|
Apache HTTPD
|
#include "apr_strings.h"#include "apr_lib.h"#include "apr_base64.h"#include "apr_want.h"#include "ap_config.h"#include "httpd.h"#include "http_config.h"#include "http_core.h"#include "http_log.h"#include "http_protocol.h"#include "http_request.h"#include "ap_provider.h"#include "util_md5.h"#include "ap_expr.h"#include "mod_auth.h"#include "mod_session.h"#include "mod_request.h"Go to the source code of this file.
Classes | |
| struct | auth_form_config_rec |
Macros | |
| #define | APR_WANT_STRFUNC /* for strcasecmp */ |
| #define | FORM_LOGIN_HANDLER "form-login-handler" |
| #define | FORM_LOGOUT_HANDLER "form-logout-handler" |
| #define | FORM_REDIRECT_HANDLER "form-redirect-handler" |
| #define | MOD_AUTH_FORM_HASH "site" |
Variables | |
| static apr_OFN_ap_session_load_t * | ap_session_load_fn = NULL |
| static apr_OFN_ap_session_get_t * | ap_session_get_fn = NULL |
| static apr_OFN_ap_session_set_t * | ap_session_set_fn = NULL |
| static void(* | ap_request_insert_filter_fn )(request_rec *r) = NULL |
| static void(* | ap_request_remove_filter_fn )(request_rec *r) = NULL |
| static const command_rec | auth_form_cmds [] |
| static int *const | aplog_module_index = &( auth_form_module.module_index) |
| #define APR_WANT_STRFUNC /* for strcasecmp */ |
Definition at line 20 of file mod_auth_form.c.
Definition at line 38 of file mod_auth_form.c.
Definition at line 39 of file mod_auth_form.c.
Definition at line 40 of file mod_auth_form.c.
| #define MOD_AUTH_FORM_HASH "site" |
Definition at line 41 of file mod_auth_form.c.
Definition at line 144 of file mod_auth_form.c.
|
static |
Must we use form authentication? If so, extract the cookie and run the authnz hooks to determine if the login is valid.
If the login is not valid, a 401 Not Authorized will be returned. It is up to the webmaster to ensure this screen displays a suitable login form to give the user the opportunity to log in.
< Module declines to handle
< Standard proxy
< Module has handled this stage.
< Module has handled this stage.
< Module has handled this stage.
< Module has handled this stage.
< Module has handled this stage.
< Module has handled this stage.
Definition at line 881 of file mod_auth_form.c.
|
static |
Handle a login attempt.
If the login session is either missing or form authnz is unsuccessful, a 401 Not Authorized will be returned to the browser. The webmaster is expected to insert a login form into the 401 Not Authorized error screen.
If the webmaster wishes, they can point the form submission at this handler, which will redirect the user to the correct page on success. On failure, the 401 Not Authorized error screen will be redisplayed, where the login attempt can be repeated.
< Module declines to handle
< Module has handled this stage.
< Module has handled this stage.
Definition at line 1112 of file mod_auth_form.c.
|
static |
Handle a logout attempt.
If an attempt is made to access this URL, any username and password embedded in the session is deleted.
This has the effect of logging the person out.
If a logout URI has been specified, this function will create an internal redirect to this page.
< Module declines to handle
Definition at line 1192 of file mod_auth_form.c.
|
static |
< Module has handled this stage.
< Module has handled this stage.
< Module has handled this stage.
Definition at line 1275 of file mod_auth_form.c.
|
static |
Handle a redirect attempt.
If during a form login, the method, mimetype and request body are specified, this handler will ensure that this request is included as an internal redirect.
< Module declines to handle
< Module has handled this stage.
< Module has handled this stage.
Definition at line 1240 of file mod_auth_form.c.
Given a username and password (extracted externally from a cookie), run the authnz hooks to determine whether this request is authorized.
Return an HTTP code.
< Module declines to handle
< Module has handled this stage.
Definition at line 758 of file mod_auth_form.c.
|
static |
Given a username and site passphrase hash from the session, determine whether the site passphrase is valid for this session.
If the site passphrase is NULL, or if the sent_hash is NULL, this function returns DECLINED.
If the site passphrase hash does not match the sent hash, this function returns AUTH_USER_NOT_FOUND.
On success, returns OK.
< Module has handled this stage.
< Module declines to handle
Definition at line 733 of file mod_auth_form.c.
Sanity check a given string that it exists, is not empty, and does not contain special characters.
Definition at line 195 of file mod_auth_form.c.
|
static |
Definition at line 83 of file mod_auth_form.c.
|
static |
Definition at line 859 of file mod_auth_form.c.
|
static |
Isolate the username and password in a POSTed form with the username in the "username" field, and the password in the "password" field.
If either the username or the password is missing, this function will return HTTP_UNAUTHORIZED.
The location field is considered optional, and will be returned if present.
< Module has handled this stage.
< Module has handled this stage.
< Module has handled this stage.
Definition at line 589 of file mod_auth_form.c.
|
static |
Get the auth username and password from the main request notes table, if present.
Definition at line 471 of file mod_auth_form.c.
|
static |
Get the auth username and password from the main request notes table, if present.
Definition at line 545 of file mod_auth_form.c.
|
static |
< Module declines to handle
< Module has handled this stage.
Definition at line 419 of file mod_auth_form.c.
|
static |
Definition at line 105 of file mod_auth_form.c.
|
static |
Definition at line 409 of file mod_auth_form.c.
|
static |
< Run access control hooks only on internal requests with configurations distinct from that of initial request
Definition at line 1305 of file mod_auth_form.c.
Definition at line 328 of file mod_auth_form.c.
|
static |
Definition at line 245 of file mod_auth_form.c.
|
static |
Definition at line 205 of file mod_auth_form.c.
|
static |
Definition at line 229 of file mod_auth_form.c.
|
static |
Definition at line 237 of file mod_auth_form.c.
|
static |
Definition at line 221 of file mod_auth_form.c.
|
static |
Definition at line 253 of file mod_auth_form.c.
|
static |
Definition at line 213 of file mod_auth_form.c.
Definition at line 344 of file mod_auth_form.c.
Definition at line 336 of file mod_auth_form.c.
|
static |
Definition at line 269 of file mod_auth_form.c.
|
static |
Definition at line 286 of file mod_auth_form.c.
|
static |
Definition at line 303 of file mod_auth_form.c.
|
static |
Set the auth username and password into the main request notes table.
Definition at line 433 of file mod_auth_form.c.
|
static |
Set the auth username and password into the session.
If either the username, or the password are NULL, the username and/or password will be removed from the session.
Definition at line 520 of file mod_auth_form.c.
|
static |
Definition at line 320 of file mod_auth_form.c.
|
static |
Definition at line 47 of file mod_auth_form.c.
|
static |
Definition at line 48 of file mod_auth_form.c.
|
static |
Definition at line 44 of file mod_auth_form.c.
|
static |
Definition at line 43 of file mod_auth_form.c.
|
static |
Definition at line 45 of file mod_auth_form.c.
Definition at line 1323 of file mod_auth_form.c.
|
static |
Definition at line 352 of file mod_auth_form.c.
1.9.8