diff options
| author | Stefan Fritsch <sf@apache.org> | 2010-09-25 15:17:49 +0200 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2010-09-25 15:17:49 +0200 |
| commit | 2690fbd3251a4603b1a7f6c8375e8c59042382aa (patch) | |
| tree | 17ceba3f64448c16d8d89235a02f8211d4067ed0 /modules/aaa/mod_authz_host.c | |
| parent | Expand authz provider entry (diff) | |
| download | apache2-2690fbd3251a4603b1a7f6c8375e8c59042382aa.tar.xz apache2-2690fbd3251a4603b1a7f6c8375e8c59042382aa.zip | |
Add 'local' authz provider that matches connections originating
on the local host. PR 19938.
Also remove some cruft from mod_authz_host (we don't need a per-dir config)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1001207 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/aaa/mod_authz_host.c')
| -rw-r--r-- | modules/aaa/mod_authz_host.c | 68 |
1 files changed, 47 insertions, 21 deletions
diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_authz_host.c index 6d0be22315..5432282411 100644 --- a/modules/aaa/mod_authz_host.c +++ b/modules/aaa/mod_authz_host.c @@ -44,25 +44,6 @@ #include <netinet/in.h> #endif -typedef struct { - int dummy; /* just here to stop compiler warnings for now. */ -} authz_host_dir_conf; - -module AP_MODULE_DECLARE_DATA authz_host_module; - -static void *create_authz_host_dir_config(apr_pool_t *p, char *dummy) -{ - authz_host_dir_conf *conf = - (authz_host_dir_conf *)apr_pcalloc(p, sizeof(authz_host_dir_conf)); - - return (void *)conf; -} - -static const command_rec authz_host_cmds[] = -{ - {NULL} -}; - static int in_domain(const char *domain, const char *what) { int dl = strlen(domain); @@ -188,6 +169,29 @@ static authz_status host_check_authorization(request_rec *r, return AUTHZ_DENIED; } +static apr_ipsubnet_t *localhost_v4; +#if APR_HAVE_IPV6 +static apr_ipsubnet_t *localhost_v6; +#endif + +static authz_status local_check_authorization(request_rec *r, + const char *require_line, + const void *parsed_require_line) +{ + if ( apr_sockaddr_equal(r->connection->local_addr, + r->connection->remote_addr) + || apr_ipsubnet_test(localhost_v4, r->connection->remote_addr) +#if APR_HAVE_IPV6 + || apr_ipsubnet_test(localhost_v6, r->connection->remote_addr) +#endif + ) + { + return AUTHZ_GRANTED; + } + + return AUTHZ_DENIED; +} + static const authz_provider authz_ip_provider = { &ip_check_authorization, @@ -200,24 +204,46 @@ static const authz_provider authz_host_provider = NULL, }; +static const authz_provider authz_local_provider = +{ + &local_check_authorization, + NULL, +}; + + +static int authz_host_pre_config(apr_pool_t *p, apr_pool_t *plog, + apr_pool_t *ptemp) +{ + apr_ipsubnet_create(&localhost_v4, "127.0.0.0", "8", p); +#if APR_HAVE_IPV6 + apr_ipsubnet_create(&localhost_v6, "::1", "128", p); +#endif + + return OK; +} static void register_hooks(apr_pool_t *p) { + ap_hook_pre_config(authz_host_pre_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ip", AUTHZ_PROVIDER_VERSION, &authz_ip_provider, AP_AUTH_INTERNAL_PER_CONF); ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "host", AUTHZ_PROVIDER_VERSION, &authz_host_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "local", + AUTHZ_PROVIDER_VERSION, + &authz_local_provider, AP_AUTH_INTERNAL_PER_CONF); } AP_DECLARE_MODULE(authz_host) = { STANDARD20_MODULE_STUFF, - create_authz_host_dir_config, /* dir config creater */ + NULL, /* dir config creater */ NULL, /* dir merger --- default is to override */ NULL, /* server config */ NULL, /* merge server config */ - authz_host_cmds, + NULL, register_hooks /* register hooks */ }; |