Initial implementation of 'require' directives.

1 files changed, 60 insertions, 2 deletions

diff --git a/apache1x/mod_httpauth.c b/apache1x/mod_httpauth.c
index 4cb3e3f..a801fdf 100644
--- a/apache1x/mod_httpauth.c
+++ b/apache1x/mod_httpauth.c
@@ -800,8 +800,66 @@ retry:
 
 static int httpauth_access(request_rec *r)
 {
-    /* TODO: We need to support require directives */
-    return OK;
+    httpauth_context_t* ctx;
+    const char *user = r->connection->user;
+    int m = r->method_number;
+    int method_restricted = 0;
+    register int x;
+    const char *t, *w;
+    const array_header *reqs_arr;
+    require_line *reqs;
+
+    ctx = (httpauth_context_t*)ap_get_module_config(r->per_dir_config,
+                                                    &httpauth_module);
+
+    /* Make sure it's for us */
+    if(!(authtype = ap_auth_type(r)) || strcasecmp(HTTPAUTH_AUTHTYPE, authtype) != 0)
+        return DECLINED;
+
+    reqs_arr = ap_requires(r);
+
+    /* If there is no "requires" directive, then any user will do. */
+    if (!reqs_arr)
+        return OK;
+    reqs = (require_line*)reqs_arr->elts;
+
+    for (x = 0; x < reqs_arr->nelts; x++)
+    {
+        if (!(reqs[x].method_mask & (1 << m)))
+            continue;
+
+        method_restricted = 1;
+
+        t = reqs[x].requirement;
+        w = ap_getword_white(r->pool, &t);
+        if(!strcasecmp(w, "valid-user"))
+            return OK;
+        else if (!strcasecmp(w, "user"))
+        {
+            while (t[0])
+            {
+                w = ap_getword_conf(r->pool, &t);
+                if(!strcmp(user, w))
+                    return OK;
+            }
+        }
+        else
+        {
+            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+                          "Digest: access to %s failed, reason: unknown require "
+                          "directive \"%s\"", r->uri, reqs[x].requirement);
+            return DECLINED;
+        }
+    }
+
+    if (!method_restricted)
+        return OK;
+
+    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+                  "Digest: access to %s failed, reason: user %s not allowed access",
+                  r->uri, user);
+
+    return AUTH_REQUIRED;
 }
 
 /* Dispatch list for API hooks */