diff options
| author | Graham Leggett <minfrin@apache.org> | 2023-04-25 19:35:08 +0200 |
|---|---|---|
| committer | Graham Leggett <minfrin@apache.org> | 2023-04-25 19:35:08 +0200 |
| commit | 3e638ff2836e836eba2613338c8102da8d62a976 (patch) | |
| tree | f47c4cae0401ee49a6d2ae9a9c7d4154614484cb /server | |
| parent | * Rephrase comment [skip ci] (diff) | |
| download | apache2-3e638ff2836e836eba2613338c8102da8d62a976.tar.xz apache2-3e638ff2836e836eba2613338c8102da8d62a976.zip | |
core: Add the token_checker hook, that allows authentication to take
place using mechanisms other than username/password, such as bearer
tokens.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909409 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server')
| -rw-r--r-- | server/request.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/server/request.c b/server/request.c index cd2908da5d..27336b69cb 100644 --- a/server/request.c +++ b/server/request.c @@ -73,6 +73,7 @@ APR_HOOK_STRUCT( APR_HOOK_LINK(post_perdir_config) APR_HOOK_LINK(dirwalk_stat) APR_HOOK_LINK(force_authn) + APR_HOOK_LINK(token_checker) ) AP_IMPLEMENT_HOOK_RUN_FIRST(int,pre_translate_name, @@ -103,6 +104,8 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(apr_status_t,dirwalk_stat, (finfo, r, wanted), AP_DECLINED) AP_IMPLEMENT_HOOK_RUN_FIRST(int,force_authn, (request_rec *r), (r), DECLINED) +AP_IMPLEMENT_HOOK_RUN_FIRST(int,token_checker, + (request_rec *r), (r), DECLINED) static int auth_internal_per_conf = 0; static int auth_internal_per_conf_hooks = 0; @@ -333,6 +336,12 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) switch (ap_satisfies(r)) { case SATISFY_ALL: case SATISFY_NOSPEC: + if ((access_status = ap_run_token_checker(r)) != OK && + access_status != DECLINED) { + return decl_die(access_status, + "check token (with Satisfy All)", r); + } + if ((access_status = ap_run_access_checker(r)) != OK) { return decl_die(access_status, "check access (with Satisfy All)", r); @@ -368,6 +377,14 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) } break; case SATISFY_ANY: + if ((access_status = ap_run_token_checker(r)) == OK) { + ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, + "request authorized bypassing access_checker by " + "token_checker hook and 'Satisfy any': %s", + r->uri); + break; + } + if ((access_status = ap_run_access_checker(r)) == OK) { ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r, "request authorized without authentication by " @@ -2217,6 +2234,18 @@ AP_DECLARE(void) ap_hook_check_access_ex(ap_HOOK_access_checker_ex_t *pf, ap_hook_access_checker_ex(pf, aszPre, aszSucc, nOrder); } +AP_DECLARE(void) ap_hook_check_autht(ap_HOOK_check_user_id_t *pf, + const char * const *aszPre, + const char * const *aszSucc, + int nOrder, int type) +{ + if ((type & AP_AUTH_INTERNAL_MASK) == AP_AUTH_INTERNAL_PER_CONF) { + ++auth_internal_per_conf_hooks; + } + + ap_hook_token_checker(pf, aszPre, aszSucc, nOrder); +} + AP_DECLARE(void) ap_hook_check_authn(ap_HOOK_check_user_id_t *pf, const char * const *aszPre, const char * const *aszSucc, |