2 * ITKACL module, (C) 2004-2022 Steinar H. Gunderson
5 #define MODAUTHITKACL_VERSION "0.7"
7 #include "apr_strings.h"
11 #include "http_config.h"
12 #include "http_core.h"
14 #include "http_protocol.h"
15 #include "http_request.h"
19 module AP_MODULE_DECLARE_DATA authz_itkacl_module;
20 static struct itkacl_ctx *ctx = NULL;
22 static int handle_require(request_rec *r, const char *username, const char *acl_path)
27 ret = itkacl_check_with_ctx(ctx, acl_path, username, errmsg, 1024);
33 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
34 "error during itkacl check for %s on %s: %s",
35 username, acl_path, errmsg);
41 static authz_status authz_itkacl_authorize_user(request_rec *r, const char *require_line, const void *parsed_require_line)
44 const char *t, *acl_path;
46 if (r->user == NULL) {
47 return AUTHZ_DENIED_NO_USER;
50 /* strip the domain part (FIXME: use the alias module instead?) */
51 username = apr_pstrdup(r->pool, r->user);
52 ptr = strchr(username, '@');
57 acl_path = ap_getword_conf(r->pool, &t);
58 if (acl_path == NULL || strcmp(acl_path, "") == 0) {
59 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "'require itkacl' requires an argument");
63 if (strcasecmp(acl_path, "anyof") == 0) {
64 int num_seen = 0, ret;
65 while ((acl_path = ap_getword_conf(r->pool, &t)) != NULL &&
66 strcmp(acl_path, "") != 0) {
67 ret = handle_require(r, username, acl_path);
68 if (ret == AUTHZ_GRANTED) {
74 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
75 "Missing arguments after 'Require itkacl anyof'");
77 } else if (ret == HTTP_UNAUTHORIZED) {
78 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
79 "%s failed itkacl check for (multiple paths)",
85 /* check that there are no more arguments */
86 const char *w = ap_getword_conf(r->pool, &t);
87 if (w != NULL && strcmp(w, "") != 0) {
88 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
89 "Excess arguments ('%s') after Require itkacl %s; "
90 "did you mean 'Require itkacl anyof ...'?",
95 int ret = handle_require(r, username, acl_path);
96 if (ret == AUTHZ_DENIED) {
97 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
98 "%s failed itkacl check for %s",
106 static int authz_itkacl_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
108 ap_add_version_component(p, "mod_auth_itkacl/" MODAUTHITKACL_VERSION);
110 itkacl_free_ctx(ctx);
114 ctx = itkacl_create_ctx(errmsg, sizeof(errmsg));
116 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Error while initializing libitkacl: %s", errmsg);
117 return HTTP_INTERNAL_SERVER_ERROR;
123 static const authz_provider authz_itkacl_provider =
125 &authz_itkacl_authorize_user,
129 void authz_itkacl_register_hooks(apr_pool_t *p)
131 ap_hook_post_config(authz_itkacl_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
132 ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "itkacl", AUTHZ_PROVIDER_VERSION, &authz_itkacl_provider, AP_AUTH_INTERNAL_PER_CONF);
135 module AP_MODULE_DECLARE_DATA authz_itkacl_module =
137 STANDARD20_MODULE_STUFF,
143 authz_itkacl_register_hooks