1 files changed, 296 insertions, 0 deletions
diff --git a/APACHE_1_3_42/src/modules/standard/mod_auth_dbm.c b/APACHE_1_3_42/src/modules/standard/mod_auth_dbm.c
new file mode 100644
index 0000000000..8e443d5fca
--- /dev/null
+++ b/APACHE_1_3_42/src/modules/standard/mod_auth_dbm.c
@@ -0,0 +1,296 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * http_auth: authentication
+ * 
+ * Rob McCool & Brian Behlendorf.
+ * 
+ * Adapted to Apache by rst.
+ *
+ * dirkx - Added Authoritative control to allow passing on to lower  
+ *         modules if and only if the user-id is not known to this
+ *         module. A known user with a faulty or absent password still
+ *         causes an AuthRequired. The default is 'Authoritative', i.e.
+ *         no control is passed along.
+ */
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#if (defined(WIN32) || defined(NETWARE))
+#include <sdbm.h>
+#define dbm_open sdbm_open
+#define dbm_fetch sdbm_fetch
+#define dbm_close sdbm_close
+#else
+#include <ndbm.h>
+#endif
+
+/*
+ * Module definition information - the part between the -START and -END
+ * lines below is used by Configure. This could be stored in a separate
+ * instead.
+ *
+ * MODULE-DEFINITION-START
+ * Name: dbm_auth_module
+ * ConfigStart
+    . ./helpers/find-dbm-lib
+ * ConfigEnd
+ * MODULE-DEFINITION-END
+ */
+
+typedef struct {
+
+    char *auth_dbmpwfile;
+    char *auth_dbmgrpfile;
+    int auth_dbmauthoritative;
+
+} dbm_auth_config_rec;
+
+static void *create_dbm_auth_dir_config(pool *p, char *d)
+{
+    dbm_auth_config_rec *sec
+    = (dbm_auth_config_rec *) ap_pcalloc(p, sizeof(dbm_auth_config_rec));
+
+    sec->auth_dbmpwfile = NULL;
+    sec->auth_dbmgrpfile = NULL;
+    sec->auth_dbmauthoritative = 1;	/* fortress is secure by default */
+
+    return sec;
+}
+
+static const char *set_dbm_slot(cmd_parms *cmd, void *offset, char *f, char *t)
+{
+    if (!t || strcmp(t, "dbm"))
+	return DECLINE_CMD;
+
+    return ap_set_file_slot(cmd, offset, f);
+}
+
+static const command_rec dbm_auth_cmds[] =
+{
+    {"AuthDBMUserFile", ap_set_file_slot,
+     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmpwfile),
+     OR_AUTHCFG, TAKE1, NULL},
+    {"AuthDBMGroupFile", ap_set_file_slot,
+     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmgrpfile),
+     OR_AUTHCFG, TAKE1, NULL},
+    {"AuthUserFile", set_dbm_slot,
+     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmpwfile),
+     OR_AUTHCFG, TAKE12, NULL},
+    {"AuthGroupFile", set_dbm_slot,
+     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmgrpfile),
+     OR_AUTHCFG, TAKE12, NULL},
+    {"AuthDBMAuthoritative", ap_set_flag_slot,
+     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmauthoritative),
+     OR_AUTHCFG, FLAG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"},
+    {NULL}
+};
+
+module MODULE_VAR_EXPORT dbm_auth_module;
+
+static char *get_dbm_pw(request_rec *r, char *user, char *auth_dbmpwfile)
+{
+    DBM *f;
+    datum d, q;
+    char *pw = NULL;
+
+    q.dptr = user;
+#ifndef NETSCAPE_DBM_COMPAT
+    q.dsize = strlen(q.dptr);
+#else
+    q.dsize = strlen(q.dptr) + 1;
+#endif
+
+
+    if (!(f = dbm_open(auth_dbmpwfile, O_RDONLY, 0664))) {
+	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+		    "could not open dbm auth file: %s", auth_dbmpwfile);
+	return NULL;
+    }
+
+    d = dbm_fetch(f, q);
+
+    if (d.dptr) {
+	pw = ap_palloc(r->pool, d.dsize + 1);
+	strncpy(pw, d.dptr, d.dsize);
+	pw[d.dsize] = '\0';	/* Terminate the string */
+    }
+
+    dbm_close(f);
+    return pw;
+}
+
+/* We do something strange with the group file.  If the group file
+ * contains any : we assume the format is
+ *      key=username value=":"groupname [":"anything here is ignored]
+ * otherwise we now (0.8.14+) assume that the format is
+ *      key=username value=groupname
+ * The first allows the password and group files to be the same 
+ * physical DBM file;   key=username value=password":"groupname[":"anything]
+ *
+ * mark@telescope.org, 22Sep95
+ */
+
+static char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile)
+{
+    char *grp_data = get_dbm_pw(r, user, auth_dbmgrpfile);
+    char *grp_colon;
+    char *grp_colon2;
+
+    if (grp_data == NULL)
+	return NULL;
+
+    if ((grp_colon = strchr(grp_data, ':')) != NULL) {
+	grp_colon2 = strchr(++grp_colon, ':');
+	if (grp_colon2)
+	    *grp_colon2 = '\0';
+	return grp_colon;
+    }
+    return grp_data;
+}
+
+static int dbm_authenticate_basic_user(request_rec *r)
+{
+    dbm_auth_config_rec *sec =
+    (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
+					      &dbm_auth_module);
+    conn_rec *c = r->connection;
+    const char *sent_pw;
+    char *real_pw, *colon_pw;
+    char *invalid_pw;
+    int res;
+
+    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
+	return res;
+
+    if (!sec->auth_dbmpwfile)
+	return DECLINED;
+
+    if (!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) {
+	if (!(sec->auth_dbmauthoritative))
+	    return DECLINED;
+	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+		    "DBM user %s not found: %s", c->user, r->filename);
+	ap_note_basic_auth_failure(r);
+	return AUTH_REQUIRED;
+    }
+    /* Password is up to first : if exists */
+    colon_pw = strchr(real_pw, ':');
+    if (colon_pw) {
+	*colon_pw = '\0';
+    }
+    invalid_pw = ap_validate_password(sent_pw, real_pw);
+    if (invalid_pw != NULL) {
+	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+		      "DBM user %s: authentication failure for \"%s\": %s",
+		      c->user, r->uri, invalid_pw);
+	ap_note_basic_auth_failure(r);
+	return AUTH_REQUIRED;
+    }
+    return OK;
+}
+
+/* Checking ID */
+
+static int dbm_check_auth(request_rec *r)
+{
+    dbm_auth_config_rec *sec =
+    (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
+					      &dbm_auth_module);
+    char *user = r->connection->user;
+    int m = r->method_number;
+
+    const array_header *reqs_arr = ap_requires(r);
+    require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
+
+    register int x;
+    const char *t;
+    char *w;
+
+    if (!sec->auth_dbmgrpfile)
+	return DECLINED;
+    if (!reqs_arr)
+	return DECLINED;
+
+    for (x = 0; x < reqs_arr->nelts; x++) {
+
+	if (!(reqs[x].method_mask & (1 << m)))
+	    continue;
+
+	t = reqs[x].requirement;
+	w = ap_getword_white(r->pool, &t);
+
+	if (!strcmp(w, "group") && sec->auth_dbmgrpfile) {
+	    const char *orig_groups, *groups;
+	    char *v;
+
+	    if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
+		if (!(sec->auth_dbmauthoritative))
+		    return DECLINED;
+		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+			    "user %s not in DBM group file %s: %s",
+			    user, sec->auth_dbmgrpfile, r->filename);
+		ap_note_basic_auth_failure(r);
+		return AUTH_REQUIRED;
+	    }
+	    orig_groups = groups;
+	    while (t[0]) {
+		w = ap_getword_white(r->pool, &t);
+		groups = orig_groups;
+		while (groups[0]) {
+		    v = ap_getword(r->pool, &groups, ',');
+		    if (!strcmp(v, w))
+			return OK;
+		}
+	    }
+	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+			"user %s not in right group: %s",
+			user, r->filename);
+	    ap_note_basic_auth_failure(r);
+	    return AUTH_REQUIRED;
+	}
+    }
+
+    return DECLINED;
+}
+
+
+module MODULE_VAR_EXPORT dbm_auth_module =
+{
+    STANDARD_MODULE_STUFF,
+    NULL,			/* initializer */
+    create_dbm_auth_dir_config,	/* dir config creater */
+    NULL,			/* dir merger --- default is to override */
+    NULL,			/* server config */
+    NULL,			/* merge server config */
+    dbm_auth_cmds,		/* command table */
+    NULL,			/* handlers */
+    NULL,			/* filename translation */
+    dbm_authenticate_basic_user,	/* check_user_id */
+    dbm_check_auth,		/* check auth */
+    NULL,			/* check access */
+    NULL,			/* type_checker */
+    NULL,			/* fixups */
+    NULL,			/* logger */
+    NULL,			/* header parser */
+    NULL,			/* child_init */
+    NULL,			/* child_exit */
+    NULL			/* post read-request */
+};