| 237 | static APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group; |
| 238 | |
| 239 | static authz_status dbmfilegroup_check_authorization(request_rec *r, |
| 240 | const char *require_args, |
| 241 | const void *parsed_require_args) |
| 242 | { |
| 243 | authz_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config, |
| 244 | &authz_dbm_module); |
| 245 | char *user = r->user; |
| 246 | const char *realm = ap_auth_name(r); |
| 247 | const char *filegroup = NULL; |
| 248 | apr_status_t status; |
| 249 | const char *groups; |
| 250 | char *v; |
| 251 | |
| 252 | if (!user) { |
| 253 | return AUTHZ_DENIED_NO_USER; |
| 254 | } |
| 255 | |
| 256 | if (!conf->grpfile) { |
| 257 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01802) |
| 258 | "No group file was specified in the configuration"); |
| 259 | return AUTHZ_DENIED; |
| 260 | } |
| 261 | |
| 262 | /* fetch group data from dbm file. */ |
| 263 | status = get_dbm_grp(r, apr_pstrcat(r->pool, user, ":", realm, NULL), |
| 264 | user, conf->grpfile, conf->dbmtype, &groups); |
| 265 | |
| 266 | if (status != APR_SUCCESS) { |
| 267 | return AUTHZ_DENIED; |
| 268 | } |
| 269 | |
| 270 | if (groups == NULL) { |
| 271 | /* no groups available, so exit immediately */ |
| 272 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01804) |
| 273 | "Authorization of user %s to access %s failed, reason: " |
| 274 | "user doesn't appear in DBM group file (%s).", |
| 275 | r->user, r->uri, conf->grpfile); |
| 276 | return AUTHZ_DENIED; |
| 277 | } |
| 278 | |
| 279 | filegroup = authz_owner_get_file_group(r); |
| 280 | |
| 281 | if (filegroup) { |
| 282 | while (groups[0]) { |
| 283 | v = ap_getword(r->pool, &groups, ','); |
| 284 | if (!strcmp(v, filegroup)) { |
| 285 | return AUTHZ_GRANTED; |
| 286 | } |
| 287 | } |
| 288 | } |
| 289 | |
| 290 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01805) |
| 291 | "Authorization of user %s to access %s failed, reason: " |
| 292 | "user is not part of the 'require'ed group(s).", |
| 293 | r->user, r->uri); |
| 294 | |
| 295 | return AUTHZ_DENIED; |
| 296 | } |
nothing calls this directly
no test coverage detected