mod_auth_digest: Detect during startup when AuthDigestProvider

is configured to use an incompatible provider via AuthnProviderAlias.
PR 45196 



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@672639 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_auth_digest: Detect during startup when AuthDigestProvider
+     is configured to use an incompatible provider via AuthnProviderAlias.
+     PR 45196 [Eric Covener] 
+
   *) mod_rewrite: Preserve the query string with [proxy,noescape]. PR 45247
      [Tom Donovan]
 

include/ap_mmn.h

@@ -161,6 +161,7 @@
  * 20080528.0 (2.3.0-dev)  Switch order of ftp_directory_charset and
  *                         interpolate_env in proxy_dir_conf.
  *                         Rationale: see r661069.
+ * 20080528.1 (2.3.0-dev)  add get_realm_hash() to mod_auth.h
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -168,7 +169,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20080528
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 0                     /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 1                     /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a

include/mod_auth.h

@@ -93,6 +93,10 @@ typedef struct {
      */
     authn_status (*get_realm_hash)(request_rec *r, const char *user,
                                    const char *realm, char **rethash);
+
+    /* OK if provider can satisfy get_realm_hash(), APR_ENOTIMPL otherwise. */
+    apr_status_t (*has_realm_hash)(cmd_parms *cmd, const char *provider_name);
+
 } authn_provider;
 
 /* A linked-list of authn providers. */

modules/aaa/mod_auth_digest.c

@@ -463,7 +463,9 @@ static const char *add_authn_provider(cmd_parms *cmd, void *config,
                             newp->provider_name);
     }
 
-    if (!newp->provider->get_realm_hash) {
+    if (!newp->provider->get_realm_hash ||
+       (newp->provider->has_realm_hash && 
+        newp->provider->has_realm_hash(cmd, newp->provider_name) == APR_ENOTIMPL)) { 
         /* if it doesn't provide the appropriate function, reject it */
         return apr_psprintf(cmd->pool,
                             "The '%s' Authn provider doesn't support "

modules/aaa/mod_authn_core.c

@@ -132,6 +132,27 @@ static authn_status authn_alias_check_password(request_rec *r, const char *user,
     return ret;
 }
 
+static apr_status_t authn_alias_has_realm_hash(cmd_parms *cmd, const char *provider_name) 
+{
+    /* No merge, just a query to be passed on to the provider */
+    authn_alias_srv_conf *authcfg =
+        (authn_alias_srv_conf *)ap_get_module_config(cmd->server->module_config,
+                                                     &authn_core_module);
+    apr_status_t ret = APR_ENOTIMPL;
+
+    provider_alias_rec *prvdraliasrec = apr_hash_get(authcfg->alias_rec,
+                                                     provider_name, 
+                                                     APR_HASH_KEY_STRING);
+    if (prvdraliasrec->provider->has_realm_hash) { 
+        ret = prvdraliasrec->provider->has_realm_hash(cmd, provider_name);
+    }
+    else if (prvdraliasrec->provider->get_realm_hash) { 
+        /* provider didn't register has_realm_hash, but does have get_realm_hash */
+        ret = OK;
+    }
+
+    return ret;
+}
 static authn_status authn_alias_get_realm_hash(request_rec *r, const char *user,
                                                const char *realm, char **rethash)
 {
@@ -179,6 +200,7 @@ static const authn_provider authn_alias_provider =
 {
     &authn_alias_check_password,
     &authn_alias_get_realm_hash,
+    &authn_alias_has_realm_hash,
 };
 
 static const char *authaliassection(cmd_parms *cmd, void *mconfig, const char *arg)

modules/aaa/mod_authn_dbm.c

@@ -147,6 +147,11 @@ static authn_status check_dbm_pw(request_rec *r, const char *user,
     return AUTH_GRANTED;
 }
 
+static apr_status_t has_dbm_realm_hash(cmd_parms *cmd, const char *provider_name)
+{
+    return OK;
+}
+
 static authn_status get_dbm_realm_hash(request_rec *r, const char *user,
                                        const char *realm, char **rethash)
 {
@@ -184,7 +189,8 @@ static authn_status get_dbm_realm_hash(request_rec *r, const char *user,
 static const authn_provider authn_dbm_provider =
 {
     &check_dbm_pw,
-    &get_dbm_realm_hash
+    &get_dbm_realm_hash,
+    &has_dbm_realm_hash
 };
 
 static void register_hooks(apr_pool_t *p)

modules/aaa/mod_authn_file.c

@@ -108,6 +108,11 @@ static authn_status check_password(request_rec *r, const char *user,
     return AUTH_GRANTED;
 }
 
+static apr_status_t has_realm_hash(cmd_parms *cmd, const char *provider_name)
+{
+    return OK;
+}
+
 static authn_status get_realm_hash(request_rec *r, const char *user,
                                    const char *realm, char **rethash)
 {
@@ -159,6 +164,7 @@ static const authn_provider authn_file_provider =
 {
     &check_password,
     &get_realm_hash,
+    &has_realm_hash,
 };
 
 static void register_hooks(apr_pool_t *p)

modules/aaa/mod_authnz_ldap.c

@@ -1538,9 +1538,23 @@ static int authnz_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *
     return OK;
 }
 
+static authn_status authn_ldap_get_realm_hash(request_rec *r, const char *user,
+                                              const char *realm, char **rethash)
+{
+    return AUTH_GENERAL_ERROR;
+
+}
+
+static apr_status_t authn_ldap_has_realm_hash(cmd_parms *cmd, const char *provider_name)
+{
+    return APR_ENOTIMPL;
+}
+
 static const authn_provider authn_ldap_provider =
 {
     &authn_ldap_check_password,
+    authn_ldap_get_realm_hash,
+    &authn_ldap_has_realm_hash
 };
 
 static const authz_provider authz_ldapuser_provider =