Apache HTTPD
mod_authz_owner.c
Go to the documentation of this file.
1/* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "apr_strings.h"
18#include "apr_file_info.h"
19#include "apr_user.h"
20
21#include "ap_config.h"
22#include "ap_provider.h"
23#include "httpd.h"
24#include "http_config.h"
25#include "http_core.h"
26#include "http_log.h"
27#include "http_protocol.h"
28#include "http_request.h"
29
30#include "mod_auth.h"
31#include "mod_authz_owner.h"
32
33static const command_rec authz_owner_cmds[] =
34{
35 {NULL}
36};
37
38module AP_MODULE_DECLARE_DATA authz_owner_module;
39
40static authz_status fileowner_check_authorization(request_rec *r,
41 const char *require_args,
42 const void *parsed_require_args)
43{
44 char *reason = NULL;
45 apr_status_t status = 0;
46
47#if !APR_HAS_USER
48 reason = "'Require file-owner' is not supported on this platform.";
49 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01632)
50 "Authorization of user %s to access %s failed, reason: %s",
51 r->user, r->uri, reason ? reason : "unknown");
52 return AUTHZ_DENIED;
53#else /* APR_HAS_USER */
54 char *owner = NULL;
55 apr_finfo_t finfo;
56
57 if (!r->user) {
58 return AUTHZ_DENIED_NO_USER;
59 }
60
61 if (!r->filename) {
62 reason = "no filename available";
63 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01633)
64 "Authorization of user %s to access %s failed, reason: %s",
65 r->user, r->uri, reason ? reason : "unknown");
66 return AUTHZ_DENIED;
67 }
68
69 status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
70 if (status != APR_SUCCESS) {
71 reason = apr_pstrcat(r->pool, "could not stat file ",
72 r->filename, NULL);
73 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01634)
74 "Authorization of user %s to access %s failed, reason: %s",
75 r->user, r->uri, reason ? reason : "unknown");
76 return AUTHZ_DENIED;
77 }
78
79 if (!(finfo.valid & APR_FINFO_USER)) {
80 reason = "no file owner information available";
81 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01635)
82 "Authorization of user %s to access %s failed, reason: %s",
83 r->user, r->uri, reason ? reason : "unknown");
84 return AUTHZ_DENIED;
85 }
86
87 status = apr_uid_name_get(&owner, finfo.user, r->pool);
88 if (status != APR_SUCCESS || !owner) {
89 reason = "could not get name of file owner";
90 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01636)
91 "Authorization of user %s to access %s failed, reason: %s",
92 r->user, r->uri, reason ? reason : "unknown");
93 return AUTHZ_DENIED;
94 }
95
96 if (strcmp(owner, r->user)) {
97 reason = apr_psprintf(r->pool, "file owner %s does not match.",
98 owner);
99 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01637)
100 "Authorization of user %s to access %s failed, reason: %s",
101 r->user, r->uri, reason ? reason : "unknown");
102 return AUTHZ_DENIED;
103 }
104
105 /* this user is authorized */
106 return AUTHZ_GRANTED;
107#endif /* APR_HAS_USER */
108}
109
110static char *authz_owner_get_file_group(request_rec *r)
111{
112 /* file-group only figures out the file's group and lets
113 * other modules do the actual authorization (against a group file/db).
114 * Thus, these modules have to hook themselves after
115 * mod_authz_owner and of course recognize 'file-group', too.
116 */
117#if !APR_HAS_USER
118 return NULL;
119#else /* APR_HAS_USER */
120 char *reason = NULL;
121 char *group = NULL;
122 apr_finfo_t finfo;
123 apr_status_t status = 0;
124
125 if (!r->filename) {
126 reason = "no filename available";
127 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01638)
128 "Authorization of user %s to access %s failed, reason: %s",
129 r->user, r->uri, reason ? reason : "unknown");
130 return NULL;
131 }
132
133 status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
134 if (status != APR_SUCCESS) {
135 reason = apr_pstrcat(r->pool, "could not stat file ",
136 r->filename, NULL);
137 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01639)
138 "Authorization of user %s to access %s failed, reason: %s",
139 r->user, r->uri, reason ? reason : "unknown");
140 return NULL;
141 }
142
143 if (!(finfo.valid & APR_FINFO_GROUP)) {
144 reason = "no file group information available";
145 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01640)
146 "Authorization of user %s to access %s failed, reason: %s",
147 r->user, r->uri, reason ? reason : "unknown");
148 return NULL;
149 }
150
151 status = apr_gid_name_get(&group, finfo.group, r->pool);
152 if (status != APR_SUCCESS || !group) {
153 reason = "could not get name of file group";
154 ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01641)
155 "Authorization of user %s to access %s failed, reason: %s",
156 r->user, r->uri, reason ? reason : "unknown");
157 return NULL;
158 }
159
160 return group;
161#endif /* APR_HAS_USER */
162}
163
169
179
180AP_DECLARE_MODULE(authz_owner) =
181{
182 STANDARD20_MODULE_STUFF,
183 NULL, /* dir config creater */
184 NULL, /* dir merger --- default is to override */
185 NULL, /* server config */
186 NULL, /* merge server config */
187 authz_owner_cmds, /* command apr_table_t */
188 register_hooks /* register hooks */
189};
ap_config.h
Symbol export macros and hook functions.
ap_provider.h
Apache Provider API.
apr_file_info.h
APR File Information.
apr_strings.h
APR Strings library.
apr_user.h
APR User ID Services.
AP_DECLARE_MODULE
#define AP_DECLARE_MODULE(foo)
Definition http_config.h:464
r
request_rec * r
Definition http_config.h:1168
APLOGNO
#define APLOGNO(n)
Definition http_log.h:117
ap_log_rerror
#define ap_log_rerror
Definition http_log.h:454
APLOG_ERR
#define APLOG_ERR
Definition http_log.h:67
APLOG_MARK
#define APLOG_MARK
Definition http_log.h:283
ap_register_auth_provider
apr_status_t ap_register_auth_provider(apr_pool_t *pool, const char *provider_group, const char *provider_name, const char *provider_version, const void *provider, int type)
Definition request.c:2179
AP_AUTH_INTERNAL_PER_CONF
#define AP_AUTH_INTERNAL_PER_CONF
Definition http_request.h:204
APR_REGISTER_OPTIONAL_FN
#define APR_REGISTER_OPTIONAL_FN(name)
Definition apr_optional.h:70
STANDARD20_MODULE_STUFF
#define STANDARD20_MODULE_STUFF
Definition http_config.h:486
size
apr_size_t size
Definition apr_allocator.h:115
APR_SUCCESS
#define APR_SUCCESS
Definition apr_errno.h:225
apr_status_t
int apr_status_t
Definition apr_errno.h:44
APR_FINFO_USER
#define APR_FINFO_USER
Definition apr_file_info.h:155
APR_FINFO_GROUP
#define APR_FINFO_GROUP
Definition apr_file_info.h:156
reason
int reason
Definition apr_thread_proc.h:759
status
int int status
Definition apr_thread_proc.h:760
http_config.h
Apache Configuration.
http_core.h
CORE HTTP Daemon.
http_log.h
Apache Logging library.
http_protocol.h
HTTP protocol handling.
http_request.h
Apache Request library.
httpd.h
HTTP Daemon routines.
p
apr_pool_t * p
Definition md_event.c:32
mod_auth.h
Authentication and Authorization Extension for Apache.
authz_status
authz_status
Definition mod_auth.h:72
AUTHZ_DENIED
@ AUTHZ_DENIED
Definition mod_auth.h:73
AUTHZ_DENIED_NO_USER
@ AUTHZ_DENIED_NO_USER
Definition mod_auth.h:77
AUTHZ_GRANTED
@ AUTHZ_GRANTED
Definition mod_auth.h:74
AUTHZ_PROVIDER_VERSION
#define AUTHZ_PROVIDER_VERSION
Definition mod_auth.h:42
AUTHZ_PROVIDER_GROUP
#define AUTHZ_PROVIDER_GROUP
Definition mod_auth.h:40
authz_owner_get_file_group
static apr_OFN_authz_owner_get_file_group_t * authz_owner_get_file_group
Definition mod_authz_dbm.c:237
fileowner_check_authorization
static authz_status fileowner_check_authorization(request_rec *r, const char *require_args, const void *parsed_require_args)
Definition mod_authz_owner.c:40
register_hooks
static void register_hooks(apr_pool_t *p)
Definition mod_authz_owner.c:170
authz_fileowner_provider
static const authz_provider authz_fileowner_provider
Definition mod_authz_owner.c:164
authz_owner_cmds
static const command_rec authz_owner_cmds[]
Definition mod_authz_owner.c:33
mod_authz_owner.h
NULL
return NULL
Definition mod_so.c:359
apr_finfo_t
Definition apr_file_info.h:174
apr_finfo_t::group
apr_gid_t group
Definition apr_file_info.h:190
apr_finfo_t::user
apr_uid_t user
Definition apr_file_info.h:188
apr_finfo_t::valid
apr_int32_t valid
Definition apr_file_info.h:179
apr_pool_t
Definition apr_pools.c:562
authz_provider
Definition mod_auth.h:103
command_struct
Definition http_config.h:204
request_rec
A structure that represents the current request.
Definition httpd.h:845
request_rec::user
char * user
Definition httpd.h:1005
request_rec::uri
char * uri
Definition httpd.h:1016
request_rec::pool
apr_pool_t * pool
Definition httpd.h:847
request_rec::filename
char * filename
Definition httpd.h:1018
Generated by doxygen 1.9.8