/* Can supply a roles or abilities in the "abilities" parameter */ PUBLIC void httpSetAuthRequiredAbilities(HttpAuth *auth, cchar *abilities) { char *ability, *tok; GRADUATE_HASH(auth, abilities); for (ability = stok(sclone(abilities), " \t,", &tok); abilities; abilities = stok(NULL, " \t,", &tok)) { httpComputeRoleAbilities(auth, auth->abilities, ability); } }
/* Can also achieve this via abilities */ PUBLIC void httpSetAuthPermittedUsers(HttpAuth *auth, cchar *users) { char *user, *tok; GRADUATE_HASH(auth, permittedUsers); for (user = stok(sclone(users), " \t,", &tok); users; users = stok(NULL, " \t,", &tok)) { if (smatch(user, "*")) { auth->permittedUsers = 0; break; } else { mprAddKey(auth->permittedUsers, user, user); } } }
PUBLIC int httpSetAuthStore(HttpAuth *auth, cchar *store) { if ((auth->store = mprLookupKey(HTTP->authStores, store)) == 0) { return MPR_ERR_CANT_FIND; } if (smatch(store, "system")) { #if ME_COMPILER_HAS_PAM && ME_HTTP_PAM if (auth->type && smatch(auth->type->name, "digest")) { mprLog("critical http auth", 0, "Cannot use the PAM password store with digest authentication"); return MPR_ERR_BAD_ARGS; } #else mprLog("critical http auth", 0, "PAM is not supported in the current configuration"); return MPR_ERR_BAD_ARGS; #endif } GRADUATE_HASH(auth, userCache); return 0; }
PUBLIC HttpRole *httpAddRole(HttpAuth *auth, cchar *name, cchar *abilities) { HttpRole *role; char *ability, *tok; GRADUATE_HASH(auth, roles); if ((role = mprLookupKey(auth->roles, name)) == 0) { if ((role = mprAllocObj(HttpRole, manageRole)) == 0) { return 0; } role->name = sclone(name); } role->abilities = mprCreateHash(0, 0); for (ability = stok(sclone(abilities), " \t", &tok); ability; ability = stok(NULL, " \t", &tok)) { mprAddKey(role->abilities, ability, role); } if (mprAddKey(auth->roles, name, role) == 0) { return 0; } return role; }
PUBLIC void httpSetAuthDeny(HttpAuth *auth, cchar *client) { GRADUATE_HASH(auth, deny); mprAddKey(auth->deny, sclone(client), auth); }
PUBLIC void httpSetAuthAllow(HttpAuth *auth, cchar *allow) { GRADUATE_HASH(auth, allow); mprAddKey(auth->allow, sclone(allow), auth); }