/* gets the homedir of the current user. Probably should take username as an argument */
MVMString * MVM_proc_gethomedir(MVMThreadContext *tc) {
apr_uid_t userid = (apr_uid_t)MVM_proc_getuid(tc);
MVMString *result;
apr_status_t rv;
char *namestring;
apr_pool_t *tmp_pool;
char *dirname;
/* need a temporary pool */
if ((rv = apr_pool_create(&tmp_pool, POOL(tc))) != APR_SUCCESS) {
MVM_exception_throw_apr_error(tc, rv, "Failed to get user name from uid: ");
}
if ((rv = apr_uid_name_get(&namestring, (apr_uid_t)userid, tmp_pool)) != APR_SUCCESS) {
apr_pool_destroy(tmp_pool);
MVM_exception_throw_apr_error(tc, rv, "Failed to get user name from uid: ");
}
if ((rv = apr_uid_homepath_get(&dirname, namestring, tmp_pool)) != APR_SUCCESS) {
apr_pool_destroy(tmp_pool);
MVM_exception_throw_apr_error(tc, rv, "Failed to get homedir: ");
}
result = MVM_string_utf8_decode(tc, tc->instance->VMString, dirname, strlen(dirname));
apr_pool_destroy(tmp_pool);
return result;
}
/** Connect a single database. */
static kdsql *kddb_connect_db(apr_pool_t *pool, enum kddb_auth_mode auth_mode) {
kdsql *conn;
/* Connect to the database. */
conn = kdsql_new(pool);
conn->db_host = options_get_str("db.host");
switch (auth_mode) {
case DB_AUTH_CURRENT_CREDS_MODE: {
apr_uid_t uid;
apr_gid_t gid;
char *username;
DEBUG(_log_db_, "Connecting using current username.");
apr_uid_current(&uid, &gid, pool);
apr_uid_name_get(&username, uid, pool);
conn->db_username = username;
conn->db_password = "";
break;
}
case DB_AUTH_ADMIN_MODE:
DEBUG(_log_db_, "Connecting to %s using administrator username/password.", conn->db_host);
conn->db_username = options_get_str("db.admin_username");
conn->db_password = options_get_str("db.admin_password");
break;
case DB_AUTH_NORMAL_MODE:
DEBUG(_log_db_, "Connecting to %s using normal username/password.", conn->db_host);
conn->db_username = options_get_str("db.username");
conn->db_password = options_get_str("db.password");
break;
}
conn->db_name = "tbxsosd_db";
conn->db_port = options_get_uint16("db.port");
conn->db_timeout = options_get_uint32("db.timeout");
if (kdsql_connect(conn) < 0)
return NULL;
return conn;
}
static void fail_userinfo(CuTest *tc)
{
apr_uid_t uid;
apr_gid_t gid;
apr_status_t rv;
char *tmp;
errno = 0;
gid = uid = 9999999;
tmp = NULL;
rv = apr_uid_name_get(&tmp, uid, p);
CuAssert(tc, "apr_uid_name_get should fail or "
"return a user name",
rv != APR_SUCCESS || tmp != NULL);
errno = 0;
tmp = NULL;
rv = apr_gid_name_get(&tmp, gid, p);
CuAssert(tc, "apr_gid_name_get should fail or "
"return a group name",
rv != APR_SUCCESS || tmp != NULL);
gid = 424242;
errno = 0;
rv = apr_gid_get(&gid, "I_AM_NOT_A_GROUP", p);
CuAssert(tc, "apr_gid_get should fail or "
"set a group number",
rv != APR_SUCCESS || gid == 424242);
gid = uid = 424242;
errno = 0;
rv = apr_uid_get(&uid, &gid, "I_AM_NOT_A_USER", p);
CuAssert(tc, "apr_gid_get should fail or "
"set a user and group number",
rv != APR_SUCCESS || uid == 424242 || gid == 4242442);
errno = 0;
tmp = NULL;
rv = apr_uid_homepath_get(&tmp, "I_AM_NOT_A_USER", p);
CuAssert(tc, "apr_uid_homepath_get should fail or "
"set a path name",
rv != APR_SUCCESS || tmp != NULL);
}
static void username(CuTest *tc)
{
apr_uid_t uid;
apr_gid_t gid;
apr_uid_t retreived_uid;
apr_gid_t retreived_gid;
apr_status_t rv;
char *uname = NULL;
rv = apr_uid_current(&uid, &gid, p);
CuAssertIntEquals(tc, APR_SUCCESS, rv);
rv = apr_uid_name_get(&uname, uid, p);
CuAssertIntEquals(tc, APR_SUCCESS, rv);
CuAssertPtrNotNull(tc, uname);
rv = apr_uid_get(&retreived_uid, &retreived_gid, uname, p);
CuAssertIntEquals(tc, APR_SUCCESS, rv);
CuAssertIntEquals(tc, APR_SUCCESS, apr_uid_compare(uid, retreived_uid));
#ifdef WIN32
/* ### this fudge was added for Win32 but makes the test return NotImpl
* on Unix if run as root, when !gid is also true. */
if (!gid || !retreived_gid) {
/* The function had no way to recover the gid (this would have been
* an ENOTIMPL if apr_uid_ functions didn't try to double-up and
* also return apr_gid_t values, which was bogus.
*/
if (!gid) {
CuNotImpl(tc, "Groups from apr_uid_current");
}
else {
CuNotImpl(tc, "Groups from apr_uid_get");
}
}
else {
#endif
CuAssertIntEquals(tc, APR_SUCCESS, apr_gid_compare(gid, retreived_gid));
#ifdef WIN32
}
#endif
}
term_t make_file_info(apr_finfo_t *fi, xpool_t *xp)
{
apr_status_t rs;
apr_pool_t *tmp;
term_t file_info = make_tuple(10, xp);
term_t *e = tup_elts(file_info);
e[0] = A_FILE_INFO0;
e[1] = (fi->valid & APR_FINFO_TYPE) ? intnum(fi->filetype) : A_UNDEFINED;
e[2] = (fi->valid & APR_FINFO_NAME) ? ztol(fi->name, xp) : A_UNDEFINED;
e[3] = (fi->valid & APR_FINFO_SIZE) ? long2term(fi->size, xp) : A_UNDEFINED;
e[4] = (fi->valid & APR_FINFO_MTIME) ? long2term(fi->mtime, xp) : A_UNDEFINED;
e[5] = (fi->valid & APR_FINFO_CTIME) ? long2term(fi->ctime, xp) : A_UNDEFINED;
e[6] = (fi->valid & APR_FINFO_ATIME) ? long2term(fi->atime, xp) : A_UNDEFINED;
e[7] = A_UNDEFINED;
e[8] = A_UNDEFINED;
apr_pool_create(&tmp, 0);
if (fi->valid & APR_FINFO_USER)
{
char *user_name;
rs = apr_uid_name_get(&user_name, fi->user, tmp);
if (rs == 0)
e[7] = ztol(user_name, xp);
}
if (fi->valid & APR_FINFO_GROUP)
{
char *group_name;
rs = apr_gid_name_get(&group_name, fi->group, tmp);
if (rs == 0)
e[8] = ztol(group_name, xp);
}
apr_pool_destroy(tmp);
//TODO: only user or group permissions may be known
e[9] = (fi->valid & APR_FINFO_PROT)? intnum(fi->protection) : A_UNDEFINED;
return file_info;
}
/* deprecated */
APR_DECLARE(apr_status_t) apr_get_username(char **username, apr_uid_t userid, apr_pool_t *p)
{
return apr_uid_name_get(username, userid, p);
}
static int check_file_owner(request_rec *r)
{
authz_owner_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authz_owner_module);
int m = r->method_number;
register int x;
const char *t, *w;
const apr_array_header_t *reqs_arr = ap_requires(r);
require_line *reqs;
int required_owner = 0;
apr_status_t status = 0;
char *reason = NULL;
if (!reqs_arr) {
return DECLINED;
}
reqs = (require_line *)reqs_arr->elts;
for (x = 0; x < reqs_arr->nelts; x++) {
/* if authoritative = On then break if a require already failed. */
if (reason && conf->authoritative) {
break;
}
if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
continue;
}
t = reqs[x].requirement;
w = ap_getword_white(r->pool, &t);
if (!strcmp(w, "file-owner")) {
#if !APR_HAS_USER
if ((required_owner & ~1) && conf->authoritative) {
break;
}
required_owner |= 1; /* remember the requirement */
reason = "'Require file-owner' is not supported on this platform.";
continue;
#else /* APR_HAS_USER */
char *owner = NULL;
apr_finfo_t finfo;
if ((required_owner & ~1) && conf->authoritative) {
break;
}
required_owner |= 1; /* remember the requirement */
if (!r->filename) {
reason = "no filename available";
continue;
}
status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
if (status != APR_SUCCESS) {
reason = apr_pstrcat(r->pool, "could not stat file ",
r->filename, NULL);
continue;
}
if (!(finfo.valid & APR_FINFO_USER)) {
reason = "no file owner information available";
continue;
}
status = apr_uid_name_get(&owner, finfo.user, r->pool);
if (status != APR_SUCCESS || !owner) {
reason = "could not get name of file owner";
continue;
}
if (strcmp(owner, r->user)) {
reason = apr_psprintf(r->pool, "file owner %s does not match.",
owner);
continue;
}
/* this user is authorized */
return OK;
#endif /* APR_HAS_USER */
}
/* file-group only figures out the file's group and lets
* other modules do the actual authorization (against a group file/db).
* Thus, these modules have to hook themselves after
* mod_authz_owner and of course recognize 'file-group', too.
*/
if (!strcmp(w, "file-group")) {
#if !APR_HAS_USER
if ((required_owner & ~6) && conf->authoritative) {
break;
}
required_owner |= 2; /* remember the requirement */
reason = "'Require file-group' is not supported on this platform.";
continue;
#else /* APR_HAS_USER */
char *group = NULL;
apr_finfo_t finfo;
if ((required_owner & ~6) && conf->authoritative) {
break;
}
required_owner |= 2; /* remember the requirement */
if (!r->filename) {
reason = "no filename available";
continue;
}
status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
if (status != APR_SUCCESS) {
reason = apr_pstrcat(r->pool, "could not stat file ",
r->filename, NULL);
continue;
}
if (!(finfo.valid & APR_FINFO_GROUP)) {
reason = "no file group information available";
continue;
}
status = apr_gid_name_get(&group, finfo.group, r->pool);
if (status != APR_SUCCESS || !group) {
reason = "could not get name of file group";
continue;
}
/* store group name in a note and let others decide... */
apr_table_setn(r->notes, AUTHZ_GROUP_NOTE, group);
required_owner |= 4;
continue;
#endif /* APR_HAS_USER */
}
}
if (!required_owner || !conf->authoritative) {
return DECLINED;
}
/* allow file-group passed to group db modules either if this is the
* only applicable requirement here or if a file-owner failed but we're
* not authoritative.
* This allows configurations like:
*
* AuthzOwnerAuthoritative Off
* require file-owner
* require file-group
*
* with the semantical meaning of "either owner or group must match"
* (inclusive or)
*
* [ 6 == 2 | 4; 7 == 1 | 2 | 4 ] should I use #defines instead?
*/
if (required_owner == 6 || (required_owner == 7 && !conf->authoritative)) {
return DECLINED;
}
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
"Authorization of user %s to access %s failed, reason: %s",
r->user, r->uri, reason ? reason : "unknown");
ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
static authz_status fileowner_check_authorization(request_rec *r,
const char *require_args,
const void *parsed_require_args)
{
char *reason = NULL;
apr_status_t status = 0;
#if !APR_HAS_USER
reason = "'Require file-owner' is not supported on this platform.";
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01632)
"Authorization of user %s to access %s failed, reason: %s",
r->user, r->uri, reason ? reason : "unknown");
return AUTHZ_DENIED;
#else /* APR_HAS_USER */
char *owner = NULL;
apr_finfo_t finfo;
if (!r->user) {
return AUTHZ_DENIED_NO_USER;
}
if (!r->filename) {
reason = "no filename available";
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01633)
"Authorization of user %s to access %s failed, reason: %s",
r->user, r->uri, reason ? reason : "unknown");
return AUTHZ_DENIED;
}
status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
if (status != APR_SUCCESS) {
reason = apr_pstrcat(r->pool, "could not stat file ",
r->filename, NULL);
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01634)
"Authorization of user %s to access %s failed, reason: %s",
r->user, r->uri, reason ? reason : "unknown");
return AUTHZ_DENIED;
}
if (!(finfo.valid & APR_FINFO_USER)) {
reason = "no file owner information available";
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01635)
"Authorization of user %s to access %s failed, reason: %s",
r->user, r->uri, reason ? reason : "unknown");
return AUTHZ_DENIED;
}
status = apr_uid_name_get(&owner, finfo.user, r->pool);
if (status != APR_SUCCESS || !owner) {
reason = "could not get name of file owner";
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01636)
"Authorization of user %s to access %s failed, reason: %s",
r->user, r->uri, reason ? reason : "unknown");
return AUTHZ_DENIED;
}
if (strcmp(owner, r->user)) {
reason = apr_psprintf(r->pool, "file owner %s does not match.",
owner);
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(01637)
"Authorization of user %s to access %s failed, reason: %s",
r->user, r->uri, reason ? reason : "unknown");
return AUTHZ_DENIED;
}
/* this user is authorized */
return AUTHZ_GRANTED;
#endif /* APR_HAS_USER */
}
