From 6f4e16eca67c3dca0dc5669d59093eac0c916f60 Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Sun, 1 Mar 2015 14:37:11 +0000 Subject: [PATCH] mod_authn_core: Add expression support to AuthName and AuthType. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1663123 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 ++ docs/manual/expr.xml | 2 + docs/manual/mod/mod_authn_core.xml | 13 +++++++ modules/aaa/mod_authn_core.c | 61 +++++++++++++++++++++++++----- 4 files changed, 69 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 640bdf79b2..389a236237 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changes with Apache 2.5.0 calls r:wsupgrade() can cause a child process crash. [Edward Lu ] + *) mod_authn_core: Add expression support to AuthName and AuthType. + [Graham Leggett] + *) mod_deflate: A misplaced check prevents limiting small bodies with the new inflate limits. PR56872. [Edward Lu, Eric Covener, Yann Ylavic] diff --git a/docs/manual/expr.xml b/docs/manual/expr.xml index dc6a505295..99620c87f3 100644 --- a/docs/manual/expr.xml +++ b/docs/manual/expr.xml @@ -48,6 +48,8 @@ AuthFormLoginRequiredLocation AuthFormLoginSuccessLocation AuthFormLogoutLocation +AuthName +AuthType RewriteCond SetEnvIfExpr Header diff --git a/docs/manual/mod/mod_authn_core.xml b/docs/manual/mod/mod_authn_core.xml index f270ca14de..d1ea4b218d 100644 --- a/docs/manual/mod/mod_authn_core.xml +++ b/docs/manual/mod/mod_authn_core.xml @@ -144,6 +144,16 @@ authentication

The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

+ +

From 2.4.13, expression syntax can be + used inside the directive to produce the name dynamically.

+ +

For example:

+ + + AuthName "%{HTTP_HOST}" + + Authentication, Authorization, and @@ -198,6 +208,9 @@ authentication </Directory> +

From 2.4.13, expression syntax can be + used inside the directive to specify the type dynamically.

+ When disabling authentication, note that clients which have already authenticated against another portion of the server's document tree will typically continue to send authentication HTTP headers diff --git a/modules/aaa/mod_authn_core.c b/modules/aaa/mod_authn_core.c index 1f1163ec08..6df473e067 100644 --- a/modules/aaa/mod_authn_core.c +++ b/modules/aaa/mod_authn_core.c @@ -34,6 +34,7 @@ #include "http_log.h" #include "http_request.h" #include "http_protocol.h" +#include "ap_expr.h" #include "ap_provider.h" #include "mod_auth.h" @@ -52,9 +53,9 @@ */ typedef struct { - const char *ap_auth_type; + ap_expr_info_t *ap_auth_type; int auth_type_set; - const char *ap_auth_name; + ap_expr_info_t *ap_auth_name; } authn_core_dir_conf; typedef struct provider_alias_rec { @@ -298,8 +299,16 @@ static const char *set_authname(cmd_parms *cmd, void *mconfig, const char *word1) { authn_core_dir_conf *aconfig = (authn_core_dir_conf *)mconfig; + const char *expr_err = NULL; + + aconfig->ap_auth_name = ap_expr_parse_cmd(cmd, word1, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); + if (expr_err) { + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression '", word1, "' in AuthName: ", + expr_err, NULL); + } - aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1); return NULL; } @@ -307,9 +316,17 @@ static const char *set_authtype(cmd_parms *cmd, void *mconfig, const char *word1) { authn_core_dir_conf *aconfig = (authn_core_dir_conf *)mconfig; + const char *expr_err = NULL; + + aconfig->ap_auth_type = ap_expr_parse_cmd(cmd, word1, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); + if (expr_err) { + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression '", word1, "' in AuthType: ", + expr_err, NULL); + } aconfig->auth_type_set = 1; - aconfig->ap_auth_type = strcasecmp(word1, "None") ? word1 : NULL; return NULL; } @@ -318,20 +335,44 @@ static const char *authn_ap_auth_type(request_rec *r) { authn_core_dir_conf *conf; - conf = (authn_core_dir_conf *)ap_get_module_config(r->per_dir_config, - &authn_core_module); + conf = (authn_core_dir_conf *) ap_get_module_config(r->per_dir_config, + &authn_core_module); + + if (conf->ap_auth_type) { + const char *err = NULL, *type; + type = ap_expr_str_exec(r, conf->ap_auth_type, &err); + if (err) { + ap_log_rerror( + APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, APLOGNO() "AuthType expression could not be evaluated: %s", err); + return NULL; + } + + return strcasecmp(type, "None") ? type : NULL; + } - return conf->ap_auth_type; + return NULL; } static const char *authn_ap_auth_name(request_rec *r) { authn_core_dir_conf *conf; + const char *err = NULL, *name; + + conf = (authn_core_dir_conf *) ap_get_module_config(r->per_dir_config, + &authn_core_module); + + if (conf->ap_auth_name) { + name = ap_expr_str_exec(r, conf->ap_auth_name, &err); + if (err) { + ap_log_rerror( + APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, APLOGNO() "AuthName expression could not be evaluated: %s", err); + return NULL; + } - conf = (authn_core_dir_conf *)ap_get_module_config(r->per_dir_config, - &authn_core_module); + return ap_escape_quotes(r->pool, name); + } - return apr_pstrdup(r->pool, conf->ap_auth_name); + return NULL; } static const command_rec authn_cmds[] = -- 2.40.0