level 1
//Change from
//Cookies名为cook_name,值为:cook_val,产生环境Cook_Auth
//Sample:
/*
AuthCookieName cook_name
AllowAuth cook_val
Allow from env=Cook_Auth
*/
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2003 The Apache Software Foundation. All rights
* reserved.
*/
/*
* mod_access_cookie: cookies access addon for Apache 2
* Change Cookies access babybbs.org
*
*
* Version 0.2 January 2010
*
* Allows a cookie to be checked for access instead of the Authorization.
* This is an addon module to your normal auth module, that will fake
* normal Cookies. Can be used to allow a form based logon.
*
* This module is based on the original mod_auth_cookie (for Apache 1.3)
* by Vivek Khera:
*
* Although this module was written from scratch after a discussion in
* alt.apache.configuration the code has come out pretty similar, and has been
* made with the same features and config directives on purpose, to provide a
* dropin replacement to the original (for users upgrading to Apache 2).
*
* Place these directives to your <directory> stanza:
* (along with you normal auth config)
*
* AuthCookieName CookieName
* AllowAuth CookieName_val
* ENV Cook_Auth
* Allow from env=Cook_Auth
* CookieName - can be any cookie name. This is the cookie that will be checked.
*
* Load using:
* LoadModule access_cookie_module modules/mod_access_cookie.so
*
*/
#include "apr_strings.h"
#define APR_WANT_STRFUNC
#include "apr_want.h"
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_request.h"
#include "http_protocol.h"
typedef struct {
char *cookie_auth_cookie;
char *allow_auth;
int cookie_auth_base64;
int cookie_auth_override;
} cookie_auth_config_rec;
static void *create_cookie_auth_dir_config(apr_pool_t *p, char *d)
{
cookie_auth_config_rec *conf = apr_palloc(p, sizeof(*conf));
if (conf) {
/* Set default values. */
conf->cookie_auth_cookie = NULL;
conf->allow_auth = NULL;
conf->cookie_auth_base64 = 0;
conf->cookie_auth_override = 0;
}
return conf;
}
static const command_rec cookie_auth_cmds[] =
{
AP_INIT_TAKE1("AuthCookieName", ap_set_string_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_cookie),
OR_AUTHCFG, "auth cookie name"),
AP_INIT_TAKE1("AllowAuth", ap_set_string_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, allow_auth),
OR_AUTHCFG, "auth cookie name"),
AP_INIT_FLAG("AuthCookieOverride", ap_set_flag_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_override),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
AP_INIT_FLAG("AuthCookieBase64", ap_set_flag_slot,
(void *)APR_OFFSETOF(cookie_auth_config_rec, cookie_auth_base64),
OR_AUTHCFG, "Limited to 'on' or 'off'"),
{NULL}
};
module AP_MODULE_DECLARE_DATA access_cookie_module;
static int check_auth_cookie(request_rec *r)
{
const char *cookies, *auth_line;
char *cookie = NULL;
//apr_table_set(r->su
bp
rocess_env, "CookAuth", 0);
//return DECLINED;
/* Get config for this directory. */
cookie_auth_config_rec *conf = ap_get_module_config(r->per_dir_config,
&access_cookie_module);
/* Debug. */
//ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
// "COOKIE0: check_auth_cookie called=%s Allow=%s",conf->cookie_auth_cookie,conf->allow_auth);
/* Check we have been configured. */
if (!conf->cookie_auth_cookie) {
return DECLINED;
}
/* Check we have been configured. */
if (!conf->allow_auth) {
return DECLINED;
}
/* Do not override real auth header, unless config instructs us to. */
//if (!conf->cookie_auth_override &&
//apr_table_get(r->headers_in, "Authorization")) {
//return DECLINED;
//}
/* todo: protect against xxxCookieNamexxx, regex? */
/* todo: make case insensitive? */
/* Get the cookie (code from mod_log_config). */
if ((cookies = apr_table_get(r->headers_in, "Cookie"))) {
char *start_cookie, *end_cookie;
if ((start_cookie = ap_strstr_c(cookies, conf->cookie_auth_cookie))) {
start_cookie += strlen(conf->cookie_auth_cookie) + 1;
cookie = apr_pstrdup(r->pool, start_cookie);
/* kill everything in cookie after ';' */
end_cookie = strchr(cookie, ';');
if (end_cookie) {
*end_cookie = '\0';
}
}
}
/* No cookie? Nothing for us to do. */
if (!cookie) {
return DECLINED;
//return HTTP_NON_AUTHORITATIVE;
}
if (strcmp(cookie, conf->allow_auth) != 0){
//return HTTP_NON_AUTHORITATIVE;
return DECLINED;
}
apr_table_set(r->subprocess_env, "Cook_Auth", conf->allow_auth);
/* Debug. */
//ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
//"COOKIE: %s=%s", conf->cookie_auth_cookie, cookie);
/* Construct the fake auth_line. */
/*if (conf->cookie_auth_base64) {
auth_line = apr_pstrcat(r->pool, "Basic ", cookie, NULL);
} else {
ap_unescape_url(cookie);
auth_line = apr_pstrcat(r->pool, "Basic ",
ap_pbase64encode(r->pool, cookie), NULL);
}
*/
/* Debug. */
//ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
//"COOKIE: Authorization: %s", auth_line);
/* Set fake auth_line. */
//apr_table_set(r->headers_in, "Authorization", auth_line);
// if( !cookie ){
// /* return 503 */
//return HTTP_SERVICE_UNAVAILABLE;
// return HTTP_NON_AUTHORITATIVE;
// }
/* Always return DECLINED because we don't authorize, */
/* we just set things up for the next auth module to. */
return DECLINED;
}
static void register_hooks(apr_pool_t *p)
{
/* Hook in before the other auth modules. */
//ap_hook_check_user_id(check_auth_cookie, NULL, NULL, APR_HOOK_FIRST);
ap_hook_access_checker(check_auth_cookie, NULL, NULL, APR_HOOK_FIRST);
}
module AP_MODULE_DECLARE_DATA access_cookie_module =
{
STANDARD20_MODULE_STUFF,
create_cookie_auth_dir_config, /* per-directory config creator */
NULL, /* dir config merger */
NULL, /* server config creator */
NULL, /* server config merger */
cookie_auth_cmds, /* command table */
register_hooks /* set up other request processing hooks */
};
2022年10月28日 04点10分