From 16746d12890f3b52543339addfdeb572e26e1a26 Mon Sep 17 00:00:00 2001 From: Jan Pazdziora Date: Mon, 12 May 2014 15:44:45 +0200 Subject: The latest lookup_identity_hook is fixups/APR_HOOK_LAST while we are fixups/APR_HOOK_MIDDLE, no need to call explicitly. --- README | 4 +--- mod_intercept_form_submit.c | 17 +---------------- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/README b/README index bf96c09..4dece4d 100644 --- a/README +++ b/README @@ -7,9 +7,7 @@ retrieves the login and password information from the POST HTTP request, runs PAM authentication with those credentials, and sets the REMOTE_USER environment variable if the authentication passes. The internal r->user field is also set so other modules can use it (even -if the module is invoked very late in the request processing). The -lookup_identity_hook from mod_lookup_identity is explicitly called -after the r->user is set. +if the module is invoked very late in the request processing). If the REMOTE_USER is already set (presumably by some previous module), no authentication takes place. diff --git a/mod_intercept_form_submit.c b/mod_intercept_form_submit.c index ac5f667..9637916 100644 --- a/mod_intercept_form_submit.c +++ b/mod_intercept_form_submit.c @@ -44,9 +44,6 @@ typedef struct { module AP_MODULE_DECLARE_DATA intercept_form_submit_module; -APR_DECLARE_OPTIONAL_FN(int, lookup_identity_hook, (request_rec * r)); -static APR_OPTIONAL_FN_TYPE(lookup_identity_hook) * lookup_identity_hook_fn = NULL; - APR_DECLARE_OPTIONAL_FN(authn_status, pam_authenticate_with_login_password, (request_rec * r, const char * pam_service, const char * login, const char * password, int steps)); @@ -87,9 +84,6 @@ static const command_rec directives[] = { #define _REMOTE_USER_ENV_NAME "REMOTE_USER" -static void register_lookup_identity_hook_fn(void) { - lookup_identity_hook_fn = APR_RETRIEVE_OPTIONAL_FN(lookup_identity_hook); -} static void register_pam_authenticate_with_login_password_fn(void) { pam_authenticate_with_login_password_fn = APR_RETRIEVE_OPTIONAL_FN(pam_authenticate_with_login_password); } @@ -287,15 +281,7 @@ static int intercept_form_submit_process_buffer(ap_filter_t * f, ifs_config * co ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "mod_intercept_form_submit: pam_authenticate_with_login_password not found; perhaps mod_authnz_pam is not loaded"); return 0; } - authn_status auth_result = pam_authenticate_in_realms(r, config->pam_service, *login_value, *password_value, config->realms, 3); - if (auth_result == AUTH_GRANTED) { - if (lookup_identity_hook_fn) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "mod_intercept_form_submit: calling lookup_identity_hook"); - lookup_identity_hook_fn(r); - } else { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "mod_intercept_form_submit: not calling lookup_identity_hook, is NULL"); - } - } + pam_authenticate_in_realms(r, config->pam_service, *login_value, *password_value, config->realms, 3); if (config->password_redact > 0) { intercept_form_redact_password(f, config); } @@ -482,7 +468,6 @@ static void * merge_dir_conf(apr_pool_t * pool, void * base_void, void * add_voi static void register_hooks(apr_pool_t * pool) { ap_hook_fixups(intercept_form_submit_init, NULL, NULL, APR_HOOK_MIDDLE); ap_register_input_filter("intercept_form_submit_filter", intercept_form_submit_filter, NULL, AP_FTYPE_RESOURCE); - ap_hook_optional_fn_retrieve(register_lookup_identity_hook_fn, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_optional_fn_retrieve(register_pam_authenticate_with_login_password_fn, NULL, NULL, APR_HOOK_MIDDLE); } -- cgit