httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rj...@apache.org
Subject svn commit: r1420071 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS docs/manual/ docs/manual/mod/ docs/manual/mod/mod_auth_form.xml modules/aaa/mod_auth_form.c
Date Tue, 11 Dec 2012 10:21:14 GMT
Author: rjung
Date: Tue Dec 11 10:21:11 2012
New Revision: 1420071

URL: http://svn.apache.org/viewvc?rev=1420071&view=rev
Log:
mod_auth_form: Support the expr parser in the
AuthFormLoginRequiredLocation, AuthFormLoginSuccessLocation
and AuthFormLogoutLocation directives.

mod_auth_form: Make sure 500 Internal Server Error is
returned should an error occur while parsing an expression.

Submitted by: minfrin
Backported by: minfrin
Reviewed by: minfrin, sf, rjung

Backports of r1388648 and r1418721 from trunk.

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/docs/manual/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/mod/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.xml
    httpd/httpd/branches/2.4.x/modules/aaa/mod_auth_form.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1388648,1418721

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1420071&r1=1420070&r2=1420071&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue Dec 11 10:21:11 2012
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.4
 
+  *) mod_auth_form: Support the expr parser in the
+     AuthFormLoginRequiredLocation, AuthFormLoginSuccessLocation and
+     AuthFormLogoutLocation directives. [Graham Leggett]
+
   *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange
      for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,
      Christophe Renou, Peter Sylvester]

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1420071&r1=1420070&r2=1420071&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Dec 11 10:21:11 2012
@@ -91,16 +91,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_auth_form: Support the expr parser in the
-     AuthFormLoginRequiredLocation, AuthFormLoginSuccessLocation and
-     AuthFormLogoutLocation directives.
-     trunk patch: http://svn.apache.org/viewvc?rev=1388648&view=rev
-                  http://svn.apache.org/viewvc?rev=1418721&view=rev
-     2.4.x patch: trunk patches work (minus next-number, CHANGES)
-     +1: minfrin, sf, rjung
-     rjung: please add compatibility note to docs about expr only supported
-            since 2.4.4.
-
    * mod_proxy_balancer: Bring XML output up to date.
      http://svn.apache.org/viewvc?view=revision&revision=1392345
      http://svn.apache.org/viewvc?view=revision&revision=1392346

Propchange: httpd/httpd/branches/2.4.x/docs/manual/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual:r1388648

Propchange: httpd/httpd/branches/2.4.x/docs/manual/mod/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual/mod:r1388648

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.xml?rev=1420071&r1=1420070&r2=1420071&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_auth_form.xml Tue Dec 11 10:21:11 2012
@@ -552,13 +552,15 @@ lower level modules</description>
 <default>none</default>
 <contextlist><context>directory</context>
 </contextlist>
-<compatibility>Available in Apache HTTP Server 2.3.0 and later</compatibility>
+<compatibility>Available in Apache HTTP Server 2.3.0 and later. The use of the expression
+parser hass been added in 2.4.4.</compatibility>
 
 <usage>
     <p>The <directive module="mod_auth_form">AuthFormLoginRequiredLocation</directive>
directive
-    specifies the URL to redirect to should the user not be authorised to view a page. By
default,
-    if a user is not authorised to view a page, the HTTP response code <code>HTTP_UNAUTHORIZED</code>
-    will be returned with the page specified by the
+    specifies the URL to redirect to should the user not be authorised to view a page. The
value
+    is parsed using the <a href="../expr.html">ap_expr</a> parser before being
sent to the client.
+    By default, if a user is not authorised to view a page, the HTTP response code
+    <code>HTTP_UNAUTHORIZED</code> will be returned with the page specified by
the
     <directive module="core">ErrorDocument</directive> directive. This directive
overrides this
     default.</p>
 
@@ -574,13 +576,15 @@ lower level modules</description>
 <default>none</default>
 <contextlist><context>directory</context>
 </contextlist>
-<compatibility>Available in Apache HTTP Server 2.3.0 and later</compatibility>
+<compatibility>Available in Apache HTTP Server 2.3.0 and later. The use of the expression
+parser hass been added in 2.4.4.</compatibility>
 
 <usage>
     <p>The <directive module="mod_auth_form">AuthFormLoginSuccessLocation</directive>
directive
-    specifies the URL to redirect to should the user have logged in successfully. This directive
-    can be overridden if a form field has been defined containing another URL using the
-    <directive module="mod_auth_form">AuthFormLocation</directive> directive.</p>
+    specifies the URL to redirect to should the user have logged in successfully. The value
is
+    parsed using the <a href="../expr.html">ap_expr</a> parser before being sent
to the client.
+    This directive can be overridden if a form field has been defined containing another
URL
+    using the <directive module="mod_auth_form">AuthFormLocation</directive>
directive.</p>
 
     <p>Use this directive if you have a dedicated login URL, and you have not embedded
the
     destination page in the login form.</p>
@@ -614,11 +618,14 @@ lower level modules</description>
 <default>none</default>
 <contextlist><context>directory</context>
 </contextlist>
-<compatibility>Available in Apache HTTP Server 2.3.0 and later</compatibility>
+<compatibility>Available in Apache HTTP Server 2.3.0 and later. The use of the expression
+parser hass been added in 2.4.4.</compatibility>
 
 <usage>
     <p>The <directive module="mod_auth_form">AuthFormLogoutLocation</directive>
directive
-    specifies the URL of a page on the server to redirect to should the user attempt to log
out.</p>
+    specifies the URL of a page on the server to redirect to should the user attempt to log
+    out. The value is parsed using the <a href="../expr.html">ap_expr</a> parser
before
+    being sent to the client.</p>
 
     <p>When a URI is accessed that is served by the handler <code>form-logout-handler</code>,
     the page specified by this directive will be shown to the end user. For example:</p>

Modified: httpd/httpd/branches/2.4.x/modules/aaa/mod_auth_form.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/aaa/mod_auth_form.c?rev=1420071&r1=1420070&r2=1420071&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/aaa/mod_auth_form.c (original)
+++ httpd/httpd/branches/2.4.x/modules/aaa/mod_auth_form.c Tue Dec 11 10:21:11 2012
@@ -30,6 +30,7 @@
 #include "http_request.h"
 #include "ap_provider.h"
 #include "util_md5.h"
+#include "ap_expr.h"
 
 #include "mod_auth.h"
 #include "mod_session.h"
@@ -73,11 +74,11 @@ typedef struct {
     int body_set;
     int disable_no_store;
     int disable_no_store_set;
-    const char *loginsuccess;
+    ap_expr_info_t *loginsuccess;
     int loginsuccess_set;
-    const char *loginrequired;
+    ap_expr_info_t *loginrequired;
     int loginrequired_set;
-    const char *logout;
+    ap_expr_info_t *logout;
     int logout_set;
 } auth_form_config_rec;
 
@@ -289,24 +290,51 @@ static const char *set_cookie_form_size(
 static const char *set_login_required_location(cmd_parms * cmd, void *config, const char
*loginrequired)
 {
     auth_form_config_rec *conf = (auth_form_config_rec *) config;
-    conf->loginrequired = loginrequired;
+    const char *err;
+
+    conf->loginrequired = ap_expr_parse_cmd(cmd, loginrequired, AP_EXPR_FLAG_STRING_RESULT,
+                                        &err, NULL);
+    if (err) {
+        return apr_psprintf(cmd->pool,
+                            "Could not parse login required expression '%s': %s",
+                            loginrequired, err);
+    }
     conf->loginrequired_set = 1;
+
     return NULL;
 }
 
 static const char *set_login_success_location(cmd_parms * cmd, void *config, const char *loginsuccess)
 {
     auth_form_config_rec *conf = (auth_form_config_rec *) config;
-    conf->loginsuccess = loginsuccess;
+    const char *err;
+
+    conf->loginsuccess = ap_expr_parse_cmd(cmd, loginsuccess, AP_EXPR_FLAG_STRING_RESULT,
+                                        &err, NULL);
+    if (err) {
+        return apr_psprintf(cmd->pool,
+                            "Could not parse login success expression '%s': %s",
+                            loginsuccess, err);
+    }
     conf->loginsuccess_set = 1;
+
     return NULL;
 }
 
 static const char *set_logout_location(cmd_parms * cmd, void *config, const char *logout)
 {
     auth_form_config_rec *conf = (auth_form_config_rec *) config;
-    conf->logout = logout;
+    const char *err;
+
+    conf->logout = ap_expr_parse_cmd(cmd, logout, AP_EXPR_FLAG_STRING_RESULT,
+                                        &err, NULL);
+    if (err) {
+        return apr_psprintf(cmd->pool,
+                            "Could not parse logout required expression '%s': %s",
+                            logout, err);
+    }
     conf->logout_set = 1;
+
     return NULL;
 }
 
@@ -851,6 +879,7 @@ static int authenticate_form_authn(reque
     const char *sent_user = NULL, *sent_pw = NULL, *sent_hash = NULL;
     const char *sent_loc = NULL, *sent_method = "GET", *sent_mimetype = NULL;
     const char *current_auth = NULL;
+    const char *err;
     apr_status_t res;
     int rv = HTTP_UNAUTHORIZED;
 
@@ -1001,8 +1030,17 @@ static int authenticate_form_authn(reque
                     return HTTP_MOVED_TEMPORARILY;
                 }
                 if (conf->loginsuccess) {
-                    apr_table_set(r->headers_out, "Location", conf->loginsuccess);
-                    return HTTP_MOVED_TEMPORARILY;
+                    const char *loginsuccess = ap_expr_str_exec(r,
+                            conf->loginsuccess, &err);
+                    if (!err) {
+                        apr_table_set(r->headers_out, "Location", loginsuccess);
+                        return HTTP_MOVED_TEMPORARILY;
+                    }
+                    else {
+                        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02339)
+                                      "Can't evaluate login success expression: %s", err);
+                        return HTTP_INTERNAL_SERVER_ERROR;
+                    }
                 }
             }
         }
@@ -1014,8 +1052,17 @@ static int authenticate_form_authn(reque
      * instead?
      */
     if (HTTP_UNAUTHORIZED == rv && conf->loginrequired) {
-        apr_table_set(r->headers_out, "Location", conf->loginrequired);
-        return HTTP_MOVED_TEMPORARILY;
+        const char *loginrequired = ap_expr_str_exec(r,
+                conf->loginrequired, &err);
+        if (!err) {
+            apr_table_set(r->headers_out, "Location", loginrequired);
+            return HTTP_MOVED_TEMPORARILY;
+        }
+        else {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02340)
+                          "Can't evaluate login required expression: %s", err);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
     }
 
     /* did the user ask to be redirected on login success? */
@@ -1059,6 +1106,7 @@ static int authenticate_form_authn(reque
 static int authenticate_form_login_handler(request_rec * r)
 {
     auth_form_config_rec *conf;
+    const char *err;
 
     const char *sent_user = NULL, *sent_pw = NULL, *sent_loc = NULL;
     int rv;
@@ -1089,8 +1137,17 @@ static int authenticate_form_login_handl
                 return HTTP_MOVED_TEMPORARILY;
             }
             if (conf->loginsuccess) {
-                apr_table_set(r->headers_out, "Location", conf->loginsuccess);
-                return HTTP_MOVED_TEMPORARILY;
+                const char *loginsuccess = ap_expr_str_exec(r,
+                        conf->loginsuccess, &err);
+                if (!err) {
+                    apr_table_set(r->headers_out, "Location", loginsuccess);
+                    return HTTP_MOVED_TEMPORARILY;
+                }
+                else {
+                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02341)
+                                  "Can't evaluate login success expression: %s", err);
+                    return HTTP_INTERNAL_SERVER_ERROR;
+                }
             }
             return HTTP_OK;
         }
@@ -1098,8 +1155,17 @@ static int authenticate_form_login_handl
 
     /* did we prefer to be redirected to the login page on failure instead? */
     if (HTTP_UNAUTHORIZED == rv && conf->loginrequired) {
-        apr_table_set(r->headers_out, "Location", conf->loginrequired);
-        return HTTP_MOVED_TEMPORARILY;
+        const char *loginrequired = ap_expr_str_exec(r,
+                conf->loginrequired, &err);
+        if (!err) {
+            apr_table_set(r->headers_out, "Location", loginrequired);
+            return HTTP_MOVED_TEMPORARILY;
+        }
+        else {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02342)
+                          "Can't evaluate login required expression: %s", err);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
     }
 
     return rv;
@@ -1120,6 +1186,7 @@ static int authenticate_form_login_handl
 static int authenticate_form_logout_handler(request_rec * r)
 {
     auth_form_config_rec *conf;
+    const char *err;
 
     if (strcmp(r->handler, FORM_LOGOUT_HANDLER)) {
         return DECLINED;
@@ -1139,8 +1206,17 @@ static int authenticate_form_logout_hand
 
     /* if set, internal redirect to the logout page */
     if (conf->logout) {
-        apr_table_addn(r->headers_out, "Location", conf->logout);
-        return HTTP_TEMPORARY_REDIRECT;
+        const char *logout = ap_expr_str_exec(r,
+                conf->logout, &err);
+        if (!err) {
+            apr_table_addn(r->headers_out, "Location", logout);
+            return HTTP_TEMPORARY_REDIRECT;
+        }
+        else {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02343)
+                          "Can't evaluate logout expression: %s", err);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
     }
 
     return HTTP_OK;



Mime
View raw message