httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1002363 - in /httpd/httpd/trunk: include/ap_expr.h modules/aaa/mod_authz_core.c server/util_expr.c
Date Tue, 28 Sep 2010 21:33:44 GMT
Author: sf
Date: Tue Sep 28 21:33:44 2010
New Revision: 1002363

URL: http://svn.apache.org/viewvc?rev=1002363&view=rev
Log:
This is just too easy to not do it: Add an 'expr' authz provider that allows
arbitrary expressions in Require lines.

The main issue I wanted to fix was that the env provider only allows to
check for the existance of an envvar but not the contents.

Modified:
    httpd/httpd/trunk/include/ap_expr.h
    httpd/httpd/trunk/modules/aaa/mod_authz_core.c
    httpd/httpd/trunk/server/util_expr.c

Modified: httpd/httpd/trunk/include/ap_expr.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/ap_expr.h?rev=1002363&r1=1002362&r2=1002363&view=diff
==============================================================================
--- httpd/httpd/trunk/include/ap_expr.h (original)
+++ httpd/httpd/trunk/include/ap_expr.h Tue Sep 28 21:33:44 2010
@@ -99,7 +99,7 @@ AP_DECLARE(ap_parse_node_t*) ap_expr_par
  * @param eval_func Option evaluation function (e.g. -A filename)
  * @return the value the expression parsed to
  */
-AP_DECLARE(int) ap_expr_eval(request_rec *r, ap_parse_node_t *root,
+AP_DECLARE(int) ap_expr_eval(request_rec *r, const ap_parse_node_t *root,
                              int *was_error, backref_t **reptr,
                              string_func_t string_func, opt_func_t eval_func);
 /**

Modified: httpd/httpd/trunk/modules/aaa/mod_authz_core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_core.c?rev=1002363&r1=1002362&r2=1002363&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_core.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_core.c Tue Sep 28 21:33:44 2010
@@ -37,6 +37,7 @@
 #include "http_request.h"
 #include "http_protocol.h"
 #include "ap_provider.h"
+#include "ap_expr.h"
 
 #include "mod_auth.h"
 
@@ -983,6 +984,39 @@ static const authz_provider authz_method
     &method_parse_config,
 };
 
+static authz_status expr_check_authorization(request_rec *r,
+                                             const char *require_line,
+                                             const void *parsed_require_line)
+{
+    int err = 0;
+    const ap_parse_node_t *expr = parsed_require_line;
+
+    if (ap_expr_eval(r, expr, &err, NULL, ap_expr_string, NULL))
+        return AUTHZ_GRANTED;
+    else
+        return AUTHZ_DENIED;
+}
+
+static const char *expr_parse_config(cmd_parms *cmd, const char *require_line,
+                                     const void **parsed_require_line)
+{
+    int expr_err = 0;
+    ap_parse_node_t *expr = ap_expr_parse(cmd->pool, require_line, &expr_err);
+
+    if (expr_err)
+        return "Cannot parse expression in require line";
+
+    *parsed_require_line = expr;
+
+    return NULL;
+}
+
+static const authz_provider authz_expr_provider =
+{
+    &expr_check_authorization,
+    &expr_parse_config,
+};
+
 
 static void register_hooks(apr_pool_t *p)
 {
@@ -1004,6 +1038,9 @@ static void register_hooks(apr_pool_t *p
     ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "method",
                               AUTHZ_PROVIDER_VERSION,
                               &authz_method_provider, AP_AUTH_INTERNAL_PER_CONF);
+    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "expr",
+                              AUTHZ_PROVIDER_VERSION,
+                              &authz_expr_provider, AP_AUTH_INTERNAL_PER_CONF);
 }
 
 AP_DECLARE_MODULE(authz_core) =

Modified: httpd/httpd/trunk/server/util_expr.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util_expr.c?rev=1002363&r1=1002362&r2=1002363&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util_expr.c (original)
+++ httpd/httpd/trunk/server/util_expr.c Tue Sep 28 21:33:44 2010
@@ -674,7 +674,7 @@ AP_DECLARE(ap_parse_node_t*) ap_expr_par
 }
 
 static ap_parse_node_t *ap_expr_clone_tree(apr_pool_t *pool,
-                                           ap_parse_node_t *pnode,
+                                           const ap_parse_node_t *pnode,
                                            ap_parse_node_t *parent)
 {
     ap_parse_node_t *ret;
@@ -871,7 +871,7 @@ static int expr_eval(request_rec *r, ap_
 
     return (root ? root->value : 0);
 }
-AP_DECLARE(int) ap_expr_eval(request_rec *r, ap_parse_node_t *root,
+AP_DECLARE(int) ap_expr_eval(request_rec *r, const ap_parse_node_t *root,
                              int *was_error, backref_t **reptr,
                              string_func_t string_func, opt_func_t eval_func)
 {



Mime
View raw message