/* PUBLIC HTAAFile_readPasswdRec()
** READ A RECORD FROM THE PASSWORD FILE
** ON ENTRY:
** fp open password file
** out_username buffer to put the read username, must be at
** least MAX_USERNAME_LEN+1 characters long.
** out_passwd buffer to put the read password, must be at
** least MAX_PASSWORD_LEN+1 characters long.
** ON EXIT:
** returns EOF on end of file,
** otherwise the number of read fields
** (i.e. in a correct case returns 2).
** out_username contains the null-terminated read username.
** out_password contains the null-terminated read password.
**
** FORMAT OF PASSWORD FILE:
** username:password:maybe real name or other stuff
** (may include even colons)
**
** There may be whitespace (blanks or tabs) in the beginning and
** the end of each field. They are ignored.
*/
PUBLIC int HTAAFile_readPasswdRec ARGS3(FILE *, fp,
char *, out_username,
char *, out_password)
{
char terminator;
terminator = HTAAFile_readField(fp, out_username, MAX_USERNAME_LEN);
if (terminator == EOF) { /* End of file */
return EOF;
}
else if (terminator == CR || terminator == LF) { /* End of line */
next_rec(fp);
return 1;
}
else {
HTAAFile_readField(fp, out_password, MAX_PASSWORD_LEN);
next_rec(fp);
return 2;
}
}
/* PUBLIC HTAA_getAclEntry()
** CONSULT THE ACCESS CONTROL LIST AND
** GIVE A LIST OF GROUPS (AND USERS)
** AUTHORIZED TO ACCESS A GIVEN FILE
** ON ENTRY:
** acl_file is an open ACL file.
** pathname is the absolute pathname of
** the file to be accessed.
** method is the method for which access is wanted.
**
** ALC FILE FORMAT:
**
** template : method, method, ... : group@addr, user, group, ...
**
** The last item is in fact in exactly the same format as
** group definition in group file, i.e. everything that
** follows the 'groupname:' part,
** e.g.
** user, group, user@address, group@address,
** (user,group,...)@(address, address, ...)
**
** ON EXIT:
** returns NULL, if there is no entry for the file in the ACL,
** or ACL doesn't exist.
** If there is, a GroupDef object containing the
** group and user names allowed to access the file
** is returned (this is automatically freed
** next time this function is called).
** IMPORTANT:
** Returns the first entry with matching template and
** method. This function should be called multiple times
** to process all the valid entries (until it returns NULL).
** This is because there can be multiple entries like:
**
** *.html : get,put : ari,timbl,robert
** *.html : get : jim,james,jonathan,jojo
**
** NOTE:
** The returned group definition may well contain references
** to groups defined in group file. Therefore these references
** must be resolved according to that rule file by function
** HTAA_resolveGroupReferences() (group file is read in by
** HTAA_readGroupFile()) and after that access authorization
** can be checked with function HTAA_userAndInetGroup().
*/
PUBLIC GroupDef *HTAA_getAclEntry ARGS3(FILE *, acl_file,
WWW_CONST char *, pathname,
HTAAMethod, method)
{
static GroupDef * group_def = NULL;
WWW_CONST char * filename;
int len;
char *buf;
if (!acl_file) return NULL; /* ACL doesn't exist */
if (group_def) {
GroupDef_delete(group_def); /* From previous call */
group_def = NULL;
}
if (!(filename = strrchr(pathname, '/')))
filename = pathname;
else filename++; /* Skip slash */
len = strlen(filename);
if (!(buf = (char*)malloc((strlen(filename)+2)*sizeof(char))))
outofmem(__FILE__, "HTAA_getAuthorizedGroups");
while (EOF != HTAAFile_readField(acl_file, buf, len+1)) {
if (HTAA_templateMatch(buf, filename)) {
HTList *methods = HTList_new();
HTAAFile_readList(acl_file, methods, MAX_METHODNAME_LEN);
#ifndef DISABLE_TRACE
if (www2Trace) {
fprintf(stderr,
"Filename '%s' matched template '%s', allowed methods:",
filename, buf);
}
#endif
if (HTAAMethod_inList(method, methods)) { /* right method? */
#ifndef DISABLE_TRACE
if (www2Trace) fprintf(stderr, " METHOD OK\n");
#endif
HTList_delete(methods);
free(buf);
group_def = HTAA_parseGroupDef(acl_file);
return group_def;
}
#ifndef DISABLE_TRACE
else if (www2Trace) fprintf(stderr, " METHOD NOT FOUND\n");
#endif
HTList_delete(methods);
} /* if template match */
else {
HTAAFile_nextRec(acl_file);
#ifndef DISABLE_TRACE
if (www2Trace) {
fprintf(stderr,
"Filename '%s' didn't match template '%s'\n",
filename, buf);
}
#endif
}
HTAAFile_nextRec(acl_file);
} /* while not eof */
free(buf);
return NULL; /* No entry for requested file */
/* (or an empty entry). */
}
