httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_authz_dbm.c
Date Wed, 15 Jan 2003 22:14:45 GMT
nd          2003/01/15 14:14:45

  Modified:    modules/aaa mod_authz_dbm.c
  Log:
  add support for "Require file-group"
  
  Revision  Changes    Path
  1.8       +57 -24    httpd-2.0/modules/aaa/mod_authz_dbm.c
  
  Index: mod_authz_dbm.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_authz_dbm.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- mod_authz_dbm.c	6 Jan 2003 08:07:51 -0000	1.7
  +++ mod_authz_dbm.c	15 Jan 2003 22:14:45 -0000	1.8
  @@ -83,6 +83,8 @@
   #include "http_protocol.h"
   #include "http_request.h"   /* for ap_hook_(check_user_id | auth_checker)*/
   
  +#include "mod_auth.h"
  +
   typedef struct {
       char *grpfile;
       char *dbmtype;
  @@ -195,9 +197,11 @@
       require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
       register int x;
       const char *t;
  -    const char *orig_groups = NULL;
       char *w;
       int required_group = 0;
  +    const char *filegroup = NULL;
  +    const char *orig_groups = NULL;
  +    char *reason = NULL;
   
       if (!conf->grpfile) {
           return DECLINED;
  @@ -216,7 +220,19 @@
           t = reqs[x].requirement;
           w = ap_getword_white(r->pool, &t);
    
  -        if (!strcmp(w, "group")) {
  +        if (!strcmp(w, "file-group")) {
  +            filegroup = apr_table_get(r->notes, AUTHZ_GROUP_NOTE);
  +            
  +            if (!filegroup) {
  +                /* mod_authz_owner is not present or not
  +                 * authoritative. We are just a helper module for testing
  +                 * group membership, so we don't care and decline.
  +                 */
  +                continue;
  +            }
  +        }
  +
  +        if (!strcmp(w, "group") || filegroup) {
               const char *realm = ap_auth_name(r);
               const char *groups;
               char *v;
  @@ -241,46 +257,61 @@
                   }
   
                   if (groups == NULL) {
  -                    if (!conf->authoritative) {
  -                        return DECLINED;
  -                    }
  -
  -                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -                                  "user %s not in DBM group file %s: %s",
  -                                  user, conf->grpfile, r->filename);
  -
  -                    ap_note_auth_failure(r);
  -                    return HTTP_UNAUTHORIZED;
  +                    /* no groups available, so exit immediately */
  +                    reason = apr_psprintf(r->pool,
  +                                          "user doesn't appear in DBM group "
  +                                          "file (%s).", conf->grpfile);
  +                    break;
                   }
   
                   orig_groups = groups;
               }
   
  -            while (t[0]) {
  -                w = ap_getword_white(r->pool, &t);
  +            if (filegroup) {
                   groups = orig_groups;
                   while (groups[0]) {
                       v = ap_getword(r->pool, &groups, ',');
  -                    if (!strcmp(v, w)) {
  +                    if (!strcmp(v, filegroup)) {
                           return OK;
                       }
                   }
  +
  +                if (conf->authoritative) {
  +                    reason = apr_psprintf(r->pool,
  +                                          "file group '%s' does not match.",
  +                                          filegroup);
  +                    break;
  +                }
  +
  +                /* now forget the filegroup, thus alternatively require'd
  +                   groups get a real chance */
  +                filegroup = NULL;
  +            }
  +            else {
  +                while (t[0]) {
  +                    w = ap_getword_white(r->pool, &t);
  +                    groups = orig_groups;
  +                    while (groups[0]) {
  +                        v = ap_getword(r->pool, &groups, ',');
  +                        if (!strcmp(v, w)) {
  +                            return OK;
  +                        }
  +                    }
  +                }
               }
           }
       }
   
  -    /* no group requirement seen */
  -    if (!required_group) {
  -        return DECLINED;
  -    }
  -
  -    if (!conf->authoritative) {
  +    /* No applicable "require group" for this method seen */
  +    if (!required_group || !conf->authoritative) {
           return DECLINED;
       }
   
       ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -                  "user %s not in right group: %s",
  -                  user, r->filename);
  +                  "Authorization of user %s to access %s failed, reason: %s",
  +                  r->user, r->uri,
  +                  reason ? reason : "user is not part of the "
  +                                    "'require'ed group(s).");
   
       ap_note_auth_failure(r);
       return HTTP_UNAUTHORIZED;
  @@ -288,7 +319,9 @@
   
   static void register_hooks(apr_pool_t *p)
   {
  -    ap_hook_auth_checker(dbm_check_auth, NULL, NULL, APR_HOOK_MIDDLE);
  +    static const char * const aszPre[]={ "mod_authz_owner.c", NULL };
  +
  +    ap_hook_auth_checker(dbm_check_auth, aszPre, NULL, APR_HOOK_MIDDLE);
   }
   
   module AP_MODULE_DECLARE_DATA authz_dbm_module =
  
  
  

Mime
View raw message