httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r354998 - /httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
Date Thu, 08 Dec 2005 05:36:33 GMT
Author: bnicholes
Date: Wed Dec  7 21:36:14 2005
New Revision: 354998

URL: http://svn.apache.org/viewcvs?rev=354998&view=rev
Log:
Initial conversion of mod_authz_groupfile to be provider based

Modified:
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c?rev=354998&r1=354997&r2=354998&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c Wed Dec  7 21:36:14 2005
@@ -47,6 +47,7 @@
 #include "apr_lib.h" /* apr_isspace */
 
 #include "ap_config.h"
+#include "ap_provider.h"
 #include "httpd.h"
 #include "http_config.h"
 #include "http_core.h"
@@ -61,6 +62,8 @@
     int authoritative;
 } authz_groupfile_config_rec;
 
+APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
+
 static void *create_authz_groupfile_dir_config(apr_pool_t *p, char *d)
 {
     authz_groupfile_config_rec *conf = apr_palloc(p, sizeof(*conf));
@@ -145,6 +148,7 @@
     return APR_SUCCESS;
 }
 
+#if 0
 /* Checking ID */
 
 static int check_user_access(request_rec *r)
@@ -264,12 +268,126 @@
     ap_note_auth_failure(r);
     return HTTP_UNAUTHORIZED;
 }
+#endif
+
+static authz_status group_check_authorization(request_rec *r,
+                                             const char *require_args)
+{
+    authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config,
+            &authz_groupfile_module);
+    char *user = r->user;
+    const char *t, *w;
+    apr_table_t *grpstatus = NULL;
+    apr_status_t status;
+
+    status = groups_for_user(r->pool, user, conf->groupfile,
+                                &grpstatus);
+
+    if (status != APR_SUCCESS) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                        "Could not open group file: %s",
+                        conf->groupfile);
+        return AUTHZ_DENIED;
+    }
+
+    if (apr_table_elts(grpstatus)->nelts == 0) {
+        /* no groups available, so exit immediately */
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                      "Authorization of user %s to access %s failed, reason: "
+                      "user doesn't appear in group file (%s).",
+                      r->user, r->uri, conf->groupfile);
+        return AUTHZ_DENIED;
+    }
+
+    t = require_args;
+    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+        if (apr_table_get(grpstatus, w)) {
+            return AUTHZ_GRANTED;
+        }
+    }
+
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                    "Authorization of user %s to access %s failed, reason: "
+                    "user is not part of the 'require'ed group(s).",
+                    r->user, r->uri);
+
+    return AUTHZ_DENIED;
+}
+
+APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group;
+
+static authz_status filegroup_check_authorization(request_rec *r,
+                                              const char *require_args)
+{
+    const char *filegroup = NULL;
+
+
+    authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config,
+            &authz_groupfile_module);
+    char *user = r->user;
+    apr_table_t *grpstatus = NULL;
+    apr_status_t status;
+
+    status = groups_for_user(r->pool, user, conf->groupfile,
+                             &grpstatus);
+
+    if (status != APR_SUCCESS) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Could not open group file: %s",
+                      conf->groupfile);
+        return AUTHZ_DENIED;
+    }
+
+    if (apr_table_elts(grpstatus)->nelts == 0) {
+        /* no groups available, so exit immediately */
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                        "Authorization of user %s to access %s failed, reason: "
+                        "user doesn't appear in group file (%s).",
+                        r->user, r->uri, conf->groupfile);
+        return AUTHZ_DENIED;
+    }
+
+    filegroup = authz_owner_get_file_group(r);
+
+    if (filegroup) {
+        if (apr_table_get(grpstatus, filegroup)) {
+            return AUTHZ_GRANTED;
+        }
+    }
+    else {
+        /* No need to emit a error log entry because the call
+        to authz_owner_get_file_group already did it
+        for us.
+        */
+        return AUTHZ_DENIED;
+    }
+
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                  "Authorization of user %s to access %s failed, reason: "
+                  "user is not part of the 'require'ed file group.",
+                  r->user, r->uri);
+
+    return AUTHZ_DENIED;
+}
+
+static const authz_provider authz_group_provider =
+{
+    &group_check_authorization,
+};
+
+static const authz_provider authz_filegroup_provider =
+{
+    &filegroup_check_authorization,
+};
 
 static void register_hooks(apr_pool_t *p)
 {
-    static const char * const aszPre[]={ "mod_authz_owner.c", NULL };
+    authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group);
 
-    ap_hook_auth_checker(check_user_access, aszPre, NULL, APR_HOOK_MIDDLE);
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "group", "0",
+                         &authz_group_provider);
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "file-group", "0",
+                         &authz_filegroup_provider);
 }
 
 module AP_MODULE_DECLARE_DATA authz_groupfile_module =



Mime
View raw message