summaryrefslogtreecommitdiffstats
path: root/modules/aaa (follow)
Commit message (Collapse)AuthorAgeFilesLines
* let httpd handle CL/TE for non-http handlersEric Covener2024-04-031-0/+8
| | | | | | | | Submitted By: ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916769 13f79535-47bb-0310-9956-ffa450edef68
* mod_autht_jwt: Use unsigned rather than signed one-bit fields.Yann Ylavic2024-03-141-4/+3
| | | | | | | | Or their non-zero value should be considered -1 rather than 1. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916300 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_bearer: Fix warning about signed bitfields. BZ 68294Yann Ylavic2023-12-051-2/+2
| | | | | | | | | | | clang reports: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 Change authoritative_set and proxy_set bitfields to unsigned. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914367 13f79535-47bb-0310-9956-ffa450edef68
* Be consistently const across all members of authn_ldap_request_t. RemoveGraham Leggett2023-12-021-11/+11
| | | | | | | unnecessary string duplication. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914281 13f79535-47bb-0310-9956-ffa450edef68
* mod_authnz_ldap: Follow up to r1914067: Deduplicate APLOGNO(01699).Yann Ylavic2023-11-281-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914193 13f79535-47bb-0310-9956-ffa450edef68
* Make sure attributes from ldapsearch are passed into the environment. Make sureGraham Leggett2023-11-241-3/+2
| | | | | | | the distinguished name is duplicated before being used. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914091 13f79535-47bb-0310-9956-ffa450edef68
* Remove unnecessary references to r->user within ldap-search.Graham Leggett2023-11-241-18/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914090 13f79535-47bb-0310-9956-ffa450edef68
* Optimise handling LDAP authorization where LDAP was not usedGraham Leggett2023-11-231-81/+81
| | | | | | | previously for LDAP authentication. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914067 13f79535-47bb-0310-9956-ffa450edef68
* mod_authnz_ldap: Follow up to r1913962: r->user not used in ↵Yann Ylavic2023-11-201-6/+0
| | | | | | ldapsearch_check_authorization(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913977 13f79535-47bb-0310-9956-ffa450edef68
* Restore log message tag 02636, assign unique tags.Graham Leggett2023-11-201-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913975 13f79535-47bb-0310-9956-ffa450edef68
* Apply earlier fix to the ldapsearch case:Graham Leggett2023-11-191-3/+31
| | | | | | | | | | Arrange for backend LDAP connections to be returned to the pool by a fixup hook rather than staying locked until the end of (a potentially slow) request. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913962 13f79535-47bb-0310-9956-ffa450edef68
* Set authorization request variables in the ldapsearch case.Graham Leggett2023-11-191-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913959 13f79535-47bb-0310-9956-ffa450edef68
* Add check for LDAP filter overflow, and exit cleanly.Graham Leggett2023-11-191-30/+34
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1913958 13f79535-47bb-0310-9956-ffa450edef68
* mod_authnz_ldap.c: Make sure the authentication variables are set inGraham Leggett2023-05-191-0/+16
| | | | | | | | all cases where another module is the source of the authentication, and that authenticated user is looked up in LDAP. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909928 13f79535-47bb-0310-9956-ffa450edef68
* Sign with the signer key. Previously the verify key was used, which only workedGraham Leggett2023-05-191-2/+3
| | | | | | | if the signing and verifying keys were the same. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909926 13f79535-47bb-0310-9956-ffa450edef68
* De-duplicate log message tags.Graham Leggett2023-04-251-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909419 13f79535-47bb-0310-9956-ffa450edef68
* Apply log next numbers.Graham Leggett2023-04-252-24/+24
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909418 13f79535-47bb-0310-9956-ffa450edef68
* The apr_jose API requires apr-util 1.7+.Graham Leggett2023-04-251-2/+36
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909416 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_autht_jwt: New module to handle RFC 7519 JWT tokens withinGraham Leggett2023-04-254-0/+1749
| | | | | | | | | | | | | | | bearer tokens, both as part of the aaa framework, and as a way to generate tokens and pass them to backend servers and services. *) mod_auth_bearer: New module to handle RFC 6750 Bearer tokens, using the token_checker hook. *) mod_autht_core: New module to handle provider aliases for token authentication. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909411 13f79535-47bb-0310-9956-ffa450edef68
* fix select-groups example, bz 66010Giovanni Bechis2022-04-201-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1900077 13f79535-47bb-0310-9956-ffa450edef68
* APR (and APR-util) 1.3 is a requirement for building httpd 2.4 and above.Christophe Jaillet2022-01-221-4/+2
| | | | | | So these compatibility tests can be removed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897326 13f79535-47bb-0310-9956-ffa450edef68
* Add log tags.Graham Leggett2021-06-242-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891023 13f79535-47bb-0310-9956-ffa450edef68
* dbm: Split the loading of a dbm driver from the opening of a dbm file. WhenGraham Leggett2021-06-242-21/+60
| | | | | | | | an attempt to load a dbm driver fails, log clearly which driver triggered the error (not "default"), and what the error was. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1891019 13f79535-47bb-0310-9956-ffa450edef68
* * Add lognumberRuediger Pluem2021-01-271-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885945 13f79535-47bb-0310-9956-ffa450edef68
* Before doing any bind check that the provided username is not NULL and that theRuediger Pluem2021-01-271-15/+26
| | | | | | | | | | | | | password is neither NULL nor empty. Binds with empty passwords always succeed, but in case the password of the user was not empty subsequent LDAP operations fail. This causes authentications that use user supplied credentials (AuthLDAPInitialBindAsUser set to on) to fail with status code 500 instead of 401 if the user supplied an empty password. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885940 13f79535-47bb-0310-9956-ffa450edef68
* Do not allow to set empty bind passwords to be set via AuthLDAPBindPasswordRuediger Pluem2021-01-271-0/+4
| | | | | | | | Binds with empty passwords always succeed, but in case the password of the user was not empty subsequent LDAP operations fail. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885939 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: Fast validation of the nonce's base64 to fail early ifYann Ylavic2021-01-181-2/+7
| | | | | | | | the format can't match anyway. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1885659 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: fix crash with ONE_PROCESS (debug) mode shutdown.Yann Ylavic2020-11-251-2/+6
| | | | | | | | | | | Avoid double free/cleanup by just letting shm/rmm/global_mutex cleanups do their work on restart/exit. Set the globals to NULL in initialize_tables() should cleanup_tables() be called on error. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883810 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1883807 and r1883745, not the right fix.Yann Ylavic2020-11-251-43/+38
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883809 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: axe useless assignment from r1883745.Yann Ylavic2020-11-251-1/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883807 13f79535-47bb-0310-9956-ffa450edef68
* mod_auth_digest: fix crash on ONE_PROCESS (debug) mode shutdown.Yann Ylavic2020-11-231-38/+44
| | | | | | | | | | There need to be separate global variables for rmm and mutex(es) in the parent and child processes, otherwise in ONE_PROCCESS (were clean_child_exit() and ap_terminate() execute in the same process) the variables get overwritten in child_init and freed twice when pchild and then pconf are destroyed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883745 13f79535-47bb-0310-9956-ffa450edef68
* -Werror=maybe-uninitialized issueEric Covener2020-11-081-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883214 13f79535-47bb-0310-9956-ffa450edef68
* PR64785: mod_allowmethods: Allow methods to be added/removed with +/- prefixEric Covener2020-11-081-16/+93
| | | | | | | | | Committed By: covener Submitted By: Marcel Montes <spiceman gmail.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883203 13f79535-47bb-0310-9956-ffa450edef68
* * modules/aaa/mod_authnz_ldap.c (build_request_config): Fix typo.Joe Orton2020-04-161-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876609 13f79535-47bb-0310-9956-ffa450edef68
* Add missing pool tags to help debugging.Yann Ylavic2020-04-163-0/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876599 13f79535-47bb-0310-9956-ffa450edef68
* PR64172: drop severity of AH01666Eric Covener2020-02-231-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874424 13f79535-47bb-0310-9956-ffa450edef68
* Define ap_method_mask_t (typedef for apr_uint64_t) and use for methodJoe Orton2020-02-173-7/+7
| | | | | | | | | | | | | | | | | | bitmasks rather than apr_int64_t. Fixes UBSan errors shifting to the top bit of a signed integer. * include/httpd.h: Add ap_method_mask_t, use it for AP_METHOD_BIT. (struct ap_method_mask_t): Likewise for method_mask field. (struct request_rec): Likewise for allowed field. * include/http_config.h (struct cmd_parms): Likewise for limited field. * include/ap_mmn.h: Bump MMN major. * modules/*/*.c: Adjust all method masks to use ap_method_mask_t. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874114 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling errors found by codespell. [skip ci]Mike Rumph2020-02-131-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873985 13f79535-47bb-0310-9956-ffa450edef68
* mod_authz_core: follow up to r1864759.Yann Ylavic2019-11-071-7/+8
| | | | | | | We should at least log the unexpected provider_name == NULL condition. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869512 13f79535-47bb-0310-9956-ffa450edef68
* Increase the maximum length of strings that can be cached by the module from ↵Christophe Jaillet2019-08-181-1/+1
| | | | | | 100 to 256. PR 62149 [<thorsten.meinl knime.com>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1865405 13f79535-47bb-0310-9956-ffa450edef68
* Axe some dead code + slighly improve a commentChristophe Jaillet2019-08-091-5/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864759 13f79535-47bb-0310-9956-ffa450edef68
* use the provided types via the macroEric Covener2019-06-151-5/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861432 13f79535-47bb-0310-9956-ffa450edef68
* Fix a race condition.Christophe Jaillet2019-02-081-14/+12
| | | | | | | | Authentication with valid credentials could be refused in case of concurrent accesses from different users. PR 63124 [Simon Kappel <simon.kappel axis.com>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853190 13f79535-47bb-0310-9956-ffa450edef68
* Clarify potentially unsuccessful success results.William A. Rowe Jr2019-01-171-0/+4
| | | | | | | | | Curious why modules/aaa/mod_authz_dbm.c:get_dbm_grp() doesn't need the same net changes? git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1851552 13f79535-47bb-0310-9956-ffa450edef68
* * modules/aaa/mod_authn_dbm.c (fetch_dbm_value): No functional change:Joe Orton2019-01-091-1/+1
| | | | | | | | return APR_SUCCESS rather than rv, which is guaranteed to be APR_SUCCESS in current code. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850835 13f79535-47bb-0310-9956-ffa450edef68
* follow-up to r1656549.Christophe Jaillet2018-09-131-2/+2
| | | | | | Instead of logging a password (which is not a good practice), clarify the associated message git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840776 13f79535-47bb-0310-9956-ffa450edef68
* If several parameters are used in a AuthzProviderAlias directive, if these ↵Christophe Jaillet2018-06-231-1/+12
| | | | | | | | | parameters are not enclosed in quotation mark, only the first one is handled. The other ones are silently ignored. Add a message to warn about such a spurious configuration. PR 62469 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834209 13f79535-47bb-0310-9956-ffa450edef68
* * modules/aaa/mod_authz_host.c (host_check_authorization): SimplifyJoe Orton2018-03-081-14/+22
| | | | | | | | | comment stripping in "Require host"; log a warning if a comment is used in 'Require host', or an error if the expression is empty with the comment stripped. (Currently in 2.4, #comment part is parsed) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1826207 13f79535-47bb-0310-9956-ffa450edef68
* mod_authnz_ldap: Fix language long names detection as short name.Yann Ylavic2018-02-151-3/+7
| | | | | | | | Make sure the long name format is relevent before converting it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824336 13f79535-47bb-0310-9956-ffa450edef68
* Be less tolerant when parsing the credencial for Basic authorization. Only ↵Christophe Jaillet2017-12-041-1/+1
| | | | | | | | | | spaces should be accepted after the authorization scheme. \t are also tolerated. The current code accepts \v and \f as well. The same behavior is already used in 'ap_get_basic_auth_pw()' which is mostly the same function as 'get_basic_auth()'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1817131 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 22:10:20 +0100