diff options
Diffstat (limited to 'modules/aaa/mod_authz_dbm.c')
-rw-r--r-- | modules/aaa/mod_authz_dbm.c | 40 |
1 files changed, 34 insertions, 6 deletions
diff --git a/modules/aaa/mod_authz_dbm.c b/modules/aaa/mod_authz_dbm.c index 4f13caea..c329eacd 100644 --- a/modules/aaa/mod_authz_dbm.c +++ b/modules/aaa/mod_authz_dbm.c @@ -137,6 +137,11 @@ static authz_status dbmgroup_check_authorization(request_rec *r, authz_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config, &authz_dbm_module); char *user = r->user; + + const char *err = NULL; + const ap_expr_info_t *expr = parsed_require_args; + const char *require; + const char *t; char *w; const char *orig_groups = NULL; @@ -180,7 +185,15 @@ static authz_status dbmgroup_check_authorization(request_rec *r, orig_groups = groups; } - t = require_args; + require = ap_expr_str_exec(r, expr, &err); + if (err) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02591) + "authz_dbm authorize: require dbm-group: Can't " + "evaluate require expression: %s", err); + return AUTHZ_DENIED; + } + + t = require; while ((w = ap_getword_white(r->pool, &t)) && w[0]) { groups = orig_groups; while (groups[0]) { @@ -210,7 +223,6 @@ static authz_status dbmfilegroup_check_authorization(request_rec *r, char *user = r->user; const char *realm = ap_auth_name(r); const char *filegroup = NULL; - const char *orig_groups = NULL; apr_status_t status; const char *groups; char *v; @@ -245,12 +257,9 @@ static authz_status dbmfilegroup_check_authorization(request_rec *r, return AUTHZ_DENIED; } - orig_groups = groups; - filegroup = authz_owner_get_file_group(r); if (filegroup) { - groups = orig_groups; while (groups[0]) { v = ap_getword(r->pool, &groups, ','); if (!strcmp(v, filegroup)) { @@ -267,10 +276,29 @@ static authz_status dbmfilegroup_check_authorization(request_rec *r, return AUTHZ_DENIED; } +static const char *dbm_parse_config(cmd_parms *cmd, const char *require_line, + const void **parsed_require_line) +{ + const char *expr_err = NULL; + ap_expr_info_t *expr; + + expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); + + if (expr_err) + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression in require line: ", + expr_err, NULL); + + *parsed_require_line = expr; + + return NULL; +} + static const authz_provider authz_dbmgroup_provider = { &dbmgroup_check_authorization, - NULL, + &dbm_parse_config, }; static const authz_provider authz_dbmfilegroup_provider = |