Return-Path:
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id ADEDA10A11
for ;
Mon, 30 Dec 2013 11:14:47 +0000 (UTC)
Received: (qmail 97508 invoked by uid 500); 30 Dec 2013 11:14:46 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 97443 invoked by uid 500); 30 Dec 2013 11:14:45 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 97435 invoked by uid 99); 30 Dec 2013 11:14:44 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Dec 2013 11:14:44 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Dec 2013 11:14:41 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
by eris.apache.org (Postfix) with ESMTP id 1AAC9238890D;
Mon, 30 Dec 2013 11:14:20 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1554188 - in /httpd/httpd/trunk: CHANGES
docs/log-message-tags/next-number docs/manual/expr.xml
docs/manual/mod/mod_authz_host.xml modules/aaa/mod_authz_host.c
Date: Mon, 30 Dec 2013 11:14:19 -0000
To: cvs@httpd.apache.org
From: minfrin@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20131230111420.1AAC9238890D@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: minfrin
Date: Mon Dec 30 11:14:19 2013
New Revision: 1554188
URL: http://svn.apache.org/r1554188
Log:
mod_authnz_host: Support the expression parser within the require directives.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/log-message-tags/next-number
httpd/httpd/trunk/docs/manual/expr.xml
httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
httpd/httpd/trunk/modules/aaa/mod_authz_host.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Dec 30 11:14:19 2013
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_authnz_host: Support the expression parser within the require
+ directives. [Graham Leggett]
+
*) mod_authnz_groupfile: Support the expression parser within the require
directives. [Graham Leggett]
Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Mon Dec 30 11:14:19 2013
@@ -1 +1 @@
-2593
+2594
Modified: httpd/httpd/trunk/docs/manual/expr.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/expr.xml?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/expr.xml (original)
+++ httpd/httpd/trunk/docs/manual/expr.xml Mon Dec 30 11:14:19 2013
@@ -58,6 +58,8 @@
Require ldap-filter
Require dbd-group
Require dbm-group
+Require group
+Require host
SSLRequire
LogMessage
mod_include
Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml Mon Dec 30 11:14:19 2013
@@ -58,7 +58,7 @@ address)
Apache's Require
directive is used during the authorization phase to ensure that a user is allowed or
denied access to a resource. mod_authz_host extends the
- authorization types with ip
and host
.
+ authorization types with ip
, host
and local
.
Other authorization types may also be
used but may require that additional authorization modules be loaded.
@@ -66,6 +66,9 @@ address)
access an area of the server. Access can be controlled by
hostname, IP Address, or IP Address range.
+ Since v2.5.0, expressions are supported
+ within the host require directives.
+
Require ip
The ip
provider allows access to the server
@@ -118,6 +121,8 @@ Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 2001:db8::a00:20ff:fea7:ccea/10
+
Note: As the IP addresses are parsed on startup, expressions are
+ not evaluated at request time.
Modified: httpd/httpd/trunk/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_host.c?rev=1554188&r1=1554187&r2=1554188&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_host.c Mon Dec 30 11:14:19 2013
@@ -179,10 +179,22 @@ static authz_status host_check_authoriza
"remote host name", require_line, r->uri);
}
else {
+ const char *err = NULL;
+ const ap_expr_info_t *expr = parsed_require_line;
+ const char *require;
+
+ require = ap_expr_str_exec(r, expr, &err);
+ if (err) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02593)
+ "authz_host authorize: require host: Can't "
+ "evaluate require expression: %s", err);
+ return AUTHZ_DENIED;
+ }
+
/* The 'host' provider will allow the configuration to specify a list of
host names to check rather than a single name. This is different
from the previous host based syntax. */
- t = require_line;
+ t = require;
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
if (in_domain(w, remotehost)) {
return AUTHZ_GRANTED;
@@ -212,6 +224,25 @@ static authz_status local_check_authoriz
return AUTHZ_DENIED;
}
+static const char *host_parse_config(cmd_parms *cmd, const char *require_line,
+ const void **parsed_require_line)
+{
+ const char *expr_err = NULL;
+ ap_expr_info_t *expr = apr_pcalloc(cmd->pool, sizeof(*expr));
+
+ expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+ &expr_err, NULL);
+
+ if (expr_err)
+ return apr_pstrcat(cmd->temp_pool,
+ "Cannot parse expression in require line: ",
+ expr_err, NULL);
+
+ *parsed_require_line = expr;
+
+ return NULL;
+}
+
static const authz_provider authz_ip_provider =
{
&ip_check_authorization,
@@ -221,7 +252,7 @@ static const authz_provider authz_ip_pro
static const authz_provider authz_host_provider =
{
&host_check_authorization,
- NULL,
+ &host_parse_config,
};
static const authz_provider authz_local_provider =