From: Graham Leggett Date: Fri, 21 Sep 2012 19:46:23 +0000 (+0000) Subject: mod_auth_form: Support the expr parser in the X-Git-Tag: 2.5.0-alpha~6288 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b122eb16fff891da68f950f7409c863e5ffdbc87;p=thirdparty%2Fapache%2Fhttpd.git mod_auth_form: Support the expr parser in the AuthFormLoginRequiredLocation, AuthFormLoginSuccessLocation and AuthFormLogoutLocation directives. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1388648 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index af819cbeb29..75d54c07584 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_auth_form: Support the expr parser in the + AuthFormLoginRequiredLocation, AuthFormLoginSuccessLocation and + AuthFormLogoutLocation directives. [Graham Leggett] + *) core: Add dirwalk_stat hook. [Jeff Trawick] *) mod_proxy: Allow for persistence of local changes (via the diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index 978e2eca86d..dc01807c8fe 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -2339 +2344 diff --git a/docs/manual/mod/mod_auth_form.xml b/docs/manual/mod/mod_auth_form.xml index 33449ce4483..16efbd95e46 100644 --- a/docs/manual/mod/mod_auth_form.xml +++ b/docs/manual/mod/mod_auth_form.xml @@ -558,9 +558,10 @@ lower level modules

The AuthFormLoginRequiredLocation directive - specifies the URL to redirect to should the user not be authorised to view a page. By default, - if a user is not authorised to view a page, the HTTP response code HTTP_UNAUTHORIZED - will be returned with the page specified by the + specifies the URL to redirect to should the user not be authorised to view a page. The value + is parsed using the ap_expr parser before being sent to the client. + By default, if a user is not authorised to view a page, the HTTP response code + HTTP_UNAUTHORIZED will be returned with the page specified by the ErrorDocument directive. This directive overrides this default.

@@ -580,9 +581,10 @@ lower level modules

The AuthFormLoginSuccessLocation directive - specifies the URL to redirect to should the user have logged in successfully. This directive - can be overridden if a form field has been defined containing another URL using the - AuthFormLocation directive.

+ specifies the URL to redirect to should the user have logged in successfully. The value is + parsed using the ap_expr parser before being sent to the client. + This directive can be overridden if a form field has been defined containing another URL + using the AuthFormLocation directive.

Use this directive if you have a dedicated login URL, and you have not embedded the destination page in the login form.

@@ -620,7 +622,9 @@ lower level modules

The AuthFormLogoutLocation directive - specifies the URL of a page on the server to redirect to should the user attempt to log out.

+ specifies the URL of a page on the server to redirect to should the user attempt to log + out. The value is parsed using the ap_expr parser before + being sent to the client.

When a URI is accessed that is served by the handler form-logout-handler, the page specified by this directive will be shown to the end user. For example:

diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c index 9cdaed0fbfb..5f60c88c4e6 100644 --- a/modules/aaa/mod_auth_form.c +++ b/modules/aaa/mod_auth_form.c @@ -30,6 +30,7 @@ #include "http_request.h" #include "ap_provider.h" #include "util_md5.h" +#include "ap_expr.h" #include "mod_auth.h" #include "mod_session.h" @@ -73,11 +74,11 @@ typedef struct { int body_set; int disable_no_store; int disable_no_store_set; - const char *loginsuccess; + ap_expr_info_t *loginsuccess; int loginsuccess_set; - const char *loginrequired; + ap_expr_info_t *loginrequired; int loginrequired_set; - const char *logout; + ap_expr_info_t *logout; int logout_set; } auth_form_config_rec; @@ -289,24 +290,51 @@ static const char *set_cookie_form_size(cmd_parms * cmd, void *config, static const char *set_login_required_location(cmd_parms * cmd, void *config, const char *loginrequired) { auth_form_config_rec *conf = (auth_form_config_rec *) config; - conf->loginrequired = loginrequired; + const char *err; + + conf->loginrequired = ap_expr_parse_cmd(cmd, loginrequired, AP_EXPR_FLAG_STRING_RESULT, + &err, NULL); + if (err) { + return apr_psprintf(cmd->pool, + "Could not parse login required expression '%s': %s", + loginrequired, err); + } conf->loginrequired_set = 1; + return NULL; } static const char *set_login_success_location(cmd_parms * cmd, void *config, const char *loginsuccess) { auth_form_config_rec *conf = (auth_form_config_rec *) config; - conf->loginsuccess = loginsuccess; + const char *err; + + conf->loginsuccess = ap_expr_parse_cmd(cmd, loginsuccess, AP_EXPR_FLAG_STRING_RESULT, + &err, NULL); + if (err) { + return apr_psprintf(cmd->pool, + "Could not parse login success expression '%s': %s", + loginsuccess, err); + } conf->loginsuccess_set = 1; + return NULL; } static const char *set_logout_location(cmd_parms * cmd, void *config, const char *logout) { auth_form_config_rec *conf = (auth_form_config_rec *) config; - conf->logout = logout; + const char *err; + + conf->logout = ap_expr_parse_cmd(cmd, logout, AP_EXPR_FLAG_STRING_RESULT, + &err, NULL); + if (err) { + return apr_psprintf(cmd->pool, + "Could not parse logout required expression '%s': %s", + logout, err); + } conf->logout_set = 1; + return NULL; } @@ -851,6 +879,7 @@ static int authenticate_form_authn(request_rec * r) const char *sent_user = NULL, *sent_pw = NULL, *sent_hash = NULL; const char *sent_loc = NULL, *sent_method = "GET", *sent_mimetype = NULL; const char *current_auth = NULL; + const char *err; apr_status_t res; int rv = HTTP_UNAUTHORIZED; @@ -1001,7 +1030,15 @@ static int authenticate_form_authn(request_rec * r) return HTTP_MOVED_TEMPORARILY; } if (conf->loginsuccess) { - apr_table_set(r->headers_out, "Location", conf->loginsuccess); + const char *loginsuccess = ap_expr_str_exec(r, + conf->loginsuccess, &err); + if (!err) { + apr_table_set(r->headers_out, "Location", loginsuccess); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02339) + "Can't evaluate login success expression: %s", err); + } return HTTP_MOVED_TEMPORARILY; } } @@ -1014,7 +1051,15 @@ static int authenticate_form_authn(request_rec * r) * instead? */ if (HTTP_UNAUTHORIZED == rv && conf->loginrequired) { - apr_table_set(r->headers_out, "Location", conf->loginrequired); + const char *loginrequired = ap_expr_str_exec(r, + conf->loginrequired, &err); + if (!err) { + apr_table_set(r->headers_out, "Location", loginrequired); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02340) + "Can't evaluate login required expression: %s", err); + } return HTTP_MOVED_TEMPORARILY; } @@ -1059,6 +1104,7 @@ static int authenticate_form_authn(request_rec * r) static int authenticate_form_login_handler(request_rec * r) { auth_form_config_rec *conf; + const char *err; const char *sent_user = NULL, *sent_pw = NULL, *sent_loc = NULL; int rv; @@ -1089,7 +1135,15 @@ static int authenticate_form_login_handler(request_rec * r) return HTTP_MOVED_TEMPORARILY; } if (conf->loginsuccess) { - apr_table_set(r->headers_out, "Location", conf->loginsuccess); + const char *loginsuccess = ap_expr_str_exec(r, + conf->loginsuccess, &err); + if (!err) { + apr_table_set(r->headers_out, "Location", loginsuccess); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02341) + "Can't evaluate login success expression: %s", err); + } return HTTP_MOVED_TEMPORARILY; } return HTTP_OK; @@ -1098,7 +1152,15 @@ static int authenticate_form_login_handler(request_rec * r) /* did we prefer to be redirected to the login page on failure instead? */ if (HTTP_UNAUTHORIZED == rv && conf->loginrequired) { - apr_table_set(r->headers_out, "Location", conf->loginrequired); + const char *loginrequired = ap_expr_str_exec(r, + conf->loginrequired, &err); + if (!err) { + apr_table_set(r->headers_out, "Location", loginrequired); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02342) + "Can't evaluate login required expression: %s", err); + } return HTTP_MOVED_TEMPORARILY; } @@ -1120,6 +1182,7 @@ static int authenticate_form_login_handler(request_rec * r) static int authenticate_form_logout_handler(request_rec * r) { auth_form_config_rec *conf; + const char *err; if (strcmp(r->handler, FORM_LOGOUT_HANDLER)) { return DECLINED; @@ -1139,7 +1202,15 @@ static int authenticate_form_logout_handler(request_rec * r) /* if set, internal redirect to the logout page */ if (conf->logout) { - apr_table_addn(r->headers_out, "Location", conf->logout); + const char *logout = ap_expr_str_exec(r, + conf->logout, &err); + if (!err) { + apr_table_addn(r->headers_out, "Location", logout); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02343) + "Can't evaluate logout expression: %s", err); + } return HTTP_TEMPORARY_REDIRECT; }