Tue, 10 Nov 2015 21:18:51 +0100
merge
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2013 Olaf Wintermann. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include <ucx/string.h> #include "pathcheck.h" #include "../util/pblock.h" #include "../daemon/config.h" #include "../daemon/acl.h" #include "../daemon/acldata.h" #include "../daemon/session.h" #include "../daemon/vserver.h" #include "../config/acl.h" int require_auth(pblock *pb, Session *sn, Request *rq) { char *user = pblock_findkeyval(pb_key_auth_user, rq->vars); if(user == NULL) { pblock_nvinsert( "www-authenticate", "Basic realm=\"Webserver\"", rq->srvhdrs); protocol_status(sn, rq, PROTOCOL_UNAUTHORIZED, NULL); return REQ_ABORTED; } return REQ_PROCEED; } int require_access(pblock *pb, Session *sn, Request *rq) { char *mask_str = pblock_findval("mask", rq->vars); if(!mask_str) { log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter"); protocol_status(sn, rq, 500, NULL); return REQ_ABORTED; } uint32_t access_mask = 0; ssize_t n = 0; sstr_t *rights = sstrsplit(sstr(mask_str), sstrn(",", 1), &n); for(int i=0;i<n;i++) { sstr_t right = rights[i]; access_mask = access_mask | accstr2int(right); } return REQ_PROCEED; } int append_acl(pblock *pb, Session *sn, Request *rq) { const VirtualServer *vs = request_get_vs(rq); WS_ASSERT(vs); char *aclname = pblock_findval("acl", pb); if(aclname) { ACLList *acl = acl_get(vs->acls, aclname); if(!acl) { log_ereport( LOG_MISCONFIG, "append-acl: acl %s not found", aclname); protocol_status(sn, rq, 500, NULL); return REQ_ABORTED; } acllist_append(sn, rq, acl); } return REQ_PROCEED; } int check_acl(pblock *pb, Session *sn, Request *rq) { int access_mask = ACL_READ_DATA; // TODO: check method and path int ret = acl_evaluate(sn, rq, access_mask); if(ret == REQ_ABORTED) { // TODO: status, error, ... return REQ_ABORTED; } return REQ_PROCEED; }