{
auth_config_rec *conf = apr_palloc(p, sizeof(*conf));
- conf->auth_pwfile = NULL; /* just to illustrate the default really */
- conf->auth_grpfile = NULL; /* unless you have a broken HP cc */
- conf->auth_authoritative = 1; /* keep the fortress secure by default */
+ conf->auth_pwfile = NULL; /* just to illustrate the default really */
+ conf->auth_grpfile = NULL; /* unless you have a broken HP cc */
+ conf->auth_authoritative = 1; /* keep the fortress secure by default */
return conf;
}
static const char *set_auth_slot(cmd_parms *cmd, void *offset, const char *f,
const char *t)
{
- if (t && strcmp(t, "standard"))
- return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
+ if (t && strcmp(t, "standard")) {
+ return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
+ }
return ap_set_file_slot(cmd, offset, f);
}
static const command_rec auth_cmds[] =
{
AP_INIT_TAKE12("AuthUserFile", set_auth_slot,
- (void *) APR_XtOffsetOf(auth_config_rec, auth_pwfile), OR_AUTHCFG,
- "text file containing user IDs and passwords"),
+ (void *) APR_XtOffsetOf(auth_config_rec, auth_pwfile),
+ OR_AUTHCFG, "text file containing user IDs and passwords"),
AP_INIT_TAKE12("AuthGroupFile", set_auth_slot,
- (void *) APR_XtOffsetOf(auth_config_rec, auth_grpfile), OR_AUTHCFG,
+ (void *) APR_XtOffsetOf(auth_config_rec, auth_grpfile),
+ OR_AUTHCFG,
"text file containing group names and member user IDs"),
AP_INIT_FLAG("AuthAuthoritative", ap_set_flag_slot,
(void *) APR_XtOffsetOf(auth_config_rec, auth_authoritative),
OR_AUTHCFG,
- "Set to 'no' to allow access control to be passed along to lower "
- "modules if the UserID is not known to this module"),
+ "Set to 'no' to allow access control to be passed along to "
+ "lower modules if the UserID is not known to this module"),
{NULL}
};
apr_status_t status;
if ((status = ap_pcfg_openfile(&f, r->pool, auth_pwfile)) != APR_SUCCESS) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
- "Could not open password file: %s", auth_pwfile);
- return NULL;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+ "Could not open password file: %s", auth_pwfile);
+ return NULL;
}
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
- if ((l[0] == '#') || (!l[0]))
- continue;
- rpw = l;
- w = ap_getword(r->pool, &rpw, ':');
-
- if (!strcmp(user, w)) {
- ap_cfg_closefile(f);
- return ap_getword(r->pool, &rpw, ':');
- }
+ if ((l[0] == '#') || (!l[0])) {
+ continue;
+ }
+ rpw = l;
+ w = ap_getword(r->pool, &rpw, ':');
+
+ if (!strcmp(user, w)) {
+ ap_cfg_closefile(f);
+ return ap_getword(r->pool, &rpw, ':');
+ }
}
ap_cfg_closefile(f);
return NULL;
apr_status_t status;
if ((status = ap_pcfg_openfile(&f, p, grpfile)) != APR_SUCCESS) {
-/*add? aplog_error(APLOG_MARK, APLOG_ERR, NULL,
- "Could not open group file: %s", grpfile);*/
- return NULL;
+/*add? aplog_error(APLOG_MARK, APLOG_ERR, NULL,
+ "Could not open group file: %s", grpfile);*/
+ return NULL;
}
apr_pool_create(&sp, p);
while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
- if ((l[0] == '#') || (!l[0]))
- continue;
- ll = l;
- apr_pool_clear(sp);
-
- group_name = ap_getword(sp, &ll, ':');
-
- while (ll[0]) {
- w = ap_getword_conf(sp, &ll);
- if (!strcmp(w, user)) {
- apr_table_setn(grps, apr_pstrdup(p, group_name), "in");
- break;
- }
- }
+ if ((l[0] == '#') || (!l[0])) {
+ continue;
+ }
+ ll = l;
+ apr_pool_clear(sp);
+
+ group_name = ap_getword(sp, &ll, ':');
+
+ while (ll[0]) {
+ w = ap_getword_conf(sp, &ll);
+ if (!strcmp(w, user)) {
+ apr_table_setn(grps, apr_pstrdup(p, group_name), "in");
+ break;
+ }
+ }
}
ap_cfg_closefile(f);
apr_pool_destroy(sp);
apr_status_t invalid_pw;
int res;
- if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
- return res;
+ if ((res = ap_get_basic_auth_pw(r, &sent_pw))) {
+ return res;
+ }
- if (!conf->auth_pwfile)
- return DECLINED;
+ if (!conf->auth_pwfile) {
+ return DECLINED;
+ }
if (!(real_pw = get_pw(r, r->user, conf->auth_pwfile))) {
- if (!(conf->auth_authoritative))
- return DECLINED;
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
- "user %s not found: %s", r->user, r->uri);
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
+ if (!(conf->auth_authoritative)) {
+ return DECLINED;
+ }
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ "user %s not found: %s", r->user, r->uri);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
}
invalid_pw = apr_password_validate(sent_pw, real_pw);
if (invalid_pw != APR_SUCCESS) {
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
- "user %s: authentication failure for \"%s\": "
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ "user %s: authentication failure for \"%s\": "
"Password Mismatch",
- r->user, r->uri);
- ap_note_basic_auth_failure(r);
- return HTTP_UNAUTHORIZED;
+ r->user, r->uri);
+ ap_note_basic_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
}
return OK;
}
/* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive,
* then any user will do.
*/
- if (!reqs_arr)
- return (OK);
- reqs = (require_line *) reqs_arr->elts;
+ if (!reqs_arr) {
+ return OK;
+ }
+ reqs = (require_line *)reqs_arr->elts;
- if (conf->auth_grpfile)
- grpstatus = groups_for_user(r->pool, user, conf->auth_grpfile);
- else
- grpstatus = NULL;
+ if (conf->auth_grpfile) {
+ grpstatus = groups_for_user(r->pool, user, conf->auth_grpfile);
+ }
+ else {
+ grpstatus = NULL;
+ }
for (x = 0; x < reqs_arr->nelts; x++) {
- if (!(reqs[x].method_mask & (AP_METHOD_BIT << m)))
- continue;
-
- method_restricted = 1;
-
- t = reqs[x].requirement;
- w = ap_getword_white(r->pool, &t);
- if (!strcmp(w, "valid-user"))
- return OK;
- if (!strcmp(w, "user")) {
- while (t[0]) {
- w = ap_getword_conf(r->pool, &t);
- if (!strcmp(user, w))
- return OK;
- }
- }
- else if (!strcmp(w, "group")) {
- if (!grpstatus)
- return DECLINED; /* DBM group? Something else? */
-
- while (t[0]) {
- w = ap_getword_conf(r->pool, &t);
- if (apr_table_get(grpstatus, w))
- return OK;
- }
- } else if (conf->auth_authoritative) {
- /* if we aren't authoritative, any require directive could be
- * valid even if we don't grok it. However, if we are
- * authoritative, we can warn the user they did something wrong.
- * That something could be a missing "AuthAuthoritative off", but
- * more likely is a typo in the require directive.
- */
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
- "access to %s failed, reason: unknown require directive:"
- "\"%s\"", r->uri, reqs[x].requirement);
- }
+ if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
+ continue;
+ }
+
+ method_restricted = 1;
+
+ t = reqs[x].requirement;
+ w = ap_getword_white(r->pool, &t);
+ if (!strcmp(w, "valid-user")) {
+ return OK;
+ }
+ if (!strcmp(w, "user")) {
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (!strcmp(user, w)) {
+ return OK;
+ }
+ }
+ }
+ else if (!strcmp(w, "group")) {
+ if (!grpstatus) {
+ return DECLINED; /* DBM group? Something else? */
+ }
+
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (apr_table_get(grpstatus, w)) {
+ return OK;
+ }
+ }
+ }
+ else if (conf->auth_authoritative) {
+ /* if we aren't authoritative, any require directive could be
+ * valid even if we don't grok it. However, if we are
+ * authoritative, we can warn the user they did something wrong.
+ * That something could be a missing "AuthAuthoritative off", but
+ * more likely is a typo in the require directive.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ "access to %s failed, reason: unknown require "
+ "directive:\"%s\"", r->uri, reqs[x].requirement);
+ }
}
- if (!method_restricted)
- return OK;
+ if (!method_restricted) {
+ return OK;
+ }
- if (!(conf->auth_authoritative))
- return DECLINED;
+ if (!(conf->auth_authoritative)) {
+ return DECLINED;
+ }
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
- "access to %s failed, reason: user %s not allowed access",
- r->uri, user);
-
+ "access to %s failed, reason: user %s not allowed access",
+ r->uri, user);
+
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
module AP_MODULE_DECLARE_DATA auth_module =
{
STANDARD20_MODULE_STUFF,
- create_auth_dir_config, /* dir config creater */
- NULL, /* dir merger --- default is to override */
- NULL, /* server config */
- NULL, /* merge server config */
- auth_cmds, /* command apr_table_t */
- register_hooks /* register hooks */
+ create_auth_dir_config, /* dir config creater */
+ NULL, /* dir merger --- default is to override */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ auth_cmds, /* command apr_table_t */
+ register_hooks /* register hooks */
};
projects / apache / commitdiff