From 2ea3145c38e25f7f66a1d2d0d480763465db3dff Mon Sep 17 00:00:00 2001 From: Andrea Zagli Date: Mon, 18 Dec 2017 09:31:45 +0100 Subject: [PATCH] First build. --- configure.ac | 2 + src/mod_authz_zakautho.c | 181 +++++++++++++++++++++------------------ 2 files changed, 98 insertions(+), 85 deletions(-) diff --git a/configure.ac b/configure.ac index 0130aaf..8b554a5 100644 --- a/configure.ac +++ b/configure.ac @@ -35,6 +35,8 @@ fi # Checks for libraries. PKG_CHECK_MODULES(MOD_AUTHZ_ZAKAUTHO, [apr-1 apr-util-1 + libxml-2.0 + libgda-5.0 libzakautho]) AC_SUBST(MOD_AUTHZ_ZAKAUTHO_CFLAGS) diff --git a/src/mod_authz_zakautho.c b/src/mod_authz_zakautho.c index 22386bc..4626c3f 100644 --- a/src/mod_authz_zakautho.c +++ b/src/mod_authz_zakautho.c @@ -33,135 +33,146 @@ #include #endif -#include +#include static void register_hooks (apr_pool_t *pool); -static void *create_authn_zakauthe_dir_config (apr_pool_t *p, char *d); -static const char *set_option (cmd_parms *cmd, void *cfg, const char *arg1, const char *arg2); +static void *create_authz_zakautho_dir_config (apr_pool_t *p, char *d); /* Per-directory configuration */ typedef struct { - char *plugin_name; - GSList *sl_options; -} zakauthe_config; - -static const command_rec authn_zakauthe_cmds[] = + char *xml_filename; + char *db_cnc_string; + char *db_table_name_prefix; + char *role_name_prefix; + char *resource_name_prefix; +} zakautho_config; + +static const command_rec authz_zakautho_cmds[] = { - AP_INIT_TAKE1 ("AuthZakAuthePlugin", + AP_INIT_TAKE1 ("AuthZakAuthoXmlFilename", + ap_set_string_slot, + (void *)APR_OFFSETOF (zakautho_config, xml_filename), + OR_AUTHCFG, + "Full path of xml file from which load config"), + AP_INIT_TAKE1 ("AuthZakAuthoDbCncString", + ap_set_string_slot, + (void *)APR_OFFSETOF (zakautho_config, db_cnc_string), + OR_AUTHCFG, + "Connection string for database from which load config"), + AP_INIT_TAKE1 ("AuthZakAuthoDbTableNamePrefix", + ap_set_string_slot, + (void *)APR_OFFSETOF (zakautho_config, db_table_name_prefix), + OR_AUTHCFG, + "Table name prefix to use for database from which load config"), + AP_INIT_TAKE1 ("AuthZakAuthoRoleNamePrefix", ap_set_string_slot, - (void *)APR_OFFSETOF (zakauthe_config, plugin_name), + (void *)APR_OFFSETOF (zakautho_config, role_name_prefix), OR_AUTHCFG, - "Plugin with full path"), - AP_INIT_TAKE2 ("AuthZakAutheOption", - set_option, - NULL, + "Role name prefix"), + AP_INIT_TAKE1 ("AuthZakAuthoResourceNamePrefix", + ap_set_string_slot, + (void *)APR_OFFSETOF (zakautho_config, resource_name_prefix), OR_AUTHCFG, - "An option with the value"), + "Resource name prefix"), {NULL} }; -module AP_DECLARE_DATA authn_zakauthe_module = +module AP_DECLARE_DATA authz_zakautho_module = { STANDARD20_MODULE_STUFF, - create_authn_zakauthe_dir_config, /* dir config creater */ + create_authz_zakautho_dir_config, /* dir config creater */ NULL, /* dir merger --- default is to override */ NULL, /* server config */ NULL, /* merge server config */ - authn_zakauthe_cmds, /* command apr_table_t */ + authz_zakautho_cmds, /* command apr_table_t */ register_hooks /* register hooks */ }; -static authn_status -check_password (request_rec *r, - const char *user, - const char *password) +static authz_status +check_authorization (request_rec *r, + const char *require_args, + const void *parsed_require_args) { - authn_status ret; - - ZakAuthe *authe; - GSList *sl_authe_params; - GSList *sl_loop; - - zakauthe_config *config = (zakauthe_config *)ap_get_module_config (r->per_dir_config, &authn_zakauthe_module); + const char *err = NULL; + const ap_expr_info_t *expr = parsed_require_args; + const char *require; + + const char *t, *w; + + if (!r->user) { + return AUTHZ_DENIED_NO_USER; + } + + require = ap_expr_str_exec (r, expr, &err); + if (err) { + ap_log_rerror (APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594) + "authz_user authorize: require user: Can't " + "evaluate require expression: %s", err); + return AUTHZ_DENIED; + } + + t = require; + while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { + if (!strcmp(r->user, w)) { + return AUTHZ_GRANTED; + } + } - sl_authe_params = NULL; - sl_authe_params = g_slist_append (sl_authe_params, g_strdup (config->plugin_name)); + ap_log_rerror (APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01663) + "access to %s failed, reason: user '%s' does not meet " + "'require'ments for user to be allowed access", + r->uri, r->user); - sl_loop = g_slist_nth (config->sl_options, 0); - while (sl_loop != NULL) - { - sl_authe_params = g_slist_append (sl_authe_params, g_strdup ((const gchar *)sl_loop->data)); + return AUTHZ_DENIED; +} - sl_loop = g_slist_next (sl_loop); - } +static const char +*parse_config (cmd_parms *cmd, const char *require_line, + const void **parsed_require_line) +{ + const char *expr_err = NULL; + ap_expr_info_t *expr; - authe = zak_authe_new (); - - if (zak_authe_set_config (authe, sl_authe_params)) - { - if (zak_authe_authe_nogui (authe, user, password, NULL)) - { - ret = AUTH_GRANTED; - } - else - { - ret = AUTH_DENIED; - } - } - else - { - ret = AUTH_DENIED; - } + expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); - g_object_unref (authe); - g_slist_free_full (sl_authe_params, g_free); + if (expr_err) + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression in require line: ", + expr_err, NULL); - return ret; -} + *parsed_require_line = expr; -static authn_status -get_realm_hash (request_rec *r, - const char *user, - const char *realm, - char **rethash) -{ - return AUTH_GRANTED; + return NULL; } -static const authn_provider authn_zakauthe_provider = +static const authz_provider authz_zakautho_provider = { - &check_password, - &get_realm_hash, + &check_authorization, + &parse_config, }; static void register_hooks (apr_pool_t *pool) { - ap_register_auth_provider (pool, AUTHN_PROVIDER_GROUP, "zakauthe", - AUTHN_PROVIDER_VERSION, - &authn_zakauthe_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider (pool, AUTHZ_PROVIDER_GROUP, "zakautho", + AUTHZ_PROVIDER_VERSION, + &authz_zakautho_provider, AP_AUTH_INTERNAL_PER_CONF); } /* * Constructor for per-directory configuration */ static void * -create_authn_zakauthe_dir_config (apr_pool_t *p, char *d) +create_authz_zakautho_dir_config (apr_pool_t *p, char *d) { - zakauthe_config *conf = apr_pcalloc (p, sizeof (zakauthe_config)); + zakautho_config *conf = apr_pcalloc (p, sizeof (zakautho_config)); - conf->plugin_name = NULL; - conf->sl_options = NULL; + conf->xml_filename = NULL; + conf->db_cnc_string = NULL; + conf->db_table_name_prefix = NULL; + conf->role_name_prefix = NULL; + conf->resource_name_prefix = NULL; return conf; } - -static const char -*set_option (cmd_parms *cmd, void *cfg, const char *arg1, const char *arg2) -{ - zakauthe_config *conf = (zakauthe_config *)cfg; - - conf->sl_options = g_slist_append (conf->sl_options, (gpointer)g_strdup (arg2)); - - return NULL; -} -- 2.49.0