modules/aaa/mod_authz_user.c

	mod_authz_user.c revision 842ae4bd224140319ae7feec1872b93dfd491143
842ae4bd224140319ae7feec1872b93dfd491143fielding/* Licensed to the Apache Software Foundation (ASF) under one or more
842ae4bd224140319ae7feec1872b93dfd491143fielding * contributor license agreements.  See the NOTICE file distributed with
842ae4bd224140319ae7feec1872b93dfd491143fielding * this work for additional information regarding copyright ownership.
842ae4bd224140319ae7feec1872b93dfd491143fielding * The ASF licenses this file to You under the Apache License, Version 2.0
842ae4bd224140319ae7feec1872b93dfd491143fielding * (the "License"); you may not use this file except in compliance with
842ae4bd224140319ae7feec1872b93dfd491143fielding * the License.  You may obtain a copy of the License at
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz *
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd *     http://www.apache.org/licenses/LICENSE-2.0
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz *
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * Unless required by applicable law or agreed to in writing, software
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * distributed under the License is distributed on an "AS IS" BASIS,
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * See the License for the specific language governing permissions and
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * limitations under the License.
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "apr_strings.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "ap_config.h"
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes#include "ap_provider.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "httpd.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "http_config.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "http_core.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "http_log.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "http_protocol.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz#include "http_request.h"
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes#include "mod_auth.h"
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantztypedef struct {
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    int dummy;  /* just here to stop compiler warnings for now. */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz} authz_user_config_rec;
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantzstatic void *create_authz_user_dir_config(apr_pool_t *p, char *d)
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz{
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    authz_user_config_rec *conf = apr_palloc(p, sizeof(*conf));
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    return conf;
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz}
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantzstatic const command_rec authz_user_cmds[] =
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz{
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    {NULL}
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz};
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantzmodule AP_MODULE_DECLARE_DATA authz_user_module;
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholesstatic authz_status user_check_authorization(request_rec *r,
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes                                             const char *require_args)
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz{
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    const char *t, *w;
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    t = require_args;
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes        if (!strcmp(r->user, w)) {
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes            return AUTHZ_GRANTED;
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz        }
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    }
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz                  "access to %s failed, reason: user '%s' does not meet "
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes                  "'require'ments for user to be allowed access",
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes                  r->uri, r->user);
e8f95a682820a599fe41b22977010636be5c2717jim
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    return AUTHZ_DENIED;
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz}
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholesstatic authz_status validuser_check_authorization(request_rec *r, const char *require_line)
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes{
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    return AUTHZ_GRANTED;
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes}
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholesstatic const authz_provider authz_user_provider =
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes{
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    &user_check_authorization,
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes};
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholesstatic const authz_provider authz_validuser_provider =
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes{
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    &validuser_check_authorization,
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes};
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantzstatic void register_hooks(apr_pool_t *p)
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz{
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "user", "0",
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes                         &authz_user_provider);
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0",
367d146f245f3b1c9f77c18e6ec591b52e0b344cbnicholes                         &authz_validuser_provider);
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz}
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantzmodule AP_MODULE_DECLARE_DATA authz_user_module =
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz{
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    STANDARD20_MODULE_STUFF,
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    create_authz_user_dir_config, /* dir config creater */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    NULL,                         /* dir merger --- default is to override */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    NULL,                         /* server config */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    NULL,                         /* merge server config */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    authz_user_cmds,              /* command apr_table_t */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz    register_hooks                /* register hooks */
b4a287513d176e4355dd56ea47b27228e0e5d75fjerenkrantz};