#include <config.h>
#endif
-#include <libzakautho/libzakautho.h>
+#include <libzakautho/autho.h>
static void register_hooks (apr_pool_t *pool);
-static void *create_authn_zakauthe_dir_config (apr_pool_t *p, char *d);
-static const char *set_option (cmd_parms *cmd, void *cfg, const char *arg1, const char *arg2);
+static void *create_authz_zakautho_dir_config (apr_pool_t *p, char *d);
/* Per-directory configuration */
typedef struct {
- char *plugin_name;
- GSList *sl_options;
-} zakauthe_config;
-
-static const command_rec authn_zakauthe_cmds[] =
+ char *xml_filename;
+ char *db_cnc_string;
+ char *db_table_name_prefix;
+ char *role_name_prefix;
+ char *resource_name_prefix;
+} zakautho_config;
+
+static const command_rec authz_zakautho_cmds[] =
{
- AP_INIT_TAKE1 ("AuthZakAuthePlugin",
+ AP_INIT_TAKE1 ("AuthZakAuthoXmlFilename",
+ ap_set_string_slot,
+ (void *)APR_OFFSETOF (zakautho_config, xml_filename),
+ OR_AUTHCFG,
+ "Full path of xml file from which load config"),
+ AP_INIT_TAKE1 ("AuthZakAuthoDbCncString",
+ ap_set_string_slot,
+ (void *)APR_OFFSETOF (zakautho_config, db_cnc_string),
+ OR_AUTHCFG,
+ "Connection string for database from which load config"),
+ AP_INIT_TAKE1 ("AuthZakAuthoDbTableNamePrefix",
+ ap_set_string_slot,
+ (void *)APR_OFFSETOF (zakautho_config, db_table_name_prefix),
+ OR_AUTHCFG,
+ "Table name prefix to use for database from which load config"),
+ AP_INIT_TAKE1 ("AuthZakAuthoRoleNamePrefix",
ap_set_string_slot,
- (void *)APR_OFFSETOF (zakauthe_config, plugin_name),
+ (void *)APR_OFFSETOF (zakautho_config, role_name_prefix),
OR_AUTHCFG,
- "Plugin with full path"),
- AP_INIT_TAKE2 ("AuthZakAutheOption",
- set_option,
- NULL,
+ "Role name prefix"),
+ AP_INIT_TAKE1 ("AuthZakAuthoResourceNamePrefix",
+ ap_set_string_slot,
+ (void *)APR_OFFSETOF (zakautho_config, resource_name_prefix),
OR_AUTHCFG,
- "An option with the value"),
+ "Resource name prefix"),
{NULL}
};
-module AP_DECLARE_DATA authn_zakauthe_module =
+module AP_DECLARE_DATA authz_zakautho_module =
{
STANDARD20_MODULE_STUFF,
- create_authn_zakauthe_dir_config, /* dir config creater */
+ create_authz_zakautho_dir_config, /* dir config creater */
NULL, /* dir merger --- default is to override */
NULL, /* server config */
NULL, /* merge server config */
- authn_zakauthe_cmds, /* command apr_table_t */
+ authz_zakautho_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};
-static authn_status
-check_password (request_rec *r,
- const char *user,
- const char *password)
+static authz_status
+check_authorization (request_rec *r,
+ const char *require_args,
+ const void *parsed_require_args)
{
- authn_status ret;
-
- ZakAuthe *authe;
- GSList *sl_authe_params;
- GSList *sl_loop;
-
- zakauthe_config *config = (zakauthe_config *)ap_get_module_config (r->per_dir_config, &authn_zakauthe_module);
+ const char *err = NULL;
+ const ap_expr_info_t *expr = parsed_require_args;
+ const char *require;
+
+ const char *t, *w;
+
+ if (!r->user) {
+ return AUTHZ_DENIED_NO_USER;
+ }
+
+ require = ap_expr_str_exec (r, expr, &err);
+ if (err) {
+ ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594)
+ "authz_user authorize: require user: Can't "
+ "evaluate require expression: %s", err);
+ return AUTHZ_DENIED;
+ }
+
+ t = require;
+ while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+ if (!strcmp(r->user, w)) {
+ return AUTHZ_GRANTED;
+ }
+ }
- sl_authe_params = NULL;
- sl_authe_params = g_slist_append (sl_authe_params, g_strdup (config->plugin_name));
+ ap_log_rerror (APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01663)
+ "access to %s failed, reason: user '%s' does not meet "
+ "'require'ments for user to be allowed access",
+ r->uri, r->user);
- sl_loop = g_slist_nth (config->sl_options, 0);
- while (sl_loop != NULL)
- {
- sl_authe_params = g_slist_append (sl_authe_params, g_strdup ((const gchar *)sl_loop->data));
+ return AUTHZ_DENIED;
+}
- sl_loop = g_slist_next (sl_loop);
- }
+static const char
+*parse_config (cmd_parms *cmd, const char *require_line,
+ const void **parsed_require_line)
+{
+ const char *expr_err = NULL;
+ ap_expr_info_t *expr;
- authe = zak_authe_new ();
-
- if (zak_authe_set_config (authe, sl_authe_params))
- {
- if (zak_authe_authe_nogui (authe, user, password, NULL))
- {
- ret = AUTH_GRANTED;
- }
- else
- {
- ret = AUTH_DENIED;
- }
- }
- else
- {
- ret = AUTH_DENIED;
- }
+ expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+ &expr_err, NULL);
- g_object_unref (authe);
- g_slist_free_full (sl_authe_params, g_free);
+ if (expr_err)
+ return apr_pstrcat(cmd->temp_pool,
+ "Cannot parse expression in require line: ",
+ expr_err, NULL);
- return ret;
-}
+ *parsed_require_line = expr;
-static authn_status
-get_realm_hash (request_rec *r,
- const char *user,
- const char *realm,
- char **rethash)
-{
- return AUTH_GRANTED;
+ return NULL;
}
-static const authn_provider authn_zakauthe_provider =
+static const authz_provider authz_zakautho_provider =
{
- &check_password,
- &get_realm_hash,
+ &check_authorization,
+ &parse_config,
};
static void
register_hooks (apr_pool_t *pool)
{
- ap_register_auth_provider (pool, AUTHN_PROVIDER_GROUP, "zakauthe",
- AUTHN_PROVIDER_VERSION,
- &authn_zakauthe_provider, AP_AUTH_INTERNAL_PER_CONF);
+ ap_register_auth_provider (pool, AUTHZ_PROVIDER_GROUP, "zakautho",
+ AUTHZ_PROVIDER_VERSION,
+ &authz_zakautho_provider, AP_AUTH_INTERNAL_PER_CONF);
}
/*
* Constructor for per-directory configuration
*/
static void *
-create_authn_zakauthe_dir_config (apr_pool_t *p, char *d)
+create_authz_zakautho_dir_config (apr_pool_t *p, char *d)
{
- zakauthe_config *conf = apr_pcalloc (p, sizeof (zakauthe_config));
+ zakautho_config *conf = apr_pcalloc (p, sizeof (zakautho_config));
- conf->plugin_name = NULL;
- conf->sl_options = NULL;
+ conf->xml_filename = NULL;
+ conf->db_cnc_string = NULL;
+ conf->db_table_name_prefix = NULL;
+ conf->role_name_prefix = NULL;
+ conf->resource_name_prefix = NULL;
return conf;
}
-
-static const char
-*set_option (cmd_parms *cmd, void *cfg, const char *arg1, const char *arg2)
-{
- zakauthe_config *conf = (zakauthe_config *)cfg;
-
- conf->sl_options = g_slist_append (conf->sl_options, (gpointer)g_strdup (arg2));
-
- return NULL;
-}
projects / zakautho / mod_authz / commitdiff