|
version 2.1, 1993/10/04 19:36:39
|
version 2.2, 1993/10/05 09:02:34
|
|
Line 201 PRIVATE char *status_name ARGS1(HTAAFail
|
Line 201 PRIVATE char *status_name ARGS1(HTAAFail
|
| ** must be returned from somewhere else (this is |
** must be returned from somewhere else (this is |
| ** to avoid unnecessary overhead of opening the |
** to avoid unnecessary overhead of opening the |
| ** file twice). |
** file twice). |
| ** |
|
| ** REMEMBER: |
|
| ** allowed_groups is returned by function |
|
| ** HTAA_getAuthorizedGroups(), which also frees |
|
| ** it automatically. |
|
| */ |
*/ |
| PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, |
PRIVATE HTAAFailReasonType check_authorization ARGS4(CONST char *, pathname, |
| HTAAMethod, method, |
HTAAMethod, method, |
|
Line 224 PRIVATE HTAAFailReasonType check_authori
|
Line 219 PRIVATE HTAAFailReasonType check_authori
|
| "HTAA_checkAuthorization: Forbidden by rule\n"); |
"HTAA_checkAuthorization: Forbidden by rule\n"); |
| return HTAA_BY_RULE; |
return HTAA_BY_RULE; |
| } |
} |
| if (TRACE) fprintf(stderr, "%s `%s' %s `%s'\n", |
if (TRACE) fprintf(stderr, "%s `%s' %s %s\n", |
| "HTAA_checkAuthorization: translated path:", |
"HTAA_checkAuthorization: translated path:", |
| pathname, "method:", HTAAMethod_name(method)); |
pathname, "method:", HTAAMethod_name(method)); |
| |
|
|
Line 239 PRIVATE HTAAFailReasonType check_authori
|
Line 234 PRIVATE HTAAFailReasonType check_authori
|
| */ |
*/ |
| if (!(acl_file = HTAA_openAcl(pathname))) { |
if (!(acl_file = HTAA_openAcl(pathname))) { |
| if (prot) { /* protect rule, but no ACL */ |
if (prot) { /* protect rule, but no ACL */ |
| if (!prot->valid_schemes || 0==HTList_count(prot->valid_schemes)) { |
if (prot->mask_group) { |
| /* Only IP masking enabled */ |
/* |
| |
** Only mask enabled, check that |
| |
*/ |
| |
GroupDefList *group_def_list = |
| |
HTAA_readGroupFile(HTAssocList_lookup(prot->values, |
| |
"group")); |
| |
/* |
| |
** Authenticate if authentication info given |
| |
*/ |
| |
if (scheme != HTAA_UNKNOWN && scheme != HTAA_NONE) { |
| |
htaa_user = HTAA_authenticate(scheme, |
| |
scheme_specifics, |
| |
prot); |
| |
if (TRACE) fprintf(stderr, "Authentication returned: %s\n", |
| |
(htaa_user ? htaa_user->username |
| |
: "NOT-AUTHENTICATED")); |
| |
} |
| |
HTAA_resolveGroupReferences(prot->mask_group, group_def_list); |
| reason = HTAA_userAndInetInGroup(prot->mask_group, |
reason = HTAA_userAndInetInGroup(prot->mask_group, |
| "", |
htaa_user |
| |
? htaa_user->username : "", |
| HTClientHost, |
HTClientHost, |
| NULL); |
NULL); |
| if (reason != HTAA_OK) { |
if (TRACE) { |
| if (TRACE) fprintf(stderr, "%s %s %s %s\n", |
if (reason != HTAA_OK) |
| "HTAA_checkAuthorization: access denied", |
fprintf(stderr, "%s %s %s %s\n", |
| "by mask (no ACL, only Protect rule)", |
"HTAA_checkAuthorization: access denied", |
| "host", HTClientHost); |
"by mask (no ACL, only Protect rule)", |
| return reason; |
"host", HTClientHost); |
| } |
else fprintf(stderr, "%s %s %s %s\n", |
| else { |
"HTAA_checkAuthorization: request from", |
| if (TRACE) fprintf(stderr, "%s %s %s %s %s\n", |
HTClientHost, |
| "HTAA_checkAuthorization: request from", |
"accepted by only mask match (no ACL, only", |
| HTClientHost, |
"Protect rule, and only mask enabled)"); |
| "accepted by just IP number", |
|
| "(no ACL, only Protect rule, and only", |
|
| "mask enabled, no authentication)"); |
|
| return HTAA_OK; |
|
| } |
} |
| |
return reason; |
| } |
} |
| else { /* 403 Forbidden */ |
else { /* 403 Forbidden */ |
| if (TRACE) fprintf(stderr, "HTAA_checkAuthorization: %s\n", |
if (TRACE) fprintf(stderr, "%s %s\n", |
| "Protected, but no ACL -- forbidden"); |
"HTAA_checkAuthorization: Protected, but", |
| |
"no mask group nor ACL -- forbidden"); |
| return HTAA_NO_ACL; |
return HTAA_NO_ACL; |
| } |
} |
| } |
} |
| else { /* No protect rule and no ACL => OK 200 */ |
else { /* No protect rule and no ACL => OK 200 */ |
| if (TRACE) fprintf(stderr, |
if (TRACE) fprintf(stderr, "HTAA_checkAuthorization: %s\n", |
| "HTAA_checkAuthorization: no protect nor ACL\n"); |
"no protect rule nor ACL -- ok\n"); |
| return HTAA_OK; |
return HTAA_OK; |
| } |
} |
| } |
} |
| |
|
| |
/* |
| |
** Now we know that ACL exists |
| |
*/ |
| if (!prot) { /* Not protected by "protect" rule */ |
if (!prot) { /* Not protected by "protect" rule */ |
| if (TRACE) fprintf(stderr, |
if (TRACE) fprintf(stderr, |
| "HTAA_checkAuthorization: default protection\n"); |
"HTAA_checkAuthorization: default protection\n"); |
| prot = HTAA_getDefaultProtection(); /* Also sets current protection */ |
prot = HTAA_getDefaultProtection(); /* Also sets current protection */ |
| } |
|
| |
|
| if (!prot) { /* @@ Default protection not set ?? */ |
if (!prot) { /* @@ Default protection not set ?? */ |
| if (TRACE) fprintf(stderr, "%s %s\n", |
if (TRACE) fprintf(stderr, "%s %s\n", |
| "HTAA_checkAuthorization: default protection", |
"HTAA_checkAuthorization: default protection", |
| "not set (internal server error)!!"); |
"not set (internal server error)!!"); |
| return HTAA_SETUP_ERROR; |
return HTAA_SETUP_ERROR; |
| } |
} |
| |
|
| /* |
|
| ** Now we know document is protected ACL exists, and |
|
| ** authentication is necessary. |
|
| */ |
|
| |
|
| /* |
|
| ** Authenticate if authentication info given. |
|
| */ |
|
| if (scheme != HTAA_UNKNOWN) { |
|
| htaa_user = HTAA_authenticate(scheme, |
|
| scheme_specifics, |
|
| prot); |
|
| if (TRACE) fprintf(stderr, "Authentication returned: %s\n", |
|
| (htaa_user |
|
| ? htaa_user->username : "NOT AUTHENTICATED")); |
|
| } |
|
| |
|
| if (!htaa_user) { /* No anonymous access to protected files */ |
|
| if (TRACE) fprintf(stderr, "HTAA_checkAuthorization: %s\n", |
|
| "no anonymous access to a protected file"); |
|
| return HTAA_NO_AUTH; |
|
| } |
} |
| |
|
| |
|
| /* |
/* |
| ** Check against mask and ACL entry |
** Now we know that document is protected and ACL exists. |
| |
** Check against ACL entry. |
| */ |
*/ |
| { |
{ |
| GroupDefList *group_def_list = |
GroupDefList *group_def_list = |
| HTAA_readGroupFile(HTAssocList_lookup(prot->values, "group")); |
HTAA_readGroupFile(HTAssocList_lookup(prot->values, "group")); |
| |
|
| /* |
/* |
| ** Check mask |
** Authenticate now that we know protection mode |
| |
*/ |
| |
if (scheme != HTAA_UNKNOWN && scheme != HTAA_NONE) { |
| |
htaa_user = HTAA_authenticate(scheme, |
| |
scheme_specifics, |
| |
prot); |
| |
if (TRACE) fprintf(stderr, "Authentication returned: %s\n", |
| |
(htaa_user |
| |
? htaa_user->username : "NOT-AUTHENTICATED")); |
| |
} |
| |
/* |
| |
** Check mask group |
| */ |
*/ |
| if (prot->mask_group) { |
if (prot->mask_group) { |
| HTAA_resolveGroupReferences(prot->mask_group, group_def_list); |
HTAA_resolveGroupReferences(prot->mask_group, group_def_list); |
| reason = HTAA_userAndInetInGroup(prot->mask_group, |
reason=HTAA_userAndInetInGroup(prot->mask_group, |
| htaa_user->username, |
htaa_user ? htaa_user->username : "", |
| HTClientHost, |
HTClientHost, |
| NULL); |
NULL); |
| if (reason != HTAA_OK) { |
if (reason != HTAA_OK) { |
| if (TRACE) fprintf(stderr, "%s %s %s %s %s\n", |
if (TRACE) fprintf(stderr, "%s %s %s\n", |
| "HTAA_checkAuthorization: user", |
"HTAA_checkAuthorization: access denied", |
| htaa_user->username, |
"by mask, host:", HTClientHost); |
| "from host", |
|
| HTClientHost, |
|
| "not accepted (didn't match mask group)"); |
|
| return reason; |
return reason; |
| } |
} |
| else if (TRACE) fprintf(stderr, "%s %s (user %s) %s\n", |
else { |
| "HTAA_checkAuthorization: request from", |
if (TRACE) fprintf(stderr, "%s %s %s %s %s\n", |
| HTClientHost, |
"HTAA_checkAuthorization: request from", |
| htaa_user->username, |
HTClientHost, |
| "accepted (matched mask)"); |
"accepted by just mask group match", |
| } |
"(no ACL, only Protect rule, and only", |
| else if (TRACE) fprintf(stderr, "%s (host %s user %s accepted)\n", |
"mask enabled)"); |
| "HTAA_checkAuthorization: masking not enabled ", |
/* And continue authorization checking */ |
| HTClientHost, htaa_user->username); |
} |
| |
} |
| /* |
/* |
| ** Get ACL entry; get first one first, the loop others |
** Get ACL entries; get first one first, the loop others |
| |
** Remember, allowed_groups is automatically freed by |
| |
** HTAA_getAclEntry(). |
| */ |
*/ |
| allowed_groups = HTAA_getAclEntry(acl_file, pathname, method); |
allowed_groups = HTAA_getAclEntry(acl_file, pathname, method); |
| if (!allowed_groups) { |
if (!allowed_groups) { |
|
Line 362 PRIVATE HTAAFailReasonType check_authori
|
Line 362 PRIVATE HTAAFailReasonType check_authori
|
| do { |
do { |
| HTAA_resolveGroupReferences(allowed_groups, group_def_list); |
HTAA_resolveGroupReferences(allowed_groups, group_def_list); |
| reason = HTAA_userAndInetInGroup(allowed_groups, |
reason = HTAA_userAndInetInGroup(allowed_groups, |
| htaa_user->username, |
htaa_user |
| |
? htaa_user->username : "", |
| HTClientHost, |
HTClientHost, |
| NULL); |
NULL); |
| if (reason == HTAA_OK) { |
if (reason == HTAA_OK) { |
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to HTAAServ.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Public] / libwww / Library / src