You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jeff Trawick <tr...@bellsouth.net> on 2001/03/09 19:10:49 UTC
[PATCH] ap_get_remote_host(), IPv6, mod_access
The patch below tells the caller of ap_get_remote_host() when an IP
address string is returned.
(I guess I should just commit it, but it seems a little ugly to me
since most code doesn't care. Any better ideas?)
mod_access needs to know whether or not the returned string is an IP
address. Currently, it runs through the string and as long as it
consists of digits and dots then it is an IP address. This isn't cool
with IPv6. Also, why parse it again if ap_get_remote_host() already
knows?)
I'm working on a security fix for mod_access (the existing IPv4
controls can break when Apache has an IPv6 socket) as well as adding
IPv6 controls. Resolving this is one of the steps along the way.
Index: include/http_core.h
===================================================================
RCS file: /home/cvspublic/httpd-2.0/include/http_core.h,v
retrieving revision 1.41
diff -u -r1.41 http_core.h
--- include/http_core.h 2001/02/22 08:42:09 1.41
+++ include/http_core.h 2001/03/09 16:35:31
@@ -184,10 +184,11 @@
* setting. The result is the (double reverse checked)
* hostname, or NULL if any of the lookups fail.
* </PRE>
+ * @param str_is_ip non-zero on output if an IP address string was returned
* @return The remote hostname
- * @deffunc const char *ap_get_remote_host(conn_rec *conn, void *dir_config, int type)
+ * @deffunc const char *ap_get_remote_host(conn_rec *conn, void *dir_config, int type, int *str_is_ip)
*/
-AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int type);
+AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int type, int *str_is_ip);
/**
* Retrieve the login name of the remote user. Undef if it could not be
Index: modules/aaa/mod_access.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/aaa/mod_access.c,v
retrieving revision 1.29
diff -u -r1.29 mod_access.c
--- modules/aaa/mod_access.c 2001/02/16 04:26:34 1.29
+++ modules/aaa/mod_access.c 2001/03/09 16:35:31
@@ -341,10 +341,12 @@
case T_HOST:
if (!gothost) {
+ int remotehost_is_ip;
+
remotehost = ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_DOUBLE_REV);
+ REMOTE_DOUBLE_REV, &remotehost_is_ip);
- if ((remotehost == NULL) || is_ip(remotehost))
+ if ((remotehost == NULL) || remotehost_is_ip)
gothost = 1;
else
gothost = 2;
Index: modules/loggers/mod_log_config.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/loggers/mod_log_config.c,v
retrieving revision 1.51
diff -u -r1.51 mod_log_config.c
--- modules/loggers/mod_log_config.c 2001/02/22 04:05:58 1.51
+++ modules/loggers/mod_log_config.c 2001/03/09 16:35:33
@@ -302,8 +302,10 @@
static const char *log_remote_host(request_rec *r, char *a)
{
+ int ignored;
+
return ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_NAME);
+ REMOTE_NAME, &ignored);
}
static const char *log_remote_address(request_rec *r, char *a)
Index: modules/mappers/mod_rewrite.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v
retrieving revision 1.74
diff -u -r1.74 mod_rewrite.c
--- modules/mappers/mod_rewrite.c 2001/03/03 01:46:16 1.74
+++ modules/mappers/mod_rewrite.c 2001/03/09 16:35:38
@@ -3108,6 +3108,7 @@
request_rec *req;
char *ruser;
const char *rhost;
+ int ignored;
va_start(ap, text);
conf = ap_get_module_config(r->server->module_config, &rewrite_module);
@@ -3138,7 +3139,7 @@
}
rhost = ap_get_remote_host(conn, r->server->module_config,
- REMOTE_NOLOOKUP);
+ REMOTE_NOLOOKUP, &ignored);
if (rhost == NULL) {
rhost = "UNKNOWN-HOST";
}
@@ -3373,6 +3374,7 @@
char resultbuf[LONG_STRING_LEN];
apr_exploded_time_t tm;
request_rec *rsub;
+ int ignored;
result = NULL;
@@ -3409,7 +3411,7 @@
}
else if (strcasecmp(var, "REMOTE_HOST") == 0) {
result = (char *)ap_get_remote_host(r->connection,
- r->per_dir_config, REMOTE_NAME);
+ r->per_dir_config, REMOTE_NAME, &ignored);
}
else if (strcasecmp(var, "REMOTE_USER") == 0) {
result = r->user;
Index: modules/metadata/mod_setenvif.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/metadata/mod_setenvif.c,v
retrieving revision 1.26
diff -u -r1.26 mod_setenvif.c
--- modules/metadata/mod_setenvif.c 2001/02/24 01:38:49 1.26
+++ modules/metadata/mod_setenvif.c 2001/03/09 16:35:39
@@ -388,6 +388,7 @@
val = NULL;
for (i = 0; i < sconf->conditionals->nelts; ++i) {
sei_entry *b = &entries[i];
+ int ignored;
/* Optimize the case where a bunch of directives in a row use the
* same header. Remember we don't need to strcmp the two header
@@ -402,7 +403,7 @@
break;
case SPECIAL_REMOTE_HOST:
val = ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_NAME);
+ REMOTE_NAME, &ignored);
break;
case SPECIAL_REMOTE_USER:
val = r->user;
Index: modules/metadata/mod_usertrack.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/metadata/mod_usertrack.c,v
retrieving revision 1.29
diff -u -r1.29 mod_usertrack.c
--- modules/metadata/mod_usertrack.c 2001/02/16 04:26:41 1.29
+++ modules/metadata/mod_usertrack.c 2001/03/09 16:35:39
@@ -137,8 +137,9 @@
/* 1024 == hardcoded constant */
char cookiebuf[1024];
char *new_cookie;
+ int ignored;
const char *rname = ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_NAME);
+ REMOTE_NAME, &ignored);
cookie_dir_rec *dcfg;
dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
Index: server/core.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/core.c,v
retrieving revision 1.1
diff -u -r1.1 core.c
--- server/core.c 2001/03/04 06:27:27 1.1
+++ server/core.c 2001/03/09 16:35:43
@@ -607,10 +607,12 @@
}
AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
- int type)
+ int type, int *str_is_ip)
{
int hostname_lookups;
+ *str_is_ip = 0;
+
/* If we haven't checked the host name, and we want to */
if (dir_config) {
hostname_lookups =
@@ -667,6 +669,7 @@
return NULL;
}
else {
+ *str_is_ip = 1;
return conn->remote_ip;
}
}
Index: server/scoreboard.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/scoreboard.c,v
retrieving revision 1.19
diff -u -r1.19 scoreboard.c
--- server/scoreboard.c 2001/03/02 22:46:31 1.19
+++ server/scoreboard.c 2001/03/09 16:35:44
@@ -299,8 +299,11 @@
}
if (r) {
conn_rec *c = r->connection;
+ int ignored;
+
apr_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config,
- REMOTE_NOLOOKUP), sizeof(ss->client));
+ REMOTE_NOLOOKUP, &ignored),
+ sizeof(ss->client));
if (r->the_request == NULL) {
apr_cpystrn(ss->request, "NULL", sizeof(ss->request));
} else if (r->parsed_uri.password == NULL) {
Index: server/util_script.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/util_script.c,v
retrieving revision 1.55
diff -u -r1.55 util_script.c
--- server/util_script.c 2001/02/16 04:26:48 1.55
+++ server/util_script.c 2001/03/09 16:35:45
@@ -163,7 +163,7 @@
const char *host;
apr_array_header_t *hdrs_arr = apr_table_elts(r->headers_in);
apr_table_entry_t *hdrs = (apr_table_entry_t *) hdrs_arr->elts;
- int i;
+ int i, ignored;
apr_port_t rport;
apr_sockaddr_t *remotesa;
@@ -247,7 +247,7 @@
apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
apr_table_addn(e, "SERVER_PORT",
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
- host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST);
+ host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, &ignored);
if (host) {
apr_table_addn(e, "REMOTE_HOST", host);
}
--
Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...
Virtual HOST
Posted by Luis <lv...@yahoo.com>.
ok i have a small problem
<VirtualHost ip.address.of.host.some_domain.com>
ServerAdmin webmaster@host.some_domain.com
DocumentRoot /www/docs/host.some_domain.com
ServerName host.some_domain.com
ErrorLog logs/host.some_domain.com-error_log
CustomLog logs/host.some_domain.com-access_log common
</VirtualHost>
where does the "DocumentRoot" start does it start at
c:/www/docs/host.some_domain.com
or does it start at the Folder Where apache is..."C:/program files/apache
group/apache/www/???
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Re: [PATCH] ap_get_remote_host(), IPv6, mod_access
Posted by Jeff Trawick <tr...@bellsouth.net>.
Greg Marr <gr...@alum.wpi.edu> writes:
> At 01:10 PM 03/09/2001, Jeff Trawick wrote:
> > The patch below tells the caller of ap_get_remote_host() when an IP
> > address string is returned. (I guess I should just commit it, but
> > it seems a little ugly to me
> >since most code doesn't care. Any better ideas?)
>
> How about making NULL valid for the is_ip parameter?
sounds reasonable
Thanks,
Jeff
--
Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...
Re: [PATCH] ap_get_remote_host(), IPv6, mod_access
Posted by Greg Marr <gr...@alum.wpi.edu>.
At 01:10 PM 03/09/2001, Jeff Trawick wrote:
>The patch below tells the caller of ap_get_remote_host() when an IP
>address string is returned. (I guess I should just commit it, but
>it seems a little ugly to me
>since most code doesn't care. Any better ideas?)
How about making NULL valid for the is_ip parameter? Then the
functions that don't care can pass NULL. It'll add one or two
compares to NULL to the ap_get_remote_host() function, but save a lot
of local variables in other places.
> AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void
> *dir_config,
>- int type)
>+ int type, int *str_is_ip)
> {
> int hostname_lookups;
+ if(NULL != str_is_ip)
>+ *str_is_ip = 0;
>+
> /* If we haven't checked the host name, and we want to */
> if (dir_config) {
> hostname_lookups =
>@@ -667,6 +669,7 @@
> return NULL;
> }
> else {
+ if(NULL != str_is_ip)
>+ *str_is_ip = 1;
> return conn->remote_ip;
> }
> }
--
Greg Marr
gregm@alum.wpi.edu
"We thought you were dead."
"I was, but I'm better now." - Sheridan, "The Summoning"