diff options
Diffstat (limited to 'apache1x')
| -rw-r--r-- | apache1x/mod_httpauth.c | 62 |
1 files changed, 60 insertions, 2 deletions
diff --git a/apache1x/mod_httpauth.c b/apache1x/mod_httpauth.c index 4cb3e3f..a801fdf 100644 --- a/apache1x/mod_httpauth.c +++ b/apache1x/mod_httpauth.c @@ -800,8 +800,66 @@ retry: static int httpauth_access(request_rec *r) { - /* TODO: We need to support require directives */ - return OK; + httpauth_context_t* ctx; + const char *user = r->connection->user; + int m = r->method_number; + int method_restricted = 0; + register int x; + const char *t, *w; + const array_header *reqs_arr; + require_line *reqs; + + ctx = (httpauth_context_t*)ap_get_module_config(r->per_dir_config, + &httpauth_module); + + /* Make sure it's for us */ + if(!(authtype = ap_auth_type(r)) || strcasecmp(HTTPAUTH_AUTHTYPE, authtype) != 0) + return DECLINED; + + reqs_arr = ap_requires(r); + + /* If there is no "requires" directive, then any user will do. */ + if (!reqs_arr) + return OK; + reqs = (require_line*)reqs_arr->elts; + + for (x = 0; x < reqs_arr->nelts; x++) + { + if (!(reqs[x].method_mask & (1 << m))) + continue; + + method_restricted = 1; + + t = reqs[x].requirement; + w = ap_getword_white(r->pool, &t); + if(!strcasecmp(w, "valid-user")) + return OK; + else if (!strcasecmp(w, "user")) + { + while (t[0]) + { + w = ap_getword_conf(r->pool, &t); + if(!strcmp(user, w)) + return OK; + } + } + else + { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + "Digest: access to %s failed, reason: unknown require " + "directive \"%s\"", r->uri, reqs[x].requirement); + return DECLINED; + } + } + + if (!method_restricted) + return OK; + + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + "Digest: access to %s failed, reason: user %s not allowed access", + r->uri, user); + + return AUTH_REQUIRED; } /* Dispatch list for API hooks */ |