1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "apr_strings.h"
18 #include "apr_file_info.h"
21 #include "ap_config.h"
22 #include "ap_provider.h"
24 #include "http_config.h"
25 #include "http_core.h"
27 #include "http_protocol.h"
28 #include "http_request.h"
32 APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group
, (request_rec
*r
));
34 static const command_rec authz_owner_cmds
[] =
39 module AP_MODULE_DECLARE_DATA authz_owner_module
;
41 static authz_status
fileowner_check_authorization(request_rec
*r
,
42 const char *require_args
)
45 apr_status_t status
= 0;
48 reason
= "'Require file-owner' is not supported on this platform.";
49 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
50 "Authorization of user %s to access %s failed, reason: %s",
51 r
->user
, r
->uri
, reason
? reason
: "unknown");
53 #else /* APR_HAS_USER */
58 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, 0, r
,
59 "access to %s failed, reason: no authenticated user", r
->uri
);
64 reason
= "no filename available";
65 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
66 "Authorization of user %s to access %s failed, reason: %s",
67 r
->user
, r
->uri
, reason
? reason
: "unknown");
71 status
= apr_stat(&finfo
, r
->filename
, APR_FINFO_USER
, r
->pool
);
72 if (status
!= APR_SUCCESS
) {
73 reason
= apr_pstrcat(r
->pool
, "could not stat file ",
75 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
76 "Authorization of user %s to access %s failed, reason: %s",
77 r
->user
, r
->uri
, reason
? reason
: "unknown");
81 if (!(finfo
.valid
& APR_FINFO_USER
)) {
82 reason
= "no file owner information available";
83 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
84 "Authorization of user %s to access %s failed, reason: %s",
85 r
->user
, r
->uri
, reason
? reason
: "unknown");
89 status
= apr_uid_name_get(&owner
, finfo
.user
, r
->pool
);
90 if (status
!= APR_SUCCESS
|| !owner
) {
91 reason
= "could not get name of file owner";
92 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
93 "Authorization of user %s to access %s failed, reason: %s",
94 r
->user
, r
->uri
, reason
? reason
: "unknown");
98 if (strcmp(owner
, r
->user
)) {
99 reason
= apr_psprintf(r
->pool
, "file owner %s does not match.",
101 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
102 "Authorization of user %s to access %s failed, reason: %s",
103 r
->user
, r
->uri
, reason
? reason
: "unknown");
107 /* this user is authorized */
108 return AUTHZ_GRANTED
;
109 #endif /* APR_HAS_USER */
112 static char *authz_owner_get_file_group(request_rec
*r
)
116 /* file-group only figures out the file's group and lets
117 * other modules do the actual authorization (against a group file/db).
118 * Thus, these modules have to hook themselves after
119 * mod_authz_owner and of course recognize 'file-group', too.
123 #else /* APR_HAS_USER */
126 apr_status_t status
= 0;
129 reason
= "no filename available";
130 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
131 "Authorization of user %s to access %s failed, reason: %s",
132 r
->user
, r
->uri
, reason
? reason
: "unknown");
136 status
= apr_stat(&finfo
, r
->filename
, APR_FINFO_GROUP
, r
->pool
);
137 if (status
!= APR_SUCCESS
) {
138 reason
= apr_pstrcat(r
->pool
, "could not stat file ",
140 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
141 "Authorization of user %s to access %s failed, reason: %s",
142 r
->user
, r
->uri
, reason
? reason
: "unknown");
146 if (!(finfo
.valid
& APR_FINFO_GROUP
)) {
147 reason
= "no file group information available";
148 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
149 "Authorization of user %s to access %s failed, reason: %s",
150 r
->user
, r
->uri
, reason
? reason
: "unknown");
154 status
= apr_gid_name_get(&group
, finfo
.group
, r
->pool
);
155 if (status
!= APR_SUCCESS
|| !group
) {
156 reason
= "could not get name of file group";
157 ap_log_rerror(APLOG_MARK
, APLOG_ERR
, status
, r
,
158 "Authorization of user %s to access %s failed, reason: %s",
159 r
->user
, r
->uri
, reason
? reason
: "unknown");
164 #endif /* APR_HAS_USER */
167 static const authz_provider authz_fileowner_provider
=
169 &fileowner_check_authorization
,
172 static void register_hooks(apr_pool_t
*p
)
174 APR_REGISTER_OPTIONAL_FN(authz_owner_get_file_group
);
176 ap_register_auth_provider(p
, AUTHZ_PROVIDER_GROUP
, "file-owner",
177 AUTHZ_PROVIDER_VERSION
,
178 &authz_fileowner_provider
,
179 AP_AUTH_INTERNAL_PER_CONF
);
182 module AP_MODULE_DECLARE_DATA authz_owner_module
=
184 STANDARD20_MODULE_STUFF
,
185 NULL
, /* dir config creater */
186 NULL
, /* dir merger --- default is to override */
187 NULL
, /* server config */
188 NULL
, /* merge server config */
189 authz_owner_cmds
, /* command apr_table_t */
190 register_hooks
/* register hooks */