/*******************************************************************************
* Concat src1 and src2 using the approprate path seperator for the platform.
*/
static char * make_full_path(pool *a, const char *src1, const char *src2)
{
#ifdef WIN32
register int x;
char * p ;
char * q ;
x = strlen(src1);
if (x == 0) {
p = ap_pstrcat(a, "\\", src2, NULL);
}
else if (src1[x - 1] != '\\' && src1[x - 1] != '/') {
p = ap_pstrcat(a, src1, "\\", src2, NULL);
}
else {
p = ap_pstrcat(a, src1, src2, NULL);
}
q = p ;
while (*q)
{
if (*q == '/') {
*q = '\\' ;
}
++q;
}
return p ;
#else
return ap_make_full_path(a, src1, src2);
#endif
}
static int
check_request_acl(request_rec *r, int req_access) {
char *dir_path, *acl_path;
apr_finfo_t acl_finfo;
const char *req_uri, *dir_uri, *acl_uri, *access;
const char *port, *par_uri, *req_file;
librdf_world *rdf_world = NULL;
librdf_storage *rdf_storage = NULL;
librdf_model *rdf_model = NULL;
librdf_parser *rdf_parser = NULL;
librdf_uri *rdf_uri_acl = NULL,
*rdf_uri_base = NULL;
int ret = HTTP_FORBIDDEN;
// dir_path: parent directory of request filename
// acl_path: absolute path to request ACL
dir_path = ap_make_dirstr_parent(r->pool, r->filename);
acl_path = ap_make_full_path(r->pool, dir_path, WEBID_ACL_FNAME);
if (apr_filepath_merge(&acl_path, NULL, acl_path, APR_FILEPATH_NOTRELATIVE, r->pool) != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Module bug? Request filename path %s is invalid or "
"or not absolute for uri %s",
r->filename, r->uri);
return HTTP_FORBIDDEN;
}
// acl_path: 403 if missing
if ((apr_stat(&acl_finfo, acl_path, APR_FINFO_TYPE, r->pool) != APR_SUCCESS) ||
(acl_finfo.filetype != APR_REG)) {
return HTTP_FORBIDDEN;
}
// req_uri: fully qualified URI of request filename
// dir_uri: fully qualified URI of request filename parent
// acl_uri: fully qualified URI of request filename ACL
// access: ACL URI of requested access
port = ap_is_default_port(ap_get_server_port(r), r)
? "" : apr_psprintf(r->pool, ":%u", ap_get_server_port(r));
req_uri = apr_psprintf(r->pool, "%s://%s%s%s%s",
ap_http_scheme(r), ap_get_server_name(r), port,
(*r->uri == '/') ? "" : "/",
r->uri);
par_uri = ap_make_dirstr_parent(r->pool, r->uri);
dir_uri = apr_psprintf(r->pool, "%s://%s%s%s%s",
ap_http_scheme(r), ap_get_server_name(r), port,
(*par_uri == '/') ? "" : "/",
par_uri);
acl_uri = ap_make_full_path(r->pool, dir_uri, WEBID_ACL_FNAME);
if (req_access == WEBID_ACCESS_READ) {
access = "Read";
} else if (req_access == WEBID_ACCESS_WRITE) {
if ((req_file = strrchr(r->filename, '/')) != NULL &&
strcmp(++req_file, WEBID_ACL_FNAME) == 0)
access = "Control";
else
access = "Write";
} else {
access = "Control";
}
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"[ACL] %s (%s) %s | URI: %s | DIR: %s (%s) | ACL: %s (%s) | status: %d",
r->method, access, r->uri, req_uri, dir_uri, dir_path, acl_uri, acl_path, r->status);
if ((rdf_world = librdf_new_world()) != NULL) {
librdf_world_open(rdf_world);
if ((rdf_storage = librdf_new_storage(rdf_world, "memory", NULL, NULL)) != NULL) {
if ((rdf_model = librdf_new_model(rdf_world, rdf_storage, NULL)) != NULL) {
if ((rdf_parser = librdf_new_parser(rdf_world, "turtle", NULL, NULL)) != NULL) {
if ((rdf_uri_base = librdf_new_uri(rdf_world, (unsigned char*)acl_uri)) != NULL) {
if ((rdf_uri_acl = librdf_new_uri_from_filename(rdf_world, acl_path)) != NULL) {
if (!librdf_parser_parse_into_model(rdf_parser, rdf_uri_acl, rdf_uri_base, rdf_model)) {
//log_stream_prefix(r, librdf_model_as_stream(rdf_model), "[ACL] [model]");
if (query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENT, "accessTo", req_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENTCLASS, "accessTo", req_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_WORLD, "accessTo", req_uri, access)) > 0 || \
( ( query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_ACL_EXISTS, "accessTo", req_uri )) == 0 ) &&
( query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENT, "defaultForNew", dir_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_AGENTCLASS, "defaultForNew", dir_uri, access, r->user)) > 0 || \
query_results(r, rdf_world, rdf_model,
apr_psprintf(r->pool, SPARQL_URI_MODE_WORLD, "defaultForNew", dir_uri, access)) > 0 ) ) ) {
apr_table_set(r->headers_out, "Link", apr_psprintf(r->pool, "%s; rel=meta", acl_uri));
ret = OK;
}
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_parser_parse_into_model failed");
librdf_free_uri(rdf_uri_acl);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_uri_from_filename returned NULL");
librdf_free_uri(rdf_uri_base);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_uri returned NULL");
librdf_free_parser(rdf_parser);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_parser returned NULL");
librdf_free_model(rdf_model);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_model returned NULL");
librdf_free_storage(rdf_storage);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_storage returned NULL");
librdf_free_world(rdf_world);
} else
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "librdf_new_world returned NULL");
return ret;
}
