directories in ascending order until a .gacl file is found.
(Default: GridSiteAuth off)
+.IP "GridSiteAutoPasscode on|off"
+Whether to automatically issue passcodes in response to HTTPS
+requests made using a full X.509 certificate (not a GSI proxy.)
+(Default: GridSiteAutoPasscode on)
+
+.IP "GridSiteRequirePasscode on|off"
+Whether to require passcode cookies when processing HTTPS
+requests made using a full X.509 certificate (not a GSI proxy.)
+(Default: GridSiteAutoPasscode off)
+
.IP "GridSiteAdminList uri"
All members of the DN List with name "uri" receive the full set
of permissions, irrespective of per-directory .gacl files. People in
user with the GACL in force. (These should be tested using the
GRSTgaclPermHasXXXX functions from GACL.)
+.IP GRST_PASSCODE_COOKIE
+Value of GRIDHTTP_PASSCODE cookie that should be returned when using
+a double-submit cookie procedure to guard against Cross Site Request
+Forgery (CSRF) attacks. This is only set if a valid passcode file
+was found in the server's sessions directory.
+
.IP GRST_ADMIN_LIST
URI of the DN List, listing people with full admin and write access
to the whole site.
{
int auth;
int autopasscode;
+ int requirepasscode;
int zoneslashes;
int envs;
int format;
{
conf->auth = 0; /* GridSiteAuth on/off */
conf->autopasscode = 1; /* GridSiteAutoPasscode on/off */
+ conf->requirepasscode = 0; /* GridSiteRequirePasscode on/off */
conf->zoneslashes = 1; /* GridSiteZoneSlashes number */
conf->envs = 1; /* GridSiteEnvs on/off */
conf->format = 0; /* GridSiteHtmlFormat on/off */
{
conf->auth = UNSET; /* GridSiteAuth on/off */
conf->autopasscode = UNSET; /* GridSiteAutoPasscode on/off */
+ conf->requirepasscode = UNSET; /* GridSiteRequirePasscode on/off */
conf->zoneslashes = UNSET; /* GridSiteZoneSlashes number */
conf->envs = UNSET; /* GridSiteEnvs on/off */
conf->format = UNSET; /* GridSiteHtmlFormat on/off */
if (direct->autopasscode != UNSET) conf->autopasscode = direct->autopasscode;
else conf->autopasscode = server->autopasscode;
+ if (direct->requirepasscode != UNSET) conf->requirepasscode = direct->requirepasscode;
+ else conf->requirepasscode = server->requirepasscode;
+
if (direct->zoneslashes != UNSET) conf->zoneslashes = direct->zoneslashes;
else conf->zoneslashes = server->zoneslashes;
{
((mod_gridsite_dir_cfg *) cfg)->autopasscode = flag;
}
+ else if (strcasecmp(a->cmd->name, "GridSiteRequirePasscode") == 0)
+ {
+ ((mod_gridsite_dir_cfg *) cfg)->requirepasscode = flag;
+ }
else if (strcasecmp(a->cmd->name, "GridSiteEnvs") == 0)
{
((mod_gridsite_dir_cfg *) cfg)->envs = flag;
NULL, OR_FILEINFO, "on or off"),
AP_INIT_FLAG("GridSiteAutoPasscode", mod_gridsite_flag_cmds,
NULL, OR_FILEINFO, "on or off"),
+ AP_INIT_FLAG("GridSiteRequirePasscode", mod_gridsite_flag_cmds,
+ NULL, OR_FILEINFO, "on or off"),
AP_INIT_FLAG("GridSiteEnvs", mod_gridsite_flag_cmds,
NULL, OR_FILEINFO, "on or off"),
AP_INIT_FLAG("GridSiteHtmlFormat", mod_gridsite_flag_cmds,
/*
if not succeeded from passcode file, try from connection notes
if a GSI Proxy or have GridSiteAutoPasscode on (the default)
- (if GridSiteAutoPasscode off then interactive websites must use
- a login script to make passcode and file instead.)
+ or have GridSiteRequirePasscode off (the default).
+ If GridSiteAutoPasscode off and GridSiteRequirePasscode on
+ then interactive websites must use a login script to make passcode
+ and file instead.
*/
if ((user == NULL) &&
"notbefore=%ld notafter=%ld delegation=%d nist-loa=%d",
¬before, ¬after, &delegation, &nist_loa) == 4) &&
(delegation <= ((mod_gridsite_dir_cfg *) cfg)->gsiproxylimit) &&
- ((delegation > 0) || ((mod_gridsite_dir_cfg *) cfg)->autopasscode))
+ ((delegation > 0) ||
+ ((mod_gridsite_dir_cfg *) cfg)->autopasscode ||
+ !(((mod_gridsite_dir_cfg *) cfg)->requirepasscode)))
{
cred_0 = GRSTgaclCredCreate(grst_cred_auri_0, NULL);
if (cred_0 != NULL)
git://scientific.zcu.cz / jra1mw.git / commitdiff