Changes with Apache 2.4.8
+ *) mod_authnz_groupfile: Support the expression parser within the require
+ directives. [Graham Leggett]
+
*) mod_authnz_dbm: Support the expression parser within the require
directives. [Graham Leggett]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_authz_dbm: Support the expression parser within the require directives.
- trunk patch: http://svn.apache.org/r1554170
- http://svn.apache.org/r1554181
- 2.4.x patch: trunk works (modulo CHANGES and log-message-tags)
- +1: minfrin, jim, covener
-
- * mod_authz_groupfile: Support the expression parser within the require directives.
- trunk patch: http://svn.apache.org/r1554175
- http://svn.apache.org/r1554184
- 2.4.x patch: trunk works (modulo CHANGES and log-message-tags)
- +1: minfrin, jim, covener
-
* mod_authz_host: Support the expression parser within the require directives.
trunk patch: http://svn.apache.org/r1554188
2.4.x patch: trunk works (modulo CHANGES and log-message-tags)
<seealso><directive module="mod_authz_core">Require</directive></seealso>
+<section id="requiredirectives"><title>The Require Directives</title>
+
+ <p>Apache's <directive module="mod_authz_core">Require</directive>
+ directives are used during the authorization phase to ensure that
+ a user is allowed to access a resource. mod_authz_groupfile extends the
+ authorization types with <code>group</code> and <code>group-file</code>.
+ </p>
+
+ <p>Since v2.5.0, <a href="../expr.html">expressions</a> are supported
+ within the groupfile require directives.</p>
+
+<section id="reqgroup"><title>Require group</title>
+
+ <p>This directive specifies group membership that is required for the
+ user to gain access.</p>
+
+ <highlight language="config">
+ Require group admin
+ </highlight>
+
+</section>
+
+<section id="reqfilegroup"><title>Require file-group</title>
+
+ <p>When this directive is specified, the user must be a member of the group
+ assigned to the file being accessed.</p>
+
+ <highlight language="config">
+ Require file-group
+ </highlight>
+
+</section>
+
+</section>
+
<directivesynopsis>
<name>AuthGroupFile</name>
<description>Sets the name of a text file containing the list
authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config,
&authz_groupfile_module);
char *user = r->user;
+
+ const char *err = NULL;
+ const ap_expr_info_t *expr = parsed_require_args;
+ const char *require;
+
const char *t, *w;
apr_table_t *grpstatus = NULL;
apr_status_t status;
return AUTHZ_DENIED;
}
- t = require_args;
+ require = ap_expr_str_exec(r, expr, &err);
+ if (err) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02592)
+ "authz_groupfile authorize: require group: Can't "
+ "evaluate require expression: %s", err);
+ return AUTHZ_DENIED;
+ }
+
+ t = require;
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
if (apr_table_get(grpstatus, w)) {
return AUTHZ_GRANTED;
return AUTHZ_DENIED;
}
+static const char *groupfile_parse_config(cmd_parms *cmd, const char *require_line,
+ const void **parsed_require_line)
+{
+ const char *expr_err = NULL;
+ ap_expr_info_t *expr = apr_pcalloc(cmd->pool, sizeof(*expr));
+
+ expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT,
+ &expr_err, NULL);
+
+ if (expr_err)
+ return apr_pstrcat(cmd->temp_pool,
+ "Cannot parse expression in require line: ",
+ expr_err, NULL);
+
+ *parsed_require_line = expr;
+
+ return NULL;
+}
+
static const authz_provider authz_group_provider =
{
&group_check_authorization,
- NULL,
+ &groupfile_parse_config,
};
static const authz_provider authz_filegroup_provider =
projects / apache / commitdiff