diff options
| author | Stef Walter <stef@memberwebs.com> | 2006-07-27 21:38:22 +0000 |
|---|---|---|
| committer | Stef Walter <stef@memberwebs.com> | 2006-07-27 21:38:22 +0000 |
| commit | 79ad23f1b2ddbf68bb751d15d66e5fca175a96bc (patch) | |
| tree | 6f3a25719a34bede83c9e35ea904c342aaef3519 | |
| parent | 0b7db8805d91eac81a4b526d3400a9d50bd5c7e1 (diff) | |
Initial implementation of 'require' directives.
| -rw-r--r-- | apache1x/mod_httpauth.c | 62 | ||||
| -rw-r--r-- | apache2x/mod_httpauth.c | 59 |
2 files changed, 117 insertions, 4 deletions
diff --git a/apache1x/mod_httpauth.c b/apache1x/mod_httpauth.c index 4cb3e3f..a801fdf 100644 --- a/apache1x/mod_httpauth.c +++ b/apache1x/mod_httpauth.c @@ -800,8 +800,66 @@ retry: static int httpauth_access(request_rec *r) { - /* TODO: We need to support require directives */ - return OK; + httpauth_context_t* ctx; + const char *user = r->connection->user; + int m = r->method_number; + int method_restricted = 0; + register int x; + const char *t, *w; + const array_header *reqs_arr; + require_line *reqs; + + ctx = (httpauth_context_t*)ap_get_module_config(r->per_dir_config, + &httpauth_module); + + /* Make sure it's for us */ + if(!(authtype = ap_auth_type(r)) || strcasecmp(HTTPAUTH_AUTHTYPE, authtype) != 0) + return DECLINED; + + reqs_arr = ap_requires(r); + + /* If there is no "requires" directive, then any user will do. */ + if (!reqs_arr) + return OK; + reqs = (require_line*)reqs_arr->elts; + + for (x = 0; x < reqs_arr->nelts; x++) + { + if (!(reqs[x].method_mask & (1 << m))) + continue; + + method_restricted = 1; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + if(!strcasecmp(w, "valid-user")) + return OK; + else if (!strcasecmp(w, "user")) + { + while (t[0]) + { + w = ap_getword_conf(r->pool, &t); + if(!strcmp(user, w)) + return OK; + } + } + else + { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + "Digest: access to %s failed, reason: unknown require " + "directive \"%s\"", r->uri, reqs[x].requirement); + return DECLINED; + } + } + + if (!method_restricted) + return OK; + + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + "Digest: access to %s failed, reason: user %s not allowed access", + r->uri, user); + + return AUTH_REQUIRED; } /* Dispatch list for API hooks */ diff --git a/apache2x/mod_httpauth.c b/apache2x/mod_httpauth.c index 9d3854b..34b5efc 100644 --- a/apache2x/mod_httpauth.c +++ b/apache2x/mod_httpauth.c @@ -809,8 +809,63 @@ retry: static int httpauth_access(request_rec *r) { - /* TODO: We need to support require directives */ - return OK; + httpauth_context_t* ctx; + const char* authtype; + char *user = r->user; + int m = r->method_number; + int method_restricted = 0; + register int x; + const char *t, *w; + const apr_array_header_t *reqs_arr = ap_requires(r); + require_line *reqs; + + /* Make sure it's for us */ + if(!(authtype = ap_auth_type(r)) || strcasecmp(HTTPAUTH_AUTHTYPE, authtype) != 0) + return DECLINED; + + ctx = (httpauth_context_t*)ap_get_module_config(r->per_dir_config, + &httpauth_module); + + if (!reqs_arr) + return OK; + reqs = (require_line *)reqs_arr->elts; + + for (x = 0; x < reqs_arr->nelts; x++) + { + if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) + continue; + + method_restricted = 1; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + if(!strcmp(w, "valid-user")) + return OK; + else if(!strcmp(w, "user")) + { + while (t[0]) + { + w = ap_getword_conf(r->pool, &t); + if (!strcmp(user, w)) { + return OK; + } + } + } + else + { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: unknown require " + "directive:\"%s\"", r->uri, reqs[x].requirement); + } + } + + if (!method_restricted) + return OK; + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: user %s not allowed access", + r->uri, user); + return HTTP_UNAUTHORIZED; } static void register_hooks(apr_pool_t *p) |