diff options
Diffstat (limited to 'modules/aaa/mod_authz_groupfile.c')
| -rw-r--r-- | modules/aaa/mod_authz_groupfile.c | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/modules/aaa/mod_authz_groupfile.c b/modules/aaa/mod_authz_groupfile.c index c7fd13b6..70e68153 100644 --- a/modules/aaa/mod_authz_groupfile.c +++ b/modules/aaa/mod_authz_groupfile.c @@ -139,6 +139,11 @@ static authz_status group_check_authorization(request_rec *r, authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config, &authz_groupfile_module); char *user = r->user; + + const char *err = NULL; + const ap_expr_info_t *expr = parsed_require_args; + const char *require; + const char *t, *w; apr_table_t *grpstatus = NULL; apr_status_t status; @@ -175,7 +180,15 @@ static authz_status group_check_authorization(request_rec *r, return AUTHZ_DENIED; } - t = require_args; + require = ap_expr_str_exec(r, expr, &err); + if (err) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02592) + "authz_groupfile authorize: require group: Can't " + "evaluate require expression: %s", err); + return AUTHZ_DENIED; + } + + t = require; while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { if (apr_table_get(grpstatus, w)) { return AUTHZ_GRANTED; @@ -257,10 +270,29 @@ static authz_status filegroup_check_authorization(request_rec *r, return AUTHZ_DENIED; } +static const char *groupfile_parse_config(cmd_parms *cmd, const char *require_line, + const void **parsed_require_line) +{ + const char *expr_err = NULL; + ap_expr_info_t *expr; + + expr = ap_expr_parse_cmd(cmd, require_line, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); + + if (expr_err) + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression in require line: ", + expr_err, NULL); + + *parsed_require_line = expr; + + return NULL; +} + static const authz_provider authz_group_provider = { &group_check_authorization, - NULL, + &groupfile_parse_config, }; static const authz_provider authz_filegroup_provider = |