#include "apr_lib.h" /* apr_isspace */
#include "ap_config.h"
+#include "ap_provider.h"
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
int authoritative;
} authz_groupfile_config_rec;
+APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
+
static void *create_authz_groupfile_dir_config(apr_pool_t *p, char *d)
{
authz_groupfile_config_rec *conf = apr_palloc(p, sizeof(*conf));
return APR_SUCCESS;
}
+#if 0
/* Checking ID */
static int check_user_access(request_rec *r)
ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
+#endif
+
+static authz_status group_check_authorization(request_rec *r,
+ const char *require_args)
+{
+ authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &authz_groupfile_module);
+ char *user = r->user;
+ const char *t, *w;
+ apr_table_t *grpstatus = NULL;
+ apr_status_t status;
+
+ status = groups_for_user(r->pool, user, conf->groupfile,
+ &grpstatus);
+
+ if (status != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+ "Could not open group file: %s",
+ conf->groupfile);
+ return AUTHZ_DENIED;
+ }
+
+ if (apr_table_elts(grpstatus)->nelts == 0) {
+ /* no groups available, so exit immediately */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Authorization of user %s to access %s failed, reason: "
+ "user doesn't appear in group file (%s).",
+ r->user, r->uri, conf->groupfile);
+ return AUTHZ_DENIED;
+ }
+
+ t = require_args;
+ while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+ if (apr_table_get(grpstatus, w)) {
+ return AUTHZ_GRANTED;
+ }
+ }
+
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Authorization of user %s to access %s failed, reason: "
+ "user is not part of the 'require'ed group(s).",
+ r->user, r->uri);
+
+ return AUTHZ_DENIED;
+}
+
+APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group;
+
+static authz_status filegroup_check_authorization(request_rec *r,
+ const char *require_args)
+{
+ const char *filegroup = NULL;
+
+
+ authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &authz_groupfile_module);
+ char *user = r->user;
+ apr_table_t *grpstatus = NULL;
+ apr_status_t status;
+
+ status = groups_for_user(r->pool, user, conf->groupfile,
+ &grpstatus);
+
+ if (status != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+ "Could not open group file: %s",
+ conf->groupfile);
+ return AUTHZ_DENIED;
+ }
+
+ if (apr_table_elts(grpstatus)->nelts == 0) {
+ /* no groups available, so exit immediately */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Authorization of user %s to access %s failed, reason: "
+ "user doesn't appear in group file (%s).",
+ r->user, r->uri, conf->groupfile);
+ return AUTHZ_DENIED;
+ }
+
+ filegroup = authz_owner_get_file_group(r);
+
+ if (filegroup) {
+ if (apr_table_get(grpstatus, filegroup)) {
+ return AUTHZ_GRANTED;
+ }
+ }
+ else {
+ /* No need to emit a error log entry because the call
+ to authz_owner_get_file_group already did it
+ for us.
+ */
+ return AUTHZ_DENIED;
+ }
+
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Authorization of user %s to access %s failed, reason: "
+ "user is not part of the 'require'ed file group.",
+ r->user, r->uri);
+
+ return AUTHZ_DENIED;
+}
+
+static const authz_provider authz_group_provider =
+{
+ &group_check_authorization,
+};
+
+static const authz_provider authz_filegroup_provider =
+{
+ &filegroup_check_authorization,
+};
static void register_hooks(apr_pool_t *p)
{
- static const char * const aszPre[]={ "mod_authz_owner.c", NULL };
+ authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group);
- ap_hook_auth_checker(check_user_access, aszPre, NULL, APR_HOOK_MIDDLE);
+ ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "group", "0",
+ &authz_group_provider);
+ ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "file-group", "0",
+ &authz_filegroup_provider);
}
module AP_MODULE_DECLARE_DATA authz_groupfile_module =
projects / thirdparty / apache / httpd.git / commitdiff
