httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1554188 - in /httpd/httpd/trunk: CHANGES docs/log-message-tags/next-number docs/manual/expr.xml docs/manual/mod/mod_authz_host.xml modules/aaa/mod_authz_host.c
Date Mon, 30 Dec 2013 11:14:19 GMT
Author: minfrin
Date: Mon Dec 30 11:14:19 2013
New Revision: 1554188

URL: http://svn.apache.org/r1554188
Log:
mod_authnz_host: Support the expression parser within the require directives.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/log-message-tags/next-number
    httpd/httpd/trunk/docs/manual/expr.xml
    httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
    httpd/httpd/trunk/modules/aaa/mod_authz_host.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Dec 30 11:14:19 2013
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_authnz_host: Support the expression parser within the require
+     directives. [Graham Leggett]
+
   *) mod_authnz_groupfile: Support the expression parser within the require
      directives. [Graham Leggett]
 

Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Mon Dec 30 11:14:19 2013
@@ -1 +1 @@
-2593
+2594

Modified: httpd/httpd/trunk/docs/manual/expr.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/expr.xml?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/expr.xml (original)
+++ httpd/httpd/trunk/docs/manual/expr.xml Mon Dec 30 11:14:19 2013
@@ -58,6 +58,8 @@
 <seealso><a href="mod/mod_authnz_ldap.html#reqfilter">Require ldap-filter</a></seealso>
 <seealso><a href="mod/mod_authz_dbd.html#reqgroup">Require dbd-group</a></seealso>
 <seealso><a href="mod/mod_authz_dbm.html#reqgroup">Require dbm-group</a></seealso>
+<seealso><a href="mod/mod_authz_groupfile.html#reqgroup">Require group</a></seealso>
+<seealso><a href="mod/mod_authz_host.html#reqhost">Require host</a></seealso>
 <seealso><directive module="mod_ssl">SSLRequire</directive></seealso>
 <seealso><directive module="mod_log_debug">LogMessage</directive></seealso>
 <seealso><module>mod_include</module></seealso>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml Mon Dec 30 11:14:19 2013
@@ -58,7 +58,7 @@ address)</description>
     <p>Apache's <directive module="mod_authz_core">Require</directive>
     directive is used during the authorization phase to ensure that a user is allowed or
     denied access to a resource.  mod_authz_host extends the
-    authorization types with <code>ip</code> and <code>host</code>.
+    authorization types with <code>ip</code>, <code>host</code> and
<code>local</code>.
     Other authorization types may also be
     used but may require that additional authorization modules be loaded.</p>
 
@@ -66,6 +66,9 @@ address)</description>
     access an area of the server. Access can be controlled by
     hostname, IP Address, or IP Address range.</p>
 
+    <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported
+    within the host require directives.</p>
+
 <section id="reqip"><title>Require ip</title>
 
     <p>The <code>ip</code> provider allows access to the server
@@ -118,6 +121,8 @@ Require ip 2001:db8::a00:20ff:fea7:ccea
 Require ip 2001:db8::a00:20ff:fea7:ccea/10
     </highlight>
 
+    <p>Note: As the IP addresses are parsed on startup, expressions are
+    not evaluated at request time.</p>
 
 </section>
 

Modified: httpd/httpd/trunk/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_host.c?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_host.c Mon Dec 30 11:14:19 2013
@@ -179,10 +179,22 @@ static authz_status host_check_authoriza
                       "remote host name", require_line, r->uri);
     }
     else {
+        const char *err = NULL;
+        const ap_expr_info_t *expr = parsed_require_line;
+        const char *require;
+
+        require = ap_expr_str_exec(r, expr, &err);
+        if (err) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02593)
+                          "authz_host authorize: require host: Can't "
+                          "evaluate require expression: %s", err);
+            return AUTHZ_DENIED;
+        }
+
         /* The 'host' provider will allow the configuration to specify a list of
             host names to check rather than a single name.  This is different
             from the previous host based syntax. */
-        t = require_line;
+        t = require;
         while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
             if (in_domain(w, remotehost)) {
                 return AUTHZ_GRANTED;
@@ -212,6 +224,25 @@ static authz_status local_check_authoriz
      return AUTHZ_DENIED;
 }
 
+static const char *host_parse_config(cmd_parms *cmd, const char *require_line,
+                                     const void **parsed_require_line)
+{
+    const char *expr_err = NULL;
+    ap_expr_info_t *expr = apr_pcalloc(cmd->pool, sizeof(*expr));
+
+    expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+            &expr_err, NULL);
+
+    if (expr_err)
+        return apr_pstrcat(cmd->temp_pool,
+                           "Cannot parse expression in require line: ",
+                           expr_err, NULL);
+
+    *parsed_require_line = expr;
+
+    return NULL;
+}
+
 static const authz_provider authz_ip_provider =
 {
     &ip_check_authorization,
@@ -221,7 +252,7 @@ static const authz_provider authz_ip_pro
 static const authz_provider authz_host_provider =
 {
     &host_check_authorization,
-    NULL,
+    &host_parse_config,
 };
 
 static const authz_provider authz_local_provider =



Mime
View raw message