You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2005/12/07 06:20:50 UTC

svn commit: r354717 - /httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c

Author: bnicholes
Date: Tue Dec  6 21:20:46 2005
New Revision: 354717

URL: http://svn.apache.org/viewcvs?rev=354717&view=rev
Log:
start conversion of mod_authz_owner

Modified:
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c?rev=354717&r1=354716&r2=354717&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c Tue Dec  6 21:20:46 2005
@@ -19,6 +19,7 @@
 #include "apr_user.h"
 
 #include "ap_config.h"
+#include "ap_provider.h"
 #include "httpd.h"
 #include "http_config.h"
 #include "http_core.h"
@@ -52,6 +53,7 @@
 
 module AP_MODULE_DECLARE_DATA authz_owner_module;
 
+#if 0
 static int check_file_owner(request_rec *r)
 {
     authz_owner_config_rec *conf = ap_get_module_config(r->per_dir_config,
@@ -221,9 +223,73 @@
     ap_note_auth_failure(r);
     return HTTP_UNAUTHORIZED;
 }
+#endif
+static authz_status fileowner_check_authorization(request_rec *r,
+                                             const char *require_args)
+{
+#if !APR_HAS_USER
+    if ((required_owner & ~1) && conf->authoritative) {
+        break;
+    }
+
+    required_owner |= 1; /* remember the requirement */
+    reason = "'Require file-owner' is not supported on this platform.";
+    continue;
+#else  /* APR_HAS_USER */
+    char *owner = NULL;
+    apr_finfo_t finfo;
+
+    if ((required_owner & ~1) && conf->authoritative) {
+        break;
+    }
+
+    required_owner |= 1; /* remember the requirement */
+
+    if (!r->filename) {
+        reason = "no filename available";
+        continue;
+    }
+
+    status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
+    if (status != APR_SUCCESS) {
+        reason = apr_pstrcat(r->pool, "could not stat file ",
+                                r->filename, NULL);
+        continue;
+    }
+
+    if (!(finfo.valid & APR_FINFO_USER)) {
+        reason = "no file owner information available";
+        continue;
+    }
+
+    status = apr_uid_name_get(&owner, finfo.user, r->pool);
+    if (status != APR_SUCCESS || !owner) {
+        reason = "could not get name of file owner";
+        continue;
+    }
+
+    if (strcmp(owner, r->user)) {
+        reason = apr_psprintf(r->pool, "file owner %s does not match.",
+                                owner);
+        continue;
+    }
+
+    /* this user is authorized */
+    return OK;
+#endif /* APR_HAS_USER */
+    }
+}
+
+static const authz_provider authz_fileowner_provider =
+{
+    &fileowner_check_authorization,
+};
 
 static void register_hooks(apr_pool_t *p)
 {
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "file-owner", "0",
+                         &authz_fileowner_provider);
+
     ap_hook_auth_checker(check_file_owner, NULL, NULL, APR_HOOK_MIDDLE);
 }