Replace ap_expr with a parser derived from mod_ssl's parser. Make mod_ssl use

the new parser. Rework ap_expr's public interface and provide hooks for modules to add variables and functions. The Netware and Windows build files still need to be adjusted git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1032073 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2010-11-06 14:31:16 +00:00
parent 11185f3163
commit 35cdba6976
32 changed files with 3145 additions and 3081 deletions
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -302,7 +302,6 @@ int ssl_hook_Access(request_rec *r)
    SSL_CTX *ctx = NULL;
    apr_array_header_t *requires;
    ssl_require_t *ssl_requires;
-    char *cp;
    int ok, i;
    BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
    X509 *cert;
@@ -900,17 +899,13 @@ int ssl_hook_Access(request_rec *r)
    for (i = 0; i < requires->nelts; i++) {
        ssl_require_t *req = &ssl_requires[i];
        const char *errstring;
-        ok = ssl_expr_exec(r, req->mpExpr, &errstring);
+        ok = ap_expr_exec(r, req->mpExpr, &errstring);

        if (ok < 0) {
-            cp = apr_psprintf(r->pool,
-                              "Failed to execute "
-                              "SSL requirement expression: %s",
-                              errstring);
-
            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "access to %s failed, reason: %s",
-                          r->filename, cp);
+                          "access to %s failed, reason: Failed to execute "
+                          "SSL requirement expression: %s",
+                          r->filename, errstring);

            /* remember forbidden access for strict require option */
            apr_table_setn(r->notes, "ssl-access-forbidden", "1");
@@ -1282,54 +1277,6 @@ const authz_provider ssl_authz_provider_verify_client =
 };


-static authz_status ssl_authz_sslrequire_check(request_rec *r,
-                                               const char *require_line,
-                                               const void *parsed)
-{
-    const ssl_expr *expr = parsed;
-    const char *errstring;
-    int ok = ssl_expr_exec(r, expr, &errstring);
-
-    if (ok < 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "Failed to execute SSL requirement expression in "
-                      "'Require ssl-require': %s",
-                      errstring);
-        return AUTHZ_DENIED;
-    }
-
-    if (ok != 1) {
-        ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
-                      "SSL requirement expression in 'Require ssl-require' "
-                      "not fulfilled");
-        return AUTHZ_DENIED;
-    }
-
-    return AUTHZ_GRANTED;
-}
-
-static const char *ssl_authz_sslrequire_parse(cmd_parms *cmd,
-                                              const char *require_line,
-                                              const void **parsed)
-{
-    const char *errstring;
-    ssl_expr *expr = ssl_expr_comp(cmd->pool, require_line, &errstring);
-
-    if (!expr)
-        return apr_psprintf(cmd->pool, "Error in 'Require require-ssl': %s",
-                            errstring);
-
-    *parsed = expr;
-
-    return NULL;
-}
-
-const authz_provider ssl_authz_provider_sslrequire =
-{
-    &ssl_authz_sslrequire_check,
-    &ssl_authz_sslrequire_parse,
-};
-

 /*  _________________________________________________________________
 **