; Total renewed clients: " + "%ld", num_removed, + client_list->num_created - client_list->num_renewed, + client_list->num_removed, client_list->num_renewed); + entry = (client_entry *)apr_rmm_malloc(client_rmm, sizeof(client_entry)); + if (!entry) { + return NULL; /* give up */ + } + } + + /* now add the entry */ + + memcpy(entry, info, sizeof(client_entry)); + entry->key = key; + entry->next = client_list->table[bucket]; + client_list->table[bucket] = entry; + client_list->num_created++; + client_list->num_entries++; + + apr_global_mutex_unlock(client_lock); + + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + "allocated new client %lu", key); + + return entry; +} + + +/* + * Authorization header parser code + */ + +/* Parse the Authorization header, if it exists */ +static int get_digest_rec(request_rec *r, digest_header_rec *resp) +{ + const char *auth_line; + apr_size_t l; + int vk = 0, vv = 0; + char *key, *value; + + auth_line = apr_table_get(r->headers_in, + (PROXYREQ_PROXY == r->proxyreq) + ? "Proxy-Authorization" + : "Authorization"); + if (!auth_line) { + resp->auth_hdr_sts = NO_HEADER; + return !OK; + } + + resp->scheme = ap_getword_white(r->pool, &auth_line); + if (strcasecmp(resp->scheme, "Digest")) { + resp->auth_hdr_sts = NOT_DIGEST; + return !OK; + } + + l = strlen(auth_line); + + key = apr_palloc(r->pool, l+1); + value = apr_palloc(r->pool, l+1); + + while (auth_line[0] != '\0') { + + /* find key */ + + while (apr_isspace(auth_line[0])) { + auth_line++; + } + vk = 0; + while (auth_line[0] != '=' && auth_line[0] != ',' + && auth_line[0] != '\0' && !apr_isspace(auth_line[0])) { + key[vk++] = *auth_line++; + } + key[vk] = '\0'; + while (apr_isspace(auth_line[0])) { + auth_line++; + } + + /* find value */ + + if (auth_line[0] == '=') { + auth_line++; + while (apr_isspace(auth_line[0])) { + auth_line++; + } + + vv = 0; + if (auth_line[0] == '\"') { /* quoted string */ + auth_line++; + while (auth_line[0] != '\"' && auth_line[0] != '\0') { + if (auth_line[0] == '\\' && auth_line[1] != '\0') { + auth_line++; /* escaped char */ + } + value[vv++] = *auth_line++; + } + if (auth_line[0] != '\0') { + auth_line++; + } + } + else { /* token */ + while (auth_line[0] != ',' && auth_line[0] != '\0' + && !apr_isspace(auth_line[0])) { + value[vv++] = *auth_line++; + } + } + value[vv] = '\0'; + } + + while (auth_line[0] != ',' && auth_line[0] != '\0') { + auth_line++; + } + if (auth_line[0] != '\0') { + auth_line++; + } + + if (!strcasecmp(key, "username")) + resp->username = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "realm")) + resp->realm = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "nonce")) + resp->nonce = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "uri")) + resp->uri = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "response")) + resp->digest = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "algorithm")) + resp->algorithm = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "cnonce")) + resp->cnonce = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "opaque")) + resp->opaque = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "qop")) + resp->message_qop = apr_pstrdup(r->pool, value); + else if (!strcasecmp(key, "nc")) + resp->nonce_count = apr_pstrdup(r->pool, value); + } + + if (!resp->username || !resp->realm || !resp->nonce || !resp->uri + || !resp->digest + || (resp->message_qop && (!resp->cnonce || !resp->nonce_count))) { + resp->auth_hdr_sts = INVALID; + return !OK; + } + + if (resp->opaque) { + resp->opaque_num = (unsigned long) strtol(resp->opaque, NULL, 16); + } + + resp->auth_hdr_sts = VALID; + return OK; +} + + +/* Because the browser may preemptively send auth info, incrementing the + * nonce-count when it does, and because the client does not get notified + * if the URI didn't need authentication after all, we need to be sure to + * update the nonce-count each time we receive an Authorization header no + * matter what the final outcome of the request. Furthermore this is a + * convenient place to get the request-uri (before any subrequests etc + * are initiated) and to initialize the request_config. + * + * Note that this must be called after mod_proxy had its go so that + * r->proxyreq is set correctly. + */ +static int parse_hdr_and_update_nc(request_rec *r) +{ + digest_header_rec *resp; + int res; + + if (!ap_is_initial_req(r)) { + return DECLINED; + } + + resp = apr_pcalloc(r->pool, sizeof(digest_header_rec)); + resp->raw_request_uri = r->unparsed_uri; + resp->psd_request_uri = &r->parsed_uri; + resp->needed_auth = 0; + resp->method = r->method; + ap_set_module_config(r->request_config, &auth_digest_module, resp); + + res = get_digest_rec(r, resp); + resp->client = get_client(resp->opaque_num, r); + if (res == OK && resp->client) { + resp->client->nonce_count++; + } + + return DECLINED; +} + + +/* + * Nonce generation code + */ + +/* The hash part of the nonce is a SHA-1 hash of the time, realm, server host + * and port, opaque, and our secret. + */ +static void gen_nonce_hash(char *hash, const char *timestr, const char *opaque, + const server_rec *server, + const digest_config_rec *conf) +{ + const char *hex = "0123456789abcdef"; + unsigned char sha1[APR_SHA1_DIGESTSIZE]; + apr_sha1_ctx_t ctx; + int idx; + + memcpy(&ctx, &conf->nonce_ctx, sizeof(ctx)); + /* + apr_sha1_update_binary(&ctx, (const unsigned char *) server->server_hostname, + strlen(server->server_hostname)); + apr_sha1_update_binary(&ctx, (const unsigned char *) &server->port, + sizeof(server->port)); + */ + apr_sha1_update_binary(&ctx, (const unsigned char *) timestr, strlen(timestr)); + if (opaque) { + apr_sha1_update_binary(&ctx, (const unsigned char *) opaque, + strlen(opaque)); + } + apr_sha1_final(sha1, &ctx); + + for (idx=0; idx<APR_SHA1_DIGESTSIZE; idx++) { + *hash++ = hex[sha1[idx] >> 4]; + *hash++ = hex[sha1[idx] & 0xF]; + } + + *hash++ = '\0'; +} + + +/* The nonce has the format b64(time)+hash . + */ +static const char *gen_nonce(apr_pool_t *p, apr_time_t now, const char *opaque, + const server_rec *server, + const digest_config_rec *conf) +{ + char *nonce = apr_palloc(p, NONCE_LEN+1); + int len; + time_rec t; + + if (conf->nonce_lifetime != 0) { + t.time = now; + } + else if (otn_counter) { + /* this counter is not synch'd, because it doesn't really matter + * if it counts exactly. + */ + t.time = (*otn_counter)++; + } + else { + /* XXX: WHAT IS THIS CONSTANT? */ + t.time = 42; + } + len = apr_base64_encode_binary(nonce, t.arr, sizeof(t.arr)); + gen_nonce_hash(nonce+NONCE_TIME_LEN, nonce, opaque, server, conf); + + return nonce; +} + + +/* + * Opaque and hash-table management + */ + +/* + * Generate a new client entry, add it to the list, and return the + * entry. Returns NULL if failed. + */ +static client_entry *gen_client(const request_rec *r) +{ + unsigned long op; + client_entry new_entry = { 0, NULL, 0, "", "" }, *entry; + + if (!opaque_cntr) { + return NULL; + } + + apr_global_mutex_lock(opaque_lock); + op = (*opaque_cntr)++; + apr_global_mutex_lock(opaque_lock); + + if (!(entry = add_client(op, &new_entry, r->server))) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: failed to allocate client entry - ignoring " + "client"); + return NULL; + } + + return entry; +} + + +/* + * MD5-sess code. + * + * If you want to use algorithm=MD5-sess you must write get_userpw_hash() + * yourself (see below). The dummy provided here just uses the hash from + * the auth-file, i.e. it is only useful for testing client implementations + * of MD5-sess . + */ + +/* + * get_userpw_hash() will be called each time a new session needs to be + * generated and is expected to return the equivalent of + * + * h_urp = ap_md5(r->pool, + * apr_pstrcat(r->pool, username, ":", ap_auth_name(r), ":", passwd)) + * ap_md5(r->pool, + * (unsigned char *) apr_pstrcat(r->pool, h_urp, ":", resp->nonce, ":", + * resp->cnonce, NULL)); + * + * or put differently, it must return + * + * MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce) + * + * If something goes wrong, the failure must be logged and NULL returned. + * + * You must implement this yourself, which will probably consist of code + * contacting the password server with the necessary information (typically + * the username, realm, nonce, and cnonce) and receiving the hash from it. + * + * TBD: This function should probably be in a seperate source file so that + * people need not modify mod_auth_digest.c each time they install a new + * version of apache. + */ +static const char *get_userpw_hash(const request_rec *r, + const digest_header_rec *resp, + const digest_config_rec *conf) +{ + return ap_md5(r->pool, + (unsigned char *) apr_pstrcat(r->pool, conf->ha1, ":", resp->nonce, + ":", resp->cnonce, NULL)); +} + + +/* Retrieve current session H(A1). If there is none and "generate" is + * true then a new session for MD5-sess is generated and stored in the + * client struct; if generate is false, or a new session could not be + * generated then NULL is returned (in case of failure to generate the + * failure reason will have been logged already). + */ +static const char *get_session_HA1(const request_rec *r, + digest_header_rec *resp, + const digest_config_rec *conf, + int generate) +{ + const char *ha1 = NULL; + + /* return the current sessions if there is one */ + if (resp->opaque && resp->client && resp->client->ha1[0]) { + return resp->client->ha1; + } + else if (!generate) { + return NULL; + } + + /* generate a new session */ + if (!resp->client) { + resp->client = gen_client(r); + } + if (resp->client) { + ha1 = get_userpw_hash(r, resp, conf); + if (ha1) { + memcpy(resp->client->ha1, ha1, sizeof(resp->client->ha1)); + } + } + + return ha1; +} + + +static void clear_session(const digest_header_rec *resp) +{ + if (resp->client) { + resp->client->ha1[0] = '\0'; + } +} + +/* + * Authorization challenge generation code (for WWW-Authenticate) + */ + +static const char *ltox(apr_pool_t *p, unsigned long num) +{ + if (num != 0) { + return apr_psprintf(p, "%lx", num); + } + else { + return ""; + } +} + +static void note_digest_auth_failure(request_rec *r, + const digest_config_rec *conf, + digest_header_rec *resp, int stale) +{ + const char *qop, *opaque, *opaque_param, *domain, *nonce; + int cnt; + + /* Setup qop */ + + if (conf->qop_list[0] == NULL) { + qop = ", qop=\"auth\""; + } + else if (!strcasecmp(conf->qop_list[0], "none")) { + qop = ""; + } + else { + qop = apr_pstrcat(r->pool, ", qop=\"", conf->qop_list[0], NULL); + for (cnt = 1; conf->qop_list[cnt] != NULL; cnt++) { + qop = apr_pstrcat(r->pool, qop, ",", conf->qop_list[cnt], NULL); + } + qop = apr_pstrcat(r->pool, qop, "\"", NULL); + } + + /* Setup opaque */ + + if (resp->opaque == NULL) { + /* new client */ + if ((conf->check_nc || conf->nonce_lifetime == 0 + || !strcasecmp(conf->algorithm, "MD5-sess")) + && (resp->client = gen_client(r)) != NULL) { + opaque = ltox(r->pool, resp->client->key); + } + else { + opaque = ""; /* opaque not needed */ + } + } + else if (resp->client == NULL) { + /* client info was gc'd */ + resp->client = gen_client(r); + if (resp->client != NULL) { + opaque = ltox(r->pool, resp->client->key); + stale = 1; + client_list->num_renewed++; + } + else { + opaque = ""; /* ??? */ + } + } + else { + opaque = resp->opaque; + /* we're generating a new nonce, so reset the nonce-count */ + resp->client->nonce_count = 0; + } + + if (opaque[0]) { + opaque_param = apr_pstrcat(r->pool, ", opaque=\"", opaque, "\"", NULL); + } + else { + opaque_param = NULL; + } + + /* Setup nonce */ + + nonce = gen_nonce(r->pool, r->request_time, opaque, r->server, conf); + if (resp->client && conf->nonce_lifetime == 0) { + memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1); + } + + /* Setup MD5-sess stuff. Note that we just clear out the session + * info here, since we can't generate a new session until the request + * from the client comes in with the cnonce. + */ + + if (!strcasecmp(conf->algorithm, "MD5-sess")) { + clear_session(resp); + } + + /* setup domain attribute. We want to send this attribute wherever + * possible so that the client won't send the Authorization header + * unneccessarily (it's usually > 200 bytes!). + */ + + /* don't send domain + * - for proxy requests + * - if it's no specified + */ + if (r->proxyreq || !conf->uri_list) { + domain = NULL; + } + else { + domain = conf->uri_list; + } + + apr_table_mergen(r->err_headers_out, + (PROXYREQ_PROXY == r->proxyreq) + ? "Proxy-Authenticate" : "WWW-Authenticate", + apr_psprintf(r->pool, "Digest realm=\"%s\", " + "nonce=\"%s\", algorithm=%s%s%s%s%s", + ap_auth_name(r), nonce, conf->algorithm, + opaque_param ? opaque_param : "", + domain ? domain : "", + stale ? ", stale=true" : "", qop)); + +} + + +/* + * Authorization header verification code + */ + +static const char *get_hash(request_rec *r, const char *user, + const char *realm, const char *auth_pwfile) +{ + ap_configfile_t *f; + char l[MAX_STRING_LEN]; + const char *rpw; + char *w, *x; + apr_status_t sts; + + if ((sts = ap_pcfg_openfile(&f, r->pool, auth_pwfile)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, sts, r, + "Digest: Could not open password file: %s", auth_pwfile); + return NULL; + } + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + rpw = l; + w = ap_getword(r->pool, &rpw, ':'); + x = ap_getword(r->pool, &rpw, ':'); + + if (x && w && !strcmp(user, w) && !strcmp(realm, x)) { + ap_cfg_closefile(f); + return apr_pstrdup(r->pool, rpw); + } + } + ap_cfg_closefile(f); + return NULL; +} + +static int check_nc(const request_rec *r, const digest_header_rec *resp, + const digest_config_rec *conf) +{ + unsigned long nc; + const char *snc = resp->nonce_count; + char *endptr; + + if (!conf->check_nc || !client_shm) { + return OK; + } + + nc = strtol(snc, &endptr, 16); + if (endptr < (snc+strlen(snc)) && !apr_isspace(*endptr)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: invalid nc %s received - not a number", snc); + return !OK; + } + + if (!resp->client) { + return !OK; + } + + if (nc != resp->client->nonce_count) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: Warning, possible replay attack: nonce-count " + "check failed: %lu != %lu", nc, + resp->client->nonce_count); + return !OK; + } + + return OK; +} + +static int check_nonce(request_rec *r, digest_header_rec *resp, + const digest_config_rec *conf) +{ + apr_time_t dt; + int len; + time_rec nonce_time; + char tmp, hash[NONCE_HASH_LEN+1]; + + if (strlen(resp->nonce) != NONCE_LEN) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: invalid nonce %s received - length is not %d", + resp->nonce, NONCE_LEN); + note_digest_auth_failure(r, conf, resp, 1); + return HTTP_UNAUTHORIZED; + } + + tmp = resp->nonce[NONCE_TIME_LEN]; + resp->nonce[NONCE_TIME_LEN] = '\0'; + len = apr_base64_decode_binary(nonce_time.arr, resp->nonce); + gen_nonce_hash(hash, resp->nonce, resp->opaque, r->server, conf); + resp->nonce[NONCE_TIME_LEN] = tmp; + resp->nonce_time = nonce_time.time; + + if (strcmp(hash, resp->nonce+NONCE_TIME_LEN)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: invalid nonce %s received - hash is not %s", + resp->nonce, hash); + note_digest_auth_failure(r, conf, resp, 1); + return HTTP_UNAUTHORIZED; + } + + dt = r->request_time - nonce_time.time; + if (conf->nonce_lifetime > 0 && dt < 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: invalid nonce %s received - user attempted " + "time travel", resp->nonce); + note_digest_auth_failure(r, conf, resp, 1); + return HTTP_UNAUTHORIZED; + } + + if (conf->nonce_lifetime > 0) { + if (dt > conf->nonce_lifetime) { + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0,r, + "Digest: user %s: nonce expired (%.2f seconds old " + "- max lifetime %.2f) - sending new nonce", + r->user, (double)apr_time_sec(dt), + (double)apr_time_sec(conf->nonce_lifetime)); + note_digest_auth_failure(r, conf, resp, 1); + return HTTP_UNAUTHORIZED; + } + } + else if (conf->nonce_lifetime == 0 && resp->client) { + if (memcmp(resp->client->last_nonce, resp->nonce, NONCE_LEN)) { + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Digest: user %s: one-time-nonce mismatch - sending " + "new nonce", r->user); + note_digest_auth_failure(r, conf, resp, 1); + return HTTP_UNAUTHORIZED; + } + } + /* else (lifetime < 0) => never expires */ + + return OK; +} + +/* The actual MD5 code... whee */ + +/* RFC-2069 */ +static const char *old_digest(const request_rec *r, + const digest_header_rec *resp, const char *ha1) +{ + const char *ha2; + + ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":", + resp->uri, NULL)); + return ap_md5(r->pool, + (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, + ":", ha2, NULL)); +} + +/* RFC-2617 */ +static const char *new_digest(const request_rec *r, + digest_header_rec *resp, + const digest_config_rec *conf) +{ + const char *ha1, *ha2, *a2; + + if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) { + ha1 = get_session_HA1(r, resp, conf, 1); + if (!ha1) { + return NULL; + } + } + else { + ha1 = conf->ha1; + } + + if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) { + a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, ":", + ap_md5(r->pool, (const unsigned char*) ""), NULL); + /* TBD */ + } + else { + a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL); + } + ha2 = ap_md5(r->pool, (const unsigned char *)a2); + + return ap_md5(r->pool, + (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce, + ":", resp->nonce_count, ":", + resp->cnonce, ":", + resp->message_qop, ":", ha2, + NULL)); +} + + +static void copy_uri_components(apr_uri_t *dst, + apr_uri_t *src, request_rec *r) { + if (src->scheme && src->scheme[0] != '\0') { + dst->scheme = src->scheme; + } + else { + dst->scheme = (char *) "http"; + } + + if (src->hostname && src->hostname[0] != '\0') { + dst->hostname = apr_pstrdup(r->pool, src->hostname); + ap_unescape_url(dst->hostname); + } + else { + dst->hostname = (char *) ap_get_server_name(r); + } + + if (src->port_str && src->port_str[0] != '\0') { + dst->port = src->port; + } + else { + dst->port = ap_get_server_port(r); + } + + if (src->path && src->path[0] != '\0') { + dst->path = apr_pstrdup(r->pool, src->path); + ap_unescape_url(dst->path); + } + else { + dst->path = src->path; + } + + if (src->query && src->query[0] != '\0') { + dst->query = apr_pstrdup(r->pool, src->query); + ap_unescape_url(dst->query); + } + else { + dst->query = src->query; + } + + dst->hostinfo = src->hostinfo; +} + +/* These functions return 0 if client is OK, and proper error status + * if not... either HTTP_UNAUTHORIZED, if we made a check, and it failed, or + * HTTP_INTERNAL_SERVER_ERROR, if things are so totally confused that we + * couldn't figure out how to tell if the client is authorized or not. + * + * If they return DECLINED, and all other modules also decline, that's + * treated by the server core as a configuration error, logged and + * reported as such. + */ + +/* Determine user ID, and check if the attributes are correct, if it + * really is that user, if the nonce is correct, etc. + */ + +static int authenticate_digest_user(request_rec *r) +{ + digest_config_rec *conf; + digest_header_rec *resp; + request_rec *mainreq; + const char *t; + int res; + + /* do we require Digest auth for this URI? */ + + if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest")) { + return DECLINED; + } + + if (!ap_auth_name(r)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: need AuthName: %s", r->uri); + return HTTP_INTERNAL_SERVER_ERROR; + } + + + /* get the client response and mark */ + + mainreq = r; + while (mainreq->main != NULL) { + mainreq = mainreq->main; + } + while (mainreq->prev != NULL) { + mainreq = mainreq->prev; + } + resp = (digest_header_rec *) ap_get_module_config(mainreq->request_config, + &auth_digest_module); + resp->needed_auth = 1; + + + /* get our conf */ + + conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config, + &auth_digest_module); + + + /* check for existence and syntax of Auth header */ + + if (resp->auth_hdr_sts != VALID) { + if (resp->auth_hdr_sts == NOT_DIGEST) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: client used wrong authentication scheme " + "`%s': %s", resp->scheme, r->uri); + } + else if (resp->auth_hdr_sts == INVALID) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: missing user, realm, nonce, uri, digest, " + "cnonce, or nonce_count in authorization header: %s", + r->uri); + } + /* else (resp->auth_hdr_sts == NO_HEADER) */ + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + r->user = (char *) resp->username; + r->ap_auth_type = (char *) "Digest"; + + /* check the auth attributes */ + + if (strcmp(resp->uri, resp->raw_request_uri)) { + /* Hmm, the simple match didn't work (probably a proxy modified the + * request-uri), so lets do a more sophisticated match + */ + apr_uri_t r_uri, d_uri; + + copy_uri_components(&r_uri, resp->psd_request_uri, r); + if (apr_uri_parse(r->pool, resp->uri, &d_uri) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: invalid uri <%s> in Authorization header", + resp->uri); + return HTTP_BAD_REQUEST; + } + + if (d_uri.hostname) { + ap_unescape_url(d_uri.hostname); + } + if (d_uri.path) { + ap_unescape_url(d_uri.path); + } + if (d_uri.query) { + ap_unescape_url(d_uri.query); + } + else if (r_uri.query) { + /* MSIE compatibility hack. MSIE has some RFC issues - doesn't + * include the query string in the uri Authorization component + * or when computing the response component. the second part + * works out ok, since we can hash the header and get the same + * result. however, the uri from the request line won't match + * the uri Authorization component since the header lacks the + * query string, leaving us incompatable with a (broken) MSIE. + * + * the workaround is to fake a query string match if in the proper + * environment - BrowserMatch MSIE, for example. the cool thing + * is that if MSIE ever fixes itself the simple match ought to + * work and this code won't be reached anyway, even if the + * environment is set. + */ + + if (apr_table_get(r->subprocess_env, + "AuthDigestEnableQueryStringHack")) { + d_uri.query = r_uri.query; + } + } + + if (r->method_number == M_CONNECT) { + if (!r_uri.hostinfo || strcmp(resp->uri, r_uri.hostinfo)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: uri mismatch - <%s> does not match " + "request-uri <%s>", resp->uri, r_uri.hostinfo); + return HTTP_BAD_REQUEST; + } + } + else if ( + /* check hostname matches, if present */ + (d_uri.hostname && d_uri.hostname[0] != '\0' + && strcasecmp(d_uri.hostname, r_uri.hostname)) + /* check port matches, if present */ + || (d_uri.port_str && d_uri.port != r_uri.port) + /* check that server-port is default port if no port present */ + || (d_uri.hostname && d_uri.hostname[0] != '\0' + && !d_uri.port_str && r_uri.port != ap_default_port(r)) + /* check that path matches */ + || (d_uri.path != r_uri.path + /* either exact match */ + && (!d_uri.path || !r_uri.path + || strcmp(d_uri.path, r_uri.path)) + /* or '*' matches empty path in scheme://host */ + && !(d_uri.path && !r_uri.path && resp->psd_request_uri->hostname + && d_uri.path[0] == '*' && d_uri.path[1] == '\0')) + /* check that query matches */ + || (d_uri.query != r_uri.query + && (!d_uri.query || !r_uri.query + || strcmp(d_uri.query, r_uri.query))) + ) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: uri mismatch - <%s> does not match " + "request-uri <%s>", resp->uri, resp->raw_request_uri); + return HTTP_BAD_REQUEST; + } + } + + if (resp->opaque && resp->opaque_num == 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: received invalid opaque - got `%s'", + resp->opaque); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + if (strcmp(resp->realm, conf->realm)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: realm mismatch - got `%s' but expected `%s'", + resp->realm, conf->realm); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + if (resp->algorithm != NULL + && strcasecmp(resp->algorithm, "MD5") + && strcasecmp(resp->algorithm, "MD5-sess")) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: unknown algorithm `%s' received: %s", + resp->algorithm, r->uri); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + if (!conf->pwfile) { + return DECLINED; + } + + if (!(conf->ha1 = get_hash(r, r->user, conf->realm, conf->pwfile))) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: user `%s' in realm `%s' not found: %s", + r->user, conf->realm, r->uri); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + + if (resp->message_qop == NULL) { + /* old (rfc-2069) style digest */ + if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: user %s: password mismatch: %s", r->user, + r->uri); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + } + else { + const char *exp_digest; + int match = 0, idx; + for (idx = 0; conf->qop_list[idx] != NULL; idx++) { + if (!strcasecmp(conf->qop_list[idx], resp->message_qop)) { + match = 1; + break; + } + } + + if (!match + && !(conf->qop_list[0] == NULL + && !strcasecmp(resp->message_qop, "auth"))) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: invalid qop `%s' received: %s", + resp->message_qop, r->uri); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + exp_digest = new_digest(r, resp, conf); + if (!exp_digest) { + /* we failed to allocate a client struct */ + return HTTP_INTERNAL_SERVER_ERROR; + } + if (strcmp(resp->digest, exp_digest)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: user %s: password mismatch: %s", r->user, + r->uri); + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + } + + if (check_nc(r, resp, conf) != OK) { + note_digest_auth_failure(r, conf, resp, 0); + return HTTP_UNAUTHORIZED; + } + + /* Note: this check is done last so that a "stale=true" can be + generated if the nonce is old */ + if ((res = check_nonce(r, resp, conf))) { + return res; + } + + return OK; +} + + +/* + * Checking ID + */ + +static apr_table_t *groups_for_user(request_rec *r, const char *user, + const char *grpfile) +{ + ap_configfile_t *f; + apr_table_t *grps = apr_table_make(r->pool, 15); + apr_pool_t *sp; + char l[MAX_STRING_LEN]; + const char *group_name, *ll, *w; + apr_status_t sts; + + if ((sts = ap_pcfg_openfile(&f, r->pool, grpfile)) != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, sts, r, + "Digest: Could not open group file: %s", grpfile); + return NULL; + } + + if (apr_pool_create(&sp, r->pool) != APR_SUCCESS) { + return NULL; + } + + while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) { + if ((l[0] == '#') || (!l[0])) { + continue; + } + ll = l; + apr_pool_clear(sp); + + group_name = ap_getword(sp, &ll, ':'); + + while (ll[0]) { + w = ap_getword_conf(sp, &ll); + if (!strcmp(w, user)) { + apr_table_setn(grps, apr_pstrdup(r->pool, group_name), "in"); + break; + } + } + } + + ap_cfg_closefile(f); + apr_pool_destroy(sp); + return grps; +} + + +static int digest_check_auth(request_rec *r) +{ + const digest_config_rec *conf = + (digest_config_rec *) ap_get_module_config(r->per_dir_config, + &auth_digest_module); + const char *user = r->user; + int m = r->method_number; + int method_restricted = 0; + register int x; + const char *t, *w; + apr_table_t *grpstatus; + const apr_array_header_t *reqs_arr; + require_line *reqs; + + if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest")) { + return DECLINED; + } + + reqs_arr = ap_requires(r); + /* If there is no "requires" directive, then any user will do. + */ + if (!reqs_arr) { + return OK; + } + reqs = (require_line *) reqs_arr->elts; + + if (conf->grpfile) { + grpstatus = groups_for_user(r, user, conf->grpfile); + } + else { + grpstatus = NULL; + } + + for (x = 0; x < reqs_arr->nelts; x++) { + + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { + continue; + } + + method_restricted = 1; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + if (!strcasecmp(w, "valid-user")) { + return OK; + } + else if (!strcasecmp(w, "user")) { + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (!strcmp(user, w)) { + return OK; + } + } + } + else if (!strcasecmp(w, "group")) { + if (!grpstatus) { + return DECLINED; + } + + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (apr_table_get(grpstatus, w)) { + return OK; + } + } + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: access to %s failed, reason: unknown " + "require directive \"%s\"", + r->uri, reqs[x].requirement); + return DECLINED; + } + } + + if (!method_restricted) { + return OK; + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: access to %s failed, reason: user %s not " + "allowed access", r->uri, user); + + note_digest_auth_failure(r, conf, + (digest_header_rec *) ap_get_module_config(r->request_config, + &auth_digest_module), + 0); + return HTTP_UNAUTHORIZED; +} + + +/* + * Authorization-Info header code + */ + +#ifdef SEND_DIGEST +static const char *hdr(const apr_table_t *tbl, const char *name) +{ + const char *val = apr_table_get(tbl, name); + if (val) { + return val; + } + else { + return ""; + } +} +#endif + +static int add_auth_info(request_rec *r) +{ + const digest_config_rec *conf = + (digest_config_rec *) ap_get_module_config(r->per_dir_config, + &auth_digest_module); + digest_header_rec *resp = + (digest_header_rec *) ap_get_module_config(r->request_config, + &auth_digest_module); + const char *ai = NULL, *digest = NULL, *nextnonce = ""; + + if (resp == NULL || !resp->needed_auth || conf == NULL) { + return OK; + } + + + /* rfc-2069 digest + */ + if (resp->message_qop == NULL) { + /* old client, so calc rfc-2069 digest */ + +#ifdef SEND_DIGEST + /* most of this totally bogus because the handlers don't set the + * headers until the final handler phase (I wonder why this phase + * is called fixup when there's almost nothing you can fix up...) + * + * Because it's basically impossible to get this right (e.g. the + * Content-length is never set yet when we get here, and we can't + * calc the entity hash) it's best to just leave this #def'd out. + */ + char date[APR_RFC822_DATE_LEN]; + apr_rfc822_date(date, r->request_time); + char *entity_info = + ap_md5(r->pool, + (unsigned char *) apr_pstrcat(r->pool, resp->raw_request_uri, + ":", + r->content_type ? r->content_type : ap_default_type(r), ":", + hdr(r->headers_out, "Content-Length"), ":", + r->content_encoding ? r->content_encoding : "", ":", + hdr(r->headers_out, "Last-Modified"), ":", + r->no_cache && !apr_table_get(r->headers_out, "Expires") ? + date : + hdr(r->headers_out, "Expires"), + NULL)); + digest = + ap_md5(r->pool, + (unsigned char *)apr_pstrcat(r->pool, conf->ha1, ":", + resp->nonce, ":", + r->method, ":", + date, ":", + entity_info, ":", + ap_md5(r->pool, (unsigned char *) ""), /* H(entity) - TBD */ + NULL)); +#endif + } + + + /* setup nextnonce + */ + if (conf->nonce_lifetime > 0) { + /* send nextnonce if current nonce will expire in less than 30 secs */ + if ((r->request_time - resp->nonce_time) > (conf->nonce_lifetime-NEXTNONCE_DELTA)) { + nextnonce = apr_pstrcat(r->pool, ", nextnonce=\"", + gen_nonce(r->pool, r->request_time, + resp->opaque, r->server, conf), + "\"", NULL); + if (resp->client) + resp->client->nonce_count = 0; + } + } + else if (conf->nonce_lifetime == 0 && resp->client) { + const char *nonce = gen_nonce(r->pool, 0, resp->opaque, r->server, + conf); + nextnonce = apr_pstrcat(r->pool, ", nextnonce=\"", nonce, "\"", NULL); + memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1); + } + /* else nonce never expires, hence no nextnonce */ + + + /* do rfc-2069 digest + */ + if (conf->qop_list[0] && !strcasecmp(conf->qop_list[0], "none") + && resp->message_qop == NULL) { + /* use only RFC-2069 format */ + if (digest) { + ai = apr_pstrcat(r->pool, "digest=\"", digest, "\"", nextnonce,NULL); + } + else { + ai = nextnonce; + } + } + else { + const char *resp_dig, *ha1, *a2, *ha2; + + /* calculate rspauth attribute + */ + if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) { + ha1 = get_session_HA1(r, resp, conf, 0); + if (!ha1) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Digest: internal error: couldn't find session " + "info for user %s", resp->username); + return !OK; + } + } + else { + ha1 = conf->ha1; + } + + if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) { + a2 = apr_pstrcat(r->pool, ":", resp->uri, ":", + ap_md5(r->pool,(const unsigned char *) ""), NULL); + /* TBD */ + } + else { + a2 = apr_pstrcat(r->pool, ":", resp->uri, NULL); + } + ha2 = ap_md5(r->pool, (const unsigned char *)a2); + + resp_dig = ap_md5(r->pool, + (unsigned char *)apr_pstrcat(r->pool, ha1, ":", + resp->nonce, ":", + resp->nonce_count, ":", + resp->cnonce, ":", + resp->message_qop ? + resp->message_qop : "", + ":", ha2, NULL)); + + /* assemble Authentication-Info header + */ + ai = apr_pstrcat(r->pool, + "rspauth=\"", resp_dig, "\"", + nextnonce, + resp->cnonce ? ", cnonce=\"" : "", + resp->cnonce + ? ap_escape_quotes(r->pool, resp->cnonce) + : "", + resp->cnonce ? "\"" : "", + resp->nonce_count ? ", nc=" : "", + resp->nonce_count ? resp->nonce_count : "", + resp->message_qop ? ", qop=" : "", + resp->message_qop ? resp->message_qop : "", + digest ? "digest=\"" : "", + digest ? digest : "", + digest ? "\"" : "", + NULL); + } + + if (ai && ai[0]) { + apr_table_mergen(r->headers_out, + (PROXYREQ_PROXY == r->proxyreq) + ? "Proxy-Authentication-Info" + : "Authentication-Info", + ai); + } + + return OK; +} + + +static void register_hooks(apr_pool_t *p) +{ + static const char * const cfgPost[]={ "http_core.c", NULL }; + static const char * const parsePre[]={ "mod_proxy.c", NULL }; + + ap_hook_post_config(initialize_module, NULL, cfgPost, APR_HOOK_MIDDLE); + ap_hook_child_init(initialize_child, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_post_read_request(parse_hdr_and_update_nc, parsePre, NULL, APR_HOOK_MIDDLE); + ap_hook_check_user_id(authenticate_digest_user, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_auth_checker(digest_check_auth, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_fixups(add_auth_info, NULL, NULL, APR_HOOK_MIDDLE); +} + +module AP_MODULE_DECLARE_DATA auth_digest_module = +{ + STANDARD20_MODULE_STUFF, + create_digest_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + digest_cmds, /* command table */ + register_hooks /* register hooks */ +}; + diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.dsp b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.dsp new file mode 100644 index 00000000..74daf60b --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/mod_auth_digest.dsp @@ -0,0 +1,128 @@ +# Microsoft Developer Studio Project File - Name="mod_auth_digest" - Package Owner=<4> +# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +CFG=mod_auth_digest - Win32 Debug +!MESSAGE This is not a valid makefile. To build this project using NMAKE, +!MESSAGE use the Export Makefile command and run +!MESSAGE +!MESSAGE NMAKE /f "mod_auth_digest.mak". +!MESSAGE +!MESSAGE You can specify a configuration when running NMAKE +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "mod_auth_digest.mak" CFG="mod_auth_digest - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "mod_auth_digest - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "mod_auth_digest - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE + +# Begin Project +# PROP AllowPerConfigDependencies 0 +# PROP Scc_ProjName "" +# PROP Scc_LocalPath "" +CPP=cl.exe +MTL=midl.exe +RSC=rc.exe + +!IF "$(CFG)" == "mod_auth_digest - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MD /W3 /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MD /W3 /Zi /O2 /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Release\mod_auth_digest_src" /FD /c +# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" +# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /o /win32 "NUL" +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /out:"Release/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Release/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so /opt:ref + +!ELSEIF "$(CFG)" == "mod_auth_digest - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Ignore_Export_Lib 0 +# PROP Target_Dir "" +# ADD BASE CPP /nologo /MDd /W3 /EHsc /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /FD /c +# ADD CPP /nologo /MDd /W3 /EHsc /Zi /Od /I "../../include" /I "../../srclib/apr/include" /I "../../srclib/apr-util/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /Fd"Debug\mod_auth_digest_src" /FD /c +# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" +# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /o /win32 "NUL" +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so +# ADD LINK32 kernel32.lib /nologo /subsystem:windows /dll /incremental:no /debug /out:"Debug/mod_auth_digest.so" /base:@..\..\os\win32\BaseAddr.ref,mod_auth_digest.so + +!ENDIF + +# Begin Target + +# Name "mod_auth_digest - Win32 Release" +# Name "mod_auth_digest - Win32 Debug" +# Begin Source File + +SOURCE=.\mod_auth_digest.c +# End Source File +# Begin Source File + +SOURCE=.\mod_auth_digest.rc +# End Source File +# Begin Source File + +SOURCE=..\..\build\win32\win32ver.awk + +!IF "$(CFG)" == "mod_auth_digest - Win32 Release" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth_digest.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_digest.so "auth_digest_module for Apache" ../../include/ap_release.h > .\mod_auth_digest.rc + +# End Custom Build + +!ELSEIF "$(CFG)" == "mod_auth_digest - Win32 Debug" + +# PROP Ignore_Default_Tool 1 +# Begin Custom Build - Creating Version Resource +InputPath=..\..\build\win32\win32ver.awk + +".\mod_auth_digest.rc" : $(SOURCE) "$(INTDIR)" "$(OUTDIR)" + awk -f ../../build/win32/win32ver.awk mod_auth_digest.so "auth_digest_module for Apache" ../../include/ap_release.h > .\mod_auth_digest.rc + +# End Custom Build + +!ENDIF + +# End Source File +# End Target +# End Project diff --git a/rubbos/app/httpd-2.0.64/modules/aaa/modules.mk b/rubbos/app/httpd-2.0.64/modules/aaa/modules.mk new file mode 100644 index 00000000..79900dea --- /dev/null +++ b/rubbos/app/httpd-2.0.64/modules/aaa/modules.mk @@ -0,0 +1,7 @@ +mod_access.la: mod_access.lo + $(MOD_LINK) mod_access.lo $(MOD_ACCESS_LDADD) +mod_auth.la: mod_auth.lo + $(MOD_LINK) mod_auth.lo $(MOD_AUTH_LDADD) +DISTCLEAN_TARGETS = modules.mk +static = mod_access.la mod_auth.la +shared = |