-/*
- * ITKACL module, (C) 2004-2015 Steinar H. Gunderson
- */
-
-#define MODAUTHITKACL_VERSION "0.6"
-
-#include "apr_strings.h"
-
-#include "ap_config.h"
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-#include "mod_auth.h"
-
-module AP_MODULE_DECLARE_DATA authz_itkacl_module;
-
-extern int itkacl_check(const char * const realm, const char * const user,
- char *errmsg, size_t errmsg_size);
-
-static int handle_require(request_rec *r, const char *username, const char *acl_path)
-{
- char errmsg[1024];
- int ret;
-
- ret = itkacl_check(acl_path, username, errmsg, 1024);
- if (ret == 0) {
- return AUTHZ_GRANTED;
- }
-
- if (ret == -1) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "error during itkacl check for %s on %s: %s",
- username, acl_path, errmsg);
- }
-
- return AUTHZ_DENIED;
-}
-
-static authz_status authz_itkacl_authorize_user(request_rec *r, const char *require_line, const void *parsed_require_line)
-{
- char *username, *ptr;
- const char *t, *acl_path;
-
- if (r->user == NULL) {
- return AUTHZ_DENIED_NO_USER;
- }
-
- /* strip the domain part (FIXME: use the alias module instead?) */
- username = apr_pstrdup(r->pool, r->user);
- ptr = strchr(username, '@');
- if (ptr != NULL)
- ptr[0] = 0;
-
- t = require_line;
- acl_path = ap_getword_conf(r->pool, &t);
- if (acl_path == NULL || strcmp(acl_path, "") == 0) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "'require itkacl' requires an argument");
- return AUTHZ_DENIED;
- }
-
- if (strcasecmp(acl_path, "anyof") == 0) {
- int num_seen = 0, ret;
- while ((acl_path = ap_getword_conf(r->pool, &t)) != NULL &&
- strcmp(acl_path, "") != 0) {
- ret = handle_require(r, username, acl_path);
- if (ret == AUTHZ_GRANTED) {
- return ret;
- }
- ++num_seen;
- }
- if (num_seen == 0) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Missing arguments after 'Require itkacl anyof'");
- return AUTHZ_DENIED;
- } else if (ret == HTTP_UNAUTHORIZED) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
- "%s failed itkacl check for (multiple paths)",
- username);
- return AUTHZ_DENIED;
- }
- return ret;
- } else {
- /* check that there are no more arguments */
- const char *w = ap_getword_conf(r->pool, &t);
- if (w != NULL && strcmp(w, "") != 0) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Excess arguments ('%s') after Require itkacl %s; "
- "did you mean 'Require itkacl anyof ...'?",
- w, acl_path);
- return AUTHZ_DENIED;
- }
-
- int ret = handle_require(r, username, acl_path);
- if (ret == AUTHZ_DENIED) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
- "%s failed itkacl check for %s",
- username, acl_path);
- return AUTHZ_DENIED;
- }
- return ret;
- }
-}
-
-static int authz_itkacl_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
-{
- ap_add_version_component(p, "mod_auth_itkacl/" MODAUTHITKACL_VERSION);
- return OK;
-}
-
-static const authz_provider authz_itkacl_provider =
-{
- &authz_itkacl_authorize_user,
- NULL,
-};
-
-void authz_itkacl_register_hooks(apr_pool_t *p)
-{
- ap_hook_post_config(authz_itkacl_init_handler, NULL, NULL, APR_HOOK_MIDDLE);
- ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "itkacl", AUTHZ_PROVIDER_VERSION, &authz_itkacl_provider, AP_AUTH_INTERNAL_PER_CONF);
-}
-
-module AP_MODULE_DECLARE_DATA authz_itkacl_module =
-{
- STANDARD20_MODULE_STUFF,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- authz_itkacl_register_hooks
-};