auth.c (253895) | auth.c (262324) |
---|---|
1/* Copyright 2009 Justin Erenkrantz and Greg Stein 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * --- 9 unchanged lines hidden (view full) --- 18#include "auth.h" 19 20#include <apr.h> 21#include <apr_base64.h> 22#include <apr_strings.h> 23#include <apr_lib.h> 24 25static apr_status_t | 1/* Copyright 2009 Justin Erenkrantz and Greg Stein 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * --- 9 unchanged lines hidden (view full) --- 18#include "auth.h" 19 20#include <apr.h> 21#include <apr_base64.h> 22#include <apr_strings.h> 23#include <apr_lib.h> 24 25static apr_status_t |
26default_auth_response_handler(peer_t peer, | 26default_auth_response_handler(const serf__authn_scheme_t *scheme, 27 peer_t peer, |
27 int code, 28 serf_connection_t *conn, 29 serf_request_t *request, 30 serf_bucket_t *response, 31 apr_pool_t *pool) 32{ 33 return APR_SUCCESS; 34} --- 111 unchanged lines hidden (view full) --- 146 serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, 147 "Client supports: %s\n", scheme->name); 148 149 auth_hdr = apr_hash_get(hdrs, scheme->key, APR_HASH_KEY_STRING); 150 151 if (!auth_hdr) 152 continue; 153 | 28 int code, 29 serf_connection_t *conn, 30 serf_request_t *request, 31 serf_bucket_t *response, 32 apr_pool_t *pool) 33{ 34 return APR_SUCCESS; 35} --- 111 unchanged lines hidden (view full) --- 147 serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, 148 "Client supports: %s\n", scheme->name); 149 150 auth_hdr = apr_hash_get(hdrs, scheme->key, APR_HASH_KEY_STRING); 151 152 if (!auth_hdr) 153 continue; 154 |
155 if (code == 401) { 156 authn_info = serf__get_authn_info_for_server(conn); 157 } else { 158 authn_info = &ctx->proxy_authn_info; 159 } 160 161 if (authn_info->failed_authn_types & scheme->type) { 162 /* Skip this authn type since we already tried it before. */ 163 continue; 164 } 165 |
|
154 /* Found a matching scheme */ 155 status = APR_SUCCESS; 156 157 handler = scheme->handle_func; 158 159 serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, 160 "... matched: %s\n", scheme->name); 161 | 166 /* Found a matching scheme */ 167 status = APR_SUCCESS; 168 169 handler = scheme->handle_func; 170 171 serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, 172 "... matched: %s\n", scheme->name); 173 |
162 if (code == 401) { 163 authn_info = serf__get_authn_info_for_server(conn); 164 } else { 165 authn_info = &ctx->proxy_authn_info; 166 } | |
167 /* If this is the first time we use this scheme on this context and/or 168 this connection, make sure to initialize the authentication handler 169 first. */ 170 if (authn_info->scheme != scheme) { 171 status = scheme->init_ctx_func(code, ctx, ctx->pool); 172 if (!status) { 173 status = scheme->init_conn_func(scheme, code, conn, 174 conn->pool); --- 18 unchanged lines hidden (view full) --- 193 break; 194 195 /* No success authenticating with this scheme, try the next. 196 If no more authn schemes are found the status of this scheme will be 197 returned. 198 */ 199 serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, 200 "%s authentication failed.\n", scheme->name); | 174 /* If this is the first time we use this scheme on this context and/or 175 this connection, make sure to initialize the authentication handler 176 first. */ 177 if (authn_info->scheme != scheme) { 178 status = scheme->init_ctx_func(code, ctx, ctx->pool); 179 if (!status) { 180 status = scheme->init_conn_func(scheme, code, conn, 181 conn->pool); --- 18 unchanged lines hidden (view full) --- 200 break; 201 202 /* No success authenticating with this scheme, try the next. 203 If no more authn schemes are found the status of this scheme will be 204 returned. 205 */ 206 serf__log_skt(AUTH_VERBOSE, __FILE__, conn->skt, 207 "%s authentication failed.\n", scheme->name); |
208 209 /* Clear per-request auth_baton when switching to next auth scheme. */ 210 request->auth_baton = NULL; 211 212 /* Remember failed auth types to skip in future. */ 213 authn_info->failed_authn_types |= scheme->type; |
|
201 } 202 203 return status; 204} 205 206/** 207 * Baton passed to the store_header_in_dict callback function 208 */ --- 7 unchanged lines hidden (view full) --- 216 const char *key, 217 const char *header) 218{ 219 auth_baton_t *ab = baton; 220 const char *auth_attr; 221 char *auth_name, *c; 222 223 /* We're only interested in xxxx-Authenticate headers. */ | 214 } 215 216 return status; 217} 218 219/** 220 * Baton passed to the store_header_in_dict callback function 221 */ --- 7 unchanged lines hidden (view full) --- 229 const char *key, 230 const char *header) 231{ 232 auth_baton_t *ab = baton; 233 const char *auth_attr; 234 char *auth_name, *c; 235 236 /* We're only interested in xxxx-Authenticate headers. */ |
224 if (strcmp(key, ab->header) != 0) | 237 if (strcasecmp(key, ab->header) != 0) |
225 return 0; 226 227 /* Extract the authentication scheme name. */ 228 auth_attr = strchr(header, ' '); 229 if (auth_attr) { 230 auth_name = apr_pstrmemdup(ab->pool, header, auth_attr - header); 231 } 232 else --- 140 unchanged lines hidden (view full) --- 373 serf__authn_info_t *authn_info; 374 apr_status_t resp_status = APR_SUCCESS; 375 376 377 /* Validate the response server authn headers. */ 378 authn_info = serf__get_authn_info_for_server(conn); 379 if (authn_info->scheme) { 380 validate_resp = authn_info->scheme->validate_response_func; | 238 return 0; 239 240 /* Extract the authentication scheme name. */ 241 auth_attr = strchr(header, ' '); 242 if (auth_attr) { 243 auth_name = apr_pstrmemdup(ab->pool, header, auth_attr - header); 244 } 245 else --- 140 unchanged lines hidden (view full) --- 386 serf__authn_info_t *authn_info; 387 apr_status_t resp_status = APR_SUCCESS; 388 389 390 /* Validate the response server authn headers. */ 391 authn_info = serf__get_authn_info_for_server(conn); 392 if (authn_info->scheme) { 393 validate_resp = authn_info->scheme->validate_response_func; |
381 resp_status = validate_resp(HOST, sl.code, conn, request, response, 382 pool); | 394 resp_status = validate_resp(authn_info->scheme, HOST, sl.code, 395 conn, request, response, pool); |
383 } 384 385 /* Validate the response proxy authn headers. */ 386 authn_info = &ctx->proxy_authn_info; 387 if (!resp_status && authn_info->scheme) { 388 validate_resp = authn_info->scheme->validate_response_func; | 396 } 397 398 /* Validate the response proxy authn headers. */ 399 authn_info = &ctx->proxy_authn_info; 400 if (!resp_status && authn_info->scheme) { 401 validate_resp = authn_info->scheme->validate_response_func; |
389 resp_status = validate_resp(PROXY, sl.code, conn, request, response, 390 pool); | 402 resp_status = validate_resp(authn_info->scheme, PROXY, sl.code, 403 conn, request, response, pool); |
391 } 392 393 if (resp_status) { 394 /* If there was an error in the final step of the authentication, 395 consider the reponse body as invalid and discard it. */ 396 status = discard_body(response); 397 *consumed_response = 1; 398 if (!APR_STATUS_IS_EOF(status)) { --- 74 unchanged lines hidden --- | 404 } 405 406 if (resp_status) { 407 /* If there was an error in the final step of the authentication, 408 consider the reponse body as invalid and discard it. */ 409 status = discard_body(response); 410 *consumed_response = 1; 411 if (!APR_STATUS_IS_EOF(status)) { --- 74 unchanged lines hidden --- |