X-Git-Url: https://git.sesse.net/?p=itkacl;a=blobdiff_plain;f=libapache2-mod-authz-itkacl-0.6%2Fmod_authz_itkacl.c;fp=libapache2-mod-authz-itkacl-0.6%2Fmod_authz_itkacl.c;h=0000000000000000000000000000000000000000;hp=51ec224c00438326eceb4f6c9e1f062abad6f252;hb=cb2ce66fff232abab891ee6cc887e2bcab074269;hpb=5ea73ea3a1ffa23ca598fac117830664b66a2ebf diff --git a/libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c b/libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c deleted file mode 100644 index 51ec224..0000000 --- a/libapache2-mod-authz-itkacl-0.6/mod_authz_itkacl.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * ITKACL module, (C) 2004-2015 Steinar H. Gunderson - */ - -#define MODAUTHITKACL_VERSION "0.6" - -#include "apr_strings.h" - -#include "ap_config.h" -#include "httpd.h" -#include "http_config.h" -#include "http_core.h" -#include "http_log.h" -#include "http_protocol.h" -#include "http_request.h" -#include "mod_auth.h" - -module AP_MODULE_DECLARE_DATA authz_itkacl_module; - -extern int itkacl_check(const char * const realm, const char * const user, - char *errmsg, size_t errmsg_size); - -static int handle_require(request_rec *r, const char *username, const char *acl_path) -{ - char errmsg[1024]; - int ret; - - ret = itkacl_check(acl_path, username, errmsg, 1024); - if (ret == 0) { - return AUTHZ_GRANTED; - } - - if (ret == -1) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "error during itkacl check for %s on %s: %s", - username, acl_path, errmsg); - } - - return AUTHZ_DENIED; -} - -static authz_status authz_itkacl_authorize_user(request_rec *r, const char *require_line, const void *parsed_require_line) -{ - char *username, *ptr; - const char *t, *acl_path; - - if (r->user == NULL) { - return AUTHZ_DENIED_NO_USER; - } - - /* strip the domain part (FIXME: use the alias module instead?) */ - username = apr_pstrdup(r->pool, r->user); - ptr = strchr(username, '@'); - if (ptr != NULL) - ptr[0] = 0; - - t = require_line; - acl_path = ap_getword_conf(r->pool, &t); - if (acl_path == NULL || strcmp(acl_path, "") == 0) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "'require itkacl' requires an argument"); - return AUTHZ_DENIED; - } - - if (strcasecmp(acl_path, "anyof") == 0) { - int num_seen = 0, ret; - while ((acl_path = ap_getword_conf(r->pool, &t)) != NULL && - strcmp(acl_path, "") != 0) { - ret = handle_require(r, username, acl_path); - if (ret == AUTHZ_GRANTED) { - return ret; - } - ++num_seen; - } - if (num_seen == 0) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "Missing arguments after 'Require itkacl anyof'"); - return AUTHZ_DENIED; - } else if (ret == HTTP_UNAUTHORIZED) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "%s failed itkacl check for (multiple paths)", - username); - return AUTHZ_DENIED; - } - return ret; - } else { - /* check that there are no more arguments */ - const char *w = ap_getword_conf(r->pool, &t); - if (w != NULL && strcmp(w, "") != 0) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "Excess arguments ('%s') after Require itkacl %s; " - "did you mean 'Require itkacl anyof ...'?", - w, acl_path); - return AUTHZ_DENIED; - } - - int ret = handle_require(r, username, acl_path); - if (ret == AUTHZ_DENIED) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, - "%s failed itkacl check for %s", - username, acl_path); - return AUTHZ_DENIED; - } - return ret; - } -} - -static int authz_itkacl_init_handler(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) -{ - ap_add_version_component(p, "mod_auth_itkacl/" MODAUTHITKACL_VERSION); - return OK; -} - -static const authz_provider authz_itkacl_provider = -{ - &authz_itkacl_authorize_user, - NULL, -}; - -void authz_itkacl_register_hooks(apr_pool_t *p) -{ - ap_hook_post_config(authz_itkacl_init_handler, NULL, NULL, APR_HOOK_MIDDLE); - ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "itkacl", AUTHZ_PROVIDER_VERSION, &authz_itkacl_provider, AP_AUTH_INTERNAL_PER_CONF); -} - -module AP_MODULE_DECLARE_DATA authz_itkacl_module = -{ - STANDARD20_MODULE_STUFF, - NULL, - NULL, - NULL, - NULL, - NULL, - authz_itkacl_register_hooks -};