--- /dev/null
+/*
+ * ITKACL module, (C) 2004-2015 Steinar H. Gunderson
+ */
+
+#define MODAUTHITKACL_VERSION "0.6"
+
+#include "apr_strings.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "mod_auth.h"
+
+module AP_MODULE_DECLARE_DATA authz_itkacl_module;
+
+extern int itkacl_check(const char * const realm, const char * const user,
+ char *errmsg, size_t errmsg_size);
+
+static int handle_require(request_rec *r, const char *username, const char *acl_path)
+{
+ char errmsg[1024];
+ int ret;
+
+ ret = itkacl_check(acl_path, username, errmsg, 1024);
+ if (ret == 0) {
+ return AUTHZ_GRANTED;
+ }
+
+ if (ret == -1) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "error during itkacl check for %s on %s: %s",
+ username, acl_path, errmsg);
+ }
+
+ return AUTHZ_DENIED;
+}
+
+static authz_status authz_itkacl_authorize_user(request_rec *r, const char *require_line, const void *parsed_require_line)
+{
+ char *username, *ptr;
+ const char *t, *acl_path;
+
+ if (r->user == NULL) {
+ return AUTHZ_DENIED_NO_USER;
+ }
+
+ /* strip the domain part (FIXME: use the alias module instead?) */
+ username = apr_pstrdup(r->pool, r->user);
+ ptr = strchr(username, '@');
+ if (ptr != NULL)
+ ptr[0] = 0;
+
+ t = require_line;
+ acl_path = ap_getword_conf(r->pool, &t);
+ if (acl_path == NULL || strcmp(acl_path, "") == 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "'require itkacl' requires an argument");
+ return AUTHZ_DENIED;
+ }
+
+ if (strcasecmp(acl_path, "anyof") == 0) {
+ int num_seen = 0, ret;
+ while ((acl_path = ap_getword_conf(r->pool, &t)) != NULL &&
+ strcmp(acl_path, "") != 0) {
+ ret = handle_require(r, username, acl_path);
+ if (ret == AUTHZ_GRANTED) {
+ return ret;
+ }
+ ++num_seen;
+ }
+ if (num_seen == 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Missing arguments after 'Require itkacl anyof'");
+ return AUTHZ_DENIED;
+ } else if (ret == HTTP_UNAUTHORIZED) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "%s failed itkacl check for (multiple paths)",
+ username);
+ return AUTHZ_DENIED;
+ }
+ return ret;
+ } else {
+ /* check that there are no more arguments */
+ const char *w = ap_getword_conf(r->pool, &t);
+ if (w != NULL && strcmp(w, "") != 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Excess arguments ('%s') after Require itkacl %s; "
+ "did you mean 'Require itkacl anyof ...'?",
+ w, acl_path);
+ return AUTHZ_DENIED;
+ }
+
+ int ret = handle_require(r, username, acl_path);
+ if (ret == AUTHZ_DENIED) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "%s failed itkacl check for %s",
+ username, acl_path);
+ return AUTHZ_DENIED;
+ }
+ return ret;
+ }
+}
+
+static int authz_itkacl_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
+{
+ ap_add_version_component(p, "mod_auth_itkacl/" MODAUTHITKACL_VERSION);
+ return OK;
+}
+
+static const authz_provider authz_itkacl_provider =
+{
+ &authz_itkacl_authorize_user,
+ NULL,
+};
+
+void authz_itkacl_register_hooks(apr_pool_t *p)
+{
+ ap_hook_post_config(authz_itkacl_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "itkacl", AUTHZ_PROVIDER_VERSION, &authz_itkacl_provider, AP_AUTH_INTERNAL_PER_CONF);
+}
+
+module AP_MODULE_DECLARE_DATA authz_itkacl_module =
+{
+ STANDARD20_MODULE_STUFF,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ authz_itkacl_register_hooks
+};
projects / itkacl / blobdiff