static authz_status dbdgroup_check_authorization(request_rec *r, const char *require_args, const void *parsed_require_args) { int rv; const char *w; apr_array_header_t *groups; const char *err = NULL; const ap_expr_info_t *expr = parsed_require_args; const char *require; const char *t; authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config, &authz_dbd_module); if (!r->user) { return AUTHZ_DENIED_NO_USER; } groups = apr_array_make(r->pool, 4, sizeof(const char*)); rv = authz_dbd_group_query(r, cfg, groups); if (rv != OK) { return AUTHZ_GENERAL_ERROR; } require = ap_expr_str_exec(r, expr, &err); if (err) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02590) "authz_dbd authorize: require dbd-group: Can't " "evaluate require expression: %s", err); return AUTHZ_DENIED; } t = require; while (t[0]) { w = ap_getword_white(r->pool, &t); if (ap_array_str_contains(groups, w)) { return AUTHZ_GRANTED; } } return AUTHZ_DENIED; }
static int h2_protocol_propose(conn_rec *c, request_rec *r, server_rec *s, const apr_array_header_t *offers, apr_array_header_t *proposals) { int proposed = 0; int is_tls = h2_h2_is_tls(c); const char **protos = is_tls? h2_tls_protos : h2_clear_protos; (void)s; if (strcmp(AP_PROTOCOL_HTTP1, ap_get_protocol(c))) { /* We do not know how to switch from anything else but http/1.1. */ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "protocol switch: current proto != http/1.1, declined"); return DECLINED; } if (!h2_is_acceptable_connection(c, 0)) { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "protocol propose: connection requirements not met"); return DECLINED; } if (r) { /* So far, this indicates an HTTP/1 Upgrade header initiated * protocol switch. For that, the HTTP2-Settings header needs * to be present and valid for the connection. */ const char *p; if (!h2_allows_h2_upgrade(c)) { return DECLINED; } p = apr_table_get(r->headers_in, "HTTP2-Settings"); if (!p) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "upgrade without HTTP2-Settings declined"); return DECLINED; } p = apr_table_get(r->headers_in, "Connection"); if (!ap_find_token(r->pool, p, "http2-settings")) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "upgrade without HTTP2-Settings declined"); return DECLINED; } /* We also allow switching only for requests that have no body. */ p = apr_table_get(r->headers_in, "Content-Length"); if (p && strcmp(p, "0")) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "upgrade with content-length: %s, declined", p); return DECLINED; } } while (*protos) { /* Add all protocols we know (tls or clear) and that * are part of the offerings (if there have been any). */ if (!offers || ap_array_str_contains(offers, *protos)) { ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c, "proposing protocol '%s'", *protos); APR_ARRAY_PUSH(proposals, const char*) = *protos; proposed = 1; } ++protos; } return proposed? DECLINED : OK; }