static am_status_t set_custom_response(am_request_t *rq, const char *text, const char *cont_type) {
request_rec *r = (request_rec *) (rq != NULL ? rq->ctx : NULL);
if (r == NULL || !ISVALID(text)) return AM_EINVAL;
if (rq->status == AM_INTERNAL_REDIRECT) {
ap_internal_redirect(text, r);
rq->status = AM_DONE;
} else if (rq->status == AM_REDIRECT) {
apr_table_add(r->headers_out, "Location", text);
ap_custom_response(r, HTTP_MOVED_TEMPORARILY, text);
} else {
if (rq->status == AM_PDP_DONE) {
request_rec *sr = ap_sub_req_method_uri(am_method_num_to_str(rq->method),
rq->post_data_url, r, NULL);
sr->headers_in = r->headers_in;
sr->notes = r->notes;
am_log_debug(rq->instance_id, "set_custom_response(): issuing sub-request %s to %s",
sr->method, rq->post_data_url);
ap_run_sub_req(sr);
ap_destroy_sub_req(sr);
rq->status = AM_DONE;
} else {
size_t tl = strlen(text);
if (ISVALID(cont_type)) {
ap_set_content_type(r, cont_type);
}
ap_set_content_length(r, tl);
ap_rwrite(text, (int) tl, r);
ap_custom_response(r,
am_status_value(rq->status == AM_SUCCESS ||
rq->status == AM_DONE ? AM_SUCCESS : rq->status), text);
ap_rflush(r);
}
}
am_log_info(rq->instance_id, "set_custom_response(): status: %s", am_strerror(rq->status));
return AM_SUCCESS;
}
static int
webid_auth_checker(request_rec *r) {
int is_initial_req, req_access, req_method, ret;
const char *req_dest;
request_rec *r_dest;
apr_uri_t apr_uri;
if (r->filename == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Module bug? Request filename is missing for URI %s", r->uri);
return http_status_code(r, OK);
}
if (r->user == NULL || strlen(r->user) == 0) {
return http_status_code(r, HTTP_FORBIDDEN);
}
// req_access: Read, Write, or Control
is_initial_req = ap_is_initial_req(r);
req_access = WEBID_ACCESS_INVALID;
req_method = (AP_METHOD_BIT << r->method_number);
if (is_initial_req && r->method_number == M_COPY) {
// allow COPY of a readonly source URI
// - target URI check happens by subrequest
req_access = WEBID_ACCESS_READ;
} else if (req_method == (req_method & WEBID_M_READ)) {
// check the acl:Read method bitmask
req_access = WEBID_ACCESS_READ;
} else if (req_method == (req_method & WEBID_M_WRITE)) {
// check the acl:Write method bitmask
// - writes to ACL URIs are acl:Control (handled internally)
req_access = WEBID_ACCESS_WRITE;
} else {
// unhandled methods require acl:Control
req_access = WEBID_ACCESS_CONTROL;
}
ret = HTTP_FORBIDDEN;
if (is_initial_req && (r->method_number == M_COPY || r->method_number == M_MOVE)) {
req_dest = apr_table_get(r->headers_in, "Destination");
if (req_dest == NULL) {
const char *nscp_host = apr_table_get(r->headers_in, "Host");
const char *nscp_path = apr_table_get(r->headers_in, "New-uri");
if (nscp_host != NULL && nscp_path != NULL)
req_dest = apr_psprintf(r->pool, "http://%s%s", nscp_host, nscp_path);
}
if (req_dest != NULL) {
if ((apr_uri_parse(r->pool, req_dest, &apr_uri) == APR_SUCCESS) &&
(apr_uri.scheme != NULL && strcmp(apr_uri.scheme, ap_http_scheme(r)) == 0) &&
(apr_uri.hostname != NULL && strcmp(apr_uri.hostname, ap_get_server_name(r)) == 0)) {
req_dest = apr_uri_unparse(r->pool, &apr_uri, APR_URI_UNP_OMITSITEPART);
r_dest = ap_sub_req_method_uri(r->method, req_dest, r, NULL);
if ((ret = check_request_acl(r, req_access)) == OK)
ret = check_request_acl(r_dest, WEBID_ACCESS_WRITE);
} else {
ret = HTTP_BAD_GATEWAY;
}
}
} else {
ret = check_request_acl(r, req_access);
}
return http_status_code(r, ret);
}
