Changeset 2591 for trunk/server/common/oursrc/httpdmods
- Timestamp:
- Aug 27, 2014, 10:06:17 PM (10 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
-
. (modified) (1 prop)
-
server/common/oursrc/httpdmods/mod_authz_afsgroup.c (modified) (4 diffs)
-
server/common/oursrc/httpdmods/mod_original_dst.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk
- Property svn:mergeinfo changed
-
trunk/server/common/oursrc/httpdmods/mod_authz_afsgroup.c
r236 r2591 13 13 14 14 #include "ap_config.h" 15 #include "ap_provider.h" 15 16 #include "httpd.h" 16 17 #include "http_config.h" … … 19 20 #include "http_protocol.h" 20 21 #include "http_request.h" 22 23 #include "mod_auth.h" 21 24 22 25 #include <unistd.h> … … 48 51 module AP_MODULE_DECLARE_DATA authz_afsgroup_module; 49 52 50 static int check_afsgroup_access(request_rec *r) 53 static authz_status is_user_in_afsgroup(request_rec *r, char* user, char* afsgroup) 54 { 55 int pfd[2]; 56 pid_t cpid; 57 int status; 58 FILE *fp; 59 char *line = NULL; 60 char buf[256]; 61 size_t len = 0; 62 ssize_t read; 63 int found = 0; 64 if (pipe(pfd) == -1) { 65 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 66 "pipe() failed!"); 67 return AUTHZ_GENERAL_ERROR; 68 } 69 cpid = fork(); 70 if (cpid == -1) { 71 close(pfd[0]); 72 close(pfd[1]); 73 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 74 "fork() failed!"); 75 return AUTHZ_GENERAL_ERROR; 76 } 77 if (cpid == 0) { 78 close(pfd[0]); 79 dup2(pfd[1], STDOUT_FILENO); 80 execve("/usr/bin/pts", 81 (char *const[]) 82 { "pts", "membership", "-nameorid", afsgroup, NULL }, 83 NULL); 84 _exit(1); 85 } 86 close(pfd[1]); 87 fp = fdopen(pfd[0], "r"); 88 if (fp == NULL) { 89 close(pfd[0]); 90 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 91 "fdopen() failed!"); 92 return AUTHZ_GENERAL_ERROR; 93 } 94 if (snprintf(buf, sizeof(buf), " %s\n", user) >= sizeof(buf)) { 95 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 96 "access to %s failed, reason: username '%s' " 97 "is too long!", 98 r->uri, user); 99 return AUTHZ_DENIED; 100 } 101 while ((read = getline(&line, &len, fp)) != -1) { 102 if (strcmp(line, buf) == 0) 103 found = 1; 104 } 105 if (line) 106 free(line); 107 fclose(fp); 108 if (waitpid(cpid, &status, 0) == -1) { 109 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 110 "waitpid() failed!"); 111 return AUTHZ_GENERAL_ERROR; 112 } 113 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { 114 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 115 "`pts membership -nameorid %s` failed!", 116 afsgroup); 117 return AUTHZ_GENERAL_ERROR; 118 } 119 if (found) 120 return AUTHZ_GRANTED; 121 122 return AUTHZ_DENIED; 123 } 124 125 static authz_status check_afsgroup_access(request_rec *r, 126 const char *require_line, 127 const void *parsed_require_line) 51 128 { 52 129 authz_afsgroup_config_rec *conf = ap_get_module_config(r->per_dir_config, 53 130 &authz_afsgroup_module); 54 char *user = r->user;55 int m = r->method_number;56 int required_afsgroup = 0;57 register int x;58 131 const char *t; 59 132 char *w; 60 const apr_array_header_t *reqs_arr = ap_requires(r); 61 require_line *reqs; 133 authz_status pergroup; 62 134 63 if (!reqs_arr) { 64 return DECLINED; 65 } 66 reqs = (require_line *)reqs_arr->elts; 67 68 for (x = 0; x < reqs_arr->nelts; x++) { 69 70 if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { 71 continue; 72 } 73 74 t = reqs[x].requirement; 75 w = ap_getword_white(r->pool, &t); 76 if (!strcasecmp(w, "afsgroup")) { 77 required_afsgroup = 1; 78 while (t[0]) { 79 int pfd[2]; 80 pid_t cpid; 81 int status; 82 FILE *fp; 83 char *line = NULL; 84 char buf[256]; 85 size_t len = 0; 86 ssize_t read; 87 int found = 0; 88 w = ap_getword_conf(r->pool, &t); 89 if (pipe(pfd) == -1) { 90 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 91 "pipe() failed!"); 92 return HTTP_INTERNAL_SERVER_ERROR; 93 } 94 cpid = fork(); 95 if (cpid == -1) { 96 close(pfd[0]); 97 close(pfd[1]); 98 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 99 "fork() failed!"); 100 return HTTP_INTERNAL_SERVER_ERROR; 101 } 102 if (cpid == 0) { 103 close(pfd[0]); 104 dup2(pfd[1], STDOUT_FILENO); 105 execve("/usr/bin/pts", 106 (char *const[]) { 107 "pts", "membership", "-nameorid", w, NULL 108 }, 109 NULL); 110 _exit(1); 111 } 112 close(pfd[1]); 113 fp = fdopen(pfd[0], "r"); 114 if (fp == NULL) { 115 close(pfd[0]); 116 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 117 "fdopen() failed!"); 118 return HTTP_INTERNAL_SERVER_ERROR; 119 } 120 if (snprintf(buf, sizeof(buf), " %s\n", user) >= sizeof(buf)) { 121 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 122 "access to %s failed, reason: username '%s' " 123 "is too long!", 124 r->uri, user); 125 continue; 126 } 127 while ((read = getline(&line, &len, fp)) != -1) { 128 if (strcmp(line, buf) == 0) 129 found = 1; 130 } 131 if (line) 132 free(line); 133 fclose(fp); 134 if (waitpid(cpid, &status, 0) == -1) { 135 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 136 "waitpid() failed!"); 137 return HTTP_INTERNAL_SERVER_ERROR; 138 } 139 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { 140 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 141 "`pts membership -nameorid %s` failed!", 142 w); 143 return HTTP_INTERNAL_SERVER_ERROR; 144 } 145 if (found) 146 return OK; 147 } 148 } 135 if (!r->user) { 136 return AUTHZ_DENIED_NO_USER; 149 137 } 150 138 151 if (!required_afsgroup) { 152 return DECLINED; 139 t = require_line; 140 while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { 141 if ((pergroup = is_user_in_afsgroup(r, r->user, w)) != AUTHZ_DENIED) { 142 // If we got some return value other than AUTHZ_DENIED, it 143 // means we either got GRANTED, or some sort of error, and 144 // we need to bubble that up. 145 return pergroup; 146 } 153 147 } 154 148 155 149 if (!conf->authoritative) { 156 return DECLINED;150 return AUTHZ_NEUTRAL; 157 151 } 158 152 … … 160 154 "access to %s failed, reason: user '%s' does not meet " 161 155 "'require'ments for afsgroup to be allowed access", 162 r->uri, user);156 r->uri, r->user); 163 157 164 ap_note_auth_failure(r); 165 return HTTP_FORBIDDEN; 158 return AUTHZ_DENIED; 166 159 } 160 161 static const authz_provider authz_afsgroup_provider = 162 { 163 &check_afsgroup_access, 164 NULL, 165 }; 167 166 168 167 static void register_hooks(apr_pool_t *p) 169 168 { 170 ap_hook_auth_checker(check_afsgroup_access, NULL, NULL, APR_HOOK_MIDDLE); 169 ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "afsgroup", 170 AUTHZ_PROVIDER_VERSION, 171 &authz_afsgroup_provider, AP_AUTH_INTERNAL_PER_CONF); 172 171 173 } 172 174 -
trunk/server/common/oursrc/httpdmods/mod_original_dst.c
r1796 r2591 16 16 #include "ap_config.h" 17 17 #include "ap_listen.h" 18 #include "apr_portable.h" 18 19 #include "http_config.h" 19 20 #include "http_log.h" 20 21 #include "httpd.h" 21 #include "mpm.h" 22 #include "unixd.h" 23 24 #define MPM_ACCEPT_FUNC ap_unixd_accept 22 25 23 26 extern void apr_sockaddr_vars_set(apr_sockaddr_t *, int, apr_port_t);
Note: See TracChangeset
for help on using the changeset viewer.
