svn commit: r306385 - in head/www/mod_auth_tkt: . files
Jun Kuriyama
kuriyama at FreeBSD.org
Thu Oct 25 15:15:53 UTC 2012
Author: kuriyama
Date: Thu Oct 25 15:15:52 2012
New Revision: 306385
URL: http://svn.freebsd.org/changeset/ports/306385
Log:
- Add option to use TKTAuthQuerySeparator directive.
Obtained from: https://github.com/gavincarr/mod_auth_tkt
Feature safe: yes
Added:
head/www/mod_auth_tkt/files/
head/www/mod_auth_tkt/files/extra-patch-query-separator (contents, props changed)
Modified:
head/www/mod_auth_tkt/Makefile
Modified: head/www/mod_auth_tkt/Makefile
==============================================================================
--- head/www/mod_auth_tkt/Makefile Thu Oct 25 14:31:01 2012 (r306384)
+++ head/www/mod_auth_tkt/Makefile Thu Oct 25 15:15:52 2012 (r306385)
@@ -3,6 +3,7 @@
PORTNAME= mod_auth_tkt
PORTVERSION= 2.1.0
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_LOCAL} \
http://www.openfusion.com.au/labs/dist/mod_auth_tkt/
@@ -13,12 +14,24 @@ COMMENT= Lightweight single-sign-on auth
USE_APACHE= 22
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
+PATCH_WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
+PATCH_STRIP= -p1
AP_FAST_BUILD= yes
SRC_FILE= ${PORTNAME}.c sha2.c
AP_EXTRAS= -DAPACHE22
MAN3= mod_auth_tkt.3
+OPTIONS_DEFINE= QUERY_SEP
+QUERY_SEP_DESC= Experimental TKTAuthQuerySeparator directive
+OPTIONS_DEFAULT=QUERY_SEP
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MQUERY_SEP}
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-query-separator
+.endif
+
post-patch:
${REINPLACE_CMD} -e 's|.usr/share/man|${PREFIX}/man|' ${WRKSRC}/../Makedefs
Added: head/www/mod_auth_tkt/files/extra-patch-query-separator
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/mod_auth_tkt/files/extra-patch-query-separator Thu Oct 25 15:15:52 2012 (r306385)
@@ -0,0 +1,1454 @@
+diff --git a/cgi/logout.cgi b/cgi/logout.cgi
+index b2a830c..41fa7e1 100755
+--- a/cgi/logout.cgi
++++ b/cgi/logout.cgi
+@@ -33,16 +33,19 @@ $back ||= $q->cookie($at->back_cookie_name) if $at->back_cookie_name;
+ $back ||= $q->param($at->back_arg_name) if $at->back_arg_name;
+ $back = $AuthTktConfig::DEFAULT_BACK_LOCATION if $AuthTktConfig::DEFAULT_BACK_LOCATION;
+ $back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $AuthTktConfig::BACK_REFERER;
+-if ($back && $back =~ m!^/!) {
+- my $hostname = $server_name;
+- my $port = $server_port;
+- $hostname .= ':' . $port if $port && $port != 80 && $port != 443;
+- $back = sprintf "http%s://%s%s", ($port == 443 ? 's' : ''), $hostname, $back;
+-} elsif ($back && $back !~ m/^http/i) {
+- $back = 'http://' . $back;
++my $back_html = '';
++if ($back) {
++ if ($back =~ m!^/!) {
++ my $hostname = $server_name;
++ my $port = $server_port;
++ $hostname .= ':' . $port if $port && $port != 80 && $port != 443;
++ $back = sprintf "http%s://%s%s", ($port == 443 ? 's' : ''), $hostname, $back;
++ } elsif ($back !~ m/^http/i) {
++ $back = 'http://' . $back;
++ }
++ $back = uri_unescape($back) if $back =~ m/^https?%3A%2F%2F/;
++ $back_html = escapeHTML($back);
+ }
+-$back = uri_unescape($back) if $back =~ m/^https?%3A%2F%2F/;
+-my $back_html = escapeHTML($back) if $back;
+
+ # Logout by resetting the auth cookie
+ my @cookies = cookie(-name => $at->cookie_name, -value => '', -expires => '-1h',
+diff --git a/conf/auth_tkt_cgi.conf b/conf/auth_tkt_cgi.conf
+index e2546bc..e969c44 100644
+--- a/conf/auth_tkt_cgi.conf
++++ b/conf/auth_tkt_cgi.conf
+@@ -13,6 +13,9 @@
+ # Digest type to use - default is MD5, alternatives are SHA256 or SHA512
+ #TKTAuthDigestType MD5
+
++# Query separator for generated URLs. Defaults to semi-colon (';')
++#TKTAuthQuerySeparator &
++
+ # Used by sample CGI scripts to locate this config file
+ SetEnv MOD_AUTH_TKT_CONF "/etc/httpd/conf.d/auth_tkt_cgi.conf"
+
+diff --git a/doc/mod_auth_tkt.pod b/doc/mod_auth_tkt.pod
+index dd7d85c..edf0590 100644
+--- a/doc/mod_auth_tkt.pod
++++ b/doc/mod_auth_tkt.pod
+@@ -227,7 +227,9 @@ the ticket hashing, so you should always set a TKTAuthTimeout in
+ addition to using an expiry. Cookie expiries are refreshed with
+ tickets if TKTAuthTimeoutRefresh is set.
+
+-Default: none. Examples:
++Default: none (not used).
++
++e.g.
+
+ TKTAuthCookieExpires 86400
+ TKTAuthCookieExpires 1w
+@@ -245,6 +247,11 @@ http://www.example.com/index.html and TKTAuthBackArgName is set to
+
+ to the TKTAuthLoginURL it redirects to, allowing your login script
+ to redirect back to the requested page upon successful login.
++
++To omit altogether, set to the string B<None> i.e.
++
++ TKTAuthBackArgName None
++
+ Default: 'back'.
+
+ =item TKTAuthBackCookieName <name>
+@@ -252,7 +259,9 @@ Default: 'back'.
+ The cookie name to use for the back cookie. If this is set,
+ mod_auth_tkt will set a back cookie containing a URI-escaped version
+ of current requested page when redirecting (see TKTAuthBackArgName
+-above). Default: none.
++above), instead of using a GET parameter.
++
++Default: none (not used).
+
+ =item TKTAuthToken <token>
+
+@@ -267,7 +276,9 @@ Note that this directive can be repeated, and the semantics are that
+ B<any> of the required tokens is sufficient for access i.e. the tokens
+ are ORed.
+
+-Default: none. e.g.
++Default: none (not used).
++
++e.g.
+
+ TKTAuthToken finance
+ TKTAuthToken admin
+@@ -281,8 +292,12 @@ this as well, setting the client IP address to 0.0.0.0). This is
+ often required out on the open internet, especially if you are
+ using an HTTPS login page (as you should) and are dealing with
+ more than a handful of users (the typical problem being
+-transparent HTTP proxies at ISPs). Default: 'off' i.e. ticket
+-is only valid from the originating IP address. e.g.
++transparent HTTP proxies at ISPs).
++
++Default: 'off' i.e. ticket is only valid from the originating
++IP address.
++
++e.g.
+
+ TKTAuthIgnoreIP on
+
+diff --git a/src/mod_auth_tkt.c b/src/mod_auth_tkt.c
+index c2609e9..74bb669 100644
+--- a/src/mod_auth_tkt.c
++++ b/src/mod_auth_tkt.c
+@@ -38,6 +38,7 @@
+ #define REMOTE_USER_TOKENS_ENV "REMOTE_USER_TOKENS"
+ #define DEFAULT_TIMEOUT_SEC 7200
+ #define DEFAULT_GUEST_USER "guest"
++#define QUERY_SEPARATOR ';'
+
+ #define FORCE_REFRESH 1
+ #define CHECK_REFRESH 0
+@@ -68,6 +69,7 @@ typedef struct {
+ char *guest_user;
+ int guest_fallback;
+ int debug;
++ const char *query_separator;
+ } auth_tkt_dir_conf;
+
+ /* Per-server configuration */
+@@ -99,24 +101,24 @@ void
+ auth_tkt_version(server_rec *s, pool *p)
+ {
+ ap_add_version_component("mod_auth_tkt/" TKT_AUTH_VERSION);
+- ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
++ ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
+ "mod_auth_tkt: version %s", TKT_AUTH_VERSION);
+ }
+
+ #else
+ static int
+-auth_tkt_version(apr_pool_t *p,
++auth_tkt_version(apr_pool_t *p,
+ apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
+ {
+ ap_add_version_component(p, "mod_auth_tkt/" TKT_AUTH_VERSION);
+- ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
++ ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
+ "mod_auth_tkt: version %s", TKT_AUTH_VERSION);
+ return DECLINED;
+ }
+ #endif
+
+ /* Create per-dir config structures */
+-static void *
++static void *
+ create_auth_tkt_config(apr_pool_t *p, char* path)
+ {
+ auth_tkt_dir_conf *conf = apr_palloc(p, sizeof(*conf));
+@@ -142,11 +144,12 @@ create_auth_tkt_config(apr_pool_t *p, char* path)
+ conf->guest_user = NULL;
+ conf->guest_fallback = -1;
+ conf->debug = -1;
+- return conf;
++ conf->query_separator = (char *)QUERY_SEPARATOR;
++ return conf;
+ }
+
+ /* Merge per-dir config structures */
+-static void *
++static void *
+ merge_auth_tkt_config(apr_pool_t *p, void* parent_dirv, void* subdirv)
+ {
+ auth_tkt_dir_conf *parent = (auth_tkt_dir_conf *) parent_dirv;
+@@ -174,6 +177,7 @@ merge_auth_tkt_config(apr_pool_t *p, void* parent_dirv, void* subdirv)
+ conf->guest_user = (subdir->guest_user) ? subdir->guest_user : parent->guest_user;
+ conf->guest_fallback = (subdir->guest_fallback >= 0) ? subdir->guest_fallback : parent->guest_fallback;
+ conf->debug = (subdir->debug >= 0) ? subdir->debug : parent->debug;
++ conf->query_separator = (subdir->query_separator) ? subdir->query_separator : parent->query_separator;
+
+ return conf;
+ }
+@@ -188,7 +192,7 @@ create_auth_tkt_serv_config(apr_pool_t *p, server_rec* s)
+ sconf->digest_type = NULL;
+ sconf->digest_sz = 0;
+ return sconf;
+-}
++}
+
+ /* Merge per-server config structures */
+ static void *
+@@ -203,7 +207,7 @@ merge_auth_tkt_serv_config(apr_pool_t *p, void* parent_dirv, void* subdirv)
+ sconf->digest_type = (subdir->digest_type) ? subdir->digest_type : parent->digest_type;
+ sconf->digest_sz = (subdir->digest_sz) ? subdir->digest_sz : parent->digest_sz;
+ return sconf;
+-}
++}
+
+ /* ----------------------------------------------------------------------- */
+ /* Command-specific functions */
+@@ -243,8 +247,8 @@ convert_to_seconds (cmd_parms *cmd, const char *param, int *seconds)
+ multiplier = 30 * 24 * 60 * 60;
+ else if (unit == 'y')
+ multiplier = 365 * 24 * 60 * 60;
+- else
+- return apr_psprintf(cmd->pool,
++ else
++ return apr_psprintf(cmd->pool,
+ "Bad time string - unrecognised unit '%c'", unit);
+ }
+
+@@ -256,7 +260,7 @@ convert_to_seconds (cmd_parms *cmd, const char *param, int *seconds)
+ static const char *
+ set_auth_tkt_token (cmd_parms *cmd, void *cfg, const char *param)
+ {
+- char **new;
++ char **new;
+ auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *) cfg;
+
+ new = (char **) apr_array_push(conf->auth_token);
+@@ -270,12 +274,12 @@ set_auth_tkt_timeout (cmd_parms *cmd, void *cfg, const char *param)
+ auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
+ int seconds = conf->timeout_sec;
+ const char *error;
+-
++
+ /* Easy case - looks like all digits */
+ if (apr_isdigit(param[0]) && apr_isdigit(param[strlen(param) - 1])) {
+ seconds = atoi(param);
+ }
+-
++
+ /* Harder case - convert units to seconds */
+ else {
+ error = convert_to_seconds(cmd, param, &seconds);
+@@ -286,7 +290,7 @@ set_auth_tkt_timeout (cmd_parms *cmd, void *cfg, const char *param)
+ if (seconds == INT_MAX) return ("Integer overflow or invalid number");
+
+ conf->timeout_sec = seconds;
+-
++
+ return NULL;
+ }
+
+@@ -294,14 +298,14 @@ static const char *
+ set_auth_tkt_timeout_min (cmd_parms *cmd, void *cfg, const char *param)
+ {
+ auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
+-
++
+ int minutes = atoi(param);
+-
++
+ if (minutes < 0) return ("Timeout must be positive");
+ if (minutes == INT_MAX) return ("Integer overflow or invalid number");
+-
++
+ conf->timeout_sec = minutes * 60;
+-
++
+ return NULL;
+ }
+
+@@ -309,21 +313,21 @@ static const char *
+ set_auth_tkt_timeout_refresh (cmd_parms *cmd, void *cfg, const char *param)
+ {
+ auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
+-
++
+ double refresh = atof(param);
+
+- if (refresh < 0 || refresh > 1)
++ if (refresh < 0 || refresh > 1)
+ return "Refresh flag must be between 0 and 1";
+-
++
+ conf->timeout_refresh = refresh;
+-
++
+ return NULL;
+ }
+
+ static const char *
+ setup_secret (cmd_parms *cmd, void *cfg, const char *param)
+ {
+- auth_tkt_serv_conf *sconf =
++ auth_tkt_serv_conf *sconf =
+ ap_get_module_config(cmd->server->module_config, &auth_tkt_module);
+ sconf->secret = param;
+ return NULL;
+@@ -332,12 +336,22 @@ setup_secret (cmd_parms *cmd, void *cfg, const char *param)
+ static const char *
+ setup_old_secret (cmd_parms *cmd, void *cfg, const char *param)
+ {
+- auth_tkt_serv_conf *sconf = ap_get_module_config(cmd->server->module_config,
++ auth_tkt_serv_conf *sconf = ap_get_module_config(cmd->server->module_config,
+ &auth_tkt_module);
+ sconf->old_secret = param;
+ return NULL;
+ }
+
++static const char *
++setup_query_separator (cmd_parms *cmd, void *cfg, const char *param)
++{
++ if (strcmp(param, ";") != 0 && strcmp(param, "&") != 0)
++ return "QuerySeparator must be either ';' or '&'.";
++ auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
++ conf->query_separator = param;
++ return NULL;
++}
++
+ void
+ setup_digest_sz (auth_tkt_serv_conf *sconf)
+ {
+@@ -355,10 +369,10 @@ setup_digest_sz (auth_tkt_serv_conf *sconf)
+ static const char *
+ setup_digest_type (cmd_parms *cmd, void *cfg, const char *param)
+ {
+- auth_tkt_serv_conf *sconf =
++ auth_tkt_serv_conf *sconf =
+ ap_get_module_config(cmd->server->module_config, &auth_tkt_module);
+
+- if (strcmp(param, "MD5") != 0 &&
++ if (strcmp(param, "MD5") != 0 &&
+ strcmp(param, "SHA256") != 0 &&
+ strcmp(param, "SHA512") != 0)
+ return "Digest type must be one of: MD5 | SHA256 | SHA512.";
+@@ -391,7 +405,7 @@ set_cookie_expires (cmd_parms *cmd, void *cfg, const char *param)
+ if (seconds == INT_MAX) return ("Integer overflow or invalid number");
+
+ conf->cookie_expires = seconds;
+-
++
+ return NULL;
+ }
+
+@@ -399,90 +413,93 @@ static const char *
+ set_auth_tkt_debug (cmd_parms *cmd, void *cfg, const char *param)
+ {
+ auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
+-
++
+ int debug = atoi(param);
+-
++
+ if (debug < 0) return ("Debug level must be positive");
+ if (debug == INT_MAX) return ("Integer overflow or invalid number");
+-
++
+ conf->debug = debug;
+-
++
+ return NULL;
+ }
+
+ /* Command table */
+ static const command_rec auth_tkt_cmds[] =
+ {
+- AP_INIT_TAKE1("TKTAuthLoginURL", ap_set_string_slot,
++ AP_INIT_TAKE1("TKTAuthLoginURL", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, login_url),
+ OR_AUTHCFG, "URL to redirect to if authentication fails"),
+- AP_INIT_TAKE1("TKTAuthTimeoutURL", ap_set_string_slot,
++ AP_INIT_TAKE1("TKTAuthTimeoutURL", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, timeout_url),
+ OR_AUTHCFG, "URL to redirect to if cookie times-out"),
+- AP_INIT_TAKE1("TKTAuthPostTimeoutURL", ap_set_string_slot,
++ AP_INIT_TAKE1("TKTAuthPostTimeoutURL", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, post_timeout_url),
+ OR_AUTHCFG, "URL to redirect to if cookie times-out doing a POST"),
+- AP_INIT_TAKE1("TKTAuthUnauthURL", ap_set_string_slot,
++ AP_INIT_TAKE1("TKTAuthUnauthURL", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, unauth_url),
+ OR_AUTHCFG, "URL to redirect to if valid user without required token"),
+- AP_INIT_TAKE1("TKTAuthCookieName", ap_set_string_slot,
++ AP_INIT_TAKE1("TKTAuthCookieName", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, auth_cookie_name),
+ OR_AUTHCFG, "name to use for ticket cookie"),
+- AP_INIT_TAKE1("TKTAuthDomain", ap_set_string_slot,
++ AP_INIT_TAKE1("TKTAuthDomain", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, auth_domain),
+ OR_AUTHCFG, "domain to use in cookies"),
+ #ifndef APACHE13
+ /* TKTAuthCookieExpires is not supported under Apache 1.3 */
+- AP_INIT_ITERATE("TKTAuthCookieExpires", set_cookie_expires,
++ AP_INIT_ITERATE("TKTAuthCookieExpires", set_cookie_expires,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, cookie_expires),
+ OR_AUTHCFG, "cookie expiry period, in seconds or units [smhdwMy]"),
+ #endif
+- AP_INIT_TAKE1("TKTAuthBackCookieName", ap_set_string_slot,
++ AP_INIT_TAKE1("TKTAuthBackCookieName", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, back_cookie_name),
+- OR_AUTHCFG, "name to use for back cookie (NULL for none)"),
+- AP_INIT_TAKE1("TKTAuthBackArgName", ap_set_string_slot,
++ OR_AUTHCFG, "name to use for back cookie (default: none)"),
++ AP_INIT_TAKE1("TKTAuthBackArgName", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, back_arg_name),
+- OR_AUTHCFG, "name to use for back url argument (NULL for none)"),
+- AP_INIT_FLAG("TKTAuthIgnoreIP", ap_set_flag_slot,
++ OR_AUTHCFG, "name to use for back url argument ('None' to not use)"),
++ AP_INIT_FLAG("TKTAuthIgnoreIP", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, ignore_ip),
+ OR_AUTHCFG, "whether to ignore remote IP address in ticket"),
+- AP_INIT_FLAG("TKTAuthRequireSSL", ap_set_flag_slot,
++ AP_INIT_FLAG("TKTAuthRequireSSL", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, require_ssl),
+ OR_AUTHCFG, "whether to refuse non-HTTPS requests"),
+- AP_INIT_FLAG("TKTAuthCookieSecure", ap_set_flag_slot,
++ AP_INIT_FLAG("TKTAuthCookieSecure", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, secure_cookie),
+ OR_AUTHCFG, "whether to set secure flag on ticket cookies"),
+- AP_INIT_ITERATE("TKTAuthToken", set_auth_tkt_token,
++ AP_INIT_ITERATE("TKTAuthToken", set_auth_tkt_token,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, auth_token),
+ OR_AUTHCFG, "token required to access this area (NULL for none)"),
+- AP_INIT_ITERATE("TKTAuthTimeout", set_auth_tkt_timeout,
++ AP_INIT_ITERATE("TKTAuthTimeout", set_auth_tkt_timeout,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, timeout_sec),
+ OR_AUTHCFG, "ticket inactivity timeout, in seconds or units [smhdwMy]"),
+- AP_INIT_TAKE1("TKTAuthTimeoutMin", set_auth_tkt_timeout_min,
++ AP_INIT_TAKE1("TKTAuthTimeoutMin", set_auth_tkt_timeout_min,
+ NULL, OR_AUTHCFG, "ticket inactivity timeout, in minutes (deprecated)"),
+- AP_INIT_TAKE1("TKTAuthTimeoutRefresh", set_auth_tkt_timeout_refresh,
++ AP_INIT_TAKE1("TKTAuthTimeoutRefresh", set_auth_tkt_timeout_refresh,
+ NULL, OR_AUTHCFG, "ticket timeout refresh flag (0-1)"),
+- AP_INIT_TAKE1("TKTAuthSecret", setup_secret,
++ AP_INIT_TAKE1("TKTAuthSecret", setup_secret,
+ NULL, RSRC_CONF, "secret key to use in digest"),
+- AP_INIT_TAKE1("TKTAuthSecretOld", setup_old_secret,
++ AP_INIT_TAKE1("TKTAuthSecretOld", setup_old_secret,
+ NULL, RSRC_CONF, "old/alternative secret key to check in digests"),
+- AP_INIT_TAKE1("TKTAuthDigestType", setup_digest_type,
+- NULL, RSRC_CONF, "digest type to use [MD5|SHA256|SHA512], default MD5"),
++ AP_INIT_TAKE1("TKTAuthDigestType", setup_digest_type,
++ NULL, RSRC_CONF, "digest type to use [MD5|SHA256|SHA512], default: MD5"),
+ AP_INIT_FLAG("TKTAuthGuestLogin", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_login),
+ OR_AUTHCFG, "whether to log people in as guest if no other auth available"),
+ AP_INIT_FLAG("TKTAuthGuestCookie", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_cookie),
+- OR_AUTHCFG, "whether to set a cookie when accepting guest users (default off)"),
+- AP_INIT_TAKE1("TKTAuthGuestUser", ap_set_string_slot,
++ OR_AUTHCFG, "whether to set a cookie when accepting guest users (default: off)"),
++ AP_INIT_TAKE1("TKTAuthGuestUser", ap_set_string_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_user),
+ OR_AUTHCFG, "username to use for guest logins"),
+ AP_INIT_FLAG("TKTAuthGuestFallback", ap_set_flag_slot,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_fallback),
+- OR_AUTHCFG, "whether to fall back to guest on an expired ticket (default off)"),
+- AP_INIT_ITERATE("TKTAuthDebug", set_auth_tkt_debug,
++ OR_AUTHCFG, "whether to fall back to guest on an expired ticket (default: off)"),
++ AP_INIT_ITERATE("TKTAuthDebug", set_auth_tkt_debug,
+ (void *)APR_OFFSETOF(auth_tkt_dir_conf, debug),
+ OR_AUTHCFG, "debug level (1-3, higher for more debug output)"),
++ AP_INIT_TAKE1("TKTAuthQuerySeparator", setup_query_separator,
++ (void *)APR_OFFSETOF(auth_tkt_dir_conf, query_separator),
++ OR_AUTHCFG, "Character used in query strings to separate arguments (default: ';')"),
+ {NULL},
+ };
+
+@@ -490,28 +507,28 @@ static const command_rec auth_tkt_cmds[] =
+ /* Support functions */
+
+ /* Parse cookie. Returns 1 if valid, and details in *parsed; 0 if not */
+-static int
++static int
+ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
+ {
+ int sepidx, sep2idx;
+ char *ticket = *magic;
+ int len = strlen(ticket);
+- auth_tkt_serv_conf *sconf =
++ auth_tkt_serv_conf *sconf =
+ ap_get_module_config(r->server->module_config, &auth_tkt_module);
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+-
++
+ /* For some reason (some clients?), tickets sometimes come in quoted */
+ if (ticket[len-1] == '"') ticket[len-1] = 0;
+ if (ticket[0] == '"') *magic = ++ticket;
+
+ /* Basic length check for min size */
+ if (len <= (sconf->digest_sz + TSTAMP_SZ))
+- return 0;
+-
++ return 0;
++
+ /* See if there is a uid/data separator */
+ sepidx = ap_ind(ticket, SEPARATOR);
+- if (sepidx == -1) {
++ if (sepidx == -1) {
+ /* Ticket either uri-escaped, base64-escaped, or bogus */
+ if (strstr(ticket, SEPARATOR_HEX)) {
+ ap_unescape_url(ticket);
+@@ -519,7 +536,7 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
+ }
+ else {
+ /* base64 encoded string always longer than original, so len+1 sufficient */
+- char *buf = (char *) apr_palloc(r->pool, len+1);
++ char *buf = (char *) apr_palloc(r->pool, len+1);
+ apr_base64_decode(buf, ticket);
+ sepidx = ap_ind(buf, SEPARATOR);
+ /* If still no sepidx, must be bogus */
+@@ -532,26 +549,26 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
+ }
+
+ /* Recheck length */
+- if (len <= (sconf->digest_sz + TSTAMP_SZ) ||
+- sepidx < (sconf->digest_sz + TSTAMP_SZ))
+- return 0;
++ if (len <= (sconf->digest_sz + TSTAMP_SZ) ||
++ sepidx < (sconf->digest_sz + TSTAMP_SZ))
++ return 0;
+
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT parse_ticket decoded ticket: '%s'", ticket);
+ }
+-
++
+ /* Get the user id */
+ parsed->uid = apr_palloc(r->pool, sepidx - (sconf->digest_sz + TSTAMP_SZ) + 1);
+- memcpy(parsed->uid, &ticket[(sconf->digest_sz + TSTAMP_SZ)],
++ memcpy(parsed->uid, &ticket[(sconf->digest_sz + TSTAMP_SZ)],
+ sepidx - (sconf->digest_sz + TSTAMP_SZ));
+ parsed->uid[sepidx - (sconf->digest_sz + TSTAMP_SZ)] = '\0';
+-
++
+ /* Check for tokens */
+ sep2idx = ap_ind(&ticket[sepidx+1], SEPARATOR);
+ if (sep2idx == -1) {
+ if (conf->debug >= 2) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT parse_ticket: no tokens");
+ }
+ parsed->tokens = apr_palloc(r->pool, 1);
+@@ -563,15 +580,15 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
+ sepidx = tmp + sep2idx + 1;
+ sep2idx = tmp;
+ if (conf->debug >= 2) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+- "TKT parse_ticket: tokens found - sep2=%d, sep=%d, len=%d",
+- sep2idx, sepidx, len);
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ "TKT parse_ticket: tokens found - sep2=%d, sep=%d, len=%d",
++ sep2idx, sepidx, len);
+ }
+ /* Copy tokens to parsed->tokens */
+ parsed->tokens = apr_palloc(r->pool, sepidx-sep2idx);
+ apr_snprintf(parsed->tokens, sepidx-sep2idx, "%s", &ticket[sep2idx+1]);
+ if (conf->debug >= 2) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT parse_ticket tokens: '%s'", parsed->tokens);
+ }
+ }
+@@ -579,25 +596,25 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
+ /* Copy user data to parsed->user_data */
+ parsed->user_data = apr_palloc(r->pool, len-sepidx+1);
+ apr_snprintf(parsed->user_data, len-sepidx+1, "%s", &ticket[sepidx+1]);
+-
++
+ /* Copy timestamp to parsed->timestamp */
+ sscanf(&ticket[sconf->digest_sz], "%8x", &(parsed->timestamp));
+-
++
+ return 1;
+ }
+
+ /* Search cookie headers for our ticket */
+-static int
++static int
+ cookie_match(void *result, const char *key, const char *cookie)
+ {
+ cookie_res * cr = (cookie_res *) result;
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(cr->r->per_dir_config, &auth_tkt_module);
+-
++
+ if (cookie != NULL) {
+ char *cookie_name, *value, *cookiebuf, *end;
+ if (conf->debug >= 2) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
+ "TKT cookie_match, key %s against <%s> (name=%s)",
+ key, cookie, cr->cookie_name);
+ }
+@@ -623,7 +640,7 @@ cookie_match(void *result, const char *key, const char *cookie)
+ if (strlen(cookiebuf)) {
+ cr->cookie = cookiebuf;
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
+ "TKT cookie_match: found '%s'", cookiebuf);
+ }
+ return(0);
+@@ -631,7 +648,7 @@ cookie_match(void *result, const char *key, const char *cookie)
+ }
+ }
+ if (conf->debug >= 2) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
+ "TKT cookie_match: NOT found");
+ }
+ return (1);
+@@ -639,7 +656,7 @@ cookie_match(void *result, const char *key, const char *cookie)
+
+ /* Return the domain to use in cookies */
+ char *
+-get_domain(request_rec *r, auth_tkt_dir_conf *conf)
++get_domain(request_rec *r, auth_tkt_dir_conf *conf)
+ {
+ /* Set the cookie domain to the first set of TKTAuthDomain,
+ X-Forwarded-Host, Host, or server hostname. Viljo Viitanen
+@@ -665,7 +682,7 @@ get_domain(request_rec *r, auth_tkt_dir_conf *conf)
+ static void
+ send_auth_cookie(request_rec *r, char *value)
+ {
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+ char *cookie, *expires;
+ char *domain = get_domain(r,conf);
+@@ -679,12 +696,12 @@ send_auth_cookie(request_rec *r, char *value)
+ #ifndef APACHE13
+ if (conf->cookie_expires > 0) {
+ apr_time_exp_t tms;
+- apr_time_exp_gmt(&tms, r->request_time +
++ apr_time_exp_gmt(&tms, r->request_time +
+ apr_time_from_sec(conf->cookie_expires));
+- expires =
++ expires =
+ apr_psprintf(r->pool, "; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
+ apr_day_snames[tms.tm_wday],
+- tms.tm_mday,
++ tms.tm_mday,
+ apr_month_snames[tms.tm_mon],
+ tms.tm_year % 100,
+ tms.tm_hour, tms.tm_min, tms.tm_sec
+@@ -693,12 +710,12 @@ send_auth_cookie(request_rec *r, char *value)
+ #endif
+
+ /* Send the cookie */
+- cookie = apr_psprintf(r->pool, "%s=%s; path=/%s%s%s",
++ cookie = apr_psprintf(r->pool, "%s=%s; path=/%s%s%s",
+ conf->auth_cookie_name, value, domain, expires, secure_cookie);
+ apr_table_setn(r->err_headers_out, "Set-Cookie", cookie);
+
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT: sending cookie: %s=%s; path=/%s%s%s",
+ conf->auth_cookie_name, value, domain, expires, secure_cookie);
+ }
+@@ -708,7 +725,7 @@ send_auth_cookie(request_rec *r, char *value)
+ static char *
+ get_url_ticket(request_rec *r)
+ {
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+ const char *args = NULL; /* url arguments string */
+ const char *key, *val;
+@@ -717,12 +734,12 @@ get_url_ticket(request_rec *r)
+ /* Use main request args if subrequest */
+ request_rec *r_main = r->main == NULL ? r : r->main;
+ if (r_main->args != NULL) {
+- args = apr_pstrdup(r->pool, r_main->args);
++ args = apr_pstrdup(r->pool, r_main->args);
+ }
+
+ if (args != NULL) {
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT: looking for ticket in url: <%s>", args);
+ }
+
+@@ -731,12 +748,12 @@ get_url_ticket(request_rec *r)
+
+ if (strcmp(key,conf->auth_cookie_name) == 0) {
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT: found url ticket: <%s>", val);
+ }
+
+ /* Setup auth cookie using ticket value */
+- send_auth_cookie(r, (char *) val);
++ send_auth_cookie(r, (char *) val);
+
+ /* Found ticket - ignore rest of arguments */
+ ticket = (char *) val;
+@@ -749,12 +766,12 @@ get_url_ticket(request_rec *r)
+ }
+
+ /* Look for a cookie ticket */
+-static char *
++static char *
+ get_cookie_ticket(request_rec *r)
+ {
+- auth_tkt_serv_conf *sconf =
++ auth_tkt_serv_conf *sconf =
+ ap_get_module_config(r->server->module_config, &auth_tkt_module);
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+
+ /* Walk cookie headers looking for matching ticket */
+@@ -770,7 +787,7 @@ get_cookie_ticket(request_rec *r)
+ }
+ if (strlen(cr->cookie) < sconf->digest_sz + TSTAMP_SZ) {
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT get_cookie_tkt: found cookie ticket, "
+ "but it's too short for a %s digest (%zu < %d)",
+ sconf->digest_type, strlen(cr->cookie), sconf->digest_sz + TSTAMP_SZ);
+@@ -782,18 +799,18 @@ get_cookie_ticket(request_rec *r)
+ }
+
+ /* Generate a ticket digest string from the given details */
+-static char *
++static char *
+ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const char *secret)
+ {
+- auth_tkt_serv_conf *sconf =
++ auth_tkt_serv_conf *sconf =
+ ap_get_module_config(r->server->module_config, &auth_tkt_module);
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+ char *uid = parsed->uid;
+ char *tokens = parsed->tokens;
+ char *user_data = parsed->user_data;
+
+- unsigned char *buf = apr_palloc(r->pool,
++ unsigned char *buf = apr_palloc(r->pool,
+ TSTAMP_SZ + strlen(secret) + strlen(uid) + 1 + strlen(tokens) + 1 + strlen(user_data) + 1);
+ unsigned char *buf2 = apr_palloc(r->pool, sconf->digest_sz + strlen(secret));
+ int len = 0;
+@@ -812,7 +829,7 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
+ if (timestamp == 0) timestamp = parsed->timestamp;
+
+ if (conf->debug >= 2) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT ticket_digest: using secret '%s', ip '%s', ts '%d'", secret, remote_ip, timestamp);
+ }
+
+@@ -824,13 +841,13 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
+ buf[0] = (unsigned char ) ((ip & 0xff000000) >> 24);
+ buf[1] = (unsigned char ) ((ip & 0xff0000) >> 16);
+ buf[2] = (unsigned char ) ((ip & 0xff00) >> 8);
+- buf[3] = (unsigned char ) ((ip & 0xff));
+- buf[4] = (unsigned char ) ((timestamp & 0xff000000) >> 24);
+- buf[5] = (unsigned char ) ((timestamp & 0xff0000) >> 16);
+- buf[6] = (unsigned char ) ((timestamp & 0xff00) >> 8);
+- buf[7] = (unsigned char ) ((timestamp & 0xff));
++ buf[3] = (unsigned char ) ((ip & 0xff));
++ buf[4] = (unsigned char ) ((timestamp & 0xff000000) >> 24);
++ buf[5] = (unsigned char ) ((timestamp & 0xff0000) >> 16);
++ buf[6] = (unsigned char ) ((timestamp & 0xff00) >> 8);
++ buf[7] = (unsigned char ) ((timestamp & 0xff));
+ len = 8;
+-
++
+ /* Append remaining components to buf */
+ strcpy((char *)&buf[len], secret);
+ len += strlen(secret);
+@@ -857,7 +874,7 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
+ digest = ap_md5_binary(r->pool, buf, len);
+ }
+ if (conf->debug >= 3) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT ticket_digest: digest0: '%s' (input length %d)", digest, len);
+ }
+
+@@ -879,7 +896,7 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
+ digest = ap_md5_binary(r->pool, buf2, len);
+ }
+ if (conf->debug >= 3) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT ticket_digest: digest: '%s'", digest);
+ }
+
+@@ -897,21 +914,21 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
+ char *digest;
+ auth_tkt_serv_conf *sconf =
+ ap_get_module_config(r->server->module_config, &auth_tkt_module);
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+
+ /* Attempt to parse ticket */
+ if (! parse_ticket(r, &ticket, parsed)) {
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
+ "TKT valid_ticket: unparseable %s ticket found ('%s')", source, ticket);
+ }
+ return 0;
+ }
+
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+- "TKT valid_ticket: (parsed) uid '%s', tokens '%s', user_data '%s', ts '%d'",
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ "TKT valid_ticket: (parsed) uid '%s', tokens '%s', user_data '%s', ts '%d'",
+ parsed->uid, parsed->tokens, parsed->user_data, parsed->timestamp);
+ }
+
+@@ -921,9 +938,9 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
+
+ /* Digest mismatch - if no old secret set, fail */
+ if(sconf->old_secret == NULL) {
+- ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
+ "TKT valid_ticket: ticket hash (current secret) is invalid, and no old secret set "
+- "- digest '%s', ticket '%s'",
++ "- digest '%s', ticket '%s'",
+ digest, ticket);
+ return 0;
+ }
+@@ -931,13 +948,13 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
+ /* Digest mismatch - if old_secret is set, recalculate using that */
+ else {
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT valid_ticket: ticket hash (current secret) is invalid, but old_secret is set - checking ticket digest against that");
+ }
+ digest = ticket_digest(r, parsed, 0, sconf->old_secret);
+ if (memcmp(ticket, digest, sconf->digest_sz) != 0) {
+- ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
+- "TKT valid_ticket: ticket hash (old secret) is also invalid - digest '%s', ticket '%s'",
++ ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
++ "TKT valid_ticket: ticket hash (old secret) is also invalid - digest '%s', ticket '%s'",
+ digest, ticket);
+ return 0;
+ }
+@@ -946,7 +963,7 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
+ else {
+ if (force_refresh != NULL) {
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT valid_ticket: ticket_digest validated with old_secret - forcing a cookie refresh");
+ }
+ *force_refresh = 1;
+@@ -958,31 +975,31 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
+ return 1;
+ }
+
+-/* Check for required auth tokens
++/* Check for required auth tokens
+ * Returns 1 on success, 0 on failure */
+ static int
+ check_tokens(request_rec *r, char *tokens)
+ {
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+ char *next_parsed_token;
+ const char *t = NULL;
+- int match = 0;
++ int match = 0;
+
+ /* Success if no tokens required */
+- if (conf->auth_token->nelts == 0 ||
++ if (conf->auth_token->nelts == 0 ||
+ strcmp(((char **) conf->auth_token->elts)[0], "NULL") == 0) {
+ return 1;
+ }
+ /* Failure if required and no user tokens found */
+ if (tokens == NULL || strlen(tokens) == 0) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT: no matching tokens! (no user tokens found)");
+ return 0;
+ }
+
+- t = apr_pstrdup(r->pool, tokens);
+-
++ t = apr_pstrdup(r->pool, tokens);
++
+ while (*t && (next_parsed_token = ap_getword(r->pool, &t, ','))) {
+ char ** auth_tokens = (char **) conf->auth_token->elts;
+ int i;
+@@ -990,16 +1007,16 @@ check_tokens(request_rec *r, char *tokens)
+ for (i=0; i < conf->auth_token->nelts; i++) {
+ int token_len = strlen(auth_tokens[i]);
+ if (strncmp(auth_tokens[i], next_parsed_token, token_len) == 0 &&
+- next_parsed_token[token_len] == 0) {
+- match = 1;
+- break;
++ next_parsed_token[token_len] == 0) {
++ match = 1;
++ break;
+ }
+ }
+ if (match) break;
+ }
+
+ if (conf->debug >= 1 && ! match) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT: no matching tokens! (user tokens '%s')", tokens);
+ }
+
+@@ -1010,24 +1027,24 @@ check_tokens(request_rec *r, char *tokens)
+ static void
+ refresh_cookie(request_rec *r, auth_tkt *parsed, int timeout, int force_flag)
+ {
+- auth_tkt_serv_conf *sconf =
++ auth_tkt_serv_conf *sconf =
+ ap_get_module_config(r->server->module_config, &auth_tkt_module);
+- auth_tkt_dir_conf *conf =
++ auth_tkt_dir_conf *conf =
+ ap_get_module_config(r->per_dir_config, &auth_tkt_module);
+
+ /* The timeout refresh is a double between 0 and 1, signifying what
+- * proportion of the timeout should be left before we refresh i.e.
++ * proportion of the timeout should be left before we refresh i.e.
+ * 0 means never refresh (hard timeouts); 1 means always refresh;
+- * .33 means only refresh if less than a third of the timeout
+- * period remains. */
++ * .33 means only refresh if less than a third of the timeout
++ * period remains. */
+ unsigned int now = time(NULL);
+ int remainder = parsed->timestamp + timeout - now;
+ double refresh_sec = conf->timeout_refresh * timeout;
+
+ if (conf->debug >= 1) {
+- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
++ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
+ "TKT refresh_cookie: timeout %d, refresh %.3f, remainder %d, refresh_sec %.3f, force_flag %d",
+- timeout, conf->timeout_refresh, remainder, refresh_sec, force_flag);
++ timeout, conf->timeout_refresh, remainder, refresh_sec, force_flag);
+ }
+
+ /* If less than our refresh_sec threshold, freshen the cookie */
+@@ -1036,29 +1053,29 @@ refresh_cookie(request_rec *r, auth_tkt *parsed, int timeout, int force_flag)
+ char *digest = ticket_digest(r, parsed, now, sconf->secret);
+ if (parsed->tokens) {
+ ticket = apr_psprintf(r->pool,
+- "%s%08x%s%c%s%c%s",
+- digest, now, parsed->uid,
+- SEPARATOR, parsed->tokens,
+- SEPARATOR, parsed->user_data);
++ "%s%08x%s%c%s%c%s",
++ digest, now, parsed->uid,
++ SEPARATOR, parsed->tokens,
++ SEPARATOR, parsed->user_data);
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list