diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:06 +0000 |
commit | 5dff2d61cc1c27747ee398e04d8e02843aabb1f8 (patch) | |
tree | a67c336b406c8227bac912beb74a1ad3cdc55100 /modules/aaa/mod_authz_user.c | |
parent | Initial commit. (diff) | |
download | apache2-5dff2d61cc1c27747ee398e04d8e02843aabb1f8.tar.xz apache2-5dff2d61cc1c27747ee398e04d8e02843aabb1f8.zip |
Adding upstream version 2.4.38.upstream/2.4.38
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/aaa/mod_authz_user.c')
-rw-r--r-- | modules/aaa/mod_authz_user.c | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/modules/aaa/mod_authz_user.c b/modules/aaa/mod_authz_user.c new file mode 100644 index 0000000..881f77f --- /dev/null +++ b/modules/aaa/mod_authz_user.c @@ -0,0 +1,146 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "apr_strings.h" + +#include "ap_config.h" +#include "ap_provider.h" +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_log.h" +#include "http_protocol.h" +#include "http_request.h" + +#include "mod_auth.h" + +typedef struct { + int dummy; /* just here to stop compiler warnings for now. */ +} authz_user_config_rec; + +static void *create_authz_user_dir_config(apr_pool_t *p, char *d) +{ + authz_user_config_rec *conf = apr_palloc(p, sizeof(*conf)); + + return conf; +} + +static const command_rec authz_user_cmds[] = +{ + {NULL} +}; + +module AP_MODULE_DECLARE_DATA authz_user_module; + +static authz_status user_check_authorization(request_rec *r, + const char *require_args, + const void *parsed_require_args) +{ + const char *err = NULL; + const ap_expr_info_t *expr = parsed_require_args; + const char *require; + + const char *t, *w; + + if (!r->user) { + return AUTHZ_DENIED_NO_USER; + } + + require = ap_expr_str_exec(r, expr, &err); + if (err) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) + "authz_user authorize: require user: Can't " + "evaluate require expression: %s", err); + return AUTHZ_DENIED; + } + + t = require; + while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { + if (!strcmp(r->user, w)) { + return AUTHZ_GRANTED; + } + } + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01663) + "access to %s failed, reason: user '%s' does not meet " + "'require'ments for user to be allowed access", + r->uri, r->user); + + return AUTHZ_DENIED; +} + +static authz_status validuser_check_authorization(request_rec *r, + const char *require_line, + const void *parsed_require_line) +{ + if (!r->user) { + return AUTHZ_DENIED_NO_USER; + } + + return AUTHZ_GRANTED; +} + +static const char *user_parse_config(cmd_parms *cmd, const char *require_line, + const void **parsed_require_line) +{ + const char *expr_err = NULL; + ap_expr_info_t *expr; + + expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); + + if (expr_err) + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression in require line: ", + expr_err, NULL); + + *parsed_require_line = expr; + + return NULL; +} + +static const authz_provider authz_user_provider = +{ + &user_check_authorization, + &user_parse_config, +}; +static const authz_provider authz_validuser_provider = +{ + &validuser_check_authorization, + NULL, +}; + +static void register_hooks(apr_pool_t *p) +{ + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "user", + AUTHZ_PROVIDER_VERSION, + &authz_user_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", + AUTHZ_PROVIDER_VERSION, + &authz_validuser_provider, + AP_AUTH_INTERNAL_PER_CONF); +} + +AP_DECLARE_MODULE(authz_user) = +{ + STANDARD20_MODULE_STUFF, + create_authz_user_dir_config, /* dir config creater */ + NULL, /* dir merger --- default is to override */ + NULL, /* server config */ + NULL, /* merge server config */ + authz_user_cmds, /* command apr_table_t */ + register_hooks /* register hooks */ +}; |