static authz_status dbdgroup_check_authorization(request_rec *r,
const char *require_args,
const void *parsed_require_args)
{
int rv;
const char *w;
apr_array_header_t *groups;
const char *err = NULL;
const ap_expr_info_t *expr = parsed_require_args;
const char *require;
const char *t;
authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config,
&authz_dbd_module);
if (!r->user) {
return AUTHZ_DENIED_NO_USER;
}
groups = apr_array_make(r->pool, 4, sizeof(const char*));
rv = authz_dbd_group_query(r, cfg, groups);
if (rv != OK) {
return AUTHZ_GENERAL_ERROR;
}
require = ap_expr_str_exec(r, expr, &err);
if (err) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02590)
"authz_dbd authorize: require dbd-group: Can't "
"evaluate require expression: %s", err);
return AUTHZ_DENIED;
}
t = require;
while (t[0]) {
w = ap_getword_white(r->pool, &t);
if (ap_array_str_contains(groups, w)) {
return AUTHZ_GRANTED;
}
}
return AUTHZ_DENIED;
}
static int h2_protocol_propose(conn_rec *c, request_rec *r,
server_rec *s,
const apr_array_header_t *offers,
apr_array_header_t *proposals)
{
int proposed = 0;
int is_tls = h2_h2_is_tls(c);
const char **protos = is_tls? h2_tls_protos : h2_clear_protos;
(void)s;
if (strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) {
/* We do not know how to switch from anything else but http/1.1.
*/
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
"protocol switch: current proto != http/1.1, declined");
return DECLINED;
}
if (!h2_is_acceptable_connection(c, 0)) {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
"protocol propose: connection requirements not met");
return DECLINED;
}
if (r) {
/* So far, this indicates an HTTP/1 Upgrade header initiated
* protocol switch. For that, the HTTP2-Settings header needs
* to be present and valid for the connection.
*/
const char *p;
if (!h2_allows_h2_upgrade(c)) {
return DECLINED;
}
p = apr_table_get(r->headers_in, "HTTP2-Settings");
if (!p) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"upgrade without HTTP2-Settings declined");
return DECLINED;
}
p = apr_table_get(r->headers_in, "Connection");
if (!ap_find_token(r->pool, p, "http2-settings")) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"upgrade without HTTP2-Settings declined");
return DECLINED;
}
/* We also allow switching only for requests that have no body.
*/
p = apr_table_get(r->headers_in, "Content-Length");
if (p && strcmp(p, "0")) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"upgrade with content-length: %s, declined", p);
return DECLINED;
}
}
while (*protos) {
/* Add all protocols we know (tls or clear) and that
* are part of the offerings (if there have been any).
*/
if (!offers || ap_array_str_contains(offers, *protos)) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c,
"proposing protocol '%s'", *protos);
APR_ARRAY_PUSH(proposals, const char*) = *protos;
proposed = 1;
}
++protos;
}
return proposed? DECLINED : OK;
}
