summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stef@memberwebs.com>2006-07-27 21:38:22 +0000
committerStef Walter <stef@memberwebs.com>2006-07-27 21:38:22 +0000
commit79ad23f1b2ddbf68bb751d15d66e5fca175a96bc (patch)
tree6f3a25719a34bede83c9e35ea904c342aaef3519
parent0b7db8805d91eac81a4b526d3400a9d50bd5c7e1 (diff)
Initial implementation of 'require' directives.
-rw-r--r--apache1x/mod_httpauth.c62
-rw-r--r--apache2x/mod_httpauth.c59
2 files changed, 117 insertions, 4 deletions
diff --git a/apache1x/mod_httpauth.c b/apache1x/mod_httpauth.c
index 4cb3e3f..a801fdf 100644
--- a/apache1x/mod_httpauth.c
+++ b/apache1x/mod_httpauth.c
@@ -800,8 +800,66 @@ retry:
static int httpauth_access(request_rec *r)
{
- /* TODO: We need to support require directives */
- return OK;
+ httpauth_context_t* ctx;
+ const char *user = r->connection->user;
+ int m = r->method_number;
+ int method_restricted = 0;
+ register int x;
+ const char *t, *w;
+ const array_header *reqs_arr;
+ require_line *reqs;
+
+ ctx = (httpauth_context_t*)ap_get_module_config(r->per_dir_config,
+ &httpauth_module);
+
+ /* Make sure it's for us */
+ if(!(authtype = ap_auth_type(r)) || strcasecmp(HTTPAUTH_AUTHTYPE, authtype) != 0)
+ return DECLINED;
+
+ reqs_arr = ap_requires(r);
+
+ /* If there is no "requires" directive, then any user will do. */
+ if (!reqs_arr)
+ return OK;
+ reqs = (require_line*)reqs_arr->elts;
+
+ for (x = 0; x < reqs_arr->nelts; x++)
+ {
+ if (!(reqs[x].method_mask & (1 << m)))
+ continue;
+
+ method_restricted = 1;
+
+ t = reqs[x].requirement;
+ w = ap_getword_white(r->pool, &t);
+ if(!strcasecmp(w, "valid-user"))
+ return OK;
+ else if (!strcasecmp(w, "user"))
+ {
+ while (t[0])
+ {
+ w = ap_getword_conf(r->pool, &t);
+ if(!strcmp(user, w))
+ return OK;
+ }
+ }
+ else
+ {
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "Digest: access to %s failed, reason: unknown require "
+ "directive \"%s\"", r->uri, reqs[x].requirement);
+ return DECLINED;
+ }
+ }
+
+ if (!method_restricted)
+ return OK;
+
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "Digest: access to %s failed, reason: user %s not allowed access",
+ r->uri, user);
+
+ return AUTH_REQUIRED;
}
/* Dispatch list for API hooks */
diff --git a/apache2x/mod_httpauth.c b/apache2x/mod_httpauth.c
index 9d3854b..34b5efc 100644
--- a/apache2x/mod_httpauth.c
+++ b/apache2x/mod_httpauth.c
@@ -809,8 +809,63 @@ retry:
static int httpauth_access(request_rec *r)
{
- /* TODO: We need to support require directives */
- return OK;
+ httpauth_context_t* ctx;
+ const char* authtype;
+ char *user = r->user;
+ int m = r->method_number;
+ int method_restricted = 0;
+ register int x;
+ const char *t, *w;
+ const apr_array_header_t *reqs_arr = ap_requires(r);
+ require_line *reqs;
+
+ /* Make sure it's for us */
+ if(!(authtype = ap_auth_type(r)) || strcasecmp(HTTPAUTH_AUTHTYPE, authtype) != 0)
+ return DECLINED;
+
+ ctx = (httpauth_context_t*)ap_get_module_config(r->per_dir_config,
+ &httpauth_module);
+
+ if (!reqs_arr)
+ return OK;
+ reqs = (require_line *)reqs_arr->elts;
+
+ for (x = 0; x < reqs_arr->nelts; x++)
+ {
+ if (!(reqs[x].method_mask & (AP_METHOD_BIT << m)))
+ continue;
+
+ method_restricted = 1;
+
+ t = reqs[x].requirement;
+ w = ap_getword_white(r->pool, &t);
+ if(!strcmp(w, "valid-user"))
+ return OK;
+ else if(!strcmp(w, "user"))
+ {
+ while (t[0])
+ {
+ w = ap_getword_conf(r->pool, &t);
+ if (!strcmp(user, w)) {
+ return OK;
+ }
+ }
+ }
+ else
+ {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "access to %s failed, reason: unknown require "
+ "directive:\"%s\"", r->uri, reqs[x].requirement);
+ }
+ }
+
+ if (!method_restricted)
+ return OK;
+
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "access to %s failed, reason: user %s not allowed access",
+ r->uri, user);
+ return HTTP_UNAUTHORIZED;
}
static void register_hooks(apr_pool_t *p)