[Fedora-directory-commits] mod_admserv mod_admserv.c,1.19,1.20
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Fri Feb 24 16:19:31 UTC 2006
Author: rmeggins
Update of /cvs/dirsec/mod_admserv
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19903
Modified Files:
mod_admserv.c
Log Message:
Bug(s) fixed: 182556
Bug Description: Cannot assign multiple domains to nsAdminAccessHosts
Reviewed by: Nathan (Thanks!)
Fix Description: The adminserver console uses a pattern like
(pat1|pat2|...|patN) to encode the host and IP address access allowed
lists. apr_fnmatch is not smart enough to grok this pattern, so we have
to have mod_admserv pre-digest it. The strdup is because strtok
modifies it's argument. apr_strdup allocates memory out of a per
request pool, and automatically frees it at the end of the request, so
we don't have to free it here.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Index: mod_admserv.c
===================================================================
RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- mod_admserv.c 18 Jan 2006 02:26:25 -0000 1.19
+++ mod_admserv.c 24 Feb 2006 16:19:23 -0000 1.20
@@ -1822,8 +1822,29 @@
return 1;
}
-/* Check if the caller hostname or ip address is disallowed */
+/* pattern is (pat1|pat2|...|patN) where patN is a simple apr_fnmatch pattern
+ if we get a match, just return immediately with success, otherwise, loop
+ through all the patterns and return a failure code if no match
+*/
+static apr_status_t
+admserv_match_list(char *patterns, const char *string, int flags)
+{
+ apr_status_t rc = APR_SUCCESS;
+ char *last = NULL;
+ char *pattern = apr_strtok(patterns, "()|", &last);
+
+ while (pattern) {
+ rc = apr_fnmatch(pattern, string, flags);
+ if (rc == APR_SUCCESS) {
+ return rc;
+ }
+ pattern = apr_strtok(NULL, "()|", &last);
+ }
+ return rc;
+}
+
+/* Check if the caller hostname or ip address is disallowed */
static int
admserv_host_ip_check(request_rec *r)
{
@@ -1845,7 +1866,7 @@
const char *maxdns = ap_get_remote_host(r->connection, r->per_dir_config,
REMOTE_HOST, NULL);
if (maxdns) {
- apr_status_t rc = apr_fnmatch(accessHosts, maxdns, matchflags);
+ apr_status_t rc = admserv_match_list(apr_pstrdup(r->pool, accessHosts), maxdns, matchflags);
if (rc != APR_SUCCESS) {
} else {
return DECLINED;
@@ -1858,13 +1879,15 @@
char buf[PR_NETDB_BUF_SIZE];
PRHostEnt hEntry;
if (PR_SUCCESS == PR_GetHostByAddr(&addr, buf, sizeof(buf), &hEntry)) {
- if (APR_SUCCESS != apr_fnmatch(accessHosts, hEntry.h_name, matchflags)) {
+ if (APR_SUCCESS != admserv_match_list(apr_pstrdup(r->pool, accessHosts),
+ hEntry.h_name, matchflags)) {
char ** x;
ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
"admserv_host_ip_check: host [%s] did not match pattern [%s] -"
"will scan aliases", hEntry.h_name, accessHosts);
for (x = hEntry.h_aliases; x && *x; x++) {
- if (APR_SUCCESS != apr_fnmatch(accessHosts, *x, matchflags)) {
+ if (APR_SUCCESS != admserv_match_list(apr_pstrdup(r->pool, accessHosts),
+ *x, matchflags)) {
ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
"admserv_host_ip_check: host alias [%s] did not match pattern [%s]",
*x, accessHosts);
@@ -1889,7 +1912,7 @@
if (accessAddresses && *accessAddresses) {
int matchflags = APR_FNM_PERIOD;
- apr_status_t rc = apr_fnmatch(accessAddresses, clientIP, matchflags);
+ apr_status_t rc = admserv_match_list(apr_pstrdup(r->pool, accessAddresses), clientIP, matchflags);
if (rc == APR_SUCCESS) {
} else {
return DECLINED;
More information about the Fedora-directory-commits
mailing list