httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1554195 - in /httpd/httpd/trunk: CHANGES docs/log-message-tags/next-number docs/manual/mod/mod_authz_user.xml modules/aaa/mod_authz_user.c
Date Mon, 30 Dec 2013 11:57:16 GMT
Author: minfrin
Date: Mon Dec 30 11:57:15 2013
New Revision: 1554195

URL: http://svn.apache.org/r1554195
Log:
mod_authz_user: Support the expression parser within the require directives.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/docs/log-message-tags/next-number
    httpd/httpd/trunk/docs/manual/mod/mod_authz_user.xml
    httpd/httpd/trunk/modules/aaa/mod_authz_user.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1554195&r1=1554194&r2=1554195&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Dec 30 11:57:15 2013
@@ -1,16 +1,19 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
-  *) mod_authnz_host: Support the expression parser within the require
+  *) mod_authz_user: Support the expression parser within the require
      directives. [Graham Leggett]
 
-  *) mod_authnz_groupfile: Support the expression parser within the require
+  *) mod_authz_host: Support the expression parser within the require
      directives. [Graham Leggett]
 
-  *) mod_authnz_dbm: Support the expression parser within the require
+  *) mod_authz_groupfile: Support the expression parser within the require
      directives. [Graham Leggett]
 
-  *) mod_authnz_dbd: Support the expression parser within the require
+  *) mod_authz_dbm: Support the expression parser within the require
+     directives. [Graham Leggett]
+
+  *) mod_authz_dbd: Support the expression parser within the require
      directives. [Graham Leggett]
 
   *) mod_authnz_ldap: Support the expression parser within the require

Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1554195&r1=1554194&r2=1554195&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Mon Dec 30 11:57:15 2013
@@ -1 +1 @@
-2594
+2595

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_user.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_user.xml?rev=1554195&r1=1554194&r2=1554195&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_user.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_user.xml Mon Dec 30 11:57:15 2013
@@ -38,4 +38,39 @@
 </summary>
 <seealso><directive module="mod_authz_core">Require</directive></seealso>
 
+<section id="requiredirectives"><title>The Require Directives</title>
+
+    <p>Apache's <directive module="mod_authz_core">Require</directive>
+    directives are used during the authorization phase to ensure that
+    a user is allowed to access a resource.  mod_authz_user extends the
+    authorization types with <code>user</code> and <code>valid-user</code>.
+    </p>
+
+    <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported
+    within the user require directives.</p>
+
+<section id="requser"><title>Require user</title>
+
+    <p>This directive specifies a list of users that are allowed to gain
+    access.</p>
+
+    <highlight language="config">
+      Require user john paul george ringo
+    </highlight>
+
+</section>
+
+<section id="reqvaliduser"><title>Require valid-user</title>
+
+    <p>When this directive is specified, any successfully authenticated
+    user will be allowed to gain access.</p>
+
+    <highlight language="config">
+      Require valid-user
+    </highlight>
+
+</section>
+
+</section>
+
 </modulesynopsis>

Modified: httpd/httpd/trunk/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_user.c?rev=1554195&r1=1554194&r2=1554195&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_user.c Mon Dec 30 11:57:15 2013
@@ -49,13 +49,25 @@ static authz_status user_check_authoriza
                                              const char *require_args,
                                              const void *parsed_require_args)
 {
+    const char *err = NULL;
+    const ap_expr_info_t *expr = parsed_require_args;
+    const char *require;
+
     const char *t, *w;
 
     if (!r->user) {
         return AUTHZ_DENIED_NO_USER;
     }
 
-    t = require_args;
+    require = ap_expr_str_exec(r, expr, &err);
+    if (err) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02594)
+                      "authz_user authorize: require user: Can't "
+                      "evaluate require expression: %s", err);
+        return AUTHZ_DENIED;
+    }
+
+    t = require;
     while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
         if (!strcmp(r->user, w)) {
             return AUTHZ_GRANTED;
@@ -81,10 +93,29 @@ static authz_status validuser_check_auth
     return AUTHZ_GRANTED;
 }
 
+static const char *user_parse_config(cmd_parms *cmd, const char *require_line,
+                                     const void **parsed_require_line)
+{
+    const char *expr_err = NULL;
+    ap_expr_info_t *expr = apr_pcalloc(cmd->pool, sizeof(*expr));
+
+    expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+            &expr_err, NULL);
+
+    if (expr_err)
+        return apr_pstrcat(cmd->temp_pool,
+                           "Cannot parse expression in require line: ",
+                           expr_err, NULL);
+
+    *parsed_require_line = expr;
+
+    return NULL;
+}
+
 static const authz_provider authz_user_provider =
 {
     &user_check_authorization,
-    NULL,
+    &user_parse_config,
 };
 static const authz_provider authz_validuser_provider =
 {



Mime
View raw message