|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "httpd.h"
|
|
Packit |
90a5c9 |
#include "http_log.h"
|
|
Packit |
90a5c9 |
#include "http_config.h"
|
|
Packit |
90a5c9 |
#include "ap_provider.h"
|
|
Packit |
90a5c9 |
#include "http_request.h"
|
|
Packit |
90a5c9 |
#include "http_protocol.h"
|
|
Packit |
90a5c9 |
#include "http_core.h"
|
|
Packit |
90a5c9 |
#include "apr_dbd.h"
|
|
Packit |
90a5c9 |
#include "mod_dbd.h"
|
|
Packit |
90a5c9 |
#include "apr_strings.h"
|
|
Packit |
90a5c9 |
#include "mod_authz_dbd.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#include "mod_auth.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
module AP_MODULE_DECLARE_DATA authz_dbd_module;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Export a hook for modules that manage clientside sessions
|
|
Packit |
90a5c9 |
* (e.g. mod_auth_cookie)
|
|
Packit |
90a5c9 |
* to deal with those when we successfully login/logout at the server
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* XXX: WHY would this be specific to dbd_authz? Why wouldn't we track
|
|
Packit |
90a5c9 |
* this across all authz user providers in a lower level mod, such as
|
|
Packit |
90a5c9 |
* mod_auth_basic/digest?
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(authz_dbd, AUTHZ_DBD, int, client_login,
|
|
Packit |
90a5c9 |
(request_rec *r, int code, const char *action),
|
|
Packit |
90a5c9 |
(r, code, action), OK, DECLINED)
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
typedef struct {
|
|
Packit |
90a5c9 |
const char *query;
|
|
Packit |
90a5c9 |
const char *redir_query;
|
|
Packit |
90a5c9 |
int redirect;
|
|
Packit |
90a5c9 |
} authz_dbd_cfg ;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static ap_dbd_t *(*dbd_handle)(request_rec*) = NULL;
|
|
Packit |
90a5c9 |
static void (*dbd_prepare)(server_rec*, const char*, const char*) = NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *const noerror = "???";
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void *authz_dbd_cr_cfg(apr_pool_t *pool, char *dummy)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authz_dbd_cfg *ret = apr_pcalloc(pool, sizeof(authz_dbd_cfg));
|
|
Packit |
90a5c9 |
ret->redirect = -1;
|
|
Packit |
90a5c9 |
return ret;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void *authz_dbd_merge_cfg(apr_pool_t *pool, void *BASE, void *ADD)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authz_dbd_cfg *base = BASE;
|
|
Packit |
90a5c9 |
authz_dbd_cfg *add = ADD;
|
|
Packit |
90a5c9 |
authz_dbd_cfg *ret = apr_palloc(pool, sizeof(authz_dbd_cfg));
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ret->query = (add->query == NULL) ? base->query : add->query;
|
|
Packit |
90a5c9 |
ret->redir_query = (add->redir_query == NULL)
|
|
Packit |
90a5c9 |
? base->redir_query : add->redir_query;
|
|
Packit |
90a5c9 |
ret->redirect = (add->redirect == -1) ? base->redirect : add->redirect;
|
|
Packit |
90a5c9 |
return ret;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *authz_dbd_prepare(cmd_parms *cmd, void *cfg,
|
|
Packit |
90a5c9 |
const char *query)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
static unsigned int label_num = 0;
|
|
Packit |
90a5c9 |
char *label;
|
|
Packit |
90a5c9 |
const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
|
|
Packit |
90a5c9 |
if (err)
|
|
Packit |
90a5c9 |
return err;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (dbd_prepare == NULL) {
|
|
Packit |
90a5c9 |
dbd_prepare = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_prepare);
|
|
Packit |
90a5c9 |
if (dbd_prepare == NULL) {
|
|
Packit |
90a5c9 |
return "You must load mod_dbd to enable AuthzDBD functions";
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
dbd_handle = APR_RETRIEVE_OPTIONAL_FN(ap_dbd_acquire);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
label = apr_psprintf(cmd->pool, "authz_dbd_%d", ++label_num);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
dbd_prepare(cmd->server, query, label);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* save the label here for our own use */
|
|
Packit |
90a5c9 |
return ap_set_string_slot(cmd, cfg, label);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const command_rec authz_dbd_cmds[] = {
|
|
Packit |
90a5c9 |
AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot,
|
|
Packit |
90a5c9 |
(void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF,
|
|
Packit |
90a5c9 |
"Whether to redirect to referer on successful login"),
|
|
Packit |
90a5c9 |
AP_INIT_TAKE1("AuthzDBDQuery", authz_dbd_prepare,
|
|
Packit |
90a5c9 |
(void*)APR_OFFSETOF(authz_dbd_cfg, query), ACCESS_CONF,
|
|
Packit |
90a5c9 |
"SQL query for DBD Authz or login"),
|
|
Packit |
90a5c9 |
AP_INIT_TAKE1("AuthzDBDRedirectQuery", authz_dbd_prepare,
|
|
Packit |
90a5c9 |
(void*)APR_OFFSETOF(authz_dbd_cfg, redir_query), ACCESS_CONF,
|
|
Packit |
90a5c9 |
"SQL query to get per-user redirect URL after login"),
|
|
Packit |
90a5c9 |
{NULL}
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int authz_dbd_login(request_rec *r, authz_dbd_cfg *cfg,
|
|
Packit |
90a5c9 |
const char *action)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
int rv;
|
|
Packit |
90a5c9 |
const char *newuri = NULL;
|
|
Packit |
90a5c9 |
int nrows;
|
|
Packit |
90a5c9 |
const char *message;
|
|
Packit |
90a5c9 |
ap_dbd_t *dbd;
|
|
Packit |
90a5c9 |
apr_dbd_prepared_t *query;
|
|
Packit |
90a5c9 |
apr_dbd_results_t *res = NULL;
|
|
Packit |
90a5c9 |
apr_dbd_row_t *row = NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (cfg->query == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01642)
|
|
Packit |
90a5c9 |
"No query configured for %s!", action);
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
dbd = dbd_handle(r);
|
|
Packit |
90a5c9 |
if (dbd == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02902)
|
|
Packit |
90a5c9 |
"No db handle available for %s! "
|
|
Packit |
90a5c9 |
"Check your database access",
|
|
Packit |
90a5c9 |
action);
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING);
|
|
Packit |
90a5c9 |
if (query == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01643)
|
|
Packit |
90a5c9 |
"Error retrieving Query for %s!", action);
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
rv = apr_dbd_pvquery(dbd->driver, r->pool, dbd->handle, &nrows,
|
|
Packit |
90a5c9 |
query, r->user, NULL);
|
|
Packit |
90a5c9 |
if (rv == 0) {
|
|
Packit |
90a5c9 |
if (nrows != 1) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01644)
|
|
Packit |
90a5c9 |
"authz_dbd: %s of user %s updated %d rows",
|
|
Packit |
90a5c9 |
action, r->user, nrows);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
message = apr_dbd_error(dbd->driver, dbd->handle, rv);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01645)
|
|
Packit |
90a5c9 |
"authz_dbd: query for %s failed; user %s [%s]",
|
|
Packit |
90a5c9 |
action, r->user, message?message:noerror);
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (cfg->redirect == 1) {
|
|
Packit |
90a5c9 |
newuri = apr_table_get(r->headers_in, "Referer");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!newuri && cfg->redir_query) {
|
|
Packit |
90a5c9 |
query = apr_hash_get(dbd->prepared, cfg->redir_query,
|
|
Packit |
90a5c9 |
APR_HASH_KEY_STRING);
|
|
Packit |
90a5c9 |
if (query == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01646)
|
|
Packit |
90a5c9 |
"authz_dbd: no redirect query!");
|
|
Packit |
90a5c9 |
/* OK, this is non-critical; we can just not-redirect */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if ((rv = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle,
|
|
Packit |
90a5c9 |
&res, query, 0, r->user, NULL)) == 0) {
|
|
Packit |
90a5c9 |
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
|
|
Packit |
90a5c9 |
rv != -1;
|
|
Packit |
90a5c9 |
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
|
|
Packit |
90a5c9 |
if (rv != 0) {
|
|
Packit |
90a5c9 |
message = apr_dbd_error(dbd->driver, dbd->handle, rv);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01647)
|
|
Packit |
90a5c9 |
"authz_dbd in get_row; action=%s user=%s [%s]",
|
|
Packit |
90a5c9 |
action, r->user, message?message:noerror);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (newuri == NULL) {
|
|
Packit |
90a5c9 |
newuri =
|
|
Packit |
90a5c9 |
apr_pstrdup(r->pool,
|
|
Packit |
90a5c9 |
apr_dbd_get_entry(dbd->driver, row, 0));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* we can't break out here or row won't get cleaned up */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
message = apr_dbd_error(dbd->driver, dbd->handle, rv);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01648)
|
|
Packit |
90a5c9 |
"authz_dbd/redirect for %s of %s [%s]",
|
|
Packit |
90a5c9 |
action, r->user, message?message:noerror);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (newuri != NULL) {
|
|
Packit |
90a5c9 |
r->status = HTTP_MOVED_TEMPORARILY;
|
|
Packit |
90a5c9 |
apr_table_set(r->err_headers_out, "Location", newuri);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
authz_dbd_run_client_login(r, OK, action);
|
|
Packit |
90a5c9 |
return OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int authz_dbd_group_query(request_rec *r, authz_dbd_cfg *cfg,
|
|
Packit |
90a5c9 |
apr_array_header_t *groups)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
/* SELECT group FROM authz WHERE user = %s */
|
|
Packit |
90a5c9 |
int rv;
|
|
Packit |
90a5c9 |
const char *message;
|
|
Packit |
90a5c9 |
ap_dbd_t *dbd;
|
|
Packit |
90a5c9 |
apr_dbd_prepared_t *query;
|
|
Packit |
90a5c9 |
apr_dbd_results_t *res = NULL;
|
|
Packit |
90a5c9 |
apr_dbd_row_t *row = NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (cfg->query == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01649)
|
|
Packit |
90a5c9 |
"No query configured for dbd-group!");
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
dbd = dbd_handle(r);
|
|
Packit |
90a5c9 |
if (dbd == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02903)
|
|
Packit |
90a5c9 |
"No db handle available for dbd-query! "
|
|
Packit |
90a5c9 |
"Check your database access");
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
query = apr_hash_get(dbd->prepared, cfg->query, APR_HASH_KEY_STRING);
|
|
Packit |
90a5c9 |
if (query == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01650)
|
|
Packit |
90a5c9 |
"Error retrieving query for dbd-group!");
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
rv = apr_dbd_pvselect(dbd->driver, r->pool, dbd->handle, &res,
|
|
Packit |
90a5c9 |
query, 0, r->user, NULL);
|
|
Packit |
90a5c9 |
if (rv == 0) {
|
|
Packit |
90a5c9 |
for (rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1);
|
|
Packit |
90a5c9 |
rv != -1;
|
|
Packit |
90a5c9 |
rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
|
|
Packit |
90a5c9 |
if (rv == 0) {
|
|
Packit |
90a5c9 |
APR_ARRAY_PUSH(groups, const char *) =
|
|
Packit |
90a5c9 |
apr_pstrdup(r->pool,
|
|
Packit |
90a5c9 |
apr_dbd_get_entry(dbd->driver, row, 0));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
message = apr_dbd_error(dbd->driver, dbd->handle, rv);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01651)
|
|
Packit |
90a5c9 |
"authz_dbd in get_row; group query for user=%s [%s]",
|
|
Packit |
90a5c9 |
r->user, message?message:noerror);
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
message = apr_dbd_error(dbd->driver, dbd->handle, rv);
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01652)
|
|
Packit |
90a5c9 |
"authz_dbd, in groups query for %s [%s]",
|
|
Packit |
90a5c9 |
r->user, message?message:noerror);
|
|
Packit |
90a5c9 |
return HTTP_INTERNAL_SERVER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authz_status dbdgroup_check_authorization(request_rec *r,
|
|
Packit |
90a5c9 |
const char *require_args,
|
|
Packit |
90a5c9 |
const void *parsed_require_args)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
int rv;
|
|
Packit |
90a5c9 |
const char *w;
|
|
Packit |
90a5c9 |
apr_array_header_t *groups;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
const char *err = NULL;
|
|
Packit |
90a5c9 |
const ap_expr_info_t *expr = parsed_require_args;
|
|
Packit |
90a5c9 |
const char *require;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
const char *t;
|
|
Packit |
90a5c9 |
authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config,
|
|
Packit |
90a5c9 |
&authz_dbd_module);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!r->user) {
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED_NO_USER;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
groups = apr_array_make(r->pool, 4, sizeof(const char*));
|
|
Packit |
90a5c9 |
rv = authz_dbd_group_query(r, cfg, groups);
|
|
Packit |
90a5c9 |
if (rv != OK) {
|
|
Packit |
90a5c9 |
return AUTHZ_GENERAL_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
require = ap_expr_str_exec(r, expr, &err;;
|
|
Packit |
90a5c9 |
if (err) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02590)
|
|
Packit |
90a5c9 |
"authz_dbd authorize: require dbd-group: Can't "
|
|
Packit |
90a5c9 |
"evaluate require expression: %s", err);
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
t = require;
|
|
Packit |
90a5c9 |
while (t[0]) {
|
|
Packit |
90a5c9 |
w = ap_getword_white(r->pool, &t);
|
|
Packit |
90a5c9 |
if (ap_array_str_contains(groups, w)) {
|
|
Packit |
90a5c9 |
return AUTHZ_GRANTED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authz_status dbdlogin_check_authorization(request_rec *r,
|
|
Packit |
90a5c9 |
const char *require_args,
|
|
Packit |
90a5c9 |
const void *parsed_require_args)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config,
|
|
Packit |
90a5c9 |
&authz_dbd_module);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!r->user) {
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED_NO_USER;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return (authz_dbd_login(r, cfg, "login") == OK ? AUTHZ_GRANTED : AUTHZ_DENIED);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authz_status dbdlogout_check_authorization(request_rec *r,
|
|
Packit |
90a5c9 |
const char *require_args,
|
|
Packit |
90a5c9 |
const void *parsed_require_args)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config,
|
|
Packit |
90a5c9 |
&authz_dbd_module);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!r->user) {
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED_NO_USER;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return (authz_dbd_login(r, cfg, "logout") == OK ? AUTHZ_GRANTED : AUTHZ_DENIED);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *dbd_parse_config(cmd_parms *cmd, const char *require_line,
|
|
Packit |
90a5c9 |
const void **parsed_require_line)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
const char *expr_err = NULL;
|
|
Packit |
90a5c9 |
ap_expr_info_t *expr;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
|
|
Packit |
90a5c9 |
&expr_err, NULL);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (expr_err) {
|
|
Packit |
90a5c9 |
return apr_pstrcat(cmd->temp_pool,
|
|
Packit |
90a5c9 |
"Cannot parse expression in require line: ",
|
|
Packit |
90a5c9 |
expr_err, NULL);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
*parsed_require_line = expr;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const authz_provider authz_dbdgroup_provider =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
&dbdgroup_check_authorization,
|
|
Packit |
90a5c9 |
&dbd_parse_config,
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const authz_provider authz_dbdlogin_provider =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
&dbdlogin_check_authorization,
|
|
Packit |
90a5c9 |
NULL,
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const authz_provider authz_dbdlogout_provider =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
&dbdlogout_check_authorization,
|
|
Packit |
90a5c9 |
NULL,
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void authz_dbd_hooks(apr_pool_t *p)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-group",
|
|
Packit |
90a5c9 |
AUTHZ_PROVIDER_VERSION,
|
|
Packit |
90a5c9 |
&authz_dbdgroup_provider,
|
|
Packit |
90a5c9 |
AP_AUTH_INTERNAL_PER_CONF);
|
|
Packit |
90a5c9 |
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-login",
|
|
Packit |
90a5c9 |
AUTHZ_PROVIDER_VERSION,
|
|
Packit |
90a5c9 |
&authz_dbdlogin_provider,
|
|
Packit |
90a5c9 |
AP_AUTH_INTERNAL_PER_CONF);
|
|
Packit |
90a5c9 |
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbd-logout",
|
|
Packit |
90a5c9 |
AUTHZ_PROVIDER_VERSION,
|
|
Packit |
90a5c9 |
&authz_dbdlogout_provider,
|
|
Packit |
90a5c9 |
AP_AUTH_INTERNAL_PER_CONF);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
AP_DECLARE_MODULE(authz_dbd) =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
STANDARD20_MODULE_STUFF,
|
|
Packit |
90a5c9 |
authz_dbd_cr_cfg,
|
|
Packit |
90a5c9 |
authz_dbd_merge_cfg,
|
|
Packit |
90a5c9 |
NULL,
|
|
Packit |
90a5c9 |
NULL,
|
|
Packit |
90a5c9 |
authz_dbd_cmds,
|
|
Packit |
90a5c9 |
authz_dbd_hooks
|
|
Packit |
90a5c9 |
};
|