MCPcopy Create free account
hub / github.com/apache/httpd / authenticate_form_authn

Function authenticate_form_authn

modules/aaa/mod_auth_form.c:881–1096  ·  view source on GitHub ↗

* Must we use form authentication? If so, extract the cookie and run * the authnz hooks to determine if the login is valid. * * If the login is not valid, a 401 Not Authorized will be returned. It * is up to the webmaster to ensure this screen displays a suitable login * form to give the user the opportunity to log in. */

Source from the content-addressed store, hash-verified

879 * form to give the user the opportunity to log in.
880 */
881static int authenticate_form_authn(request_rec * r)
882{
883 auth_form_config_rec *conf = ap_get_module_config(r->per_dir_config,
884 &auth_form_module);
885 const char *sent_user = NULL, *sent_pw = NULL, *sent_hash = NULL;
886 const char *sent_loc = NULL, *sent_method = "GET", *sent_mimetype = NULL;
887 const char *current_auth = NULL;
888 const char *err;
889 apr_status_t res;
890 int rv = HTTP_UNAUTHORIZED;
891
892 /* Are we configured to be Form auth? */
893 current_auth = ap_auth_type(r);
894 if (!current_auth || ap_cstr_casecmp(current_auth, "form")) {
895 return DECLINED;
896 }
897
898 /*
899 * XSS security warning: using cookies to store private data only works
900 * when the administrator has full control over the source website. When
901 * in forward-proxy mode, websites are public by definition, and so can
902 * never be secure. Abort the auth attempt in this case.
903 */
904 if (PROXYREQ_PROXY == r->proxyreq) {
905 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01809)
906 "form auth cannot be used for proxy "
907 "requests due to XSS risk, access denied: %s", r->uri);
908 return HTTP_INTERNAL_SERVER_ERROR;
909 }
910
911 /* We need an authentication realm. */
912 if (!ap_auth_name(r)) {
913 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01810)
914 "need AuthName: %s", r->uri);
915 return HTTP_INTERNAL_SERVER_ERROR;
916 }
917
918 r->ap_auth_type = (char *) current_auth;
919
920 /* try get the username and password from the notes, if present */
921 get_notes_auth(r, &sent_user, &sent_pw, &sent_method, &sent_mimetype);
922 if (!sent_user || !sent_pw || !*sent_user || !*sent_pw) {
923
924 /* otherwise try get the username and password from a session, if present */
925 res = get_session_auth(r, &sent_user, &sent_pw, &sent_hash);
926
927 }
928 else {
929 res = APR_SUCCESS;
930 }
931
932 /* first test whether the site passphrase matches */
933 if (APR_SUCCESS == res && sent_user && sent_hash && sent_pw) {
934 rv = check_site(r, conf->site, sent_user, sent_hash);
935 if (OK == rv) {
936 fake_basic_authentication(r, conf, sent_user, sent_pw);
937 return OK;
938 }

Callers

nothing calls this directly

Calls 14

ap_get_module_configFunction · 0.85
ap_auth_typeFunction · 0.85
ap_cstr_casecmpFunction · 0.85
ap_auth_nameFunction · 0.85
get_notes_authFunction · 0.85
get_session_authFunction · 0.85
check_siteFunction · 0.85
check_authnFunction · 0.85
ap_is_initial_reqFunction · 0.85
ap_sub_req_lookup_uriFunction · 0.85
get_form_authFunction · 0.85

Tested by

no test coverage detected