1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000-2004 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
60 * http_auth: authentication
64 * Adapted to Apache by rst.
66 * dirkx - Added Authoritative control to allow passing on to lower
67 * modules if and only if the userid is not known to this
68 * module. A known user with a faulty or absent password still
69 * causes an AuthRequired. The default is 'Authoritative', i.e.
70 * no control is passed along.
73 #include "apr_strings.h"
74 #include "apr_file_info.h"
77 #include "ap_config.h"
79 #include "http_config.h"
80 #include "http_core.h"
82 #include "http_protocol.h"
83 #include "http_request.h"
85 #include "mod_auth.h" /* for AUTHZ_GROUP_NOTE */
89 } authz_owner_config_rec;
91 static void *create_authz_owner_dir_config(apr_pool_t *p, char *d)
93 authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf));
95 conf->authoritative = 1; /* keep the fortress secure by default */
99 static const command_rec authz_owner_cmds[] =
101 AP_INIT_FLAG("AuthzOwnerAuthoritative", ap_set_flag_slot,
102 (void *)APR_OFFSETOF(authz_owner_config_rec, authoritative),
104 "Set to 'Off' to allow access control to be passed along to "
105 "lower modules. (default is On.)"),
109 module AP_MODULE_DECLARE_DATA authz_owner_module;
111 static int check_file_owner(request_rec *r)
113 authz_owner_config_rec *conf = ap_get_module_config(r->per_dir_config,
114 &authz_owner_module);
115 int m = r->method_number;
118 const apr_array_header_t *reqs_arr = ap_requires(r);
120 int required_owner = 0;
121 apr_status_t status = 0;
128 reqs = (require_line *)reqs_arr->elts;
129 for (x = 0; x < reqs_arr->nelts; x++) {
131 /* if authoritative = On then break if a require already failed. */
132 if (reason && conf->authoritative) {
136 if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
140 t = reqs[x].requirement;
141 w = ap_getword_white(r->pool, &t);
143 if (!strcmp(w, "file-owner")) {
145 if ((required_owner & ~1) && conf->authoritative) {
149 required_owner |= 1; /* remember the requirement */
150 reason = "'Require file-owner' is not supported on this platform.";
152 #else /* APR_HAS_USER */
156 if ((required_owner & ~1) && conf->authoritative) {
160 required_owner |= 1; /* remember the requirement */
163 reason = "no filename available";
167 status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
168 if (status != APR_SUCCESS) {
169 reason = apr_pstrcat(r->pool, "could not stat file ",
174 if (!(finfo.valid & APR_FINFO_USER)) {
175 reason = "no file owner information available";
179 status = apr_uid_name_get(&owner, finfo.user, r->pool);
180 if (status != APR_SUCCESS || !owner) {
181 reason = "could not get name of file owner";
185 if (strcmp(owner, r->user)) {
186 reason = apr_psprintf(r->pool, "file owner %s does not match.",
191 /* this user is authorized */
193 #endif /* APR_HAS_USER */
196 /* file-group only figures out the file's group and lets
197 * other modules do the actual authorization (against a group file/db).
198 * Thus, these modules have to hook themselves after
199 * mod_authz_owner and of course recognize 'file-group', too.
201 if (!strcmp(w, "file-group")) {
203 if ((required_owner & ~6) && conf->authoritative) {
207 required_owner |= 2; /* remember the requirement */
208 reason = "'Require file-group' is not supported on this platform.";
210 #else /* APR_HAS_USER */
214 if ((required_owner & ~6) && conf->authoritative) {
218 required_owner |= 2; /* remember the requirement */
221 reason = "no filename available";
225 status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
226 if (status != APR_SUCCESS) {
227 reason = apr_pstrcat(r->pool, "could not stat file ",
232 if (!(finfo.valid & APR_FINFO_GROUP)) {
233 reason = "no file group information available";
237 status = apr_gid_name_get(&group, finfo.group, r->pool);
238 if (status != APR_SUCCESS || !group) {
239 reason = "could not get name of file group";
243 /* store group name in a note and let others decide... */
244 apr_table_setn(r->notes, AUTHZ_GROUP_NOTE, group);
247 #endif /* APR_HAS_USER */
251 if (!required_owner || !conf->authoritative) {
255 /* allow file-group passed to group db modules either if this is the
256 * only applicable requirement here or if a file-owner failed but we're
258 * This allows configurations like:
260 * AuthzOwnerAuthoritative Off
264 * with the semantical meaning of "either owner or group must match"
267 * [ 6 == 2 | 4; 7 == 1 | 2 | 4 ] should I use #defines instead?
269 if (required_owner == 6 || (required_owner == 7 && !conf->authoritative)) {
273 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
274 "Authorization of user %s to access %s failed, reason: %s",
275 r->user, r->uri, reason ? reason : "unknown");
277 ap_note_auth_failure(r);
278 return HTTP_UNAUTHORIZED;
281 static void register_hooks(apr_pool_t *p)
283 ap_hook_auth_checker(check_file_owner, NULL, NULL, APR_HOOK_MIDDLE);
286 module AP_MODULE_DECLARE_DATA authz_owner_module =
288 STANDARD20_MODULE_STUFF,
289 create_authz_owner_dir_config, /* dir config creater */
290 NULL, /* dir merger --- default is to override */
291 NULL, /* server config */
292 NULL, /* merge server config */
293 authz_owner_cmds, /* command apr_table_t */
294 register_hooks /* register hooks */