www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-11-06 16:49:32 +03:00
Code Activity

This is just too easy to not do it: Add an 'expr' authz provider that allows

Browse Source 
arbitrary expressions in Require lines.

The main issue I wanted to fix was that the env provider only allows to
check for the existance of an envvar but not the contents.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1002363 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2010-09-28 21:33:44 +00:00
parent affc4cf328
commit a10a4e4f2f
3 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/ap_expr.h
View File

@@ -99,7 +99,7 @@ AP_DECLARE(ap_parse_node_t*) ap_expr_parse(apr_pool_t *pool, const char *expr,
* @param eval_func Option evaluation function (e.g. -A filename) * @param eval_func Option evaluation function (e.g. -A filename)
* @return the value the expression parsed to * @return the value the expression parsed to
*/ */
AP_DECLARE(int) ap_expr_eval(request_rec *r, ap_parse_node_t *root, AP_DECLARE(int) ap_expr_eval(request_rec *r, const ap_parse_node_t *root,
int *was_error, backref_t **reptr, int *was_error, backref_t **reptr,
string_func_t string_func, opt_func_t eval_func); string_func_t string_func, opt_func_t eval_func);
/** /**

37
modules/aaa/mod_authz_core.c
View File

@@ -37,6 +37,7 @@
#include "http_request.h" #include "http_request.h"
#include "http_protocol.h" #include "http_protocol.h"
#include "ap_provider.h" #include "ap_provider.h"
#include "ap_expr.h"
#include "mod_auth.h" #include "mod_auth.h"
@@ -983,6 +984,39 @@ static const authz_provider authz_method_provider =
&method_parse_config, &method_parse_config,
}; };
static authz_status expr_check_authorization(request_rec *r,
const char *require_line,
const void *parsed_require_line)
{
int err = 0;
const ap_parse_node_t *expr = parsed_require_line;
if (ap_expr_eval(r, expr, &err, NULL, ap_expr_string, NULL))
return AUTHZ_GRANTED;
else
return AUTHZ_DENIED;
}
static const char *expr_parse_config(cmd_parms *cmd, const char *require_line,
const void **parsed_require_line)
{
int expr_err = 0;
ap_parse_node_t *expr = ap_expr_parse(cmd->pool, require_line, &expr_err);
if (expr_err)
return "Cannot parse expression in require line";
*parsed_require_line = expr;
return NULL;
}
static const authz_provider authz_expr_provider =
{
&expr_check_authorization,
&expr_parse_config,
};
static void register_hooks(apr_pool_t *p) static void register_hooks(apr_pool_t *p)
{ {
@@ -1004,6 +1038,9 @@ static void register_hooks(apr_pool_t *p)
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "method", ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "method",
AUTHZ_PROVIDER_VERSION, AUTHZ_PROVIDER_VERSION,
&authz_method_provider, AP_AUTH_INTERNAL_PER_CONF); &authz_method_provider, AP_AUTH_INTERNAL_PER_CONF);
ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "expr",
AUTHZ_PROVIDER_VERSION,
&authz_expr_provider, AP_AUTH_INTERNAL_PER_CONF);
} }
AP_DECLARE_MODULE(authz_core) = AP_DECLARE_MODULE(authz_core) =

4
server/util_expr.c
View File

@@ -674,7 +674,7 @@ AP_DECLARE(ap_parse_node_t*) ap_expr_parse(apr_pool_t* pool, const char *expr,
} }
static ap_parse_node_t *ap_expr_clone_tree(apr_pool_t *pool, static ap_parse_node_t *ap_expr_clone_tree(apr_pool_t *pool,
ap_parse_node_t *pnode, const ap_parse_node_t *pnode,
ap_parse_node_t *parent) ap_parse_node_t *parent)
{ {
ap_parse_node_t *ret; ap_parse_node_t *ret;
@@ -871,7 +871,7 @@ static int expr_eval(request_rec *r, ap_parse_node_t *root,
return (root ? root->value : 0); return (root ? root->value : 0);
} }
AP_DECLARE(int) ap_expr_eval(request_rec *r, ap_parse_node_t *root, AP_DECLARE(int) ap_expr_eval(request_rec *r, const ap_parse_node_t *root,
int *was_error, backref_t **reptr, int *was_error, backref_t **reptr,
string_func_t string_func, opt_func_t eval_func) string_func_t string_func, opt_func_t eval_func)
{ {