1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
/* GROUP FILE ROUTINES
*/
#ifndef HTGROUP_H
#define HTGROUP_H
#include <HTList.h>
typedef HTList GroupDefList;
typedef HTList ItemList;
typedef struct {
char *group_name;
ItemList *item_list;
} GroupDef;
/*
* Access Authorization failure reasons
*/
typedef enum {
HTAA_OK, /* 200 OK */
HTAA_OK_GATEWAY, /* 200 OK, acting as a gateway */
HTAA_NO_AUTH, /* 401 Unauthorized, not authenticated */
HTAA_NOT_MEMBER, /* 401 Unauthorized, not authorized */
HTAA_IP_MASK, /* 403 Forbidden by IP mask */
HTAA_BY_RULE, /* 403 Forbidden by rule */
HTAA_NO_ACL, /* 403 Forbidden, ACL non-existent */
HTAA_NO_ENTRY, /* 403 Forbidden, no ACL entry */
HTAA_SETUP_ERROR, /* 403 Forbidden, server setup error */
HTAA_DOTDOT, /* 403 Forbidden, URL with /../ illegal */
HTAA_HTBIN, /* 403 Forbidden, /htbin not enabled */
HTAA_NOT_FOUND /* 404 Not found, or read protected */
} HTAAFailReasonType;
/*
Group definition grammar
string
"sequence of alphanumeric characters"
user_name
string
group_name
string
group_ref
group_name
user_def
user_name | group_ref
user_def_list
user_def { ',' user_def }
user_part
user_def | '(' user_def_list ')'
templ
"sequence of alphanumeric characters and '*'s"
ip_number_mask
templ '.' templ '.' templ '.' templ
domain_name_mask
templ { '.' templ }
address
ip_number_mask | domain_name_mask
address_def
address
address_def_list
address_def { ',' address_def }
address_part
address_def | '(' address_def_list ')'
item
[user_part] ['@' address_part]
item_list
item { ',' item }
group_def
item_list
group_decl
group_name ':' group_def
PARSE GROUP DEFINITION
*/
extern GroupDef *HTAA_parseGroupDef(FILE *fp);
/*
Fill in Pointers to referenced Group Definitions in a Group Definition
References to groups (by their name) are resolved from group_def_list and pointers to
those structures are added to group_def.
*/
extern void HTAA_resolveGroupReferences(GroupDef *group_def,
GroupDefList *group_def_list);
/*
Read Group File (and do caching)
If group file is already in cache returns a pointer to previously read group definition
list.
*/
extern GroupDefList *HTAA_readGroupFile(const char *filename);
/*
Delete Group Definition
Groups in cache should never be freed by this function. This should only be used to
free group definitions read by HTAA_parseGroupDef.
*/
extern void GroupDef_delete(GroupDef *group_def);
/*
Print Out Group Definition (for trace purposes)
*/
extern void HTAA_printGroupDef(GroupDef *group_def);
/*
Does a User Belong to a Given Set of Groups
This function checks both the username and the internet address.
*/
/* PUBLIC HTAA_userAndInetInGroup()
* CHECK IF USER BELONGS TO TO A GIVEN GROUP
* AND THAT THE CONNECTION COMES FROM AN
* ADDRESS THAT IS ALLOWED BY THAT GROUP
* ON ENTRY:
* group the group definition structure.
* username connecting user.
* ip_number browser host IP number, optional.
* ip_name browser host IP name, optional.
* However, one of ip_number or ip_name
* must be given.
* ON EXIT:
* returns HTAA_IP_MASK, if IP address mask was
* reason for failing.
* HTAA_NOT_MEMBER, if user does not belong
* to the group.
* HTAA_OK if both IP address and user are ok.
*/
extern HTAAFailReasonType HTAA_userAndInetInGroup(GroupDef *group,
char *username,
char *ip_number,
char *ip_name);
#endif /* not HTGROUP_H */
|