From: Eric Covener Date: Mon, 9 Jan 2023 13:16:50 +0000 (+0000) Subject: Merge r1663123, r1670431 from trunk: X-Git-Tag: 2.4.55-rc1-candidate~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51ea606377c5c258f0585b421d23c2d6177d5878;p=thirdparty%2Fapache%2Fhttpd.git Merge r1663123, r1670431 from trunk: mod_authn_core: Add expression support to AuthName and AuthType. Add missing APLOGNOs by running docs/log-message-tags/update-log-msg-tags. bump version in XML to 2.4.55 Submitted By: minfrin Reviewed By: minfrin, jim, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906494 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index dd76e49d501..aca4787c34a 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,9 @@ Changes with Apache 2.4.55 *) mod_ssl: When dumping the configuration, the existence of certificate/key files is no longer tested. [Joe Orton] + *) mod_authn_core: Add expression support to AuthName and AuthType. + [Graham Leggett] + *) mod_ssl: when a proxy connection had handled a request using SSL, an error was logged when "SSLProxyEngine" was only configured in the location/proxy section and not the overall server. The connection diff --git a/STATUS b/STATUS index 34a17e803b9..d9c7584f63b 100644 --- a/STATUS +++ b/STATUS @@ -157,15 +157,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: +1: jim, ylavic, icing covener: minor MMN needed for mod_proxy.h? - *) mod_authn_core: Add expression support to AuthName and AuthType. - Trunk version of patch: - https://svn.apache.org/r1663123 - https://svn.apache.org/r1670431 - Backport version for 2.4.x of patch: - https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-authn-expr.patch - +1: minfrin, jim, covener - rpluem says: The version in the compatibility notes is wrong. - *) mod_proxy_hcheck: hcmethod now allow for HTTP/1.1 requests using GET11, HEAD11 and/or OPTIONS11. trunk revision: diff --git a/docs/manual/expr.xml b/docs/manual/expr.xml index fa55196de94..0c9892abfbc 100644 --- a/docs/manual/expr.xml +++ b/docs/manual/expr.xml @@ -48,6 +48,8 @@ AuthFormLoginRequiredLocation AuthFormLoginSuccessLocation AuthFormLogoutLocation +AuthName +AuthType RewriteCond SetEnvIfExpr Header diff --git a/docs/manual/mod/mod_authn_core.xml b/docs/manual/mod/mod_authn_core.xml index 5197ba4fe1d..201aca45487 100644 --- a/docs/manual/mod/mod_authn_core.xml +++ b/docs/manual/mod/mod_authn_core.xml @@ -141,6 +141,16 @@ authentication

The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

+ +

From 2.4.13, expression syntax can be + used inside the directive to produce the name dynamically.

+ +

For example:

+ + + AuthName "%{HTTP_HOST}" + + Authentication, Authorization, and @@ -195,6 +205,9 @@ authentication </Directory> +

From 2.4.13, expression syntax can be + used inside the directive to specify the type dynamically.

+ When disabling authentication, note that clients which have already authenticated against another portion of the server's document tree will typically continue to send authentication HTTP headers diff --git a/modules/aaa/mod_authn_core.c b/modules/aaa/mod_authn_core.c index 7af12655872..f3a494c2757 100644 --- a/modules/aaa/mod_authn_core.c +++ b/modules/aaa/mod_authn_core.c @@ -34,6 +34,7 @@ #include "http_log.h" #include "http_request.h" #include "http_protocol.h" +#include "ap_expr.h" #include "ap_provider.h" #include "mod_auth.h" @@ -52,9 +53,9 @@ */ typedef struct { - const char *ap_auth_type; + ap_expr_info_t *ap_auth_type; int auth_type_set; - const char *ap_auth_name; + ap_expr_info_t *ap_auth_name; } authn_core_dir_conf; typedef struct provider_alias_rec { @@ -298,8 +299,16 @@ static const char *set_authname(cmd_parms *cmd, void *mconfig, const char *word1) { authn_core_dir_conf *aconfig = (authn_core_dir_conf *)mconfig; + const char *expr_err = NULL; + + aconfig->ap_auth_name = ap_expr_parse_cmd(cmd, word1, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); + if (expr_err) { + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression '", word1, "' in AuthName: ", + expr_err, NULL); + } - aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1); return NULL; } @@ -307,9 +316,17 @@ static const char *set_authtype(cmd_parms *cmd, void *mconfig, const char *word1) { authn_core_dir_conf *aconfig = (authn_core_dir_conf *)mconfig; + const char *expr_err = NULL; + + aconfig->ap_auth_type = ap_expr_parse_cmd(cmd, word1, AP_EXPR_FLAG_STRING_RESULT, + &expr_err, NULL); + if (expr_err) { + return apr_pstrcat(cmd->temp_pool, + "Cannot parse expression '", word1, "' in AuthType: ", + expr_err, NULL); + } aconfig->auth_type_set = 1; - aconfig->ap_auth_type = strcasecmp(word1, "None") ? word1 : NULL; return NULL; } @@ -318,20 +335,44 @@ static const char *authn_ap_auth_type(request_rec *r) { authn_core_dir_conf *conf; - conf = (authn_core_dir_conf *)ap_get_module_config(r->per_dir_config, - &authn_core_module); + conf = (authn_core_dir_conf *) ap_get_module_config(r->per_dir_config, + &authn_core_module); + + if (conf->ap_auth_type) { + const char *err = NULL, *type; + type = ap_expr_str_exec(r, conf->ap_auth_type, &err); + if (err) { + ap_log_rerror( + APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, APLOGNO(02834) "AuthType expression could not be evaluated: %s", err); + return NULL; + } + + return strcasecmp(type, "None") ? type : NULL; + } - return conf->ap_auth_type; + return NULL; } static const char *authn_ap_auth_name(request_rec *r) { authn_core_dir_conf *conf; + const char *err = NULL, *name; + + conf = (authn_core_dir_conf *) ap_get_module_config(r->per_dir_config, + &authn_core_module); + + if (conf->ap_auth_name) { + name = ap_expr_str_exec(r, conf->ap_auth_name, &err); + if (err) { + ap_log_rerror( + APLOG_MARK, APLOG_ERR, APR_SUCCESS, r, APLOGNO(02835) "AuthName expression could not be evaluated: %s", err); + return NULL; + } - conf = (authn_core_dir_conf *)ap_get_module_config(r->per_dir_config, - &authn_core_module); + return ap_escape_quotes(r->pool, name); + } - return apr_pstrdup(r->pool, conf->ap_auth_name); + return NULL; } static const command_rec authn_cmds[] =