svn commit: r377974 - in head/www/mod_auth_tkt: . files
Jun Kuriyama
kuriyama at FreeBSD.org
Tue Jan 27 03:23:09 UTC 2015
Author: kuriyama
Date: Tue Jan 27 03:23:08 2015
New Revision: 377974
URL: https://svnweb.freebsd.org/changeset/ports/377974
QAT: https://qat.redports.org/buildarchive/r377974/
Log:
- Support apache 2.4.x.
- Split out non-related to QuerySeparator directive to normal patches.
Added:
head/www/mod_auth_tkt/files/patch-cgi_logout.cgi (contents, props changed)
head/www/mod_auth_tkt/files/patch-mod_auth_tkt.c (contents, props changed)
head/www/mod_auth_tkt/files/patch-mod_auth_tkt.pod (contents, props changed)
head/www/mod_auth_tkt/files/patch-t_extra.conf.1.in (contents, props changed)
head/www/mod_auth_tkt/files/patch-t_extra.conf.2.in (contents, props changed)
Modified:
head/www/mod_auth_tkt/Makefile
head/www/mod_auth_tkt/files/extra-patch-query-separator
head/www/mod_auth_tkt/pkg-plist
Modified: head/www/mod_auth_tkt/Makefile
==============================================================================
--- head/www/mod_auth_tkt/Makefile Tue Jan 27 03:03:28 2015 (r377973)
+++ head/www/mod_auth_tkt/Makefile Tue Jan 27 03:23:08 2015 (r377974)
@@ -2,7 +2,7 @@
PORTNAME= mod_auth_tkt
PORTVERSION= 2.1.0
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_LOCAL} \
http://www.openfusion.com.au/labs/dist/mod_auth_tkt/
@@ -11,7 +11,7 @@ MASTER_SITE_SUBDIR= kuriyama
MAINTAINER= kuriyama at FreeBSD.org
COMMENT= Lightweight single-sign-on authentication module for apache
-USE_APACHE= 22
+USE_APACHE= 22+
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
PATCH_WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
PATCH_STRIP= -p1
Modified: head/www/mod_auth_tkt/files/extra-patch-query-separator
==============================================================================
--- head/www/mod_auth_tkt/files/extra-patch-query-separator Tue Jan 27 03:03:28 2015 (r377973)
+++ head/www/mod_auth_tkt/files/extra-patch-query-separator Tue Jan 27 03:23:08 2015 (r377974)
@@ -1,40 +1,5 @@
-diff --git a/cgi/logout.cgi b/cgi/logout.cgi
-index b2a830c..41fa7e1 100755
---- a/cgi/logout.cgi
-+++ b/cgi/logout.cgi
-@@ -33,16 +33,19 @@ $back ||= $q->cookie($at->back_cookie_name) if $at->back_cookie_name;
- $back ||= $q->param($at->back_arg_name) if $at->back_arg_name;
- $back = $AuthTktConfig::DEFAULT_BACK_LOCATION if $AuthTktConfig::DEFAULT_BACK_LOCATION;
- $back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $AuthTktConfig::BACK_REFERER;
--if ($back && $back =~ m!^/!) {
-- my $hostname = $server_name;
-- my $port = $server_port;
-- $hostname .= ':' . $port if $port && $port != 80 && $port != 443;
-- $back = sprintf "http%s://%s%s", ($port == 443 ? 's' : ''), $hostname, $back;
--} elsif ($back && $back !~ m/^http/i) {
-- $back = 'http://' . $back;
-+my $back_html = '';
-+if ($back) {
-+ if ($back =~ m!^/!) {
-+ my $hostname = $server_name;
-+ my $port = $server_port;
-+ $hostname .= ':' . $port if $port && $port != 80 && $port != 443;
-+ $back = sprintf "http%s://%s%s", ($port == 443 ? 's' : ''), $hostname, $back;
-+ } elsif ($back !~ m/^http/i) {
-+ $back = 'http://' . $back;
-+ }
-+ $back = uri_unescape($back) if $back =~ m/^https?%3A%2F%2F/;
-+ $back_html = escapeHTML($back);
- }
--$back = uri_unescape($back) if $back =~ m/^https?%3A%2F%2F/;
--my $back_html = escapeHTML($back) if $back;
-
- # Logout by resetting the auth cookie
- my @cookies = cookie(-name => $at->cookie_name, -value => '', -expires => '-1h',
-diff --git a/conf/auth_tkt_cgi.conf b/conf/auth_tkt_cgi.conf
-index e2546bc..e969c44 100644
---- a/conf/auth_tkt_cgi.conf
-+++ b/conf/auth_tkt_cgi.conf
+--- ../conf/auth_tkt_cgi.conf.orig 2009-03-04 05:22:06.000000000 +0900
++++ ../conf/auth_tkt_cgi.conf 2015-01-27 12:07:43.628422498 +0900
@@ -13,6 +13,9 @@
# Digest type to use - default is MD5, alternatives are SHA256 or SHA512
#TKTAuthDigestType MD5
@@ -45,74 +10,8 @@ index e2546bc..e969c44 100644
# Used by sample CGI scripts to locate this config file
SetEnv MOD_AUTH_TKT_CONF "/etc/httpd/conf.d/auth_tkt_cgi.conf"
-diff --git a/doc/mod_auth_tkt.pod b/doc/mod_auth_tkt.pod
-index dd7d85c..edf0590 100644
---- a/doc/mod_auth_tkt.pod
-+++ b/doc/mod_auth_tkt.pod
-@@ -227,7 +227,9 @@ the ticket hashing, so you should always set a TKTAuthTimeout in
- addition to using an expiry. Cookie expiries are refreshed with
- tickets if TKTAuthTimeoutRefresh is set.
-
--Default: none. Examples:
-+Default: none (not used).
-+
-+e.g.
-
- TKTAuthCookieExpires 86400
- TKTAuthCookieExpires 1w
-@@ -245,6 +247,11 @@ http://www.example.com/index.html and TKTAuthBackArgName is set to
-
- to the TKTAuthLoginURL it redirects to, allowing your login script
- to redirect back to the requested page upon successful login.
-+
-+To omit altogether, set to the string B<None> i.e.
-+
-+ TKTAuthBackArgName None
-+
- Default: 'back'.
-
- =item TKTAuthBackCookieName <name>
-@@ -252,7 +259,9 @@ Default: 'back'.
- The cookie name to use for the back cookie. If this is set,
- mod_auth_tkt will set a back cookie containing a URI-escaped version
- of current requested page when redirecting (see TKTAuthBackArgName
--above). Default: none.
-+above), instead of using a GET parameter.
-+
-+Default: none (not used).
-
- =item TKTAuthToken <token>
-
-@@ -267,7 +276,9 @@ Note that this directive can be repeated, and the semantics are that
- B<any> of the required tokens is sufficient for access i.e. the tokens
- are ORed.
-
--Default: none. e.g.
-+Default: none (not used).
-+
-+e.g.
-
- TKTAuthToken finance
- TKTAuthToken admin
-@@ -281,8 +292,12 @@ this as well, setting the client IP address to 0.0.0.0). This is
- often required out on the open internet, especially if you are
- using an HTTPS login page (as you should) and are dealing with
- more than a handful of users (the typical problem being
--transparent HTTP proxies at ISPs). Default: 'off' i.e. ticket
--is only valid from the originating IP address. e.g.
-+transparent HTTP proxies at ISPs).
-+
-+Default: 'off' i.e. ticket is only valid from the originating
-+IP address.
-+
-+e.g.
-
- TKTAuthIgnoreIP on
-
-diff --git a/src/mod_auth_tkt.c b/src/mod_auth_tkt.c
-index c2609e9..74bb669 100644
---- a/src/mod_auth_tkt.c
-+++ b/src/mod_auth_tkt.c
+--- ../src/mod_auth_tkt.c.orig 2009-07-10 16:46:51.000000000 +0900
++++ ../src/mod_auth_tkt.c 2015-01-27 12:07:43.631422016 +0900
@@ -38,6 +38,7 @@
#define REMOTE_USER_TOKENS_ENV "REMOTE_USER_TOKENS"
#define DEFAULT_TIMEOUT_SEC 7200
@@ -121,7 +20,7 @@ index c2609e9..74bb669 100644
#define FORCE_REFRESH 1
#define CHECK_REFRESH 0
-@@ -68,6 +69,7 @@ typedef struct {
+@@ -68,6 +69,7 @@
char *guest_user;
int guest_fallback;
int debug;
@@ -129,51 +28,15 @@ index c2609e9..74bb669 100644
} auth_tkt_dir_conf;
/* Per-server configuration */
-@@ -99,24 +101,24 @@ void
- auth_tkt_version(server_rec *s, pool *p)
- {
- ap_add_version_component("mod_auth_tkt/" TKT_AUTH_VERSION);
-- ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
-+ ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
- "mod_auth_tkt: version %s", TKT_AUTH_VERSION);
- }
-
- #else
- static int
--auth_tkt_version(apr_pool_t *p,
-+auth_tkt_version(apr_pool_t *p,
- apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
- {
- ap_add_version_component(p, "mod_auth_tkt/" TKT_AUTH_VERSION);
-- ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
-+ ap_log_error(APLOG_MARK, APLOG_INFO, APR_SUCCESS, s,
- "mod_auth_tkt: version %s", TKT_AUTH_VERSION);
- return DECLINED;
- }
- #endif
-
- /* Create per-dir config structures */
--static void *
-+static void *
- create_auth_tkt_config(apr_pool_t *p, char* path)
- {
- auth_tkt_dir_conf *conf = apr_palloc(p, sizeof(*conf));
-@@ -142,11 +144,12 @@ create_auth_tkt_config(apr_pool_t *p, char* path)
+@@ -142,6 +144,7 @@
conf->guest_user = NULL;
conf->guest_fallback = -1;
conf->debug = -1;
-- return conf;
+ conf->query_separator = (char *)QUERY_SEPARATOR;
-+ return conf;
+ return conf;
}
- /* Merge per-dir config structures */
--static void *
-+static void *
- merge_auth_tkt_config(apr_pool_t *p, void* parent_dirv, void* subdirv)
- {
- auth_tkt_dir_conf *parent = (auth_tkt_dir_conf *) parent_dirv;
-@@ -174,6 +177,7 @@ merge_auth_tkt_config(apr_pool_t *p, void* parent_dirv, void* subdirv)
+@@ -174,6 +177,7 @@
conf->guest_user = (subdir->guest_user) ? subdir->guest_user : parent->guest_user;
conf->guest_fallback = (subdir->guest_fallback >= 0) ? subdir->guest_fallback : parent->guest_fallback;
conf->debug = (subdir->debug >= 0) ? subdir->debug : parent->debug;
@@ -181,122 +44,7 @@ index c2609e9..74bb669 100644
return conf;
}
-@@ -188,7 +192,7 @@ create_auth_tkt_serv_config(apr_pool_t *p, server_rec* s)
- sconf->digest_type = NULL;
- sconf->digest_sz = 0;
- return sconf;
--}
-+}
-
- /* Merge per-server config structures */
- static void *
-@@ -203,7 +207,7 @@ merge_auth_tkt_serv_config(apr_pool_t *p, void* parent_dirv, void* subdirv)
- sconf->digest_type = (subdir->digest_type) ? subdir->digest_type : parent->digest_type;
- sconf->digest_sz = (subdir->digest_sz) ? subdir->digest_sz : parent->digest_sz;
- return sconf;
--}
-+}
-
- /* ----------------------------------------------------------------------- */
- /* Command-specific functions */
-@@ -243,8 +247,8 @@ convert_to_seconds (cmd_parms *cmd, const char *param, int *seconds)
- multiplier = 30 * 24 * 60 * 60;
- else if (unit == 'y')
- multiplier = 365 * 24 * 60 * 60;
-- else
-- return apr_psprintf(cmd->pool,
-+ else
-+ return apr_psprintf(cmd->pool,
- "Bad time string - unrecognised unit '%c'", unit);
- }
-
-@@ -256,7 +260,7 @@ convert_to_seconds (cmd_parms *cmd, const char *param, int *seconds)
- static const char *
- set_auth_tkt_token (cmd_parms *cmd, void *cfg, const char *param)
- {
-- char **new;
-+ char **new;
- auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *) cfg;
-
- new = (char **) apr_array_push(conf->auth_token);
-@@ -270,12 +274,12 @@ set_auth_tkt_timeout (cmd_parms *cmd, void *cfg, const char *param)
- auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
- int seconds = conf->timeout_sec;
- const char *error;
--
-+
- /* Easy case - looks like all digits */
- if (apr_isdigit(param[0]) && apr_isdigit(param[strlen(param) - 1])) {
- seconds = atoi(param);
- }
--
-+
- /* Harder case - convert units to seconds */
- else {
- error = convert_to_seconds(cmd, param, &seconds);
-@@ -286,7 +290,7 @@ set_auth_tkt_timeout (cmd_parms *cmd, void *cfg, const char *param)
- if (seconds == INT_MAX) return ("Integer overflow or invalid number");
-
- conf->timeout_sec = seconds;
--
-+
- return NULL;
- }
-
-@@ -294,14 +298,14 @@ static const char *
- set_auth_tkt_timeout_min (cmd_parms *cmd, void *cfg, const char *param)
- {
- auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
--
-+
- int minutes = atoi(param);
--
-+
- if (minutes < 0) return ("Timeout must be positive");
- if (minutes == INT_MAX) return ("Integer overflow or invalid number");
--
-+
- conf->timeout_sec = minutes * 60;
--
-+
- return NULL;
- }
-
-@@ -309,21 +313,21 @@ static const char *
- set_auth_tkt_timeout_refresh (cmd_parms *cmd, void *cfg, const char *param)
- {
- auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
--
-+
- double refresh = atof(param);
-
-- if (refresh < 0 || refresh > 1)
-+ if (refresh < 0 || refresh > 1)
- return "Refresh flag must be between 0 and 1";
--
-+
- conf->timeout_refresh = refresh;
--
-+
- return NULL;
- }
-
- static const char *
- setup_secret (cmd_parms *cmd, void *cfg, const char *param)
- {
-- auth_tkt_serv_conf *sconf =
-+ auth_tkt_serv_conf *sconf =
- ap_get_module_config(cmd->server->module_config, &auth_tkt_module);
- sconf->secret = param;
- return NULL;
-@@ -332,12 +336,22 @@ setup_secret (cmd_parms *cmd, void *cfg, const char *param)
- static const char *
- setup_old_secret (cmd_parms *cmd, void *cfg, const char *param)
- {
-- auth_tkt_serv_conf *sconf = ap_get_module_config(cmd->server->module_config,
-+ auth_tkt_serv_conf *sconf = ap_get_module_config(cmd->server->module_config,
- &auth_tkt_module);
- sconf->old_secret = param;
+@@ -338,6 +342,16 @@
return NULL;
}
@@ -313,144 +61,27 @@ index c2609e9..74bb669 100644
void
setup_digest_sz (auth_tkt_serv_conf *sconf)
{
-@@ -355,10 +369,10 @@ setup_digest_sz (auth_tkt_serv_conf *sconf)
- static const char *
- setup_digest_type (cmd_parms *cmd, void *cfg, const char *param)
- {
-- auth_tkt_serv_conf *sconf =
-+ auth_tkt_serv_conf *sconf =
- ap_get_module_config(cmd->server->module_config, &auth_tkt_module);
-
-- if (strcmp(param, "MD5") != 0 &&
-+ if (strcmp(param, "MD5") != 0 &&
- strcmp(param, "SHA256") != 0 &&
- strcmp(param, "SHA512") != 0)
- return "Digest type must be one of: MD5 | SHA256 | SHA512.";
-@@ -391,7 +405,7 @@ set_cookie_expires (cmd_parms *cmd, void *cfg, const char *param)
- if (seconds == INT_MAX) return ("Integer overflow or invalid number");
-
- conf->cookie_expires = seconds;
--
-+
- return NULL;
- }
-
-@@ -399,90 +413,93 @@ static const char *
- set_auth_tkt_debug (cmd_parms *cmd, void *cfg, const char *param)
- {
- auth_tkt_dir_conf *conf = (auth_tkt_dir_conf *)cfg;
--
-+
- int debug = atoi(param);
--
-+
- if (debug < 0) return ("Debug level must be positive");
- if (debug == INT_MAX) return ("Integer overflow or invalid number");
--
-+
- conf->debug = debug;
--
-+
- return NULL;
- }
-
- /* Command table */
- static const command_rec auth_tkt_cmds[] =
- {
-- AP_INIT_TAKE1("TKTAuthLoginURL", ap_set_string_slot,
-+ AP_INIT_TAKE1("TKTAuthLoginURL", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, login_url),
- OR_AUTHCFG, "URL to redirect to if authentication fails"),
-- AP_INIT_TAKE1("TKTAuthTimeoutURL", ap_set_string_slot,
-+ AP_INIT_TAKE1("TKTAuthTimeoutURL", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, timeout_url),
- OR_AUTHCFG, "URL to redirect to if cookie times-out"),
-- AP_INIT_TAKE1("TKTAuthPostTimeoutURL", ap_set_string_slot,
-+ AP_INIT_TAKE1("TKTAuthPostTimeoutURL", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, post_timeout_url),
- OR_AUTHCFG, "URL to redirect to if cookie times-out doing a POST"),
-- AP_INIT_TAKE1("TKTAuthUnauthURL", ap_set_string_slot,
-+ AP_INIT_TAKE1("TKTAuthUnauthURL", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, unauth_url),
- OR_AUTHCFG, "URL to redirect to if valid user without required token"),
-- AP_INIT_TAKE1("TKTAuthCookieName", ap_set_string_slot,
-+ AP_INIT_TAKE1("TKTAuthCookieName", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, auth_cookie_name),
- OR_AUTHCFG, "name to use for ticket cookie"),
-- AP_INIT_TAKE1("TKTAuthDomain", ap_set_string_slot,
-+ AP_INIT_TAKE1("TKTAuthDomain", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, auth_domain),
- OR_AUTHCFG, "domain to use in cookies"),
- #ifndef APACHE13
- /* TKTAuthCookieExpires is not supported under Apache 1.3 */
-- AP_INIT_ITERATE("TKTAuthCookieExpires", set_cookie_expires,
-+ AP_INIT_ITERATE("TKTAuthCookieExpires", set_cookie_expires,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, cookie_expires),
- OR_AUTHCFG, "cookie expiry period, in seconds or units [smhdwMy]"),
- #endif
-- AP_INIT_TAKE1("TKTAuthBackCookieName", ap_set_string_slot,
-+ AP_INIT_TAKE1("TKTAuthBackCookieName", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, back_cookie_name),
-- OR_AUTHCFG, "name to use for back cookie (NULL for none)"),
-- AP_INIT_TAKE1("TKTAuthBackArgName", ap_set_string_slot,
-+ OR_AUTHCFG, "name to use for back cookie (default: none)"),
-+ AP_INIT_TAKE1("TKTAuthBackArgName", ap_set_string_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, back_arg_name),
-- OR_AUTHCFG, "name to use for back url argument (NULL for none)"),
-- AP_INIT_FLAG("TKTAuthIgnoreIP", ap_set_flag_slot,
-+ OR_AUTHCFG, "name to use for back url argument ('None' to not use)"),
-+ AP_INIT_FLAG("TKTAuthIgnoreIP", ap_set_flag_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, ignore_ip),
- OR_AUTHCFG, "whether to ignore remote IP address in ticket"),
-- AP_INIT_FLAG("TKTAuthRequireSSL", ap_set_flag_slot,
-+ AP_INIT_FLAG("TKTAuthRequireSSL", ap_set_flag_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, require_ssl),
- OR_AUTHCFG, "whether to refuse non-HTTPS requests"),
-- AP_INIT_FLAG("TKTAuthCookieSecure", ap_set_flag_slot,
-+ AP_INIT_FLAG("TKTAuthCookieSecure", ap_set_flag_slot,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, secure_cookie),
- OR_AUTHCFG, "whether to set secure flag on ticket cookies"),
-- AP_INIT_ITERATE("TKTAuthToken", set_auth_tkt_token,
-+ AP_INIT_ITERATE("TKTAuthToken", set_auth_tkt_token,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, auth_token),
- OR_AUTHCFG, "token required to access this area (NULL for none)"),
-- AP_INIT_ITERATE("TKTAuthTimeout", set_auth_tkt_timeout,
-+ AP_INIT_ITERATE("TKTAuthTimeout", set_auth_tkt_timeout,
- (void *)APR_OFFSETOF(auth_tkt_dir_conf, timeout_sec),
- OR_AUTHCFG, "ticket inactivity timeout, in seconds or units [smhdwMy]"),
-- AP_INIT_TAKE1("TKTAuthTimeoutMin", set_auth_tkt_timeout_min,
-+ AP_INIT_TAKE1("TKTAuthTimeoutMin", set_auth_tkt_timeout_min,
- NULL, OR_AUTHCFG, "ticket inactivity timeout, in minutes (deprecated)"),
-- AP_INIT_TAKE1("TKTAuthTimeoutRefresh", set_auth_tkt_timeout_refresh,
-+ AP_INIT_TAKE1("TKTAuthTimeoutRefresh", set_auth_tkt_timeout_refresh,
- NULL, OR_AUTHCFG, "ticket timeout refresh flag (0-1)"),
-- AP_INIT_TAKE1("TKTAuthSecret", setup_secret,
-+ AP_INIT_TAKE1("TKTAuthSecret", setup_secret,
- NULL, RSRC_CONF, "secret key to use in digest"),
-- AP_INIT_TAKE1("TKTAuthSecretOld", setup_old_secret,
-+ AP_INIT_TAKE1("TKTAuthSecretOld", setup_old_secret,
+@@ -467,22 +481,25 @@
+ AP_INIT_TAKE1("TKTAuthSecretOld", setup_old_secret,
NULL, RSRC_CONF, "old/alternative secret key to check in digests"),
-- AP_INIT_TAKE1("TKTAuthDigestType", setup_digest_type,
+ AP_INIT_TAKE1("TKTAuthDigestType", setup_digest_type,
- NULL, RSRC_CONF, "digest type to use [MD5|SHA256|SHA512], default MD5"),
-+ AP_INIT_TAKE1("TKTAuthDigestType", setup_digest_type,
-+ NULL, RSRC_CONF, "digest type to use [MD5|SHA256|SHA512], default: MD5"),
++ NULL, RSRC_CONF, "digest type to use [MD5|SHA256|SHA512], default MD5"),
AP_INIT_FLAG("TKTAuthGuestLogin", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_login),
OR_AUTHCFG, "whether to log people in as guest if no other auth available"),
AP_INIT_FLAG("TKTAuthGuestCookie", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_cookie),
- OR_AUTHCFG, "whether to set a cookie when accepting guest users (default off)"),
-- AP_INIT_TAKE1("TKTAuthGuestUser", ap_set_string_slot,
-+ OR_AUTHCFG, "whether to set a cookie when accepting guest users (default: off)"),
-+ AP_INIT_TAKE1("TKTAuthGuestUser", ap_set_string_slot,
++ OR_AUTHCFG, "whether to set a cookie when accepting guest users (default off)"),
+ AP_INIT_TAKE1("TKTAuthGuestUser", ap_set_string_slot,
(void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_user),
OR_AUTHCFG, "username to use for guest logins"),
AP_INIT_FLAG("TKTAuthGuestFallback", ap_set_flag_slot,
(void *)APR_OFFSETOF(auth_tkt_dir_conf, guest_fallback),
- OR_AUTHCFG, "whether to fall back to guest on an expired ticket (default off)"),
-- AP_INIT_ITERATE("TKTAuthDebug", set_auth_tkt_debug,
-+ OR_AUTHCFG, "whether to fall back to guest on an expired ticket (default: off)"),
-+ AP_INIT_ITERATE("TKTAuthDebug", set_auth_tkt_debug,
++ OR_AUTHCFG, "whether to fall back to guest on an expired ticket (default off)"),
+ AP_INIT_ITERATE("TKTAuthDebug", set_auth_tkt_debug,
(void *)APR_OFFSETOF(auth_tkt_dir_conf, debug),
OR_AUTHCFG, "debug level (1-3, higher for more debug output)"),
+ AP_INIT_TAKE1("TKTAuthQuerySeparator", setup_query_separator,
@@ -459,625 +90,7 @@ index c2609e9..74bb669 100644
{NULL},
};
-@@ -490,28 +507,28 @@ static const command_rec auth_tkt_cmds[] =
- /* Support functions */
-
- /* Parse cookie. Returns 1 if valid, and details in *parsed; 0 if not */
--static int
-+static int
- parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
- {
- int sepidx, sep2idx;
- char *ticket = *magic;
- int len = strlen(ticket);
-- auth_tkt_serv_conf *sconf =
-+ auth_tkt_serv_conf *sconf =
- ap_get_module_config(r->server->module_config, &auth_tkt_module);
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
--
-+
- /* For some reason (some clients?), tickets sometimes come in quoted */
- if (ticket[len-1] == '"') ticket[len-1] = 0;
- if (ticket[0] == '"') *magic = ++ticket;
-
- /* Basic length check for min size */
- if (len <= (sconf->digest_sz + TSTAMP_SZ))
-- return 0;
--
-+ return 0;
-+
- /* See if there is a uid/data separator */
- sepidx = ap_ind(ticket, SEPARATOR);
-- if (sepidx == -1) {
-+ if (sepidx == -1) {
- /* Ticket either uri-escaped, base64-escaped, or bogus */
- if (strstr(ticket, SEPARATOR_HEX)) {
- ap_unescape_url(ticket);
-@@ -519,7 +536,7 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
- }
- else {
- /* base64 encoded string always longer than original, so len+1 sufficient */
-- char *buf = (char *) apr_palloc(r->pool, len+1);
-+ char *buf = (char *) apr_palloc(r->pool, len+1);
- apr_base64_decode(buf, ticket);
- sepidx = ap_ind(buf, SEPARATOR);
- /* If still no sepidx, must be bogus */
-@@ -532,26 +549,26 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
- }
-
- /* Recheck length */
-- if (len <= (sconf->digest_sz + TSTAMP_SZ) ||
-- sepidx < (sconf->digest_sz + TSTAMP_SZ))
-- return 0;
-+ if (len <= (sconf->digest_sz + TSTAMP_SZ) ||
-+ sepidx < (sconf->digest_sz + TSTAMP_SZ))
-+ return 0;
-
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT parse_ticket decoded ticket: '%s'", ticket);
- }
--
-+
- /* Get the user id */
- parsed->uid = apr_palloc(r->pool, sepidx - (sconf->digest_sz + TSTAMP_SZ) + 1);
-- memcpy(parsed->uid, &ticket[(sconf->digest_sz + TSTAMP_SZ)],
-+ memcpy(parsed->uid, &ticket[(sconf->digest_sz + TSTAMP_SZ)],
- sepidx - (sconf->digest_sz + TSTAMP_SZ));
- parsed->uid[sepidx - (sconf->digest_sz + TSTAMP_SZ)] = '\0';
--
-+
- /* Check for tokens */
- sep2idx = ap_ind(&ticket[sepidx+1], SEPARATOR);
- if (sep2idx == -1) {
- if (conf->debug >= 2) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT parse_ticket: no tokens");
- }
- parsed->tokens = apr_palloc(r->pool, 1);
-@@ -563,15 +580,15 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
- sepidx = tmp + sep2idx + 1;
- sep2idx = tmp;
- if (conf->debug >= 2) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-- "TKT parse_ticket: tokens found - sep2=%d, sep=%d, len=%d",
-- sep2idx, sepidx, len);
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ "TKT parse_ticket: tokens found - sep2=%d, sep=%d, len=%d",
-+ sep2idx, sepidx, len);
- }
- /* Copy tokens to parsed->tokens */
- parsed->tokens = apr_palloc(r->pool, sepidx-sep2idx);
- apr_snprintf(parsed->tokens, sepidx-sep2idx, "%s", &ticket[sep2idx+1]);
- if (conf->debug >= 2) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT parse_ticket tokens: '%s'", parsed->tokens);
- }
- }
-@@ -579,25 +596,25 @@ parse_ticket(request_rec *r, char **magic, auth_tkt *parsed)
- /* Copy user data to parsed->user_data */
- parsed->user_data = apr_palloc(r->pool, len-sepidx+1);
- apr_snprintf(parsed->user_data, len-sepidx+1, "%s", &ticket[sepidx+1]);
--
-+
- /* Copy timestamp to parsed->timestamp */
- sscanf(&ticket[sconf->digest_sz], "%8x", &(parsed->timestamp));
--
-+
- return 1;
- }
-
- /* Search cookie headers for our ticket */
--static int
-+static int
- cookie_match(void *result, const char *key, const char *cookie)
- {
- cookie_res * cr = (cookie_res *) result;
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(cr->r->per_dir_config, &auth_tkt_module);
--
-+
- if (cookie != NULL) {
- char *cookie_name, *value, *cookiebuf, *end;
- if (conf->debug >= 2) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
- "TKT cookie_match, key %s against <%s> (name=%s)",
- key, cookie, cr->cookie_name);
- }
-@@ -623,7 +640,7 @@ cookie_match(void *result, const char *key, const char *cookie)
- if (strlen(cookiebuf)) {
- cr->cookie = cookiebuf;
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
- "TKT cookie_match: found '%s'", cookiebuf);
- }
- return(0);
-@@ -631,7 +648,7 @@ cookie_match(void *result, const char *key, const char *cookie)
- }
- }
- if (conf->debug >= 2) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, cr->r,
- "TKT cookie_match: NOT found");
- }
- return (1);
-@@ -639,7 +656,7 @@ cookie_match(void *result, const char *key, const char *cookie)
-
- /* Return the domain to use in cookies */
- char *
--get_domain(request_rec *r, auth_tkt_dir_conf *conf)
-+get_domain(request_rec *r, auth_tkt_dir_conf *conf)
- {
- /* Set the cookie domain to the first set of TKTAuthDomain,
- X-Forwarded-Host, Host, or server hostname. Viljo Viitanen
-@@ -665,7 +682,7 @@ get_domain(request_rec *r, auth_tkt_dir_conf *conf)
- static void
- send_auth_cookie(request_rec *r, char *value)
- {
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
- char *cookie, *expires;
- char *domain = get_domain(r,conf);
-@@ -679,12 +696,12 @@ send_auth_cookie(request_rec *r, char *value)
- #ifndef APACHE13
- if (conf->cookie_expires > 0) {
- apr_time_exp_t tms;
-- apr_time_exp_gmt(&tms, r->request_time +
-+ apr_time_exp_gmt(&tms, r->request_time +
- apr_time_from_sec(conf->cookie_expires));
-- expires =
-+ expires =
- apr_psprintf(r->pool, "; expires=%s, %.2d-%s-%.2d %.2d:%.2d:%.2d GMT",
- apr_day_snames[tms.tm_wday],
-- tms.tm_mday,
-+ tms.tm_mday,
- apr_month_snames[tms.tm_mon],
- tms.tm_year % 100,
- tms.tm_hour, tms.tm_min, tms.tm_sec
-@@ -693,12 +710,12 @@ send_auth_cookie(request_rec *r, char *value)
- #endif
-
- /* Send the cookie */
-- cookie = apr_psprintf(r->pool, "%s=%s; path=/%s%s%s",
-+ cookie = apr_psprintf(r->pool, "%s=%s; path=/%s%s%s",
- conf->auth_cookie_name, value, domain, expires, secure_cookie);
- apr_table_setn(r->err_headers_out, "Set-Cookie", cookie);
-
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT: sending cookie: %s=%s; path=/%s%s%s",
- conf->auth_cookie_name, value, domain, expires, secure_cookie);
- }
-@@ -708,7 +725,7 @@ send_auth_cookie(request_rec *r, char *value)
- static char *
- get_url_ticket(request_rec *r)
- {
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
- const char *args = NULL; /* url arguments string */
- const char *key, *val;
-@@ -717,12 +734,12 @@ get_url_ticket(request_rec *r)
- /* Use main request args if subrequest */
- request_rec *r_main = r->main == NULL ? r : r->main;
- if (r_main->args != NULL) {
-- args = apr_pstrdup(r->pool, r_main->args);
-+ args = apr_pstrdup(r->pool, r_main->args);
- }
-
- if (args != NULL) {
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT: looking for ticket in url: <%s>", args);
- }
-
-@@ -731,12 +748,12 @@ get_url_ticket(request_rec *r)
-
- if (strcmp(key,conf->auth_cookie_name) == 0) {
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT: found url ticket: <%s>", val);
- }
-
- /* Setup auth cookie using ticket value */
-- send_auth_cookie(r, (char *) val);
-+ send_auth_cookie(r, (char *) val);
-
- /* Found ticket - ignore rest of arguments */
- ticket = (char *) val;
-@@ -749,12 +766,12 @@ get_url_ticket(request_rec *r)
- }
-
- /* Look for a cookie ticket */
--static char *
-+static char *
- get_cookie_ticket(request_rec *r)
- {
-- auth_tkt_serv_conf *sconf =
-+ auth_tkt_serv_conf *sconf =
- ap_get_module_config(r->server->module_config, &auth_tkt_module);
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
-
- /* Walk cookie headers looking for matching ticket */
-@@ -770,7 +787,7 @@ get_cookie_ticket(request_rec *r)
- }
- if (strlen(cr->cookie) < sconf->digest_sz + TSTAMP_SZ) {
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT get_cookie_tkt: found cookie ticket, "
- "but it's too short for a %s digest (%zu < %d)",
- sconf->digest_type, strlen(cr->cookie), sconf->digest_sz + TSTAMP_SZ);
-@@ -782,18 +799,18 @@ get_cookie_ticket(request_rec *r)
- }
-
- /* Generate a ticket digest string from the given details */
--static char *
-+static char *
- ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const char *secret)
- {
-- auth_tkt_serv_conf *sconf =
-+ auth_tkt_serv_conf *sconf =
- ap_get_module_config(r->server->module_config, &auth_tkt_module);
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
- char *uid = parsed->uid;
- char *tokens = parsed->tokens;
- char *user_data = parsed->user_data;
-
-- unsigned char *buf = apr_palloc(r->pool,
-+ unsigned char *buf = apr_palloc(r->pool,
- TSTAMP_SZ + strlen(secret) + strlen(uid) + 1 + strlen(tokens) + 1 + strlen(user_data) + 1);
- unsigned char *buf2 = apr_palloc(r->pool, sconf->digest_sz + strlen(secret));
- int len = 0;
-@@ -812,7 +829,7 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
- if (timestamp == 0) timestamp = parsed->timestamp;
-
- if (conf->debug >= 2) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT ticket_digest: using secret '%s', ip '%s', ts '%d'", secret, remote_ip, timestamp);
- }
-
-@@ -824,13 +841,13 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
- buf[0] = (unsigned char ) ((ip & 0xff000000) >> 24);
- buf[1] = (unsigned char ) ((ip & 0xff0000) >> 16);
- buf[2] = (unsigned char ) ((ip & 0xff00) >> 8);
-- buf[3] = (unsigned char ) ((ip & 0xff));
-- buf[4] = (unsigned char ) ((timestamp & 0xff000000) >> 24);
-- buf[5] = (unsigned char ) ((timestamp & 0xff0000) >> 16);
-- buf[6] = (unsigned char ) ((timestamp & 0xff00) >> 8);
-- buf[7] = (unsigned char ) ((timestamp & 0xff));
-+ buf[3] = (unsigned char ) ((ip & 0xff));
-+ buf[4] = (unsigned char ) ((timestamp & 0xff000000) >> 24);
-+ buf[5] = (unsigned char ) ((timestamp & 0xff0000) >> 16);
-+ buf[6] = (unsigned char ) ((timestamp & 0xff00) >> 8);
-+ buf[7] = (unsigned char ) ((timestamp & 0xff));
- len = 8;
--
-+
- /* Append remaining components to buf */
- strcpy((char *)&buf[len], secret);
- len += strlen(secret);
-@@ -857,7 +874,7 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
- digest = ap_md5_binary(r->pool, buf, len);
- }
- if (conf->debug >= 3) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT ticket_digest: digest0: '%s' (input length %d)", digest, len);
- }
-
-@@ -879,7 +896,7 @@ ticket_digest(request_rec *r, auth_tkt *parsed, unsigned int timestamp, const ch
- digest = ap_md5_binary(r->pool, buf2, len);
- }
- if (conf->debug >= 3) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT ticket_digest: digest: '%s'", digest);
- }
-
-@@ -897,21 +914,21 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
- char *digest;
- auth_tkt_serv_conf *sconf =
- ap_get_module_config(r->server->module_config, &auth_tkt_module);
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
-
- /* Attempt to parse ticket */
- if (! parse_ticket(r, &ticket, parsed)) {
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
- "TKT valid_ticket: unparseable %s ticket found ('%s')", source, ticket);
- }
- return 0;
- }
-
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-- "TKT valid_ticket: (parsed) uid '%s', tokens '%s', user_data '%s', ts '%d'",
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ "TKT valid_ticket: (parsed) uid '%s', tokens '%s', user_data '%s', ts '%d'",
- parsed->uid, parsed->tokens, parsed->user_data, parsed->timestamp);
- }
-
-@@ -921,9 +938,9 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
-
- /* Digest mismatch - if no old secret set, fail */
- if(sconf->old_secret == NULL) {
-- ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
- "TKT valid_ticket: ticket hash (current secret) is invalid, and no old secret set "
-- "- digest '%s', ticket '%s'",
-+ "- digest '%s', ticket '%s'",
- digest, ticket);
- return 0;
- }
-@@ -931,13 +948,13 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
- /* Digest mismatch - if old_secret is set, recalculate using that */
- else {
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT valid_ticket: ticket hash (current secret) is invalid, but old_secret is set - checking ticket digest against that");
- }
- digest = ticket_digest(r, parsed, 0, sconf->old_secret);
- if (memcmp(ticket, digest, sconf->digest_sz) != 0) {
-- ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
-- "TKT valid_ticket: ticket hash (old secret) is also invalid - digest '%s', ticket '%s'",
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, APR_SUCCESS, r,
-+ "TKT valid_ticket: ticket hash (old secret) is also invalid - digest '%s', ticket '%s'",
- digest, ticket);
- return 0;
- }
-@@ -946,7 +963,7 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
- else {
- if (force_refresh != NULL) {
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT valid_ticket: ticket_digest validated with old_secret - forcing a cookie refresh");
- }
- *force_refresh = 1;
-@@ -958,31 +975,31 @@ valid_ticket(request_rec *r, const char *source, char *ticket, auth_tkt *parsed,
- return 1;
- }
-
--/* Check for required auth tokens
-+/* Check for required auth tokens
- * Returns 1 on success, 0 on failure */
- static int
- check_tokens(request_rec *r, char *tokens)
- {
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
- char *next_parsed_token;
- const char *t = NULL;
-- int match = 0;
-+ int match = 0;
-
- /* Success if no tokens required */
-- if (conf->auth_token->nelts == 0 ||
-+ if (conf->auth_token->nelts == 0 ||
- strcmp(((char **) conf->auth_token->elts)[0], "NULL") == 0) {
- return 1;
- }
- /* Failure if required and no user tokens found */
- if (tokens == NULL || strlen(tokens) == 0) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT: no matching tokens! (no user tokens found)");
- return 0;
- }
-
-- t = apr_pstrdup(r->pool, tokens);
--
-+ t = apr_pstrdup(r->pool, tokens);
-+
- while (*t && (next_parsed_token = ap_getword(r->pool, &t, ','))) {
- char ** auth_tokens = (char **) conf->auth_token->elts;
- int i;
-@@ -990,16 +1007,16 @@ check_tokens(request_rec *r, char *tokens)
- for (i=0; i < conf->auth_token->nelts; i++) {
- int token_len = strlen(auth_tokens[i]);
- if (strncmp(auth_tokens[i], next_parsed_token, token_len) == 0 &&
-- next_parsed_token[token_len] == 0) {
-- match = 1;
-- break;
-+ next_parsed_token[token_len] == 0) {
-+ match = 1;
-+ break;
- }
- }
- if (match) break;
- }
-
- if (conf->debug >= 1 && ! match) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT: no matching tokens! (user tokens '%s')", tokens);
- }
-
-@@ -1010,24 +1027,24 @@ check_tokens(request_rec *r, char *tokens)
- static void
- refresh_cookie(request_rec *r, auth_tkt *parsed, int timeout, int force_flag)
- {
-- auth_tkt_serv_conf *sconf =
-+ auth_tkt_serv_conf *sconf =
- ap_get_module_config(r->server->module_config, &auth_tkt_module);
-- auth_tkt_dir_conf *conf =
-+ auth_tkt_dir_conf *conf =
- ap_get_module_config(r->per_dir_config, &auth_tkt_module);
-
- /* The timeout refresh is a double between 0 and 1, signifying what
-- * proportion of the timeout should be left before we refresh i.e.
-+ * proportion of the timeout should be left before we refresh i.e.
- * 0 means never refresh (hard timeouts); 1 means always refresh;
-- * .33 means only refresh if less than a third of the timeout
-- * period remains. */
-+ * .33 means only refresh if less than a third of the timeout
-+ * period remains. */
- unsigned int now = time(NULL);
- int remainder = parsed->timestamp + timeout - now;
- double refresh_sec = conf->timeout_refresh * timeout;
-
- if (conf->debug >= 1) {
-- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
-+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, r,
- "TKT refresh_cookie: timeout %d, refresh %.3f, remainder %d, refresh_sec %.3f, force_flag %d",
-- timeout, conf->timeout_refresh, remainder, refresh_sec, force_flag);
-+ timeout, conf->timeout_refresh, remainder, refresh_sec, force_flag);
- }
-
- /* If less than our refresh_sec threshold, freshen the cookie */
-@@ -1036,29 +1053,29 @@ refresh_cookie(request_rec *r, auth_tkt *parsed, int timeout, int force_flag)
- char *digest = ticket_digest(r, parsed, now, sconf->secret);
- if (parsed->tokens) {
- ticket = apr_psprintf(r->pool,
-- "%s%08x%s%c%s%c%s",
-- digest, now, parsed->uid,
-- SEPARATOR, parsed->tokens,
-- SEPARATOR, parsed->user_data);
-+ "%s%08x%s%c%s%c%s",
-+ digest, now, parsed->uid,
-+ SEPARATOR, parsed->tokens,
-+ SEPARATOR, parsed->user_data);
- }
- else {
- ticket = apr_psprintf(r->pool,
-- "%s%08x%s%c%s",
-+ "%s%08x%s%c%s",
- digest, now, parsed->uid, SEPARATOR, parsed->user_data);
- }
- ticket_base64 = ap_pbase64encode(r->pool, ticket);
-
-- send_auth_cookie(r, ticket_base64);
-+ send_auth_cookie(r, ticket_base64);
- }
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-head
mailing list