Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 33492 invoked from network); 25 Sep 2010 13:18:19 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 25 Sep 2010 13:18:19 -0000 Received: (qmail 38390 invoked by uid 500); 25 Sep 2010 13:18:19 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 38193 invoked by uid 500); 25 Sep 2010 13:18:16 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 38186 invoked by uid 99); 25 Sep 2010 13:18:15 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Sep 2010 13:18:15 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 25 Sep 2010 13:18:12 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id AB712238890B; Sat, 25 Sep 2010 13:17:49 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1001207 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_authz_host.html.en docs/manual/mod/mod_authz_host.xml modules/aaa/mod_authz_host.c Date: Sat, 25 Sep 2010 13:17:49 -0000 To: cvs@httpd.apache.org From: sf@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100925131749.AB712238890B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sf Date: Sat Sep 25 13:17:49 2010 New Revision: 1001207 URL: http://svn.apache.org/viewvc?rev=1001207&view=rev Log: Add 'local' authz provider that matches connections originating on the local host. PR 19938. Also remove some cruft from mod_authz_host (we don't need a per-dir config) Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml httpd/httpd/trunk/modules/aaa/mod_authz_host.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1001207&r1=1001206&r2=1001207&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Sat Sep 25 13:17:49 2010 @@ -2,6 +2,9 @@ Changes with Apache 2.3.9 + *) mod_authz_host: Add 'local' provider that matches connections originating + on the local host. PR 19938. [Stefan Fritsch] + *) Event MPM: Fix crash accessing pollset on worker thread when child process is exiting. [Jeff Trawick] Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en?rev=1001207&r1=1001206&r2=1001207&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.html.en Sat Sep 25 13:17:49 2010 @@ -159,6 +159,25 @@ address) +

Require local

+

The local provider allows access to the server if any + of the following conditions is true:

+ +
    +
  • the client address matches 127.0.0.0/8
    • +
  • the client address is ::1
    • +
  • both the client and the server address of the connection are + the same
    • +
+ +

This allows a convenient way to match connections that originate from + the local host:

+ +

+ Require local +

+ +
Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml?rev=1001207&r1=1001206&r2=1001207&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml Sat Sep 25 13:17:49 2010 @@ -150,7 +150,25 @@ address) +
Require local +

The local provider allows access to the server if any + of the following conditions is true:

+ +
    +
  • the client address matches 127.0.0.0/8
    • +
  • the client address is ::1
    • +
  • both the client and the server address of the connection are + the same
    • +
+ +

This allows a convenient way to match connections that originate from + the local host:

+ + + Require local +
+ Modified: httpd/httpd/trunk/modules/aaa/mod_authz_host.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_host.c?rev=1001207&r1=1001206&r2=1001207&view=diff ============================================================================== --- httpd/httpd/trunk/modules/aaa/mod_authz_host.c (original) +++ httpd/httpd/trunk/modules/aaa/mod_authz_host.c Sat Sep 25 13:17:49 2010 @@ -44,25 +44,6 @@ #include #endif -typedef struct { - int dummy; /* just here to stop compiler warnings for now. */ -} authz_host_dir_conf; - -module AP_MODULE_DECLARE_DATA authz_host_module; - -static void *create_authz_host_dir_config(apr_pool_t *p, char *dummy) -{ - authz_host_dir_conf *conf = - (authz_host_dir_conf *)apr_pcalloc(p, sizeof(authz_host_dir_conf)); - - return (void *)conf; -} - -static const command_rec authz_host_cmds[] = -{ - {NULL} -}; - static int in_domain(const char *domain, const char *what) { int dl = strlen(domain); @@ -188,6 +169,29 @@ static authz_status host_check_authoriza return AUTHZ_DENIED; } +static apr_ipsubnet_t *localhost_v4; +#if APR_HAVE_IPV6 +static apr_ipsubnet_t *localhost_v6; +#endif + +static authz_status local_check_authorization(request_rec *r, + const char *require_line, + const void *parsed_require_line) +{ + if ( apr_sockaddr_equal(r->connection->local_addr, + r->connection->remote_addr) + || apr_ipsubnet_test(localhost_v4, r->connection->remote_addr) +#if APR_HAVE_IPV6 + || apr_ipsubnet_test(localhost_v6, r->connection->remote_addr) +#endif + ) + { + return AUTHZ_GRANTED; + } + + return AUTHZ_DENIED; +} + static const authz_provider authz_ip_provider = { &ip_check_authorization, @@ -200,24 +204,46 @@ static const authz_provider authz_host_p NULL, }; +static const authz_provider authz_local_provider = +{ + &local_check_authorization, + NULL, +}; + + +static int authz_host_pre_config(apr_pool_t *p, apr_pool_t *plog, + apr_pool_t *ptemp) +{ + apr_ipsubnet_create(&localhost_v4, "127.0.0.0", "8", p); +#if APR_HAVE_IPV6 + apr_ipsubnet_create(&localhost_v6, "::1", "128", p); +#endif + + return OK; +} static void register_hooks(apr_pool_t *p) { + ap_hook_pre_config(authz_host_pre_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ip", AUTHZ_PROVIDER_VERSION, &authz_ip_provider, AP_AUTH_INTERNAL_PER_CONF); ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "host", AUTHZ_PROVIDER_VERSION, &authz_host_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "local", + AUTHZ_PROVIDER_VERSION, + &authz_local_provider, AP_AUTH_INTERNAL_PER_CONF); } AP_DECLARE_MODULE(authz_host) = { STANDARD20_MODULE_STUFF, - create_authz_host_dir_config, /* dir config creater */ + NULL, /* dir config creater */ NULL, /* dir merger --- default is to override */ NULL, /* server config */ NULL, /* merge server config */ - authz_host_cmds, + NULL, register_hooks /* register hooks */ };