1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "apr_strings.h"
18 #include "apr_file_info.h"
21 #include "ap_config.h"
22 #include "ap_provider.h"
24 #include "http_config.h"
25 #include "http_core.h"
27 #include "http_protocol.h"
28 #include "http_request.h"
31 #include "mod_authz_owner.h"
33 static const command_rec authz_owner_cmds[] =
38 module AP_MODULE_DECLARE_DATA authz_owner_module;
40 static authz_status fileowner_check_authorization(request_rec *r,
41 const char *require_args,
42 const void *parsed_require_args)
45 apr_status_t status = 0;
48 reason = "'Require file-owner' is not supported on this platform.";
49 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01632)
50 "Authorization of user %s to access %s failed, reason: %s",
51 r->user, r->uri, reason ? reason : "unknown");
53 #else /* APR_HAS_USER */
58 return AUTHZ_DENIED_NO_USER;
62 reason = "no filename available";
63 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01633)
64 "Authorization of user %s to access %s failed, reason: %s",
65 r->user, r->uri, reason ? reason : "unknown");
69 status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
70 if (status != APR_SUCCESS) {
71 reason = apr_pstrcat(r->pool, "could not stat file ",
73 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01634)
74 "Authorization of user %s to access %s failed, reason: %s",
75 r->user, r->uri, reason ? reason : "unknown");
79 if (!(finfo.valid & APR_FINFO_USER)) {
80 reason = "no file owner information available";
81 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01635)
82 "Authorization of user %s to access %s failed, reason: %s",
83 r->user, r->uri, reason ? reason : "unknown");
87 status = apr_uid_name_get(&owner, finfo.user, r->pool);
88 if (status != APR_SUCCESS || !owner) {
89 reason = "could not get name of file owner";
90 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01636)
91 "Authorization of user %s to access %s failed, reason: %s",
92 r->user, r->uri, reason ? reason : "unknown");
96 if (strcmp(owner, r->user)) {
97 reason = apr_psprintf(r->pool, "file owner %s does not match.",
99 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01637)
100 "Authorization of user %s to access %s failed, reason: %s",
101 r->user, r->uri, reason ? reason : "unknown");
105 /* this user is authorized */
106 return AUTHZ_GRANTED;
107 #endif /* APR_HAS_USER */
110 static char *authz_owner_get_file_group(request_rec *r)
112 /* file-group only figures out the file's group and lets
113 * other modules do the actual authorization (against a group file/db).
114 * Thus, these modules have to hook themselves after
115 * mod_authz_owner and of course recognize 'file-group', too.
119 #else /* APR_HAS_USER */
123 apr_status_t status = 0;
126 reason = "no filename available";
127 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01638)
128 "Authorization of user %s to access %s failed, reason: %s",
129 r->user, r->uri, reason ? reason : "unknown");
133 status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
134 if (status != APR_SUCCESS) {
135 reason = apr_pstrcat(r->pool, "could not stat file ",
137 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01639)
138 "Authorization of user %s to access %s failed, reason: %s",
139 r->user, r->uri, reason ? reason : "unknown");
143 if (!(finfo.valid & APR_FINFO_GROUP)) {
144 reason = "no file group information available";
145 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01640)
146 "Authorization of user %s to access %s failed, reason: %s",
147 r->user, r->uri, reason ? reason : "unknown");
151 status = apr_gid_name_get(&group, finfo.group, r->pool);
152 if (status != APR_SUCCESS || !group) {
153 reason = "could not get name of file group";
154 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01641)
155 "Authorization of user %s to access %s failed, reason: %s",
156 r->user, r->uri, reason ? reason : "unknown");
161 #endif /* APR_HAS_USER */
164 static const authz_provider authz_fileowner_provider =
166 &fileowner_check_authorization,
170 static void register_hooks(apr_pool_t *p)
172 APR_REGISTER_OPTIONAL_FN(authz_owner_get_file_group);
174 ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "file-owner",
175 AUTHZ_PROVIDER_VERSION,
176 &authz_fileowner_provider,
177 AP_AUTH_INTERNAL_PER_CONF);
180 AP_DECLARE_MODULE(authz_owner) =
182 STANDARD20_MODULE_STUFF,
183 NULL, /* dir config creater */
184 NULL, /* dir merger --- default is to override */
185 NULL, /* server config */
186 NULL, /* merge server config */
187 authz_owner_cmds, /* command apr_table_t */
188 register_hooks /* register hooks */