1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
60 * mod_userdir... implement the UserDir command. Broken away from the
61 * Alias stuff for a couple of good and not-so-good reasons:
63 * 1) It shows a real minimal working example of how to do something like
65 * 2) I know people who are actually interested in changing this *particular*
66 * aspect of server functionality without changing the rest of it. That's
67 * what this whole modular arrangement is supposed to be good at...
69 * Modified by Alexei Kosut to support the following constructs
70 * (server running at www.foo.com, request for /~bar/one/two.html)
72 * UserDir public_html -> ~bar/public_html/one/two.html
73 * UserDir /usr/web -> /usr/web/bar/one/two.html
74 * UserDir /home/ * /www -> /home/bar/www/one/two.html
75 * NOTE: theses ^ ^ space only added allow it to work in a comment, ignore
76 * UserDir http://x/users -> (302) http://x/users/bar/one/two.html
77 * UserDir http://x/ * /y -> (302) http://x/bar/y/one/two.html
80 * In addition, you can use multiple entries, to specify alternate
81 * user directories (a la Directory Index). For example:
83 * UserDir public_html /usr/web http://www.xyz.com/users
85 * Modified by Ken Coar to provide for the following:
87 * UserDir disable[d] username ...
88 * UserDir enable[d] username ...
90 * If "disabled" has no other arguments, *all* ~<username> references are
91 * disabled, except those explicitly turned on with the "enabled" keyword.
94 #if !defined(WIN32) && !defined(OS2) && !defined(BEOS)
95 #define HAVE_UNIX_SUEXEC
98 #include "apr_strings.h"
99 #include "ap_config.h"
101 #include "http_config.h"
102 #include "http_request.h"
103 #ifdef HAVE_UNIX_SUEXEC
104 #include "unixd.h" /* Contains the suexec_identity hook used on Unix */
112 #ifdef HAVE_STRINGS_H
116 /* The default directory in user's home dir */
117 #ifndef DEFAULT_USER_DIR
118 #define DEFAULT_USER_DIR "public_html"
121 module userdir_module;
123 typedef struct userdir_config {
124 int globally_disabled;
126 apr_table_t *enabled_users;
127 apr_table_t *disabled_users;
131 * Server config for this module: global disablement flag, a list of usernames
132 * ineligible for UserDir access, a list of those immune to global (but not
133 * explicit) disablement, and the replacement string for all others.
136 static void *create_userdir_config(apr_pool_t *p, server_rec *s)
139 * newcfg = (userdir_config *) apr_pcalloc(p, sizeof(userdir_config));
141 newcfg->globally_disabled = 0;
142 newcfg->userdir = DEFAULT_USER_DIR;
143 newcfg->enabled_users = apr_make_table(p, 4);
144 newcfg->disabled_users = apr_make_table(p, 4);
145 return (void *) newcfg;
152 static const char *set_user_dir(cmd_parms *cmd, void *dummy, const char *arg)
155 * s_cfg = (userdir_config *) ap_get_module_config
157 cmd->server->module_config,
163 char *kw = ap_getword_conf(cmd->pool, &usernames);
164 apr_table_t *usertable;
167 * Let's do the comparisons once.
169 if ((!strcasecmp(kw, "disable")) || (!strcasecmp(kw, "disabled"))) {
171 * If there are no usernames specified, this is a global disable - we
172 * need do no more at this point than record the fact.
174 if (strlen(usernames) == 0) {
175 s_cfg->globally_disabled = 1;
178 usertable = s_cfg->disabled_users;
180 else if ((!strcasecmp(kw, "enable")) || (!strcasecmp(kw, "enabled"))) {
182 * The "disable" keyword can stand alone or take a list of names, but
183 * the "enable" keyword requires the list. Whinge if it doesn't have
186 if (strlen(usernames) == 0) {
187 return "UserDir \"enable\" keyword requires a list of usernames";
189 usertable = s_cfg->enabled_users;
193 * If the first (only?) value isn't one of our keywords, just copy
194 * the string to the userdir string.
196 s_cfg->userdir = apr_pstrdup(cmd->pool, arg);
200 * Now we just take each word in turn from the command line and add it to
201 * the appropriate table.
204 username = ap_getword_conf(cmd->pool, &usernames);
205 apr_table_setn(usertable, username, kw);
210 static const command_rec userdir_cmds[] = {
211 AP_INIT_RAW_ARGS("UserDir", set_user_dir, NULL, RSRC_CONF,
212 "the public subdirectory in users' home directories, or "
213 "'disabled', or 'disabled username username...', or "
214 "'enabled username username...'"),
218 static int translate_userdir(request_rec *r)
220 void *server_conf = r->server->module_config;
221 const userdir_config *s_cfg =
222 (userdir_config *) ap_get_module_config(server_conf, &userdir_module);
224 const char *userdirs = s_cfg->userdir;
225 const char *w, *dname;
231 * If the URI doesn't match our basic pattern, we've nothing to do with
235 (s_cfg->userdir == NULL) ||
243 w = ap_getword(r->pool, &dname, '/');
246 * The 'dname' funny business involves backing it up to capture the '/'
247 * delimiting the "/~user" part from the rest of the URL, in case there
248 * was one (the case where there wasn't being just "GET /~user HTTP/1.0",
249 * for which we don't want to tack on a '/' onto the filename).
252 if (dname[-1] == '/') {
257 * If there's no username, it's not for us. Ignore . and .. as well.
259 if (w[0] == '\0' || (w[1] == '.' && (w[2] == '\0' || (w[2] == '.' && w[3] == '\0')))) {
263 * Nor if there's an username but it's in the disabled list.
265 if (apr_table_get(s_cfg->disabled_users, w) != NULL) {
269 * If there's a global interdiction on UserDirs, check to see if this
270 * name is one of the Blessed.
273 s_cfg->globally_disabled &&
274 (apr_table_get(s_cfg->enabled_users, w) == NULL)
280 * Special cases all checked, onward to normal substitution processing.
284 const char *userdir = ap_getword_conf(r->pool, &userdirs);
285 char *filename = NULL;
287 if (ap_strchr_c(userdir, '*'))
288 x = ap_getword(r->pool, &userdir, '*');
290 if (userdir[0] == '\0' || ap_os_is_path_absolute(userdir)) {
292 #ifdef HAVE_DRIVE_LETTERS
294 * Crummy hack. Need to figure out whether we have been
295 * redirected to a URL or to a file on some drive. Since I
296 * know of no protocols that are a single letter, ignore
297 * a : as the first or second character, and assume a file
300 * XXX: Still no good for NETWARE, since : is embedded (sys:/home)
302 if (strchr(x + 2, ':'))
305 #endif /* HAVE_DRIVE_LETTERS */
307 redirect = apr_pstrcat(r->pool, x, w, userdir, dname, NULL);
308 apr_table_setn(r->headers_out, "Location", redirect);
309 return HTTP_MOVED_TEMPORARILY;
312 filename = apr_pstrcat(r->pool, x, w, userdir, NULL);
315 filename = apr_pstrcat(r->pool, userdir, "/", w, NULL);
317 else if (ap_strchr_c(userdir, ':')) {
318 redirect = apr_pstrcat(r->pool, userdir, "/", w, dname, NULL);
319 apr_table_setn(r->headers_out, "Location", redirect);
320 return HTTP_MOVED_TEMPORARILY;
324 /* Need to figure out home dirs on NT */
329 #if APR_HAS_THREADS && defined(_POSIX_THREAD_SAFE_FUNCTIONS)
331 size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
332 char *buf = apr_pcalloc(r->pool, buflen);
334 if (!getpwnam_r(w, &pwd, buf, buflen, &pw)) {
336 if ((pw = getpwnam(w))) {
339 /* Need to manually add user name for OS/2 */
340 filename = apr_pstrcat(r->pool, pw->pw_dir, w, "/", userdir, NULL);
342 filename = apr_pstrcat(r->pool, pw->pw_dir, "/", userdir, NULL);
349 * Now see if it exists, or we're at the last entry. If we are at the
350 * last entry, then use the filename generated (if there is one)
351 * anyway, in the hope that some handler might handle it. This can be
352 * used, for example, to run a CGI script for the user.
354 if (filename && (!*userdirs ||
355 apr_stat(&statbuf, filename, r->pool) == APR_SUCCESS)) {
356 r->filename = apr_pstrcat(r->pool, filename, dname, NULL);
357 /* when statbuf contains info on r->filename we can save a syscall
358 * by copying it to r->finfo
360 if (*userdirs && dname[0] == 0)
363 /* For use in the get_suexec_identity phase */
364 apr_table_setn(r->notes, "mod_userdir_user", w);
373 #ifdef HAVE_UNIX_SUEXEC
374 static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r)
376 const char *username = apr_table_get(r->notes, "mod_userdir_user");
377 struct passwd *pw = NULL;
378 ap_unix_identity_t *ugid = NULL;
380 if (username == NULL) {
384 if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t *))) == NULL) {
388 ugid->uid = pw->pw_uid;
389 ugid->gid = pw->pw_gid;
393 #endif /* HAVE_UNIX_SUEXEC */
395 static void register_hooks(void)
397 static const char * const aszSucc[]={ "mod_alias.c",NULL };
399 ap_hook_translate_name(translate_userdir,NULL,aszSucc,AP_HOOK_MIDDLE);
400 #ifdef HAVE_UNIX_SUEXEC
401 ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,AP_HOOK_MIDDLE);
405 module userdir_module = {
406 STANDARD20_MODULE_STUFF,
407 NULL, /* dir config creater */
408 NULL, /* dir merger --- default is to override */
409 create_userdir_config, /* server config */
410 NULL, /* merge server config */
411 userdir_cmds, /* command apr_table_t */
413 register_hooks /* register hooks */