Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use the httpd-provided ap_unescape_urlencoded to parse data. | Jan Pazdziora | 2022-01-30 | 1 | -48/+5 |
| | |||||
* | No redacting beyond EOS. | Jan Pazdziora | 2022-01-30 | 1 | -0/+3 |
| | |||||
* | When we start looking for new fragment, the last fragment_start_bucket is ↵ | Jan Pazdziora | 2022-01-30 | 1 | -0/+1 |
| | | | | irrelevant as well. | ||||
* | No need to play with two brigades. | Jan Pazdziora | 2022-01-30 | 1 | -6/+4 |
| | |||||
* | Data was allocated via apr_pstrcat, it is a pool bucket. | Jan Pazdziora | 2022-01-30 | 1 | -1/+1 |
| | |||||
* | Do fragment allocation using pool. | Jan Pazdziora | 2022-01-30 | 1 | -9/+10 |
| | |||||
* | Ensure we do not work with memory that was already freed (and reused). | Jan Pazdziora | 2022-01-30 | 1 | -0/+5 |
| | | | | | | | | | When mod_authnz_pam does redirect for AuthPAMExpiredRedirect, the remaining input gets slurped from the r->input_filters by ap_send_error_response() and ctx->cached_brigade is cleared from our filter and memory reclaimed. The ctx->password_fragment_start_bucket is then no longer valid because the memory was released and reclaimed, and there is no point attempting to redact the password. | ||||
* | Put the name of the module to the start of the message on Apache 2.4. | Jan Pazdziora | 2016-11-23 | 1 | -15/+26 |
| | |||||
* | Prefer ap_log_rerror for messages related to a particular request. | Jan Pazdziora | 2016-11-23 | 1 | -14/+14 |
| | |||||
* | Add InterceptGETOnSuccess on|off.mod_intercept_form_submit-1.0.1 | Jan Pazdziora | 2016-05-06 | 1 | -10/+24 |
| | | | | | | | | When the authentication using the POST data passes, the method of the request is internally changed to GET. This stops applications and frameworks that insist on running their own authentication on POST irrespective of REMOTE_USER value to think that they process GET method. | ||||
* | Removal of forgotten commented piece of code. | Jan Pazdziora | 2014-05-14 | 1 | -1/+0 |
| | |||||
* | The latest lookup_identity_hook is fixups/APR_HOOK_LAST while we are ↵ | Jan Pazdziora | 2014-05-12 | 1 | -16/+1 |
| | | | | fixups/APR_HOOK_MIDDLE, no need to call explicitly. | ||||
* | Add support for InterceptFormLoginRealms.mod_intercept_form_submit-0.9.6 | Jan Pazdziora | 2014-04-15 | 1 | -1/+39 |
| | |||||
* | Move the processing to the middle of the fixup phase to allow mod_headers to ↵mod_intercept_form_submit-0.9.3 | Jan Pazdziora | 2014-01-15 | 1 | -6/+7 |
| | | | | process the result. | ||||
* | If pam_authenticate_with_login_password is not available, skip calling it.mod_intercept_form_submit-0.9.2 | Jan Pazdziora | 2014-01-09 | 1 | -0/+4 |
| | |||||
* | Declare all functions static for proper isolation. | Jan Pazdziora | 2014-01-09 | 1 | -12/+12 |
| | |||||
* | Use pam_authenticate_with_login_password from mod_authnz_pam.mod_intercept_form_submit-0.9.1 | Jan Pazdziora | 2014-01-09 | 1 | -57/+21 |
| | |||||
* | In the log message, show the module name. | Jan Pazdziora | 2013-12-06 | 1 | -2/+2 |
| | |||||
* | Strip parameters like charset from request's Content-Type. | Jan Pazdziora | 2013-12-05 | 1 | -6/+14 |
| | |||||
* | Unify the error reporting of PAM failures. | Jan Pazdziora | 2013-11-21 | 1 | -18/+11 |
| | |||||
* | Perform PAM account validation, not just authentication. | Jan Pazdziora | 2013-11-21 | 1 | -0/+8 |
| | |||||
* | Add support for InterceptFormClearRemoteUserForSkipped. | Jan Pazdziora | 2013-11-19 | 1 | -0/+8 |
| | |||||
* | Support redacting the password with InterceptFormPasswordRedact option. | Jan Pazdziora | 2013-11-19 | 1 | -9/+97 |
| | |||||
* | Do APR_BRIGADE_CONCAT into the cached brigade right after reading, it will ↵ | Jan Pazdziora | 2013-11-19 | 1 | -12/+4 |
| | | | | ensure we will only have one brigade to work with when we attempt to clear the password. | ||||
* | If there was no & in the bucket, the whole bucket might be continuation of ↵ | Jan Pazdziora | 2013-11-19 | 1 | -1/+6 |
| | | | | the previous fragment. | ||||
* | Call lookup_identity_hook from mod_lookup_identity if it exists, after the ↵ | Jan Pazdziora | 2013-11-19 | 1 | -0/+14 |
| | | | | (new) r->user was set. | ||||
* | Set EXTERNAL_AUTH_ERROR variable upon PAM error. | Jan Pazdziora | 2013-11-19 | 1 | -2/+7 |
| | |||||
* | Set the r->user as well (will show up in access_log). | Jan Pazdziora | 2013-11-19 | 1 | -1/+2 |
| | |||||
* | No need to spell out the module name for APLOG_DEBUG, it is shown by Apache. | Jan Pazdziora | 2013-11-07 | 1 | -7/+7 |
| | |||||
* | If REMOTE_USER is already set (presumably by previous module), skip. | Jan Pazdziora | 2013-11-07 | 1 | -1/+6 |
| | |||||
* | Parse enough of input before CGI is forked. | Jan Pazdziora | 2013-11-05 | 1 | -100/+129 |
| | | | | | | | | We run intercept_form_submit_filter_prefetch, look for login and password, and run pam_authenticate if needed. We store the input in f->ctx->cached_brigade and in the intercept_form_submit_filter we just send the cached buckets out upon the first invocation, and passthrough during the following. | ||||
* | Simplify the code by using the predefined ap_set_string_slot function. | Jan Pazdziora | 2013-11-04 | 1 | -27/+3 |
| | |||||
* | Since apr_pcalloc initializes the memory, no need to set manually. | Jan Pazdziora | 2013-11-04 | 1 | -5/+1 |
| | |||||
* | Introduce InterceptFormLoginSkip to be able to specify login blacklists. | Jan Pazdziora | 2013-11-04 | 1 | -0/+28 |
| | |||||
* | Apache module mod_intercept_form_submit. | Jan Pazdziora | 2013-10-30 | 1 | -0/+335 |