You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/01/05 17:12:21 UTC
svn commit: r1555545 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS
docs/manual/ docs/manual/expr.xml docs/manual/mod/
docs/manual/mod/mod_authz_host.xml modules/aaa/mod_authz_host.c
Author: jim
Date: Sun Jan 5 16:12:20 2014
New Revision: 1555545
URL: http://svn.apache.org/r1555545
Log:
Merge r1554188 from trunk:
mod_authnz_host: Support the expression parser within the require directives.
Submitted by: minfrin
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/docs/manual/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/expr.xml
httpd/httpd/branches/2.4.x/docs/manual/mod/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_host.xml
httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_host.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1554188
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1555545&r1=1555544&r2=1555545&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun Jan 5 16:12:20 2014
@@ -2,6 +2,9 @@
Changes with Apache 2.4.8
+ *) mod_authnz_host: Support the expression parser within the require
+ directives. [Graham Leggett]
+
*) mod_authnz_groupfile: Support the expression parser within the require
directives. [Graham Leggett]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1555545&r1=1555544&r2=1555545&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Sun Jan 5 16:12:20 2014
@@ -98,11 +98,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_authz_host: Support the expression parser within the require directives.
- trunk patch: http://svn.apache.org/r1554188
- 2.4.x patch: trunk works (modulo CHANGES and log-message-tags)
- +1: minfrin, jim, covener
-
* mod_authz_user: Support the expression parser within the require directives.
trunk patch: http://svn.apache.org/r1554195
2.4.x patch: trunk works (modulo CHANGES and log-message-tags)
Propchange: httpd/httpd/branches/2.4.x/docs/manual/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual:r1554188
Modified: httpd/httpd/branches/2.4.x/docs/manual/expr.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/expr.xml?rev=1555545&r1=1555544&r2=1555545&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/expr.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/expr.xml Sun Jan 5 16:12:20 2014
@@ -58,6 +58,8 @@
<seealso><a href="mod/mod_authnz_ldap.html#reqfilter">Require ldap-filter</a></seealso>
<seealso><a href="mod/mod_authz_dbd.html#reqgroup">Require dbd-group</a></seealso>
<seealso><a href="mod/mod_authz_dbm.html#reqgroup">Require dbm-group</a></seealso>
+<seealso><a href="mod/mod_authz_groupfile.html#reqgroup">Require group</a></seealso>
+<seealso><a href="mod/mod_authz_host.html#reqhost">Require host</a></seealso>
<seealso><directive module="mod_ssl">SSLRequire</directive></seealso>
<seealso><directive module="mod_log_debug">LogMessage</directive></seealso>
<seealso><module>mod_include</module></seealso>
Propchange: httpd/httpd/branches/2.4.x/docs/manual/mod/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual/mod:r1554188
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_host.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_host.xml?rev=1555545&r1=1555544&r2=1555545&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_host.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_authz_host.xml Sun Jan 5 16:12:20 2014
@@ -58,7 +58,7 @@ address)</description>
<p>Apache's <directive module="mod_authz_core">Require</directive>
directive is used during the authorization phase to ensure that a user is allowed or
denied access to a resource. mod_authz_host extends the
- authorization types with <code>ip</code> and <code>host</code>.
+ authorization types with <code>ip</code>, <code>host</code> and <code>local</code>.
Other authorization types may also be
used but may require that additional authorization modules be loaded.</p>
@@ -66,6 +66,9 @@ address)</description>
access an area of the server. Access can be controlled by
hostname, IP Address, or IP Address range.</p>
+ <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported
+ within the host require directives.</p>
+
<section id="reqip"><title>Require ip</title>
<p>The <code>ip</code> provider allows access to the server
@@ -118,6 +121,8 @@ Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 2001:db8::a00:20ff:fea7:ccea/10
</highlight>
+ <p>Note: As the IP addresses are parsed on startup, expressions are
+ not evaluated at request time.</p>
</section>
Modified: httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_host.c?rev=1555545&r1=1555544&r2=1555545&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/branches/2.4.x/modules/aaa/mod_authz_host.c Sun Jan 5 16:12:20 2014
@@ -179,10 +179,22 @@ static authz_status host_check_authoriza
"remote host name", require_line, r->uri);
}
else {
+ const char *err = NULL;
+ const ap_expr_info_t *expr = parsed_require_line;
+ const char *require;
+
+ require = ap_expr_str_exec(r, expr, &err);
+ if (err) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02593)
+ "authz_host authorize: require host: Can't "
+ "evaluate require expression: %s", err);
+ return AUTHZ_DENIED;
+ }
+
/* The 'host' provider will allow the configuration to specify a list of
host names to check rather than a single name. This is different
from the previous host based syntax. */
- t = require_line;
+ t = require;
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
if (in_domain(w, remotehost)) {
return AUTHZ_GRANTED;
@@ -212,6 +224,25 @@ static authz_status local_check_authoriz
return AUTHZ_DENIED;
}
+static const char *host_parse_config(cmd_parms *cmd, const char *require_line,
+ const void **parsed_require_line)
+{
+ const char *expr_err = NULL;
+ ap_expr_info_t *expr = apr_pcalloc(cmd->pool, sizeof(*expr));
+
+ expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+ &expr_err, NULL);
+
+ if (expr_err)
+ return apr_pstrcat(cmd->temp_pool,
+ "Cannot parse expression in require line: ",
+ expr_err, NULL);
+
+ *parsed_require_line = expr;
+
+ return NULL;
+}
+
static const authz_provider authz_ip_provider =
{
&ip_check_authorization,
@@ -221,7 +252,7 @@ static const authz_provider authz_ip_pro
static const authz_provider authz_host_provider =
{
&host_check_authorization,
- NULL,
+ &host_parse_config,
};
static const authz_provider authz_local_provider =