1 /* Copyright 2003-2005 The Apache Software Foundation or its licensors, as
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "apr_strings.h"
18 #include "apr_file_info.h"
21 #include "ap_config.h"
22 #include "ap_provider.h"
24 #include "http_config.h"
25 #include "http_core.h"
27 #include "http_protocol.h"
28 #include "http_request.h"
30 #include "mod_auth.h" /* for AUTHZ_GROUP_NOTE */
33 } authz_owner_config_rec;
35 APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
37 static void *create_authz_owner_dir_config(apr_pool_t *p, char *d)
39 authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf));
44 static const command_rec authz_owner_cmds[] =
49 module AP_MODULE_DECLARE_DATA authz_owner_module;
51 static authz_status fileowner_check_authorization(request_rec *r,
52 const char *require_args)
55 apr_status_t status = 0;
58 reason = "'Require file-owner' is not supported on this platform.";
59 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
60 "Authorization of user %s to access %s failed, reason: %s",
61 r->user, r->uri, reason ? reason : "unknown");
63 #else /* APR_HAS_USER */
68 reason = "no filename available";
69 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
70 "Authorization of user %s to access %s failed, reason: %s",
71 r->user, r->uri, reason ? reason : "unknown");
75 status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
76 if (status != APR_SUCCESS) {
77 reason = apr_pstrcat(r->pool, "could not stat file ",
79 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
80 "Authorization of user %s to access %s failed, reason: %s",
81 r->user, r->uri, reason ? reason : "unknown");
85 if (!(finfo.valid & APR_FINFO_USER)) {
86 reason = "no file owner information available";
87 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
88 "Authorization of user %s to access %s failed, reason: %s",
89 r->user, r->uri, reason ? reason : "unknown");
93 status = apr_uid_name_get(&owner, finfo.user, r->pool);
94 if (status != APR_SUCCESS || !owner) {
95 reason = "could not get name of file owner";
96 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
97 "Authorization of user %s to access %s failed, reason: %s",
98 r->user, r->uri, reason ? reason : "unknown");
102 if (strcmp(owner, r->user)) {
103 reason = apr_psprintf(r->pool, "file owner %s does not match.",
105 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
106 "Authorization of user %s to access %s failed, reason: %s",
107 r->user, r->uri, reason ? reason : "unknown");
111 /* this user is authorized */
112 return AUTHZ_GRANTED;
113 #endif /* APR_HAS_USER */
116 static char *authz_owner_get_file_group(request_rec *r)
120 /* file-group only figures out the file's group and lets
121 * other modules do the actual authorization (against a group file/db).
122 * Thus, these modules have to hook themselves after
123 * mod_authz_owner and of course recognize 'file-group', too.
127 #else /* APR_HAS_USER */
130 apr_status_t status = 0;
133 reason = "no filename available";
134 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
135 "Authorization of user %s to access %s failed, reason: %s",
136 r->user, r->uri, reason ? reason : "unknown");
140 status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
141 if (status != APR_SUCCESS) {
142 reason = apr_pstrcat(r->pool, "could not stat file ",
144 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
145 "Authorization of user %s to access %s failed, reason: %s",
146 r->user, r->uri, reason ? reason : "unknown");
150 if (!(finfo.valid & APR_FINFO_GROUP)) {
151 reason = "no file group information available";
152 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
153 "Authorization of user %s to access %s failed, reason: %s",
154 r->user, r->uri, reason ? reason : "unknown");
158 status = apr_gid_name_get(&group, finfo.group, r->pool);
159 if (status != APR_SUCCESS || !group) {
160 reason = "could not get name of file group";
161 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
162 "Authorization of user %s to access %s failed, reason: %s",
163 r->user, r->uri, reason ? reason : "unknown");
168 #endif /* APR_HAS_USER */
171 static const authz_provider authz_fileowner_provider =
173 &fileowner_check_authorization,
176 static void register_hooks(apr_pool_t *p)
178 APR_REGISTER_OPTIONAL_FN(authz_owner_get_file_group);
180 ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "file-owner", "0",
181 &authz_fileowner_provider);
184 module AP_MODULE_DECLARE_DATA authz_owner_module =
186 STANDARD20_MODULE_STUFF,
187 create_authz_owner_dir_config, /* dir config creater */
188 NULL, /* dir merger --- default is to override */
189 NULL, /* server config */
190 NULL, /* merge server config */
191 authz_owner_cmds, /* command apr_table_t */
192 register_hooks /* register hooks */