Browse Source

[mod_auth] inline arrays in http_auth_require_t

also, keep ptr to const buffer *realm rather than copy
personal/stbuehler/ci-build
Glenn Strauss 2 years ago
parent
commit
a03afc9043
  1. 20
      src/http_auth.c
  2. 8
      src/http_auth.h
  3. 10
      src/mod_auth.c
  4. 4
      src/mod_authn_ldap.c

20
src/http_auth.c

@ -113,22 +113,14 @@ http_auth_require_t * http_auth_require_init (void)
{
http_auth_require_t *require = calloc(1, sizeof(http_auth_require_t));
force_assert(NULL != require);
require->realm = buffer_init();
require->valid_user = 0;
require->user = array_init();
require->group = array_init();
require->host = array_init();
return require;
}
void http_auth_require_free (http_auth_require_t * const require)
{
buffer_free(require->realm);
array_free(require->user);
array_free(require->group);
array_free(require->host);
array_free_data(&require->user);
array_free_data(&require->group);
array_free_data(&require->host);
free(require);
}
@ -149,17 +141,17 @@ int http_auth_match_rules (const http_auth_require_t * const require, const char
{
if (NULL != user
&& (require->valid_user
|| http_auth_array_contains(require->user, user, strlen(user)))) {
|| http_auth_array_contains(&require->user, user, strlen(user)))) {
return 1; /* match */
}
if (NULL != group
&& http_auth_array_contains(require->group, group, strlen(group))) {
&& http_auth_array_contains(&require->group, group, strlen(group))) {
return 1; /* match */
}
if (NULL != host
&& http_auth_array_contains(require->host, host, strlen(host))) {
&& http_auth_array_contains(&require->host, host, strlen(host))) {
return 1; /* match */
}

8
src/http_auth.h

@ -28,12 +28,12 @@ struct http_auth_backend_t;
typedef struct http_auth_require_t {
const struct http_auth_scheme_t *scheme;
buffer *realm;
const buffer *realm;
int valid_user;
int algorithm;
array *user;
array *group;
array *host;
array user;
array group;
array host;
} http_auth_require_t;
http_auth_require_t * http_auth_require_init (void);

10
src/mod_auth.c

@ -206,12 +206,12 @@ static int mod_auth_require_parse (server *srv, http_auth_require_t * const requ
case 4:
if (0 == memcmp(str, CONST_STR_LEN("user"))) {
/*("user=" is 5)*/
array_set_key_value(require->user, str+5, len-5, CONST_STR_LEN(""));
array_set_key_value(&require->user, str+5, len-5, CONST_STR_LEN(""));
continue;
}
else if (0 == memcmp(str, CONST_STR_LEN("host"))) {
/*("host=" is 5)*/
array_set_key_value(require->host, str+5, len-5, CONST_STR_LEN(""));
array_set_key_value(&require->host, str+5, len-5, CONST_STR_LEN(""));
log_error_write(srv, __FILE__, __LINE__, "ssb",
"warning parsing auth.require 'require' field: 'host' not implemented;",
"field value:", b);
@ -221,7 +221,7 @@ static int mod_auth_require_parse (server *srv, http_auth_require_t * const requ
case 5:
if (0 == memcmp(str, CONST_STR_LEN("group"))) {
/*("group=" is 6)*/
array_set_key_value(require->group, str+6, len-6, CONST_STR_LEN(""));
array_set_key_value(&require->group, str+6, len-6, CONST_STR_LEN(""));
#if 0/*(supported by mod_authn_ldap, but not all other backends)*/
log_error_write(srv, __FILE__, __LINE__, "ssb",
"warning parsing auth.require 'require' field: 'group' not implemented;",
@ -346,7 +346,7 @@ static handler_t mod_auth_require_parse_array(server *srv, const array *value, a
buffer_copy_buffer(&dauth->key, &da_file->key);
dauth->require->scheme = auth_scheme;
dauth->require->algorithm = algorithm;
buffer_copy_buffer(dauth->require->realm, realm);
dauth->require->realm = realm;
if (!mod_auth_require_parse(srv, dauth->require, require)) {
dauth->fn->free((data_unset *)dauth);
return HANDLER_ERROR;
@ -528,7 +528,7 @@ static handler_t mod_auth_send_400_bad_request(server *srv, connection *con) {
return HANDLER_FINISHED;
}
static handler_t mod_auth_send_401_unauthorized_basic(server *srv, connection *con, buffer *realm) {
static handler_t mod_auth_send_401_unauthorized_basic(server *srv, connection *con, const buffer *realm) {
con->http_status = 401;
con->mode = DIRECT;

4
src/mod_authn_ldap.c

@ -630,7 +630,7 @@ static char * mod_authn_ldap_get_dn(server *srv, plugin_config_ldap *s, const ch
}
static handler_t mod_authn_ldap_memberOf(server *srv, plugin_config *s, const http_auth_require_t *require, const buffer *username, const char *userdn) {
array *groups = require->group;
const array *groups = &require->group;
buffer *filter = buffer_init();
handler_t rc = HANDLER_ERROR;
@ -752,7 +752,7 @@ static handler_t mod_authn_ldap_basic(server *srv, connection *con, void *p_d, c
if (http_auth_match_rules(require, username->ptr, NULL, NULL)) {
rc = HANDLER_GO_ON; /* access granted */
}
else if (require->group->used) {
else if (require->group.used) {
/*(must not re-use ldap_filter, since it might be used for dn)*/
rc = mod_authn_ldap_memberOf(srv,&p->conf,require,username,dn);
}

Loading…
Cancel
Save