/*
Can supply a roles or abilities in the "abilities" parameter
*/
PUBLIC void httpSetAuthRequiredAbilities(HttpAuth *auth, cchar *abilities)
{
char *ability, *tok;
GRADUATE_HASH(auth, abilities);
for (ability = stok(sclone(abilities), " \t,", &tok); abilities; abilities = stok(NULL, " \t,", &tok)) {
httpComputeRoleAbilities(auth, auth->abilities, ability);
}
}
/*
Can also achieve this via abilities
*/
PUBLIC void httpSetAuthPermittedUsers(HttpAuth *auth, cchar *users)
{
char *user, *tok;
GRADUATE_HASH(auth, permittedUsers);
for (user = stok(sclone(users), " \t,", &tok); users; users = stok(NULL, " \t,", &tok)) {
if (smatch(user, "*")) {
auth->permittedUsers = 0;
break;
} else {
mprAddKey(auth->permittedUsers, user, user);
}
}
}
PUBLIC int httpSetAuthStore(HttpAuth *auth, cchar *store)
{
if ((auth->store = mprLookupKey(HTTP->authStores, store)) == 0) {
return MPR_ERR_CANT_FIND;
}
if (smatch(store, "system")) {
#if ME_COMPILER_HAS_PAM && ME_HTTP_PAM
if (auth->type && smatch(auth->type->name, "digest")) {
mprLog("critical http auth", 0, "Cannot use the PAM password store with digest authentication");
return MPR_ERR_BAD_ARGS;
}
#else
mprLog("critical http auth", 0, "PAM is not supported in the current configuration");
return MPR_ERR_BAD_ARGS;
#endif
}
GRADUATE_HASH(auth, userCache);
return 0;
}
PUBLIC HttpRole *httpAddRole(HttpAuth *auth, cchar *name, cchar *abilities)
{
HttpRole *role;
char *ability, *tok;
GRADUATE_HASH(auth, roles);
if ((role = mprLookupKey(auth->roles, name)) == 0) {
if ((role = mprAllocObj(HttpRole, manageRole)) == 0) {
return 0;
}
role->name = sclone(name);
}
role->abilities = mprCreateHash(0, 0);
for (ability = stok(sclone(abilities), " \t", &tok); ability; ability = stok(NULL, " \t", &tok)) {
mprAddKey(role->abilities, ability, role);
}
if (mprAddKey(auth->roles, name, role) == 0) {
return 0;
}
return role;
}
PUBLIC void httpSetAuthDeny(HttpAuth *auth, cchar *client)
{
GRADUATE_HASH(auth, deny);
mprAddKey(auth->deny, sclone(client), auth);
}
PUBLIC void httpSetAuthAllow(HttpAuth *auth, cchar *allow)
{
GRADUATE_HASH(auth, allow);
mprAddKey(auth->allow, sclone(allow), auth);
}
