From: Joe Orton Date: Sat, 23 May 2015 10:16:25 +0000 (+0000) Subject: Merge r1420184 from trunk: X-Git-Tag: 2.4.13~56 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d131deb90475c75a10121a5102e52ab7c790553b;p=apache Merge r1420184 from trunk: * modules/aaa/mod_authz_owner.h: Add header file with optional hook declaration for "authz_owner_get_file_group". * modules/aaa/mod_authz_dbm.c, modules/aaa/mod_authz_groupfile.c: Use the header to pick up the above declaration; retrieve the optional function in a hook; use a static variable to store the function pointer. Submitted by: jorton Reviewed by: jkaluza, wrowe, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681311 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 3266a62377..7d39261e6c 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,9 @@ Changes with Apache 2.4.13 calls r:wsupgrade() can cause a child process crash. [Edward Lu ] + *) mod_authz_dbm: Fix crashes when "dbm-file-group" is used and + authz modules were loaded in the "wrong" order. [Joe Orton] + *) mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetime of DB lookup entries independently of the selected DB engine. PR 46421. [Steven whitson , Jan Kaluza, Yann Ylavic]. diff --git a/modules/aaa/mod_authz_dbm.c b/modules/aaa/mod_authz_dbm.c index c329eacd34..843d9a8e43 100644 --- a/modules/aaa/mod_authz_dbm.c +++ b/modules/aaa/mod_authz_dbm.c @@ -29,14 +29,13 @@ #include "http_request.h" /* for ap_hook_(check_user_id | auth_checker)*/ #include "mod_auth.h" +#include "mod_authz_owner.h" typedef struct { const char *grpfile; const char *dbmtype; } authz_dbm_config_rec; -APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); - /* This should go into APR; perhaps with some nice * caching/locking/flocking of the open dbm file. @@ -212,7 +211,7 @@ static authz_status dbmgroup_check_authorization(request_rec *r, return AUTHZ_DENIED; } -APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group; +static APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group; static authz_status dbmfilegroup_check_authorization(request_rec *r, const char *require_args, @@ -307,11 +306,13 @@ static const authz_provider authz_dbmfilegroup_provider = NULL, }; - -static void register_hooks(apr_pool_t *p) +static void authz_dbm_getfns(void) { authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group); +} +static void register_hooks(apr_pool_t *p) +{ ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "dbm-group", AUTHZ_PROVIDER_VERSION, &authz_dbmgroup_provider, @@ -320,6 +321,7 @@ static void register_hooks(apr_pool_t *p) AUTHZ_PROVIDER_VERSION, &authz_dbmfilegroup_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_hook_optional_fn_retrieve(authz_dbm_getfns, NULL, NULL, APR_HOOK_MIDDLE); } AP_DECLARE_MODULE(authz_dbm) = diff --git a/modules/aaa/mod_authz_groupfile.c b/modules/aaa/mod_authz_groupfile.c index cd7d3f0e0a..e1df12918a 100644 --- a/modules/aaa/mod_authz_groupfile.c +++ b/modules/aaa/mod_authz_groupfile.c @@ -55,13 +55,12 @@ #include "util_varbuf.h" #include "mod_auth.h" +#include "mod_authz_owner.h" typedef struct { char *groupfile; } authz_groupfile_config_rec; -APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); - static void *create_authz_groupfile_dir_config(apr_pool_t *p, char *d) { authz_groupfile_config_rec *conf = apr_palloc(p, sizeof(*conf)); @@ -203,7 +202,7 @@ static authz_status group_check_authorization(request_rec *r, return AUTHZ_DENIED; } -APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group; +static APR_OPTIONAL_FN_TYPE(authz_owner_get_file_group) *authz_owner_get_file_group; static authz_status filegroup_check_authorization(request_rec *r, const char *require_args, @@ -301,10 +300,14 @@ static const authz_provider authz_filegroup_provider = NULL, }; -static void register_hooks(apr_pool_t *p) + +static void authz_groupfile_getfns(void) { authz_owner_get_file_group = APR_RETRIEVE_OPTIONAL_FN(authz_owner_get_file_group); +} +static void register_hooks(apr_pool_t *p) +{ ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "group", AUTHZ_PROVIDER_VERSION, &authz_group_provider, @@ -313,6 +316,7 @@ static void register_hooks(apr_pool_t *p) AUTHZ_PROVIDER_VERSION, &authz_filegroup_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_hook_optional_fn_retrieve(authz_groupfile_getfns, NULL, NULL, APR_HOOK_MIDDLE); } AP_DECLARE_MODULE(authz_groupfile) = diff --git a/modules/aaa/mod_authz_owner.c b/modules/aaa/mod_authz_owner.c index 66b31d6a50..4fd0b2a015 100644 --- a/modules/aaa/mod_authz_owner.c +++ b/modules/aaa/mod_authz_owner.c @@ -28,8 +28,7 @@ #include "http_request.h" #include "mod_auth.h" - -APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); +#include "mod_authz_owner.h" static const command_rec authz_owner_cmds[] = { diff --git a/modules/aaa/mod_authz_owner.h b/modules/aaa/mod_authz_owner.h new file mode 100644 index 0000000000..799f3361ab --- /dev/null +++ b/modules/aaa/mod_authz_owner.h @@ -0,0 +1,27 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MOD_AUTHZ_OWNER_H +#define MOD_AUTHZ_OWNER_H + +#include "http_request.h" + +/* mod_authz_owner exports an optional function which retrieves the + * group name of the file identified by r->filename, if available, or + * else returns NULL. */ +APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); + +#endif /* MOD_AUTHZ_OWNER_H */