mod_authn_socache.c

Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Increase the maximum length of strings that can be cached by the module from 100 to 256. PR 62149 [<thorsten.meinl knime.com>]
  1. … 1 more file in changeset.
Use ap_array_str_contains to simplify code
Do not use the magic string "directory". Use the corresponding global variable as in all other places of the module.
Remove some useless 'return' statements.

Add a blank line between functions.

don't log bogus rv
mod_authn_socache.c: fix creation of default socache_instance.

In pre_config, default socache_provider is created, but socache_instance

initialization is missing. This leads to crash on startup if default

socache_provider is used (AuthnCacheSOCache is not called) and

AuthnCacheEnable or AuthnCacheProvideFor is used.

This problem has been introduced in r1531961.

  1. … 1 more file in changeset.
Support optional initialization arguments for socache providers in

mod_authn_socache.

  1. … 2 more files in changeset.
Add some caching for password hash validation.

Password hash functions must be expensive in order to be secure. But

if they have to be re-evaluated for every request, performance

suffers.

As a minimal remedy, cache the most recent result for every

connection. This gives a great performance boost if a web browser

does many requests on the same connection with the same

user+password. In principle, this may keep the plain text password

around longer than before. But in practice, there won't be much

difference since user+password can already remain in some unused

data bucket for longer than the request duration.

A proper solution still needs to be found for connections from

proxies which may carry requests for many different users.

While it currently only requires the conn_rec, the new

ap_password_validate() function takes username and request_rec to

allow future extensions, like detection of brute-force attempts.

  1. … 7 more files in changeset.
More pointers to mod_socache*

  1. … 1 more file in changeset.
Add lots of unique tags to error log messages

  1. … 172 more files in changeset.
use non-'const char *' while building string to avoid warnings

mod_authn_socache: tidy up r1199565.

And we don't need that separator in the namespacing string -

it's not for human consumption.

mod_authn_socache: fix namespacing issue

http://marc.info/?l=apache-httpd-dev&m=131823772714741&w=2

Don't return a pointer to a stack variable

Found by cppcheck

mod_authn_socache: fix it to enable initialisation to work if configured

only in .htaccess context, and provide a toggle for that.

PR 51991

  1. … 2 more files in changeset.
Cleanup effort in prep for GA push:

Trim trailing whitespace... no func change

  1. … 118 more files in changeset.
Fix brokeness... Thx Rüdiger Plüm
Change AuthnCacheProvider --> AuthnCacheProvideFor to deal with overloading

of "provider" and likely confusion with AuthnCacheSOCache.

  1. … 3 more files in changeset.
authn_socache: if loaded but not configured to do anything,

don't go to the trouble of setting up the cache and mutex.

Extra robustness check: don't segfault if no socache provider selected

and there's no compile-time default.

Further normalize initalization stanzas
C99 is not a requirement, fix style violation niq refuses(?) to correct.

Ensures the two initialization stanzas follow the same pattern, which

is goodness, IMHO.

Reviewed by: trawick, wrowe

Submitted by: Norm <normw gknw.net>

Disallow setting cache context in .htaccess, lest it be abused for cross-site

or cross-application authn attacks.

fix svn props (hopefully)!

expiry is a time, not an interval

Name change: fix incompleteness of r957089

Name change: calling it mod_authn_cache could get confusing, and the

sourceforge module has a prior claim to the name.

  1. … 1 more file in changeset.