Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1555540 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
 STATUS
 docs/manual/ docs/manual/expr.xml docs/manual/mod/
 docs/manual/mod/mod_authz_dbd.xml modules/aaa/mod_authz_dbd.c
Date: Sun, 05 Jan 2014 16:10:10 -0000
To: cvs@httpd.apache.org
From: jim@apache.org
Message-Id: <20140105161010.6151C2388868@eris.apache.org>

Author: jim
Date: Sun Jan  5 16:10:09 2014
New Revision: 1555540

URL: http://svn.apache.org/r1555540
Log:
Merge r1554168, r1554176 from trunk:

mod_authnz_dbd: Support the expression parser within the require directives.


Pass the correct pointer that made it past the test suite.

Submitted by: minfrin
Reviewed/backported by: jim

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/docs/manual/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/expr.xml
    httpd/httpd/branches/2.4.x/docs/manual/mod/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_dbd.xml
    httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_dbd.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1554168,1554176

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1555540&r1=1555539&r2=1555540&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun Jan  5 16:10:09 2014
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.8
 
+  *) mod_authnz_dbd: Support the expression parser within the require
+     directives. [Graham Leggett]
+
   *) mod_authnz_ldap: Support the expression parser within the require
      directives. [Graham Leggett]
 

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1555540&r1=1555539&r2=1555540&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sun Jan  5 16:10:09 2014
@@ -98,12 +98,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_authz_dbd: Support the expression parser within the require directives.
-    trunk patch: http://svn.apache.org/r1554168
-                 http://svn.apache.org/r1554176
-    2.4.x patch: trunk works (modulo CHANGES and log-message-tags)
-    +1: minfrin, jim, covener
-
   * mod_authz_dbm: Support the expression parser within the require directives.
     trunk patch: http://svn.apache.org/r1554170
                  http://svn.apache.org/r1554181

Propchange: httpd/httpd/branches/2.4.x/docs/manual/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual:r1554168

Modified: httpd/httpd/branches/2.4.x/docs/manual/expr.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/expr.xml?rev=1555540&r1=1555539&r2=1555540&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/expr.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/expr.xml Sun Jan  5 16:10:09 2014
@@ -56,6 +56,7 @@
 <seealso><a href="mod/mod_authnz_ldap.html#reqdn">Require ldap-dn</a></seealso>
 <seealso><a href="mod/mod_authnz_ldap.html#reqattribute">Require ldap-attribute</a></seealso>
 <seealso><a href="mod/mod_authnz_ldap.html#reqfilter">Require ldap-filter</a></seealso>
+<seealso><a href="mod/mod_authz_dbd.html#reqgroup">Require dbd-group</a></seealso>
 <seealso><directive module="mod_ssl">SSLRequire</directive></seealso>
 <seealso><directive module="mod_log_debug">LogMessage</directive></seealso>
 <seealso><module>mod_include</module></seealso>

Propchange: httpd/httpd/branches/2.4.x/docs/manual/mod/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual/mod:r1554168

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_dbd.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_dbd.xml?rev=1555540&r1=1555539&r2=1555540&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_dbd.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_dbd.xml Sun Jan  5 16:10:09 2014
@@ -52,6 +52,55 @@
 <seealso><directive module="mod_dbd">DBDriver</directive></seealso>
 <seealso><directive module="mod_dbd">DBDParams</directive></seealso>
 
+<section id="requiredirectives"><title>The Require Directives</title>
+
+    <p>Apache's <directive module="mod_authz_core">Require</directive>
+    directives are used during the authorization phase to ensure that
+    a user is allowed to access a resource.  mod_authz_dbd extends the
+    authorization types with <code>dbd-group</code>, <code>dbd-login</code> and
+    <code>dbd-logout</code>.</p>
+
+    <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported
+    within the DBD require directives.</p>
+
+<section id="reqgroup"><title>Require dbd-group</title>
+
+    <p>This directive specifies group membership that is required for the
+    user to gain access.</p>
+
+    <highlight language="config">
+      Require dbd-group team
+      AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
+    </highlight>
+
+</section>
+
+<section id="reqlogin"><title>Require dbd-login</title>
+
+    <p>This directive specifies a query to be run indicating the user
+    has logged in.</p>
+
+    <highlight language="config">
+      Require dbd-login
+      AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"
+    </highlight>
+
+</section>
+
+<section id="reqlogout"><title>Require dbd-logout</title>
+
+    <p>This directive specifies a query to be run indicating the user
+    has logged out.</p>
+
+    <highlight language="config">
+      Require dbd-logout
+      AuthzDBDQuery "UPDATE authn SET login = 'false' WHERE user = %s"
+    </highlight>
+
+</section>
+
+</section>
+
 <section id="login">
 <title>Database Login</title>
 <p>

Modified: httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_dbd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_dbd.c?rev=1555540&r1=1555539&r2=1555540&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_dbd.c (original)
+++ httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_dbd.c Sun Jan  5 16:10:09 2014
@@ -253,6 +253,11 @@ static authz_status dbdgroup_check_autho
     int i, rv;
     const char *w;
     apr_array_header_t *groups = NULL;
+
+    const char *err = NULL;
+    const ap_expr_info_t *expr = parsed_require_args;
+    const char *require;
+
     const char *t;
     authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config,
                                               &authz_dbd_module);
@@ -269,7 +274,15 @@ static authz_status dbdgroup_check_autho
         }
     }
 
-    t = require_args;
+    require = ap_expr_str_exec(r, expr, &err);
+    if (err) {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02590)
+                      "authz_dbd authorize: require dbd-group: Can't "
+                      "evaluate require expression: %s", err);
+        return AUTHZ_DENIED;
+    }
+
+    t = require;
     while (t[0]) {
         w = ap_getword_white(r->pool, &t);
         for (i=0; i < groups->nelts; ++i) {
@@ -310,10 +323,29 @@ static authz_status dbdlogout_check_auth
     return (authz_dbd_login(r, cfg, "logout") == OK ? AUTHZ_GRANTED : AUTHZ_DENIED);
 }
 
+static const char *dbd_parse_config(cmd_parms *cmd, const char *require_line,
+                                     const void **parsed_require_line)
+{
+    const char *expr_err = NULL;
+    ap_expr_info_t *expr = apr_pcalloc(cmd->pool, sizeof(*expr));
+
+    expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+            &expr_err, NULL);
+
+    if (expr_err)
+        return apr_pstrcat(cmd->temp_pool,
+                           "Cannot parse expression in require line: ",
+                           expr_err, NULL);
+
+    *parsed_require_line = expr;
+
+    return NULL;
+}
+
 static const authz_provider authz_dbdgroup_provider =
 {
     &dbdgroup_check_authorization,
-    NULL,
+    &dbd_parse_config,
 };
 
 static const authz_provider authz_dbdlogin_provider =