Author: brane
Date: Sun Jun 15 15:54:14 2025
New Revision: 1926448
URL: http://svn.apache.org/viewvc?rev=1926448&view=rev
Log:
On the user-defined-authn branch: Replace hard-coded 401/407 HTTP status codes
with constant macros. The macros are public because the user-defined authn
schemes will need them -- the concept of 401/407 is already public from the
existing credentials callback -- so we may as well use them in our code, too.
* serf.h
(SERF_AUTHN_CODE_HOST, SERF_AUTHN_CODE_PROXY): Define to 401/407,
respectively.
(serf_credentials_callback_t): Update the docstring.
* auth/auth.h
(SERF__PEER_FROM_CODE,
SERF__CODE_FROM_PEER,
SERF__HEADER_FROM_CODE,
SERF__HEADER_FROM_PEER): New helper macros encode patterns that are
copy/pasted throughout the implementation.
* auth/auth.c: Replace 401/407 with the new constants.
* auth/auth_basic.c,
auth/auth_digest.c,
auth/auth_spnego.c: Likewise; also use the new helper macros.
* test/test_buckets.c,
test/test_server.c,
test/test_ssl.c: Likewise; use the new constants in mock responses, too.
Modified:
serf/branches/user-defined-authn/auth/auth.c
serf/branches/user-defined-authn/auth/auth.h
serf/branches/user-defined-authn/auth/auth_basic.c
serf/branches/user-defined-authn/auth/auth_digest.c
serf/branches/user-defined-authn/auth/auth_spnego.c
serf/branches/user-defined-authn/serf.h
serf/branches/user-defined-authn/test/test_buckets.c
serf/branches/user-defined-authn/test/test_server.c
serf/branches/user-defined-authn/test/test_ssl.c
Modified: serf/branches/user-defined-authn/auth/auth.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/auth/auth.c?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/auth/auth.c (original)
+++ serf/branches/user-defined-authn/auth/auth.c Sun Jun 15 15:54:14 2025
@@ -173,7 +173,7 @@ static int handle_auth_headers(int code,
if (!auth_hdr)
continue;
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
@@ -284,14 +284,14 @@ static apr_status_t dispatch_auth(int co
serf_bucket_t *response,
apr_pool_t *pool)
{
- if (code == 401 || code == 407) {
+ if (code == SERF_AUTHN_CODE_HOST || code == SERF_AUTHN_CODE_PROXY) {
serf_bucket_t *hdrs;
auth_baton_t ab = { 0 };
ab.hdrs = apr_hash_make(pool);
ab.pool = pool;
- if (code == 401)
+ if (code == SERF_AUTHN_CODE_HOST)
ab.header = "WWW-Authenticate";
else
ab.header = "Proxy-Authenticate";
@@ -314,7 +314,8 @@ static apr_status_t dispatch_auth(int co
serf__log(LOGLVL_DEBUG, LOGCOMP_AUTHN, __FILE__,
request->conn->config,
"%s authz required. Response header(s): %s\n",
- code == 401 ? "Server" : "Proxy", auth_hdr);
+ code == SERF_AUTHN_CODE_HOST ? "Server" : "Proxy",
+ auth_hdr);
}
}
#endif /* SERF_LOGGING_ENABLED */
@@ -379,7 +380,7 @@ apr_status_t serf__handle_auth_response(
return APR_SUCCESS;
}
- if (sl.code == 401 || sl.code == 407) {
+ if (sl.code == SERF_AUTHN_CODE_HOST || sl.code == SERF_AUTHN_CODE_PROXY) {
/* Authentication requested. */
/* Don't bother handling the authentication request if the response
@@ -526,16 +527,16 @@ apr_status_t serf__auth_setup_connection
authn_info = &ctx->proxy_authn_info;
if (authn_info->scheme) {
status = authn_info->scheme->init_conn_func(authn_info->scheme,
- 407, conn,
- conn->pool);
+ SERF_AUTHN_CODE_PROXY,
+ conn, conn->pool);
}
}
else {
authn_info = serf__get_authn_info_for_server(conn);
if (authn_info->scheme) {
status = authn_info->scheme->init_conn_func(authn_info->scheme,
- 401, conn,
- conn->pool);
+ SERF_AUTHN_CODE_HOST,
+ conn, conn->pool);
}
}
Modified: serf/branches/user-defined-authn/auth/auth.h
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/auth/auth.h?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/auth/auth.h (original)
+++ serf/branches/user-defined-authn/auth/auth.h Sun Jun 15 15:54:14 2025
@@ -149,6 +149,19 @@ extern const serf__authn_scheme_t serf__
#endif /* SERF_HAVE_SPNEGO */
+/** Helper macros for code <-> peer <-> header conversion */
+#define SERF__PEER_FROM_CODE(code) \
+ (((code) == SERF_AUTHN_CODE_HOST) ? HOST : PROXY)
+
+#define SERF__CODE_FROM_PEER(peer) \
+ (((peer) == HOST) ? SERF_AUTHN_CODE_HOST : SERF_AUTHN_CODE_PROXY)
+
+#define SERF__HEADER_FROM_CODE(code) \
+ SERF__HEADER_FROM_PEER(SERF__PEER_FROM_CODE((code)))
+
+#define SERF__HEADER_FROM_PEER(peer) \
+ (((peer) == HOST) ? "Authorization" : "Proxy-Authorization")
+
/** User-defined authentication scheme handlers */
/* FIXME: Declare the prototype for the internal unregister implementation */
Modified: serf/branches/user-defined-authn/auth/auth_basic.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/auth/auth_basic.c?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/auth/auth_basic.c (original)
+++ serf/branches/user-defined-authn/auth/auth_basic.c Sun Jun 15 15:54:14 2025
@@ -62,7 +62,7 @@ serf__handle_basic_auth(const serf__auth
return SERF_ERROR_AUTHN_FAILED;
}
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
@@ -88,7 +88,7 @@ serf__handle_basic_auth(const serf__auth
return SERF_ERROR_AUTHN_MISSING_ATTRIBUTE;
}
- realm = serf__construct_realm(code == 401 ? HOST : PROXY,
+ realm = serf__construct_realm(SERF__PEER_FROM_CODE(code),
conn, realm_name,
pool);
}
@@ -112,7 +112,7 @@ serf__handle_basic_auth(const serf__auth
serf__encode_auth_header(&basic_info->value,
scheme->name,
tmp, tmp_len, pool);
- basic_info->header = (code == 401) ? "Authorization" :
"Proxy-Authorization";
+ basic_info->header = SERF__HEADER_FROM_CODE(code);
return APR_SUCCESS;
}
@@ -133,7 +133,7 @@ serf__init_basic_connection(const serf__
serf_context_t *ctx = conn->ctx;
serf__authn_info_t *authn_info;
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
Modified: serf/branches/user-defined-authn/auth/auth_digest.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/auth/auth_digest.c?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/auth/auth_digest.c (original)
+++ serf/branches/user-defined-authn/auth/auth_digest.c Sun Jun 15 15:54:14 2025
@@ -264,7 +264,7 @@ serf__handle_digest_auth(const serf__aut
return SERF_ERROR_AUTHN_FAILED;
}
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
@@ -318,7 +318,7 @@ serf__handle_digest_auth(const serf__aut
return SERF_ERROR_AUTHN_MISSING_ATTRIBUTE;
}
- realm = serf__construct_realm(code == 401 ? HOST : PROXY,
+ realm = serf__construct_realm(SERF__PEER_FROM_CODE(code),
conn, realm_name,
pool);
@@ -334,8 +334,7 @@ serf__handle_digest_auth(const serf__aut
return status;
}
- digest_info->header = (code == 401) ? "Authorization" :
- "Proxy-Authorization";
+ digest_info->header = SERF__HEADER_FROM_CODE(code);
/* Store the digest authentication parameters in the context cached for
this server in the serf context, so we can use it to create the
@@ -375,7 +374,7 @@ serf__init_digest_connection(const serf_
serf_context_t *ctx = conn->ctx;
serf__authn_info_t *authn_info;
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
authn_info = serf__get_authn_info_for_server(conn);
} else {
authn_info = &ctx->proxy_authn_info;
@@ -437,8 +436,7 @@ serf__setup_request_digest_auth(const se
}
/* Build a new Authorization header. */
- digest_info->header = (peer == HOST) ? "Authorization" :
- "Proxy-Authorization";
+ digest_info->header = SERF__HEADER_FROM_PEER(peer);
status = build_auth_header(&value, digest_info, path, method,
conn->pool);
if (status)
Modified: serf/branches/user-defined-authn/auth/auth_spnego.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/auth/auth_spnego.c?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/auth/auth_spnego.c (original)
+++ serf/branches/user-defined-authn/auth/auth_spnego.c Sun Jun 15 15:54:14 2025
@@ -380,7 +380,7 @@ serf__init_spnego_connection(const serf_
/* For proxy authentication, reuse the gss context for all connections.
For server authentication, create a new gss context per connection. */
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
authn_info = &conn->authn_info;
} else {
authn_info = &ctx->proxy_authn_info;
@@ -424,11 +424,12 @@ serf__handle_spnego_auth(const serf__aut
{
serf_connection_t *conn = request->conn;
serf_context_t *ctx = conn->ctx;
- gss_authn_info_t *gss_info = (code == 401) ? conn->authn_info.baton :
- ctx->proxy_authn_info.baton;
+ gss_authn_info_t *gss_info = ((code == SERF_AUTHN_CODE_HOST)
+ ? conn->authn_info.baton :
+ ctx->proxy_authn_info.baton);
return do_auth(scheme,
- code == 401 ? HOST : PROXY,
+ SERF__PEER_FROM_CODE(code),
code,
gss_info,
request->conn,
Modified: serf/branches/user-defined-authn/serf.h
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/serf.h?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/serf.h (original)
+++ serf/branches/user-defined-authn/serf.h Sun Jun 15 15:54:14 2025
@@ -443,7 +443,11 @@ typedef apr_status_t (*serf_response_han
* can handle server and proxy authentication.
* code = 401 (server) or 407 (proxy).
* baton = the baton passed to serf_context_run.
- * authn_type = one of "Basic", "Digest".
+ * authn_type = one of "Basic", "Digest", or the name of a user-defined
+ * authentication scheme if it uses this callback.
+ *
+ * @see SERF_AUTHN_CODE_HOST
+ * @see SERF_AUTHN_CODE_PROXY
*/
typedef apr_status_t (*serf_credentials_callback_t)(
char **username,
@@ -957,6 +961,11 @@ serf_bucket_t *serf_request_bucket_reque
#define SERF_AUTHN_NEGOTIATE 0x08 /**< Authentication type: Negotiate */
#define SERF_AUTHN_ALL ~0x00 /**< All authentication types */
+/* For user-defined authentication callbacks: these the sources of an
+ authentication callback. */
+#define SERF_AUTHN_CODE_HOST 401 /**< Authentication request from a host */
+#define SERF_AUTHN_CODE_PROXY 407 /**< Authentication requset from a proxy */
+
/**
* Register an autehtication scheme.
*
Modified: serf/branches/user-defined-authn/test/test_buckets.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/test/test_buckets.c?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/test/test_buckets.c (original)
+++ serf/branches/user-defined-authn/test/test_buckets.c Sun Jun 15 15:54:14
2025
@@ -1532,7 +1532,7 @@ static void test_response_bucket_iis_sta
serf_bucket_response_status(bkt, &sline);
CuAssertTrue(tc, sline.version == SERF_HTTP_11);
- CuAssertIntEquals(tc, 401, sline.code);
+ CuAssertIntEquals(tc, SERF_AUTHN_CODE_HOST, sline.code);
/* Probably better to have just "Logon failed" as reason. But current
behavior is also acceptable.*/
@@ -1563,7 +1563,7 @@ static void test_response_bucket_no_reas
serf_bucket_response_status(bkt, &sline);
CuAssertTrue(tc, sline.version == SERF_HTTP_11);
- CuAssertIntEquals(tc, 401, sline.code);
+ CuAssertIntEquals(tc, SERF_AUTHN_CODE_HOST, sline.code);
/* Probably better to have just "Logon failed" as reason. But current
behavior is also acceptable.*/
Modified: serf/branches/user-defined-authn/test/test_server.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/test/test_server.c?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/test/test_server.c (original)
+++ serf/branches/user-defined-authn/test/test_server.c Sun Jun 15 15:54:14 2025
@@ -78,12 +78,13 @@ static apr_status_t client_generate_resp
serf_bucket_t *headers;
#define CRLF "\r\n"
- if (tb->user_baton_l == 401) {
+ if (tb->user_baton_l == SERF_AUTHN_CODE_HOST) {
tb->user_baton_l = 0;
body = SERF_BUCKET_SIMPLE_STRING("NOT HERE" CRLF, allocator);
- resp = serf_bucket_outgoing_response_create(body, 401, "Unauth",
+ resp = serf_bucket_outgoing_response_create(body,
+ SERF_AUTHN_CODE_HOST,
"Unauth",
SERF_HTTP_11, allocator);
headers = serf_bucket_outgoing_response_get_headers(resp);
@@ -299,7 +300,7 @@ static void test_listen_auth_http(CuTest
create_new_request(tb, &handler_ctx[0], "GET", "/", 1);
create_new_request(tb, &handler_ctx[1], "GET", "/", 2);
- tb->user_baton_l = 401;
+ tb->user_baton_l = SERF_AUTHN_CODE_HOST;
tb->user_baton = tc;
status = run_client_server_loop(tb, num_requests,
@@ -327,7 +328,7 @@ static void test_listen_auth_http2(CuTes
create_new_request(tb, &handler_ctx[0], "GET", "/", 1);
create_new_request(tb, &handler_ctx[1], "GET", "/", 2);
- tb->user_baton_l = 401;
+ tb->user_baton_l = SERF_AUTHN_CODE_HOST;
tb->user_baton = tc;
status = run_client_server_loop(tb, num_requests,
Modified: serf/branches/user-defined-authn/test/test_ssl.c
URL:
http://svn.apache.org/viewvc/serf/branches/user-defined-authn/test/test_ssl.c?rev=1926448&r1=1926447&r2=1926448&view=diff
==============================================================================
--- serf/branches/user-defined-authn/test/test_ssl.c (original)
+++ serf/branches/user-defined-authn/test/test_ssl.c Sun Jun 15 15:54:14 2025
@@ -1399,7 +1399,7 @@ static void test_ssltunnel_no_creds_cb(C
RequestsReceivedByProxy
HTTPRequest(MethodEqualTo("CONNECT"),
URLEqualTo(tb->serv_host))
- Respond(WithCode(407), WithChunkedBody(""),
+ Respond(WithCode(SERF_AUTHN_CODE_PROXY), WithChunkedBody(""),
WithHeader("Proxy-Authentication",
"Basic realm=\"Test Suite Proxy\""))
SetupSSLTunnel
@@ -1430,7 +1430,7 @@ ssltunnel_basic_authn_callback(char **us
if (strcmp("Basic", authn_type) != 0)
return REPORT_TEST_SUITE_ERROR();
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
if (strcmp(apr_psprintf(pool, "<%s> Test Suite", tb->serv_url),
realm) != 0)
return REPORT_TEST_SUITE_ERROR();
@@ -1438,7 +1438,7 @@ ssltunnel_basic_authn_callback(char **us
*username = "serf";
*password = "serftest";
}
- else if (code == 407) {
+ else if (code == SERF_AUTHN_CODE_PROXY) {
if (strcmp(apr_psprintf(pool, "<http://localhost:%u> Test Suite Proxy",
tb->proxy_port), realm) != 0)
return REPORT_TEST_SUITE_ERROR();
@@ -1482,7 +1482,7 @@ static void ssltunnel_basic_auth(CuTest
Given(tb->mh)
RequestsReceivedByServer
GETRequest(URLEqualTo("/"), HeaderNotSet("Authorization"))
- Respond(WithCode(401),WithChunkedBody("1"),
+ Respond(WithCode(SERF_AUTHN_CODE_HOST),WithChunkedBody("1"),
WithHeader("www-Authenticate", "bAsIc realm=\"Test Suite\""),
OnConditionThat(serv_close_conn, WithConnectionCloseHeader))
GETRequest(URLEqualTo("/"),
@@ -1492,7 +1492,7 @@ static void ssltunnel_basic_auth(CuTest
HTTPRequest(MethodEqualTo("CONNECT"),
URLEqualTo(tb->serv_host),
HeaderNotSet("Proxy-Authorization"))
- Respond(WithCode(407), WithChunkedBody(""),
+ Respond(WithCode(SERF_AUTHN_CODE_PROXY), WithChunkedBody(""),
WithHeader("Proxy-Authenticate",
"Basic realm=\"Test Suite Proxy\""),
OnConditionThat(proxy407_close_conn,
WithConnectionCloseHeader))
@@ -1573,7 +1573,7 @@ basic_authn_callback_2ndtry(char **usern
if (strcmp("Basic", authn_type) != 0)
return REPORT_TEST_SUITE_ERROR();
- if (code == 401) {
+ if (code == SERF_AUTHN_CODE_HOST) {
if (strcmp(apr_psprintf(pool, "<%s> Test Suite", tb->serv_url),
realm) != 0)
return REPORT_TEST_SUITE_ERROR();
@@ -1581,7 +1581,7 @@ basic_authn_callback_2ndtry(char **usern
*username = "serf";
*password = secondtry ? "serftest" : "wrongpwd";
}
- else if (code == 407) {
+ else if (code == SERF_AUTHN_CODE_PROXY) {
if (strcmp(apr_psprintf(pool, "<http://localhost:%u> Test Suite Proxy",
tb->proxy_port), realm) != 0)
return REPORT_TEST_SUITE_ERROR();
@@ -1640,7 +1640,7 @@ static void test_ssltunnel_basic_auth_2n
HTTPRequest(MethodEqualTo("CONNECT"),
URLEqualTo(tb->serv_host),
HeaderNotSet("Proxy-Authorization"))
- Respond(WithCode(407), WithChunkedBody(""),
+ Respond(WithCode(SERF_AUTHN_CODE_PROXY), WithChunkedBody(""),
WithHeader("Proxy-Authenticate",
"Basic realm=\"Test Suite Proxy\""))
/* serfproxy:wrongpwd fails, close connection. */
@@ -1648,7 +1648,7 @@ static void test_ssltunnel_basic_auth_2n
URLEqualTo(tb->serv_host),
HeaderNotEqualTo("Proxy-Authorization",
"Basic c2VyZnByb3h5OnNlcmZ0ZXN0"))
- Respond(WithCode(407), WithChunkedBody(""),
+ Respond(WithCode(SERF_AUTHN_CODE_PROXY), WithChunkedBody(""),
WithHeader("Proxy-Authenticate",
"Basic realm=\"Test Suite Proxy\""))
CloseConnection
@@ -1697,7 +1697,7 @@ proxy_digest_authn_callback(char **usern
tb->result_flags |= TEST_RESULT_AUTHNCB_CALLED;
- if (code != 407)
+ if (code != SERF_AUTHN_CODE_PROXY)
return REPORT_TEST_SUITE_ERROR();
if (strcmp("Digest", authn_type) != 0)
return REPORT_TEST_SUITE_ERROR();
@@ -1790,7 +1790,7 @@ static void test_ssltunnel_digest_auth(C
HTTPRequest(MethodEqualTo("CONNECT"),
URLEqualTo(tb->serv_host),
HeaderNotSet("Proxy-Authorization"))
- Respond(WithCode(407), WithChunkedBody("1"),
+ Respond(WithCode(SERF_AUTHN_CODE_PROXY), WithChunkedBody("1"),
WithHeader("Proxy-Authenticate",
"Basic realm=\"Test Suite Proxy\""),
WithHeader("Proxy-Authenticate", "NonExistent blablablabla"),
@@ -1839,7 +1839,7 @@ static void test_ssltunnel_spnego_authn(
HTTPRequest(MethodEqualTo("CONNECT"),
URLEqualTo(tb->serv_host),
HeaderEqualTo("Host", tb->serv_host))
- Respond(WithCode(407),
+ Respond(WithCode(SERF_AUTHN_CODE_PROXY),
WithHeader("Proxy-Authenticate", "Negotiate"),
WithHeader("Proxy-Authenticate", "Kerberos"),
WithHeader("Proxy-Authenticate", "NTLM"),
@@ -1873,7 +1873,7 @@ static void test_server_spnego_authn(CuT
Given(tb->mh)
GETRequest(URLEqualTo("/"),
HeaderEqualTo("Host", tb->serv_host))
- Respond(WithCode(401),
+ Respond(WithCode(SERF_AUTHN_CODE_HOST),
WithHeader("WWW-Authenticate", "Negotiate"),
WithHeader("Content-Type", "text/html"),
WithBody("<html><body>Authn required</body></html>"))
