static const char *add_index(cmd_parms *cmd, void *dummy, const char *arg) { dir_config_rec *d = dummy; const char *t, *w; int count = 0; if (!d->index_names) { d->index_names = apr_array_make(cmd->pool, 2, sizeof(char *)); } t = arg; while ((w = ap_getword_conf(cmd->pool, &t)) && w[0]) { if (count == 0 && !strcasecmp(w, "disabled")) { /* peek to see if "disabled" is first in a series of arguments */ const char *tt = t; const char *ww = ap_getword_conf(cmd->temp_pool, &tt); if (ww == NULL || !ww[0]) { /* "disabled" is first, and alone */ apr_array_clear(d->index_names); break; } } *(const char **)apr_array_push(d->index_names) = w; count++; } return NULL; }
// reads through all the lines in custom container and builds a string of css rules static char* get_container_properties(cmd_parms *cmd, void *config, char **curr_css, char *container) { moon_svr_cfg *cfg = config; char * line = cfg->buf; while (!ap_cfg_getline(line, MAX_STRING_LEN, cmd->config_file)) { if (!strcasecmp(line, container)) { break; } const char * pos = line; char * new_property = NULL; char * new_value = NULL; char * temp = NULL; if(!(*pos) || !(new_property = ap_getword_conf(cmd->pool, &pos))) { return "Syntax error: could not read property\n"; } if(!(*pos) || !(new_value = ap_getword_conf(cmd->pool, &pos))) { return "Syntax error: could not read value\n"; } temp = apr_palloc(cmd->pool,strlen(*curr_css)+strlen(new_property)+strlen(new_value)+3); strcpy(temp, *curr_css); strcat(temp, new_property); strcat(temp, ":"); strcat(temp, new_value); strcat(temp, ";"); *curr_css = temp; } return NULL; }
static const char * set_serverremap(cmd_parms *cmd, void *CFG, const char *args) { cdn_conf *cfg = (cdn_conf *)CFG; server_remap_t *remap; unsigned int regflags = 0; const char *pattern, *flags; const char *usage = "Usage: CDNHTMLRemapURLServer pattern [flags]"; pattern = ap_getword_conf(cmd->pool, &args); if(!pattern) return usage; flags = ap_getword_conf(cmd->pool, &args); if(flags && !*flags) flags = NULL; if(cfg->map == NULL) cfg->map = apr_array_make(cmd->pool, 4, sizeof(server_remap_t)); remap = apr_array_push(cfg->map); regflags = AP_REG_NOSUB | FLAG(AP_REG_EXTENDED, flags, 'x') | FLAG(AP_REG_ICASE, flags, 'i'); if(ap_regcomp(&(remap->regex), pattern, regflags) != 0) return "CDNHTMLRemapURLServer: error compiling regex"; remap->flags |= FLAG(REMAP_FLAG_AUTH, flags, 'a') | FLAG(REMAP_FLAG_QSTRING_IGNORE, flags, 'q'); return NULL; }
AP_DECLARE(void) unixd_set_rlimit(cmd_parms *cmd, struct rlimit **plimit, const char *arg, const char * arg2, int type) { #if (defined(RLIMIT_CPU) || defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined(RLIMIT_NPROC) || defined(RLIMIT_AS)) && APR_HAVE_STRUCT_RLIMIT && APR_HAVE_GETRLIMIT char *str; struct rlimit *limit; /* If your platform doesn't define rlim_t then typedef it in ap_config.h */ rlim_t cur = 0; rlim_t max = 0; *plimit = (struct rlimit *)apr_pcalloc(cmd->pool, sizeof(**plimit)); limit = *plimit; if ((getrlimit(type, limit)) != 0) { *plimit = NULL; ap_log_error(APLOG_MARK, APLOG_ERR, errno, cmd->server, "%s: getrlimit failed", cmd->cmd->name); return; } if ((str = ap_getword_conf(cmd->pool, &arg))) { if (!strcasecmp(str, "max")) { cur = limit->rlim_max; } else { cur = atol(str); } } else { ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server, "Invalid parameters for %s", cmd->cmd->name); return; } if (arg2 && (str = ap_getword_conf(cmd->pool, &arg2))) { max = atol(str); } /* if we aren't running as root, cannot increase max */ if (geteuid()) { limit->rlim_cur = cur; if (max) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server, "Must be uid 0 to raise maximum %s", cmd->cmd->name); } } else { if (cur) { limit->rlim_cur = cur; } if (max) { limit->rlim_max = max; } } #else ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server, "Platform does not support rlimit for %s", cmd->cmd->name); #endif }
static const char *ip_parse_config(cmd_parms *cmd, const char *require_line, const void **parsed_require_line) { const char *t, *w; int count = 0; apr_ipsubnet_t **ip; apr_pool_t *ptemp = cmd->temp_pool; apr_pool_t *p = cmd->pool; /* The 'ip' provider will allow the configuration to specify a list of ip addresses to check rather than a single address. This is different from the previous host based syntax. */ t = require_line; while ((w = ap_getword_conf(ptemp, &t)) && w[0]) count++; if (count == 0) return "'require ip' requires an argument"; ip = apr_pcalloc(p, sizeof(apr_ipsubnet_t *) * (count + 1)); *parsed_require_line = ip; t = require_line; while ((w = ap_getword_conf(ptemp, &t)) && w[0]) { char *addr = apr_pstrdup(ptemp, w); char *mask; apr_status_t rv; if (parsed_subnets && (*ip = apr_hash_get(parsed_subnets, w, APR_HASH_KEY_STRING)) != NULL) { /* we already have parsed this subnet */ ip++; continue; } if ((mask = ap_strchr(addr, '/'))) *mask++ = '\0'; rv = apr_ipsubnet_create(ip, addr, mask, p); if(APR_STATUS_IS_EINVAL(rv)) { /* looked nothing like an IP address */ return apr_psprintf(p, "ip address '%s' appears to be invalid", w); } else if (rv != APR_SUCCESS) { return apr_psprintf(p, "ip address '%s' appears to be invalid: %pm", w, &rv); } if (parsed_subnets) apr_hash_set(parsed_subnets, w, APR_HASH_KEY_STRING, *ip); ip++; } return NULL; }
static const char *set_user_dir(cmd_parms *cmd, void *dummy, const char *arg) { userdir_config *s_cfg = ap_get_module_config(cmd->server->module_config, &userdir_module); char *username; const char *usernames = arg; char *kw = ap_getword_conf(cmd->pool, &usernames); apr_table_t *usertable; /* Since we are a raw argument, it is possible for us to be called with * zero arguments. So that we aren't ambiguous, flat out reject this. */ if (*kw == '\0') { return "UserDir requires an argument."; } /* * Let's do the comparisons once. */ if ((!strcasecmp(kw, "disable")) || (!strcasecmp(kw, "disabled"))) { /* * If there are no usernames specified, this is a global disable - we * need do no more at this point than record the fact. */ if (!*usernames) { s_cfg->globally_disabled = O_DISABLE; return NULL; } usertable = s_cfg->disabled_users; } else if ((!strcasecmp(kw, "enable")) || (!strcasecmp(kw, "enabled"))) { if (!*usernames) { s_cfg->globally_disabled = O_ENABLE; return NULL; } usertable = s_cfg->enabled_users; } else { /* * If the first (only?) value isn't one of our keywords, just copy * the string to the userdir string. */ s_cfg->userdir = apr_pstrdup(cmd->pool, arg); return NULL; } /* * Now we just take each word in turn from the command line and add it to * the appropriate table. */ while (*usernames) { username = ap_getword_conf(cmd->pool, &usernames); apr_table_setn(usertable, username, kw); } return NULL; }
static const char* cwx_balance_command(cmd_parms *cmd, void *pconfig, char* arg){ const char* line; char* value= NULL; CWX_SVR_MSG_KEY* svr_msg=NULL; CWX_KEY_VALUE* key_value=NULL; CWX_CONFIG *config = cwx_get_server_config(cmd->server); if (!config) return 0; if (NULL == arg) return "must set cwinux-balance's arg: svr_name msg_type [-] key..."; svr_msg = (CWX_SVR_MSG_KEY *) apr_pcalloc(config->m_pool, sizeof(CWX_SVR_MSG_KEY)); line = arg; //get svr_name value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "must set balance's svr_name by format: svr_name msg_type [-] key..."; } svr_msg->m_svr_name = value; //get msg_type value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "must set balance's msg_type by format: svr_name msg_type [-] key..."; } svr_msg->m_msg_type = value; //get [-] value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "must set balance's [-] or key by format: svr_name msg_type [-] key..."; } if ('-' == value[0]){ svr_msg->m_exclude = true; value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "must set balance's key by format: svr_name msg_type [-] key..."; } }else{ svr_msg->m_exclude = false; } svr_msg->m_key_value = NULL; while(value && strlen(value)){ key_value = (CWX_KEY_VALUE*) apr_pcalloc(config->m_pool, sizeof(CWX_KEY_VALUE)); key_value->m_key = value; cwx_tolower(key_value->m_key); key_value->m_lowerkey = key_value->m_key; key_value->m_value = NULL; key_value->m_next = svr_msg->m_key_value; svr_msg->m_key_value = key_value; value = ap_getword_conf(config->m_pool, &line); } svr_msg->m_next = config->m_balance; config->m_balance = svr_msg; return 0; }
static const char * config_tls(cmd_parms *cmd, void *d, const char *v) { struct srv *s = ap_srv_config_get_cmd(cmd); const char *arg; const char *word = ap_getword_conf(cmd->pool, &arg); if (!strncasecmp(word, "plus", 1)) { word = ap_getword_conf(cmd->pool, &arg); }; return ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE); }
static const char* cwx_header_command(cmd_parms *cmd, void *pconfig, char* arg){ char szMsg[512]; const char* line; char* value= NULL; CWX_SVR_MSG_KEY* svr_msg=NULL; CWX_KEY_VALUE* key_value=NULL; CWX_CONFIG *config = cwx_get_server_config(cmd->server); char * head_data = NULL; if (!config) return 0; if (NULL == arg) return "must set cwinux-header's arg: svr_name msg_type header:value header:value ..."; svr_msg = (CWX_SVR_MSG_KEY *) apr_pcalloc(config->m_pool, sizeof(CWX_SVR_MSG_KEY)); line = arg; //get svr_name value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "must set cwinux-header's svr_name: svr_name msg_type header:value header:value ..."; } svr_msg->m_svr_name = value; //get msg_type value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "must set cwinux-header's msg_type: svr_name msg_type header:value header:value ..."; } svr_msg->m_msg_type = value; value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "must set cwinux-header's header:value: svr_name msg_type header:value header:value ..."; } svr_msg->m_key_value = NULL; while(value && strlen(value)){ head_data = (char*)strchr(value, ':'); if (!head_data || (head_data==value)){ snprintf(szMsg, 511, "Invalid cwinux-header's header:data's format:%s", value); return apr_pstrdup(config->m_pool, szMsg); } head_data[0] = 0x00; head_data++; key_value = (CWX_KEY_VALUE*) apr_pcalloc(config->m_pool, sizeof(CWX_KEY_VALUE)); key_value->m_key = value; key_value->m_value = head_data; key_value->m_next = svr_msg->m_key_value; svr_msg->m_key_value = key_value; value = ap_getword_conf(config->m_pool, &line); } svr_msg->m_next = config->m_header; config->m_header = svr_msg; return 0; }
/** * This hook is used to check to see if the resource being requested * is available for the authenticated user (r->user and r->ap_auth_type). * It runs after the access_checker and check_user_id hooks. Note that * it will *only* be called if Apache determines that access control has * been applied to this resource (through a 'Require' directive). * * @param r the current request * @return OK, DECLINED, or HTTP_... */ static int auth_checker(request_rec *r) { authnz_crowd_dir_config *config = get_config(r); if (config == NULL) { return HTTP_INTERNAL_SERVER_ERROR; } if (r->user == NULL) { ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r, "Authorisation requested, but no user provided."); return HTTP_INTERNAL_SERVER_ERROR; } /* Iterate over requirements */ const apr_array_header_t *requires = ap_requires(r); apr_array_header_t *user_groups = NULL; int x; for (x = 0; x < requires->nelts; x++) { require_line require = APR_ARRAY_IDX(requires, x, require_line); /* Ignore this requirement if it does not apply to the HTTP method used in the request. */ if (!(require.method_mask & (AP_METHOD_BIT << r->method_number))) { continue; } const char *next_word = require.requirement; /* Only process group requirements */ if (strcasecmp(ap_getword_white(r->pool, &next_word), "group") == 0) { /* Fetch groups only if actually needed. */ if (user_groups == NULL) { user_groups = crowd_user_groups(r->user, r, config->crowd_config); if (user_groups == NULL) { return HTTP_INTERNAL_SERVER_ERROR; } } /* Iterate over the groups mentioned in the requirement. */ while (*next_word != '\0') { const char *required_group = ap_getword_conf(r->pool, &next_word); /* Iterate over the user's groups. */ int y; for (y = 0; y < user_groups->nelts; y++) { const char *user_group = APR_ARRAY_IDX(user_groups, y, const char *); if (strcasecmp(user_group, required_group) == 0) { ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Granted authorisation to '%s' on the basis of membership of '%s'.", r->user, user_group); return OK; } } } } } ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "Denied authorisation to '%s'.", r->user); return config->authoritative ? HTTP_UNAUTHORIZED : DECLINED; }
/* * Apache >=2.4 authorization routine: match the claims from the authenticated user against the Require primitive */ authz_status oidc_authz_worker24(request_rec *r, const json_t * const claims, const char *require_args) { int count_oauth_claims = 0; const char *t, *w; /* needed for anonymous authentication */ if (r->user == NULL) return AUTHZ_DENIED_NO_USER; /* if no claims, impossible to satisfy */ if (!claims) return AUTHZ_DENIED; /* loop over the Required specifications */ t = require_args; while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { count_oauth_claims++; oidc_debug(r, "evaluating claim specification: %s", w); /* see if we can match any of out input claims against this Require'd value */ if (oidc_authz_match_claim(r, w, claims) == TRUE) { oidc_debug(r, "require claim '%s' matched", w); return AUTHZ_GRANTED; } } /* if there wasn't anything after the Require claims directive... */ if (count_oauth_claims == 0) { oidc_warn(r, "'require claim' missing specification(s) in configuration, denying"); } return AUTHZ_DENIED; }
/******************************************************************************* * Get the next configuration directive argument, & return an u_short. * The pool arg should be temporary storage. */ static const char *get_u_short(pool *p, const char **arg, u_short *num, u_short min) { char *ptr; long tmp; const char *txt = ap_getword_conf(p, arg); if (*txt == '\0') { return "\"\""; } tmp = strtol(txt, &ptr, 10); if (*ptr != '\0') { return ap_pstrcat(p, "\"", txt, "\" must be a positive integer", NULL); } if (tmp < min || tmp > USHRT_MAX) { return ap_psprintf(p, "\"%u\" must be >= %u and < %u", *num, min, USHRT_MAX); } *num = (u_short) tmp; return NULL; }
/******************************************************************************* * Get the next configuration directive argument, & return an in_addr and port. * The arg must be in the form "host:port" where host can be an IP or hostname. * The pool arg should be persistant storage. */ static const char *get_host_n_port(pool *p, const char **arg, const char **host, u_short *port) { char *cvptr, *portStr; long tmp; *host = ap_getword_conf(p, arg); if (**host == '\0') return "\"\""; portStr = strchr(*host, ':'); if (portStr == NULL) return "missing port specification"; /* Split the host and port portions */ *portStr++ = '\0'; /* Convert port number */ tmp = (u_short) strtol(portStr, &cvptr, 10); if (*cvptr != '\0' || tmp < 1 || tmp > USHRT_MAX) return ap_pstrcat(p, "bad port number \"", portStr, "\"", NULL); *port = (unsigned short) tmp; return NULL; }
/* parse the <VirtualHost> addresses */ const char *ap_parse_vhost_addrs(apr_pool_t *p, const char *hostname, server_rec *s) { server_addr_rec **addrs; const char *err; /* start the list of addreses */ addrs = &s->addrs; while (hostname[0]) { err = get_addresses(p, ap_getword_conf(p, &hostname), &addrs, s->port); if (err) { *addrs = NULL; return err; } } /* terminate the list */ *addrs = NULL; if (s->addrs) { if (s->addrs->host_port) { /* override the default port which is inherited from main_server */ s->port = s->addrs->host_port; } } return NULL; }
static int check_user_access(request_rec * r) { int m = r->method_number; const apr_array_header_t * reqs_arr = ap_requires(r); if (! reqs_arr) { return DECLINED; } require_line * reqs = (require_line *)reqs_arr->elts; int x; for (x = 0; x < reqs_arr->nelts; x++) { if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { continue; } const char * t = reqs[x].requirement; const char * w = ap_getword_white(r->pool, &t); if (!strcasecmp(w, "pam-account")) { const char * pam_service = ap_getword_conf(r->pool, &t); if (pam_service && strlen(pam_service)) { authn_status ret = pam_authenticate_with_login_password(r, pam_service, r->user, NULL, _PAM_STEP_ACCOUNT); if (ret == AUTH_GRANTED) { return OK; } } } } return DECLINED; }
static authz_status group_check_authorization(request_rec *r, const char *require_args, const void *parsed_require_args) { authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config, &authz_groupfile_module); char *user = r->user; const char *t, *w; apr_table_t *grpstatus = NULL; apr_status_t status; if (!user) { return AUTHZ_DENIED_NO_USER; } /* If there is no group file - then we are not * configured. So decline. */ if (!(conf->groupfile)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01664) "No group file was specified in the configuration"); return AUTHZ_DENIED; } status = groups_for_user(r->pool, user, conf->groupfile, &grpstatus); if (status != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01665) "Could not open group file: %s", conf->groupfile); return AUTHZ_DENIED; } if (apr_is_empty_table(grpstatus)) { /* no groups available, so exit immediately */ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01666) "Authorization of user %s to access %s failed, reason: " "user doesn't appear in group file (%s).", r->user, r->uri, conf->groupfile); return AUTHZ_DENIED; } t = require_args; while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { if (apr_table_get(grpstatus, w)) { return AUTHZ_GRANTED; } } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01667) "Authorization of user %s to access %s failed, reason: " "user is not part of the 'require'ed group(s).", r->user, r->uri); return AUTHZ_DENIED; }
static const char * set_act_as_origin(cmd_parms *cmd, void *CFG, const char *args) { cdn_conf *cfg = (cdn_conf *)CFG; act_as_origin_t *orig; unsigned int regflags = 0; const char *pattern, *flags, *exptime; const char *usage = "Usage: CDNActAsOrigin pattern [flags] [exptime]"; pattern = ap_getword_conf(cmd->pool, &args); if(!pattern) return usage; flags = ap_getword_conf(cmd->pool, &args); if(flags && !*flags) flags = NULL; exptime = ap_getword_conf(cmd->pool, &args); if(exptime && !*exptime) exptime = NULL; if(cfg->originify == NULL) cfg->originify = apr_array_make(cmd->pool, 4, sizeof(act_as_origin_t)); orig = apr_array_push(cfg->originify); regflags = AP_REG_NOSUB | FLAG(AP_REG_EXTENDED, flags, 'x') | FLAG(AP_REG_ICASE, flags, 'i'); if(ap_regcomp(&(orig->regex), pattern, regflags) != 0) return "CDNActAsOrigin: error compiling regex"; orig->flags |= FLAG(ORIGINIFY_FLAG_EXPIRE, flags, 'e') | FLAG(ORIGINIFY_FLAG_AUTH, flags, 'a'); if(orig->flags & ORIGINIFY_FLAG_EXPIRE) { if(exptime) { errno = 0; orig->exptime = strtol(exptime, NULL, 10); if(errno) return "CDNActAsOrigin: error setting expiration time"; } else if(cfg->default_exptime) { orig->exptime = cfg->default_exptime; } else return "CDNActAsOrigin: expiration flag set but no expiration time given"; } return NULL; }
/******************************************************************************* * Get the next configuration directive argument, & add it to an env array. * The pool arg should be permanent storage. */ static const char *get_env_var(pool *p, const char **arg, char **envp, unsigned int *envc) { char * const val = ap_getword_conf(p, arg); if (*val == '\0') { return "\"\""; } return fcgi_config_set_env_var(p, envp, envc, val); }
/* Handle a group check triggered by a 'Require external-group foo bar baz' * directive. */ static authz_status externalgroup_check_authorization(request_rec *r, const char *require_args, const void *parsed_require_args) { authnz_external_dir_config_rec *dir= (authnz_external_dir_config_rec *) ap_get_module_config(r->per_dir_config, &authnz_external_module); authnz_external_svr_config_rec *svr= (authnz_external_svr_config_rec *) ap_get_module_config(r->server->module_config, &authnz_external_module); char *user= r->user; char *extname= dir->group_name; const char *extpath, *extmethod; const char *t, *w; int code; /* If no authenticated user, pass */ if ( !user ) return AUTHZ_DENIED_NO_USER; /* If no external authenticator has been configured, pass */ if ( !extname ) return AUTHZ_DENIED; /* Get the path and method associated with that external */ if (!(extpath= apr_table_get(svr->group_path, extname)) || !(extmethod= apr_table_get(svr->group_method,extname))) { errno= 0; ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "invalid GroupExternal keyword (%s)", extname); return AUTHZ_DENIED; } if (dir->groupsatonce) { /* Pass rest of require line to authenticator */ code= exec_external(extpath, extmethod, r, ENV_GROUP, require_args); if (code == 0) return AUTHZ_GRANTED; } else { /* Call authenticator once for each group name on line */ t= require_args; while ((w= ap_getword_conf(r->pool, &t)) && w[0]) { code= exec_external(extpath, extmethod, r, ENV_GROUP, w); if (code == 0) return AUTHZ_GRANTED; } } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Authorization of user %s to access %s failed. " "User not in Required group.", r->user, r->uri); return AUTHZ_DENIED; }
static const char *ssl_cmd_protocol_parse(cmd_parms *parms, const char *arg, ssl_proto_t *options) { ssl_proto_t thisopt; *options = SSL_PROTOCOL_NONE; while (*arg) { char *w = ap_getword_conf(parms->temp_pool, &arg); char action = '\0'; if ((*w == '+') || (*w == '-')) { action = *(w++); } if (strcEQ(w, "SSLv2")) { #ifdef OPENSSL_NO_SSL2 if (action != '-') { return "SSLv2 not supported by this version of OpenSSL"; } #endif thisopt = SSL_PROTOCOL_SSLV2; } else if (strcEQ(w, "SSLv3")) { thisopt = SSL_PROTOCOL_SSLV3; } else if (strcEQ(w, "TLSv1")) { thisopt = SSL_PROTOCOL_TLSV1; } else if (strcEQ(w, "all")) { thisopt = SSL_PROTOCOL_ALL; } else { return apr_pstrcat(parms->temp_pool, parms->cmd->name, ": Illegal protocol '", w, "'", NULL); } if (action == '-') { *options &= ~thisopt; } else if (action == '+') { *options |= thisopt; } else { *options = thisopt; } } return NULL; }
static void add_service(struct runtime_data *r, const char *host_name, uint16_t port, const char *location, const char *name, const char *types, int append_host_name, const char *txt_record) { struct service_data *d; char *w; ap_assert(r); /* ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->main_server, "add_service: %s %s %s %s", host_name, location, name, txt_record); */ d = apr_palloc(r->pool, sizeof(struct service_data)); ap_assert(d); d->pool = NULL; d->runtime = r; d->host_name = apr_pstrdup(r->pool, host_name); d->port = port; d->location = apr_pstrdup(r->pool, location); d->name = apr_pstrdup(r->pool, name); d->append_host_name = append_host_name; d->chosen_name = NULL; d->types = apr_array_make(r->pool, 4, sizeof(char*)); if (types) while (*(w = ap_getword_conf(r->pool, &types)) != 0) *(char**) apr_array_push(d->types) = w; d->txt_record = apr_array_make(r->pool, 4, sizeof(char*)); if (txt_record) while (*(w = ap_getword_conf(r->pool, &txt_record)) != 0) *(char**) apr_array_push(d->txt_record) = w; d->group = NULL; d->next = r->services; r->services = d; /* ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->main_server, "done"); */ }
///cwinux-service svr_name [show:true/false] [delay:true/false] [persistent:true/false] [query:timeout] [connect:timeout] [reply:timeout] [restore:timeout] [min-idle:value] [max-idle:value] static const char* cwx_svr_command(cmd_parms *cmd, void *pconfig, char* arg){ char szBuf[512]; const char* line = arg; char* value = NULL; CWX_SERVICE* svr = NULL; CWX_CONFIG *config = cwx_get_server_config(cmd->server); if (!config) return 0; if (NULL == arg) return "must set cwinux-service's arg: service-name"; //get svr_name value = ap_getword_conf(config->m_pool, &line); if (!value || !strlen(value)){ return "Must set service's name by format: svr_name"; } if (apr_hash_get(config->m_svr_hash, value, APR_HASH_KEY_STRING)){//exist snprintf(szBuf, 511, "svr name[%s] is duplicationg.", value); return apr_pstrdup(config->m_pool, szBuf); } svr = (CWX_SERVICE *) apr_pcalloc(config->m_pool, sizeof(CWX_SERVICE)); svr->m_svr_name = value; svr->m_config = config; svr->m_hosts = NULL; svr->m_host_num = 0; svr->m_key_item.m_bkey_hash = NULL; svr->m_key_item.m_ex_bkey_hash = NULL; svr->m_key_item.m_header = NULL; svr->m_uri_key_hash = NULL; cwx_reset_user_config(&svr->m_user_config); value = ap_getword_conf(config->m_pool, &line); while(value && strlen(value)){ if (!cwx_set_user_config(&svr->m_user_config, value)){ snprintf(szBuf, 511, "Invalid cwinux-service arg:%s", value); return apr_pstrdup(config->m_pool, szBuf); } value = ap_getword_conf(config->m_pool, &line); } apr_hash_set(config->m_svr_hash, svr->m_svr_name, APR_HASH_KEY_STRING, svr); config->m_svr_num++; return 0; }
static const char *get_pass_header(pool *p, const char **arg, array_header **array) { const char **header; if (!*array) { *array = ap_make_array(p, 10, sizeof(char*)); } header = (const char **)ap_push_array(*array); *header = ap_getword_conf(p, arg); return header ? NULL : "\"\""; }
static int digest_check_auth(request_rec *r) { char *user = r->connection->user; int m = r->method_number; int method_restricted = 0; register int x; const char *t; char *w; array_header *reqs_arr; require_line *reqs; if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest")) return DECLINED; reqs_arr = ap_requires(r); /* If there is no "requires" directive, * then any user will do. */ if (!reqs_arr) return OK; reqs = (require_line *) reqs_arr->elts; for (x = 0; x < reqs_arr->nelts; x++) { if (!(reqs[x].method_mask & (1 << m))) continue; method_restricted = 1; t = reqs[x].requirement; w = ap_getword(r->pool, &t, ' '); if (!strcmp(w, "valid-user")) return OK; else if (!strcmp(w, "user")) { while (t[0]) { w = ap_getword_conf(r->pool, &t); if (!strcmp(user, w)) return OK; } } else return DECLINED; } if (!method_restricted) return OK; ap_note_digest_auth_failure(r); return AUTH_REQUIRED; }
static authz_status check_user_access(request_rec * r, const char * require_args, const void * parsed_require_args) { if (!r->user) { return AUTHZ_DENIED_NO_USER; } const char * pam_service = ap_getword_conf(r->pool, &require_args); if (pam_service && pam_service[0]) { authn_status ret = pam_authenticate_with_login_password(r, pam_service, r->user, NULL, _PAM_STEP_ACCOUNT); if (ret == AUTH_GRANTED) { return AUTHZ_GRANTED; } } return AUTHZ_DENIED; }
/************************************************** * Authorization phase (Apache 2.2) * * Requires authentication phase to run first. * * Handles Require persona-idp directives. **************************************************/ static int Auth_persona_check_auth(request_rec *r) { const apr_array_header_t *reqs_arr=NULL; require_line *reqs=NULL; register int x; const char *szRequireLine; char *szRequire_cmd; if (!persona_authn_active(r)) { return DECLINED; } ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, ERRTAG "Auth_persona_check_auth"); /* get require line */ reqs_arr = ap_requires(r); reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; /* decline if no require line found */ if (!reqs_arr) return DECLINED; /* walk through the array to check each require command */ for (x = 0; x < reqs_arr->nelts; x++) { if (!(reqs[x].method_mask & (AP_METHOD_BIT << r->method_number))) continue; /* get require line */ szRequireLine = reqs[x].requirement; ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO, 0,r,ERRTAG "Require Line is '%s'", szRequireLine); /* get the first word in require line */ szRequire_cmd = ap_getword_white(r->pool, &szRequireLine); ap_log_rerror(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO, 0,r,ERRTAG "Require Cmd is '%s'", szRequire_cmd); // persona-idp: check host part of user name if (!strcmp("persona-idp", szRequire_cmd)) { char *reqIdp = ap_getword_conf(r->pool, &szRequireLine); const char *issuer = apr_table_get(r->notes, PERSONA_ISSUER_NOTE); if (!issuer || strcmp(issuer, reqIdp)) { return HTTP_FORBIDDEN; } ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r, ERRTAG "user '%s' is authorized", r->user); return OK; } } return DECLINED; }
static apr_status_t groups_for_user(apr_pool_t *p, char *user, char *grpfile, apr_table_t ** out) { ap_configfile_t *f; apr_table_t *grps = apr_table_make(p, 15); apr_pool_t *sp; struct ap_varbuf vb; const char *group_name, *ll, *w; apr_status_t status; apr_size_t group_len; if ((status = ap_pcfg_openfile(&f, p, grpfile)) != APR_SUCCESS) { return status ; } apr_pool_create(&sp, p); ap_varbuf_init(p, &vb, VARBUF_INIT_LEN); while (!(ap_varbuf_cfg_getline(&vb, f, VARBUF_MAX_LEN))) { if ((vb.buf[0] == '#') || (!vb.buf[0])) { continue; } ll = vb.buf; apr_pool_clear(sp); group_name = ap_getword(sp, &ll, ':'); group_len = strlen(group_name); while (group_len && apr_isspace(*(group_name + group_len - 1))) { --group_len; } while (ll[0]) { w = ap_getword_conf(sp, &ll); if (!strcmp(w, user)) { apr_table_setn(grps, apr_pstrmemdup(p, group_name, group_len), "in"); break; } } } ap_cfg_closefile(f); apr_pool_destroy(sp); ap_varbuf_free(&vb); *out = grps; return APR_SUCCESS; }
/******************************************************************************* * Get the next configuration directive argument, & return a float. * The pool arg should be temporary storage. */ static const char *get_float(pool *p, const char **arg, float *num, float min, float max) { char *ptr; const char *val = ap_getword_conf(p, arg); if (*val == '\0') return "\"\""; *num = (float) strtod(val, &ptr); if (*ptr != '\0') return ap_pstrcat(p, "\"", val, "\" is not a floating point number", NULL); if (*num < min || *num > max) return ap_psprintf(p, "\"%f\" is not between %f and %f", *num, min, max); return NULL; }
/******************************************************************************* * Get the next configuration directive argument, & return an u_int. * The pool arg should be temporary storage. */ static const char *get_u_int(pool *p, const char **arg, u_int *num, u_int min) { char *ptr; const char *val = ap_getword_conf(p, arg); if (*val == '\0') return "\"\""; *num = (u_int)strtol(val, &ptr, 10); if (*ptr != '\0') return ap_pstrcat(p, "\"", val, "\" must be a positive integer", NULL); else if (*num < min) return ap_psprintf(p, "\"%u\" must be >= %u", *num, min); return NULL; }
static authz_status host_check_authorization(request_rec *r, const char *require_line, const void *parsed_require_line) { const char *t, *w; const char *remotehost = NULL; int remotehost_is_ip; remotehost = ap_get_useragent_host(r, REMOTE_DOUBLE_REV, &remotehost_is_ip); if ((remotehost == NULL) || remotehost_is_ip) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01753) "access check of '%s' to %s failed, reason: unable to get the " "remote host name", require_line, r->uri); } else { const char *err = NULL; const ap_expr_info_t *expr = parsed_require_line; const char *require; require = ap_expr_str_exec(r, expr, &err); if (err) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02593) "authz_host authorize: require host: Can't " "evaluate require expression: %s", err); return AUTHZ_DENIED; } /* The 'host' provider will allow the configuration to specify a list of host names to check rather than a single name. This is different from the previous host based syntax. */ t = require; while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { if (in_domain(w, remotehost)) { return AUTHZ_GRANTED; } } } /* authz_core will log the require line and the result at DEBUG */ return AUTHZ_DENIED; }