MCPcopy Create free account
hub / github.com/apache/httpd / authenticate_form_login_handler

Function authenticate_form_login_handler

modules/aaa/mod_auth_form.c:1112–1179  ·  view source on GitHub ↗

* Handle a login attempt. * * If the login session is either missing or form authnz is unsuccessful, a * 401 Not Authorized will be returned to the browser. The webmaster * is expected to insert a login form into the 401 Not Authorized * error screen. * * If the webmaster wishes, they can point the form submission at this * handler, which will redirect the user to the correct page on succe

Source from the content-addressed store, hash-verified

1110 *
1111 */
1112static int authenticate_form_login_handler(request_rec * r)
1113{
1114 auth_form_config_rec *conf;
1115 const char *err;
1116
1117 const char *sent_user = NULL, *sent_pw = NULL, *sent_loc = NULL;
1118 int rv;
1119
1120 if (strcmp(r->handler, FORM_LOGIN_HANDLER)) {
1121 return DECLINED;
1122 }
1123
1124 if (r->method_number != M_POST) {
1125 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01811)
1126 "the " FORM_LOGIN_HANDLER " only supports the POST method for %s",
1127 r->uri);
1128 return HTTP_METHOD_NOT_ALLOWED;
1129 }
1130
1131 conf = ap_get_module_config(r->per_dir_config, &auth_form_module);
1132
1133 rv = get_form_auth(r, conf->username, conf->password, conf->location,
1134 NULL, NULL, NULL,
1135 &sent_user, &sent_pw, &sent_loc,
1136 NULL, NULL, NULL, conf);
1137 if (OK == rv) {
1138 rv = check_authn(r, sent_user, sent_pw);
1139 if (OK == rv) {
1140 set_session_auth(r, sent_user, sent_pw, conf->site);
1141 if (sent_loc) {
1142 apr_table_set(r->headers_out, "Location", sent_loc);
1143 return HTTP_MOVED_TEMPORARILY;
1144 }
1145 if (conf->loginsuccess) {
1146 const char *loginsuccess = ap_expr_str_exec(r,
1147 conf->loginsuccess, &err);
1148 if (!err) {
1149 apr_table_set(r->headers_out, "Location", loginsuccess);
1150 return HTTP_MOVED_TEMPORARILY;
1151 }
1152 else {
1153 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02341)
1154 "Can't evaluate login success expression: %s", err);
1155 return HTTP_INTERNAL_SERVER_ERROR;
1156 }
1157 }
1158 return HTTP_OK;
1159 }
1160 }
1161
1162 /* did we prefer to be redirected to the login page on failure instead? */
1163 if (HTTP_UNAUTHORIZED == rv && conf->loginrequired) {
1164 const char *loginrequired = ap_expr_str_exec(r,
1165 conf->loginrequired, &err);
1166 if (!err) {
1167 apr_table_set(r->headers_out, "Location", loginrequired);
1168 return HTTP_MOVED_TEMPORARILY;
1169 }

Callers

nothing calls this directly

Calls 5

ap_get_module_configFunction · 0.85
get_form_authFunction · 0.85
check_authnFunction · 0.85
set_session_authFunction · 0.85
ap_expr_str_execFunction · 0.85

Tested by

no test coverage detected