• Your recent searches
Apache-AuthzUnix
2 results

 view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN 

Revision history for Perl extension Apache::AuthzUnix.

0.02  Mon Feb 12 14:16:12 GMT 2007
    - Caught by Tom Hukins: support DELETE as well as PUT

0.01  Mon Feb 12 11:12:42 2007
	- original version; created by h2xs 1.23 with options
		-b 5.6.0 -AX -n Apache::AuthzUnix

lib/Apache/AuthzUnix.pm  view on Meta::CPAN 

    }
}

sub authz {
    my $r    = shift;
    my $user = $r->user or return DECLINED();
    my $fn   = $r->filename;

    if (!-e $r->filename) { $fn = dirname($fn) }
# Why did we just do that? Because:
#  If we're PUTting a file, we want to check if we can write to the directory.
#  Otherwise, we're GETting a non-existent or autogenerated file (ie autoindex)
#     If it's a directory index, then we use the permissions of the directory.
#     If it's non-existent, permissions are an irrelevance!

    my $stat       = File::stat::stat($fn);
    my $access     =
      _access($user, $stat->mode, $stat->uid, $stat->gid, $r->method);
    warn "Access to file: "
      . $r->filename
      . " (resolved as $fn) : "
      . ($access ? "allowed" : "denied")
      if $DEBUG;
    return $access ? OK() : DECLINED();
}

sub _access {
    my ($username, $perms, $uid, $gid, $method) = @_;
    my ($u, $g, $o) = ($perms & 0700, $perms & 0070, $perms & 0007);
    my $user        = getpwnam($username);
    my %in_group    = map { $_ => 1 } @{ getgrgid($gid)->members };
    my $bit         = $method =~ /(PUT|DELETE)/ ? 2 : 4;

    return 1 if $o & $bit
             || ($uid == $user->uid and $u & ($bit << 6))
             || (($gid == $user->gid or $in_group{$username}) 
                 and $g & ($bit << 3));
    return 0;
}

1;
__END__

lib/Apache/AuthzUnix.pm  view on Meta::CPAN 

  </Location>

=head1 DESCRIPTION

This module was written to provide authorization for DAV access to home
directories, but probably has other uses in the C<UserDir> space. 

Assuming that Apache has authenticated a user, this module helps to
determine whether or not that user can read (or write) a file on the
filesystem. It applies standard Unix user and group tests on the file's
permissions to determine read access and, in the case of C<PUT> and
C<DELETE> methods, write access. If the file does not exist, then the 
containing directory is tested, as one would expect.

This module is designed work on both mod_perl versions 1 and 2.

=head1 AUTHOR

Simon Cozens, E<lt>simon@simon-cozens.orgE<gt>

=head1 COPYRIGHT AND LICENSE



( run in 0.378 second using v1.01-cache-2.11-cpan-4e96b696675 )