1 *** httpd-2.0.49/modules/aaa/mod_access.c Mon Feb 9 15:53:14 2004 2 --- httpd-2.0.49a/modules/aaa/mod_access.c Fri May 28 21:57:54 2004 3 *************** 4 *** 39,44 **** 5 --- 39,47 ---- 6 #include 7 #endif 8 9 + /* If their config pathnames are longer than this, they deserve what they get */ 10 + #define AP_ACCESS_MAXPATH 80 11 + 12 enum allowdeny_type { 13 T_ENV, 14 T_ALL, 15 *************** 16 *** 54,59 **** 17 --- 57,63 ---- 18 apr_ipsubnet_t *ip; 19 } x; 20 enum allowdeny_type type; 21 + unsigned line_number; 22 } allowdeny; 23 24 /* things in the 'order' array */ 25 *************** 26 *** 65,70 **** 27 --- 69,76 ---- 28 int order[METHODS]; 29 apr_array_header_t *allows; 30 apr_array_header_t *denys; 31 + char filename[AP_ACCESS_MAXPATH]; 32 + unsigned line_number; 33 } access_dir_conf; 34 35 module AP_MODULE_DECLARE_DATA access_module; 36 *************** 37 *** 80,89 **** 38 } 39 conf->allows = apr_array_make(p, 1, sizeof(allowdeny)); 40 conf->denys = apr_array_make(p, 1, sizeof(allowdeny)); 41 ! 42 return (void *)conf; 43 } 44 45 static const char *order(cmd_parms *cmd, void *dv, const char *arg) 46 { 47 access_dir_conf *d = (access_dir_conf *) dv; 48 --- 86,123 ---- 49 } 50 conf->allows = apr_array_make(p, 1, sizeof(allowdeny)); 51 conf->denys = apr_array_make(p, 1, sizeof(allowdeny)); 52 ! conf->filename[0] = 0; 53 ! conf->line_number = 0; 54 return (void *)conf; 55 } 56 57 + /* it's like you see this cute directive and you have to...*/ 58 + static void get_name_and_number(cmd_parms *cmd, char *name, unsigned *number) 59 + { 60 + /* There is a comment saying directive->filename might go away. It is not at 61 + * all clear to me how we are supposed to get this info if it does 62 + * On the other hand, no other module seems to care 63 + */ 64 + const char *fname = NULL; 65 + if (cmd->directive && cmd->directive->filename) { 66 + fname = cmd->directive->filename; 67 + *number = cmd->directive->line_num; 68 + } 69 + /* You gotta love the consistent naming convention */ 70 + else if (cmd->config_file && cmd->config_file->name) { 71 + fname = cmd->config_file->name; 72 + *number = cmd->config_file->line_number; 73 + } 74 + if (fname) { 75 + if (apr_cpystrn(name, fname, AP_ACCESS_MAXPATH) == &name[AP_ACCESS_MAXPATH-1]) 76 + name[AP_ACCESS_MAXPATH-2] = name[AP_ACCESS_MAXPATH-3] = name[AP_ACCESS_MAXPATH-4] = '.'; 77 + } else { 78 + name[0] = name[1] = name[2] = '?'; name[3] = '\0'; 79 + *number = 0; 80 + } 81 + } 82 + 83 + 84 static const char *order(cmd_parms *cmd, void *dv, const char *arg) 85 { 86 access_dir_conf *d = (access_dir_conf *) dv; 87 *************** 88 *** 102,107 **** 89 --- 136,142 ---- 90 if (cmd->limited & (AP_METHOD_BIT << i)) 91 d->order[i] = o; 92 93 + get_name_and_number(cmd, d->filename, &d->line_number); 94 return NULL; 95 } 96 97 *************** 98 *** 122,127 **** 99 --- 157,164 ---- 100 a->x.from = where; 101 a->limited = cmd->limited; 102 103 + get_name_and_number(cmd, d->filename, &a->line_number); 104 + 105 if (!strncasecmp(where, "env=", 4)) { 106 a->type = T_ENV; 107 a->x.from += 4; 108 *************** 109 *** 193,199 **** 110 return 0; 111 } 112 113 ! static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method) 114 { 115 116 allowdeny *ap = (allowdeny *) a->elts; 117 --- 230,236 ---- 118 return 0; 119 } 120 121 ! static allowdeny *find_allowdeny(request_rec *r, apr_array_header_t *a, int method) 122 { 123 124 allowdeny *ap = (allowdeny *) a->elts; 125 *************** 126 *** 209,224 **** 127 switch (ap[i].type) { 128 case T_ENV: 129 if (apr_table_get(r->subprocess_env, ap[i].x.from)) { 130 ! return 1; 131 } 132 break; 133 134 case T_ALL: 135 ! return 1; 136 137 case T_IP: 138 if (apr_ipsubnet_test(ap[i].x.ip, r->connection->remote_addr)) { 139 ! return 1; 140 } 141 break; 142 143 --- 246,261 ---- 144 switch (ap[i].type) { 145 case T_ENV: 146 if (apr_table_get(r->subprocess_env, ap[i].x.from)) { 147 ! return &ap[i]; 148 } 149 break; 150 151 case T_ALL: 152 ! return &ap[i]; 153 154 case T_IP: 155 if (apr_ipsubnet_test(ap[i].x.ip, r->connection->remote_addr)) { 156 ! return &ap[i]; 157 } 158 break; 159 160 *************** 161 *** 236,242 **** 162 } 163 164 if ((gothost == 2) && in_domain(ap[i].x.from, remotehost)) 165 ! return 1; 166 break; 167 168 case T_FAIL: 169 --- 273,279 ---- 170 } 171 172 if ((gothost == 2) && in_domain(ap[i].x.from, remotehost)) 173 ! return &ap[i]; 174 break; 175 176 case T_FAIL: 177 *************** 178 *** 245,257 **** 179 } 180 } 181 182 ! return 0; 183 } 184 185 static int check_dir_access(request_rec *r) 186 { 187 int method = r->method_number; 188 int ret = OK; 189 access_dir_conf *a = (access_dir_conf *) 190 ap_get_module_config(r->per_dir_config, &access_module); 191 192 --- 282,295 ---- 193 } 194 } 195 196 ! return NULL; 197 } 198 199 static int check_dir_access(request_rec *r) 200 { 201 int method = r->method_number; 202 int ret = OK; 203 + allowdeny *which = NULL; 204 access_dir_conf *a = (access_dir_conf *) 205 ap_get_module_config(r->per_dir_config, &access_module); 206 207 *************** 208 *** 259,276 **** 209 ret = HTTP_FORBIDDEN; 210 if (find_allowdeny(r, a->allows, method)) 211 ret = OK; 212 ! if (find_allowdeny(r, a->denys, method)) 213 ret = HTTP_FORBIDDEN; 214 } 215 else if (a->order[method] == DENY_THEN_ALLOW) { 216 ! if (find_allowdeny(r, a->denys, method)) 217 ret = HTTP_FORBIDDEN; 218 if (find_allowdeny(r, a->allows, method)) 219 ret = OK; 220 } 221 else { 222 if (find_allowdeny(r, a->allows, method) 223 ! && !find_allowdeny(r, a->denys, method)) 224 ret = OK; 225 else 226 ret = HTTP_FORBIDDEN; 227 --- 297,314 ---- 228 ret = HTTP_FORBIDDEN; 229 if (find_allowdeny(r, a->allows, method)) 230 ret = OK; 231 ! if (which = find_allowdeny(r, a->denys, method)) 232 ret = HTTP_FORBIDDEN; 233 } 234 else if (a->order[method] == DENY_THEN_ALLOW) { 235 ! if (which = find_allowdeny(r, a->denys, method)) 236 ret = HTTP_FORBIDDEN; 237 if (find_allowdeny(r, a->allows, method)) 238 ret = OK; 239 } 240 else { 241 if (find_allowdeny(r, a->allows, method) 242 ! && !(which = find_allowdeny(r, a->denys, method))) 243 ret = OK; 244 else 245 ret = HTTP_FORBIDDEN; 246 *************** 247 *** 278,286 **** 248 249 if (ret == HTTP_FORBIDDEN 250 && (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) { 251 ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 252 ! "client denied by server configuration: %s", 253 ! r->filename); 254 } 255 256 return ret; 257 --- 316,329 ---- 258 259 if (ret == HTTP_FORBIDDEN 260 && (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) { 261 ! if (which) 262 ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 263 ! "client denied by deny directive at line %d of %s for: %s", 264 ! which->line_number, a->filename, r->filename); 265 ! else 266 ! ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, 267 ! "client denied by order directive at line %d of %s for: %s", 268 ! a->line_number, a->filename, r->filename); 269 } 270 271 return ret;