From: Bradley Nicholes Date: Thu, 1 Dec 2005 04:14:50 +0000 (+0000) Subject: convert mod_authz_user to register its require providers X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5d1c04df7cba06642c69f917a72c07b98b84fbb;p=thirdparty%2Fapache%2Fhttpd.git convert mod_authz_user to register its require providers git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@350149 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h index b0a400aecd9..1b156337574 100644 --- a/modules/aaa/mod_auth.h +++ b/modules/aaa/mod_auth.h @@ -75,10 +75,10 @@ struct authn_provider_list { }; typedef struct { - /* Given a username and password, expected to return AUTH_GRANTED - * if we can validate this user/password combination. + /* Given a request_rec, expected to return AUTH_GRANTED + * if we can authorize user access. */ - authn_status (*check_authorization)(request_rec *r); + authn_status (*check_authorization)(request_rec *r, apr_int64_t method_mask, const char *require_line); } authz_provider; /* A linked-list of authn providers. */ diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_authz_host.c index 1da20614630..71bd59600f6 100644 --- a/modules/aaa/mod_authz_host.c +++ b/modules/aaa/mod_authz_host.c @@ -459,7 +459,7 @@ static int authorize_user(request_rec *r) } - auth_result = provider->check_authorization(r); + auth_result = provider->check_authorization(r, current_provider->method_mask, current_provider->requirement); apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE); diff --git a/modules/aaa/mod_authz_user.c b/modules/aaa/mod_authz_user.c index cc6d808a3ec..82e307b52a6 100644 --- a/modules/aaa/mod_authz_user.c +++ b/modules/aaa/mod_authz_user.c @@ -17,6 +17,7 @@ #include "apr_strings.h" #include "ap_config.h" +#include "ap_provider.h" #include "httpd.h" #include "http_config.h" #include "http_core.h" @@ -24,6 +25,8 @@ #include "http_protocol.h" #include "http_request.h" +#include "mod_auth.h" + typedef struct { int authoritative; } authz_user_config_rec; @@ -49,6 +52,7 @@ static const command_rec authz_user_cmds[] = module AP_MODULE_DECLARE_DATA authz_user_module; +#if 0 static int check_user_access(request_rec *r) { authz_user_config_rec *conf = ap_get_module_config(r->per_dir_config, @@ -111,10 +115,68 @@ static int check_user_access(request_rec *r) ap_note_auth_failure(r); return HTTP_UNAUTHORIZED; } +#endif + +static authn_status user_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line) +{ + char *user = r->user; + int m = r->method_number; + const char *t, *w; + + if (!(method_mask & (AP_METHOD_BIT << m))) { + return DECLINED; + } + + t = require_line; + w = ap_getword_white(r->pool, &t); + if (!strcasecmp(w, "user")) { + /* And note that there are applicable requirements + * which we consider ourselves the owner of. + */ + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (!strcmp(user, w)) { + return OK; + } + } + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: user '%s' does not meet " + "'require'ments for user to be allowed access", + r->uri, user); + + ap_note_auth_failure(r); + return HTTP_UNAUTHORIZED; +} + +static authn_status validuser_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line) +{ + int m = r->method_number; + + if (!(method_mask & (AP_METHOD_BIT << m))) { + return DECLINED; + } + return OK; +} + +static const authz_provider authz_user_provider = +{ + &user_check_authorization, +}; +static const authz_provider authz_validuser_provider = +{ + &validuser_check_authorization, +}; static void register_hooks(apr_pool_t *p) { - ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE); + ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "user", "0", + &authz_user_provider); + ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0", + &authz_validuser_provider); + + /* ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);*/ } module AP_MODULE_DECLARE_DATA authz_user_module =