removed patch_connection, check auth-method, added starttls support (merged [196], [247], [253], [254], [295])
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@507 152afb58-edef-0310-8abb-c4023f1b3aa9svn/tags/lighttpd-1.4.2
parent
c25cf5a056
commit
4a6ce4ae5b
107
src/mod_auth.c
107
src/mod_auth.c
|
|
@ -58,6 +58,8 @@ FREE_FUNC(mod_auth_free) {
|
|||
for (i = 0; i < srv->config_context->used; i++) {
|
||||
mod_auth_plugin_config *s = p->config_storage[i];
|
||||
|
||||
if (!s) continue;
|
||||
|
||||
array_free(s->auth_require);
|
||||
buffer_free(s->auth_plain_groupfile);
|
||||
buffer_free(s->auth_plain_userfile);
|
||||
|
|
@ -68,6 +70,7 @@ FREE_FUNC(mod_auth_free) {
|
|||
buffer_free(s->auth_ldap_hostname);
|
||||
buffer_free(s->auth_ldap_basedn);
|
||||
buffer_free(s->auth_ldap_filter);
|
||||
buffer_free(s->auth_ldap_cafile);
|
||||
|
||||
#ifdef USE_LDAP
|
||||
buffer_free(s->ldap_filter_pre);
|
||||
|
|
@ -88,16 +91,32 @@ FREE_FUNC(mod_auth_free) {
|
|||
|
||||
#define PATCH(x) \
|
||||
p->conf.x = s->x;
|
||||
static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plugin_data *p, const char *stage, size_t stage_len) {
|
||||
static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plugin_data *p) {
|
||||
size_t i, j;
|
||||
mod_auth_plugin_config *s = p->config_storage[0];
|
||||
|
||||
PATCH(auth_backend);
|
||||
PATCH(auth_plain_groupfile);
|
||||
PATCH(auth_plain_userfile);
|
||||
PATCH(auth_htdigest_userfile);
|
||||
PATCH(auth_htpasswd_userfile);
|
||||
PATCH(auth_require);
|
||||
PATCH(auth_debug);
|
||||
PATCH(auth_ldap_hostname);
|
||||
PATCH(auth_ldap_basedn);
|
||||
PATCH(auth_ldap_filter);
|
||||
PATCH(auth_ldap_cafile);
|
||||
PATCH(auth_ldap_starttls);
|
||||
#ifdef USE_LDAP
|
||||
PATCH(ldap);
|
||||
PATCH(ldap_filter_pre);
|
||||
PATCH(ldap_filter_post);
|
||||
#endif
|
||||
|
||||
/* skip the first, the global context */
|
||||
for (i = 1; i < srv->config_context->used; i++) {
|
||||
data_config *dc = (data_config *)srv->config_context->data[i];
|
||||
mod_auth_plugin_config *s = p->config_storage[i];
|
||||
|
||||
/* not our stage */
|
||||
if (!buffer_is_equal_string(dc->comp_key, stage, stage_len)) continue;
|
||||
s = p->config_storage[i];
|
||||
|
||||
/* condition didn't match */
|
||||
if (!config_check_cond(srv, con, dc)) continue;
|
||||
|
|
@ -131,36 +150,16 @@ static int mod_auth_patch_connection(server *srv, connection *con, mod_auth_plug
|
|||
PATCH(auth_ldap_basedn);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.filter"))) {
|
||||
PATCH(auth_ldap_filter);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.ca-file"))) {
|
||||
PATCH(auth_ldap_cafile);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.starttls"))) {
|
||||
PATCH(auth_ldap_starttls);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int mod_auth_setup_connection(server *srv, connection *con, mod_auth_plugin_data *p) {
|
||||
mod_auth_plugin_config *s = p->config_storage[0];
|
||||
UNUSED(srv);
|
||||
UNUSED(con);
|
||||
|
||||
PATCH(auth_backend);
|
||||
PATCH(auth_plain_groupfile);
|
||||
PATCH(auth_plain_userfile);
|
||||
PATCH(auth_htdigest_userfile);
|
||||
PATCH(auth_htpasswd_userfile);
|
||||
PATCH(auth_require);
|
||||
PATCH(auth_debug);
|
||||
PATCH(auth_ldap_hostname);
|
||||
PATCH(auth_ldap_basedn);
|
||||
PATCH(auth_ldap_filter);
|
||||
#ifdef USE_LDAP
|
||||
PATCH(ldap);
|
||||
PATCH(ldap_filter_pre);
|
||||
PATCH(ldap_filter_post);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
#undef PATCH
|
||||
|
||||
static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
|
||||
|
|
@ -173,12 +172,7 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
|
|||
size_t i;
|
||||
|
||||
/* select the right config */
|
||||
mod_auth_setup_connection(srv, con, p);
|
||||
for (i = 0; i < srv->config_patches->used; i++) {
|
||||
buffer *patch = srv->config_patches->ptr[i];
|
||||
|
||||
mod_auth_patch_connection(srv, con, p, CONST_BUF_LEN(patch));
|
||||
}
|
||||
mod_auth_patch_connection(srv, con, p);
|
||||
|
||||
if (p->conf.auth_require == NULL) return HANDLER_GO_ON;
|
||||
|
||||
|
|
@ -297,9 +291,11 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
|
|||
{ "auth.backend.ldap.hostname", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||||
{ "auth.backend.ldap.base-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||||
{ "auth.backend.ldap.filter", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||||
{ "auth.backend.ldap.ca-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||||
{ "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
|
||||
{ "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||||
{ "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
|
||||
{ "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 9 */
|
||||
{ "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 11 */
|
||||
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||||
};
|
||||
|
||||
|
|
@ -321,6 +317,8 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
|
|||
s->auth_ldap_hostname = buffer_init();
|
||||
s->auth_ldap_basedn = buffer_init();
|
||||
s->auth_ldap_filter = buffer_init();
|
||||
s->auth_ldap_cafile = buffer_init();
|
||||
s->auth_ldap_starttls = 0;
|
||||
s->auth_debug = 0;
|
||||
|
||||
s->auth_require = array_init();
|
||||
|
|
@ -338,9 +336,11 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
|
|||
cv[4].destination = s->auth_ldap_hostname;
|
||||
cv[5].destination = s->auth_ldap_basedn;
|
||||
cv[6].destination = s->auth_ldap_filter;
|
||||
cv[7].destination = s->auth_htdigest_userfile;
|
||||
cv[8].destination = s->auth_htpasswd_userfile;
|
||||
cv[9].destination = &(s->auth_debug);
|
||||
cv[7].destination = s->auth_ldap_cafile;
|
||||
cv[8].destination = &(s->auth_ldap_starttls);
|
||||
cv[9].destination = s->auth_htdigest_userfile;
|
||||
cv[10].destination = s->auth_htpasswd_userfile;
|
||||
cv[11].destination = &(s->auth_debug);
|
||||
|
||||
p->config_storage[i] = s;
|
||||
ca = ((data_config *)srv->config_context->data[i])->value;
|
||||
|
|
@ -406,6 +406,12 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
|
|||
if (method == NULL) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sssss", "missing entry for key: ", "auth.require", "[", "method", "](string)");
|
||||
return HANDLER_ERROR;
|
||||
} else {
|
||||
if (0 != strcmp(method, "basic") &&
|
||||
0 != strcmp(method, "digest")) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sssss", "auth.require->method has to be either 'basic' or 'digest'");
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (realm == NULL) {
|
||||
|
|
@ -526,9 +532,30 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) {
|
|||
ret = LDAP_VERSION3;
|
||||
if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(s->ldap, LDAP_OPT_PROTOCOL_VERSION, &ret))) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ss", "ldap:", ldap_err2string(ret));
|
||||
|
||||
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
|
||||
if (s->auth_ldap_starttls) {
|
||||
if (buffer_is_empty(s->auth_ldap_cafile)) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "s", "CA file has to be set");
|
||||
|
||||
return HANDLER_ERROR;
|
||||
|
||||
}
|
||||
|
||||
if (LDAP_OPT_SUCCESS != (ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, s->auth_ldap_cafile->ptr))) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ss", "Loading CA certificate failed:", ldap_err2string(ret));
|
||||
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
|
||||
if (LDAP_OPT_SUCCESS != (ret = ldap_start_tls_s(s->ldap, NULL, NULL))) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "ss", "ldap startTLS failed:", ldap_err2string(ret));
|
||||
|
||||
return HANDLER_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* 1. */
|
||||
|
|
|
|||
Loading…
Reference in New Issue