VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-06 11:06:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e3e87d34a0280b4e88c87b86b715d2c710ffb7ec
apache-http-server/modules/mappers/mod_userdir.c
Roy T. Fielding e3e87d34a0 Apache 1.3.9 baseline for the Apache 2.0 repository. 
Obtained from: Apache 1.3.9 (minus unused files), tag APACHE_1_3_9
Submitted by: Apache Group


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@83751 13f79535-47bb-0310-9956-ffa450edef68
1999-08-24 06:55:44 +00:00

350 lines
12 KiB
C
Raw Blame History

/* ====================================================================
* Copyright (c) 1995-1999 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Group" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Group and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Group and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
/*
* mod_userdir... implement the UserDir command. Broken away from the
* Alias stuff for a couple of good and not-so-good reasons:
*
* 1) It shows a real minimal working example of how to do something like
* this.
* 2) I know people who are actually interested in changing this *particular*
* aspect of server functionality without changing the rest of it. That's
* what this whole modular arrangement is supposed to be good at...
*
* Modified by Alexei Kosut to support the following constructs
* (server running at www.foo.com, request for /~bar/one/two.html)
*
* UserDir public_html -> ~bar/public_html/one/two.html
* UserDir /usr/web -> /usr/web/bar/one/two.html
* UserDir /home/ * /www -> /home/bar/www/one/two.html
* NOTE: theses ^ ^ space only added allow it to work in a comment, ignore
* UserDir http://x/users -> (302) http://x/users/bar/one/two.html
* UserDir http://x/ * /y -> (302) http://x/bar/y/one/two.html
* NOTE: here also ^ ^
*
* In addition, you can use multiple entries, to specify alternate
* user directories (a la Directory Index). For example:
*
* UserDir public_html /usr/web http://www.xyz.com/users
*
* Modified by Ken Coar to provide for the following:
*
* UserDir disable[d] username ...
* UserDir enable[d] username ...
*
* If "disabled" has no other arguments, *all* ~<username> references are
* disabled, except those explicitly turned on with the "enabled" keyword.
*/
#include "httpd.h"
#include "http_config.h"
module userdir_module;
typedef struct userdir_config {
int globally_disabled;
char *userdir;
table *enabled_users;
table *disabled_users;
} userdir_config;
/*
* Server config for this module: global disablement flag, a list of usernames
* ineligible for UserDir access, a list of those immune to global (but not
* explicit) disablement, and the replacement string for all others.
*/
static void *create_userdir_config(pool *p, server_rec *s)
{
userdir_config
* newcfg = (userdir_config *) ap_pcalloc(p, sizeof(userdir_config));
newcfg->globally_disabled = 0;
newcfg->userdir = DEFAULT_USER_DIR;
newcfg->enabled_users = ap_make_table(p, 4);
newcfg->disabled_users = ap_make_table(p, 4);
return (void *) newcfg;
}
#define O_DEFAULT 0
#define O_ENABLE 1
#define O_DISABLE 2
static const char *set_user_dir(cmd_parms *cmd, void *dummy, char *arg)
{
userdir_config
* s_cfg = (userdir_config *) ap_get_module_config
(
cmd->server->module_config,
&userdir_module
);
char *username;
const char
*usernames = arg;
char *kw = ap_getword_conf(cmd->pool, &usernames);
table *usertable;
/*
* Let's do the comparisons once.
*/
if ((!strcasecmp(kw, "disable")) || (!strcasecmp(kw, "disabled"))) {
/*
* If there are no usernames specified, this is a global disable - we
* need do no more at this point than record the fact.
*/
if (strlen(usernames) == 0) {
s_cfg->globally_disabled = 1;
return NULL;
}
usertable = s_cfg->disabled_users;
}
else if ((!strcasecmp(kw, "enable")) || (!strcasecmp(kw, "enabled"))) {
/*
* The "disable" keyword can stand alone or take a list of names, but
* the "enable" keyword requires the list. Whinge if it doesn't have
* it.
*/
if (strlen(usernames) == 0) {
return "UserDir \"enable\" keyword requires a list of usernames";
}
usertable = s_cfg->enabled_users;
}
else {
/*
* If the first (only?) value isn't one of our keywords, just copy
* the string to the userdir string.
*/
s_cfg->userdir = ap_pstrdup(cmd->pool, arg);
return NULL;
}
/*
* Now we just take each word in turn from the command line and add it to
* the appropriate table.
*/
while (*usernames) {
username = ap_getword_conf(cmd->pool, &usernames);
ap_table_setn(usertable, username, kw);
}
return NULL;
}
static const command_rec userdir_cmds[] = {
{"UserDir", set_user_dir, NULL, RSRC_CONF, RAW_ARGS,
"the public subdirectory in users' home directories, or 'disabled', or 'disabled username username...', or 'enabled username username...'"},
{NULL}
};
static int translate_userdir(request_rec *r)
{
void *server_conf = r->server->module_config;
const userdir_config *s_cfg =
(userdir_config *) ap_get_module_config(server_conf, &userdir_module);
char *name = r->uri;
const char *userdirs = s_cfg->userdir;
const char *w, *dname;
char *redirect;
char *x = NULL;
struct stat statbuf;
/*
* If the URI doesn't match our basic pattern, we've nothing to do with
* it.
*/
if (
(s_cfg->userdir == NULL) ||
(name[0] != '/') ||
(name[1] != '~')
) {
return DECLINED;
}
dname = name + 2;
w = ap_getword(r->pool, &dname, '/');
/*
* The 'dname' funny business involves backing it up to capture the '/'
* delimiting the "/~user" part from the rest of the URL, in case there
* was one (the case where there wasn't being just "GET /~user HTTP/1.0",
* for which we don't want to tack on a '/' onto the filename).
*/
if (dname[-1] == '/') {
--dname;
}
/*
* If there's no username, it's not for us. Ignore . and .. as well.
*/
if (w[0] == '\0' || (w[1] == '.' && (w[2] == '\0' || (w[2] == '.' && w[3] == '\0')))) {
return DECLINED;
}
/*
* Nor if there's an username but it's in the disabled list.
*/
if (ap_table_get(s_cfg->disabled_users, w) != NULL) {
return DECLINED;
}
/*
* If there's a global interdiction on UserDirs, check to see if this
* name is one of the Blessed.
*/
if (
s_cfg->globally_disabled &&
(ap_table_get(s_cfg->enabled_users, w) == NULL)
) {
return DECLINED;
}
/*
* Special cases all checked, onward to normal substitution processing.
*/
while (*userdirs) {
const char *userdir = ap_getword_conf(r->pool, &userdirs);
char *filename = NULL;
if (strchr(userdir, '*'))
x = ap_getword(r->pool, &userdir, '*');
if (userdir[0] == '\0' || ap_os_is_path_absolute(userdir)) {
if (x) {
#ifdef HAVE_DRIVE_LETTERS
/*
* Crummy hack. Need to figure out whether we have been
* redirected to a URL or to a file on some drive. Since I
* know of no protocols that are a single letter, if the : is
* the second character, I will assume a file was specified
*/
if (strchr(x + 2, ':'))
#else
if (strchr(x, ':'))
#endif /* WIN32 */
{
redirect = ap_pstrcat(r->pool, x, w, userdir, dname, NULL);
ap_table_setn(r->headers_out, "Location", redirect);
return REDIRECT;
}
else
filename = ap_pstrcat(r->pool, x, w, userdir, NULL);
}
else
filename = ap_pstrcat(r->pool, userdir, "/", w, NULL);
}
else if (strchr(userdir, ':')) {
redirect = ap_pstrcat(r->pool, userdir, "/", w, dname, NULL);
ap_table_setn(r->headers_out, "Location", redirect);
return REDIRECT;
}
else {
#ifdef WIN32
/* Need to figure out home dirs on NT */
return DECLINED;
#else /* WIN32 */
struct passwd *pw;
if ((pw = getpwnam(w))) {
#ifdef OS2
/* Need to manually add user name for OS/2 */
filename = ap_pstrcat(r->pool, pw->pw_dir, w, "/", userdir, NULL);
#else
filename = ap_pstrcat(r->pool, pw->pw_dir, "/", userdir, NULL);
#endif
}
#endif /* WIN32 */
}
/*
* Now see if it exists, or we're at the last entry. If we are at the
* last entry, then use the filename generated (if there is one)
* anyway, in the hope that some handler might handle it. This can be
* used, for example, to run a CGI script for the user.
*/
if (filename && (!*userdirs || stat(filename, &statbuf) != -1)) {
r->filename = ap_pstrcat(r->pool, filename, dname, NULL);
/* when statbuf contains info on r->filename we can save a syscall
* by copying it to r->finfo
*/
if (*userdirs && dname[0] == 0)
r->finfo = statbuf;
return OK;
}
}
return DECLINED;
}
module userdir_module = {
STANDARD_MODULE_STUFF,
NULL, /* initializer */
NULL, /* dir config creater */
NULL, /* dir merger --- default is to override */
create_userdir_config, /* server config */
NULL, /* merge server config */
userdir_cmds, /* command table */
NULL, /* handlers */
translate_userdir, /* filename translation */
NULL, /* check_user_id */
NULL, /* check auth */
NULL, /* check access */
NULL, /* type_checker */
NULL, /* fixups */
NULL, /* logger */
NULL, /* header parser */
NULL, /* child_init */
NULL, /* child_exit */
NULL /* post read-request */
};
Reference in New Issue View Git Blame Copy Permalink