From: Christophe Jaillet Date: Sat, 23 Jun 2018 14:17:26 +0000 (+0000) Subject: If several parameters are used in a AuthzProviderAlias directive, if these parameters... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bd458847409655afa897ea763e4a4b24593a4b9f;p=apache If several parameters are used in a AuthzProviderAlias directive, if these parameters are not enclosed in quotation mark, only the first one is handled. The other ones are silently ignored. Add a message to warn about such a spurious configuration. PR 62469 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834209 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index c703953f6b..d434dabacf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_authz_core: If several parameters are used in a AuthzProviderAlias + directive, if these parameters are not enclosed in quotation mark, only + the first one is handled. The other ones are silently ignored. + Add a message to warn about such a spurious configuration. + PR 62469 [Hank Ibell , Christophe Jaillet] *) mod_proxy_wstunnel: Add default schema ports for 'ws' and 'wss'. PR 62480. [Lubos Uhliarik } diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index b9f8c0b813..1519b4167f 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -10142 +10143 diff --git a/docs/manual/mod/mod_authz_core.xml b/docs/manual/mod/mod_authz_core.xml index 27e7148604..032fb954fa 100644 --- a/docs/manual/mod/mod_authz_core.xml +++ b/docs/manual/mod/mod_authz_core.xml @@ -600,6 +600,23 @@ alias authorization directives that can be referenced by the alias name using the directive Require.

+

If several parameters are needed in Require-Parameters, + they must be enclosed in quotation marks. Otherwise, only the first one + is taken into account.

+ + +# In this example, for both addresses to be taken into account, they MUST be enclosed +# between quotation marks +<AuthzProviderAlias ip blacklisted-ips "XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY"> +</AuthzProviderAlias> + +<Directory "/path/to/dir"> + <RequireAll> + Require not blacklisted-ips + Require all granted + </RequireAll> +</Directory> + diff --git a/modules/aaa/mod_authz_core.c b/modules/aaa/mod_authz_core.c index c5e5969182..958511446e 100644 --- a/modules/aaa/mod_authz_core.c +++ b/modules/aaa/mod_authz_core.c @@ -253,7 +253,7 @@ static const char *authz_require_alias_section(cmd_parms *cmd, void *mconfig, const char *endp = ap_strrchr_c(args, '>'); char *provider_name; char *provider_alias; - char *provider_args; + char *provider_args, *extra_args; ap_conf_vector_t *new_authz_config; int old_overrides = cmd->override; const char *errmsg; @@ -279,11 +279,22 @@ static const char *authz_require_alias_section(cmd_parms *cmd, void *mconfig, provider_name = ap_getword_conf(cmd->pool, &args); provider_alias = ap_getword_conf(cmd->pool, &args); provider_args = ap_getword_conf(cmd->pool, &args); + extra_args = ap_getword_conf(cmd->pool, &args); if (!provider_name[0] || !provider_alias[0]) { return apr_pstrcat(cmd->pool, cmd->cmd->name, "> directive requires additional arguments", NULL); } + + /* We only handle one "Require-Parameters" parameter. If several parameters + are needed, they must be enclosed between quotes */ + if (extra_args && *extra_args) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server, APLOGNO(10142) + "When several arguments (%s %s...) are passed to a %s directive, " + "they must be enclosed in quotation marks. Otherwise, only the " + "first one is taken into account", + provider_args, extra_args, cmd->cmd->name); + } new_authz_config = ap_create_per_dir_config(cmd->pool);