| /* Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /* |
| * Security options etc. |
| * |
| * Module derived from code originally written by Rob McCool |
| * |
| */ |
| |
| #include "apr_strings.h" |
| #include "apr_network_io.h" |
| #include "apr_md5.h" |
| |
| #define APR_WANT_STRFUNC |
| #define APR_WANT_BYTEFUNC |
| #include "apr_want.h" |
| |
| #include "ap_config.h" |
| #include "httpd.h" |
| #include "http_core.h" |
| #include "http_config.h" |
| #include "http_log.h" |
| #include "http_protocol.h" |
| #include "http_request.h" |
| |
| #include "mod_auth.h" |
| |
| #if APR_HAVE_NETINET_IN_H |
| #include <netinet/in.h> |
| #endif |
| |
| enum allowdeny_type { |
| T_ENV, |
| T_NENV, |
| T_ALL, |
| T_IP, |
| T_HOST, |
| T_FAIL |
| }; |
| |
| typedef struct { |
| apr_int64_t limited; |
| union { |
| char *from; |
| apr_ipsubnet_t *ip; |
| } x; |
| enum allowdeny_type type; |
| } allowdeny; |
| |
| /* things in the 'order' array */ |
| #define DENY_THEN_ALLOW 0 |
| #define ALLOW_THEN_DENY 1 |
| #define MUTUAL_FAILURE 2 |
| |
| typedef struct { |
| int order[METHODS]; |
| apr_array_header_t *allows; |
| apr_array_header_t *denys; |
| int *satisfy; /* for every method one */ |
| } access_compat_dir_conf; |
| |
| module AP_MODULE_DECLARE_DATA access_compat_module; |
| |
| static void *create_access_compat_dir_config(apr_pool_t *p, char *dummy) |
| { |
| int i; |
| access_compat_dir_conf *conf = |
| (access_compat_dir_conf *)apr_pcalloc(p, sizeof(access_compat_dir_conf)); |
| |
| for (i = 0; i < METHODS; ++i) { |
| conf->order[i] = DENY_THEN_ALLOW; |
| } |
| conf->allows = apr_array_make(p, 1, sizeof(allowdeny)); |
| conf->denys = apr_array_make(p, 1, sizeof(allowdeny)); |
| conf->satisfy = apr_palloc(p, sizeof(*conf->satisfy) * METHODS); |
| for (i = 0; i < METHODS; ++i) { |
| conf->satisfy[i] = SATISFY_NOSPEC; |
| } |
| |
| return (void *)conf; |
| } |
| |
| static const char *order(cmd_parms *cmd, void *dv, const char *arg) |
| { |
| access_compat_dir_conf *d = (access_compat_dir_conf *) dv; |
| int i, o; |
| |
| if (!strcasecmp(arg, "allow,deny")) |
| o = ALLOW_THEN_DENY; |
| else if (!strcasecmp(arg, "deny,allow")) |
| o = DENY_THEN_ALLOW; |
| else if (!strcasecmp(arg, "mutual-failure")) |
| o = MUTUAL_FAILURE; |
| else |
| return "unknown order"; |
| |
| for (i = 0; i < METHODS; ++i) |
| if (cmd->limited & (AP_METHOD_BIT << i)) |
| d->order[i] = o; |
| |
| return NULL; |
| } |
| |
| static const char *satisfy(cmd_parms *cmd, void *dv, const char *arg) |
| { |
| access_compat_dir_conf *d = (access_compat_dir_conf *) dv; |
| int satisfy = SATISFY_NOSPEC; |
| int i; |
| |
| if (!strcasecmp(arg, "all")) { |
| satisfy = SATISFY_ALL; |
| } |
| else if (!strcasecmp(arg, "any")) { |
| satisfy = SATISFY_ANY; |
| } |
| else { |
| return "Satisfy either 'any' or 'all'."; |
| } |
| |
| for (i = 0; i < METHODS; ++i) { |
| if (cmd->limited & (AP_METHOD_BIT << i)) { |
| d->satisfy[i] = satisfy; |
| } |
| } |
| |
| return NULL; |
| } |
| |
| static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from, |
| const char *where_c) |
| { |
| access_compat_dir_conf *d = (access_compat_dir_conf *) dv; |
| allowdeny *a; |
| char *where = apr_pstrdup(cmd->pool, where_c); |
| char *s; |
| apr_status_t rv; |
| |
| if (strcasecmp(from, "from")) |
| return "allow and deny must be followed by 'from'"; |
| |
| a = (allowdeny *) apr_array_push(cmd->info ? d->allows : d->denys); |
| a->x.from = where; |
| a->limited = cmd->limited; |
| |
| if (!strncasecmp(where, "env=!", 5)) { |
| a->type = T_NENV; |
| a->x.from += 5; |
| |
| } |
| else if (!strncasecmp(where, "env=", 4)) { |
| a->type = T_ENV; |
| a->x.from += 4; |
| |
| } |
| else if (!strcasecmp(where, "all")) { |
| a->type = T_ALL; |
| } |
| else if ((s = ap_strchr(where, '/'))) { |
| *s++ = '\0'; |
| rv = apr_ipsubnet_create(&a->x.ip, where, s, cmd->pool); |
| if(APR_STATUS_IS_EINVAL(rv)) { |
| /* looked nothing like an IP address */ |
| return "An IP address was expected"; |
| } |
| else if (rv != APR_SUCCESS) { |
| return apr_psprintf(cmd->pool, "%pm", &rv); |
| } |
| a->type = T_IP; |
| } |
| else if (!APR_STATUS_IS_EINVAL(rv = apr_ipsubnet_create(&a->x.ip, where, |
| NULL, cmd->pool))) { |
| if (rv != APR_SUCCESS) |
| return apr_psprintf(cmd->pool, "%pm", &rv); |
| a->type = T_IP; |
| } |
| else if (ap_strchr(where, '#')) { |
| return "No comments are allowed here"; |
| } |
| else { /* no slash, didn't look like an IP address => must be a host */ |
| a->type = T_HOST; |
| } |
| |
| return NULL; |
| } |
| |
| static char its_an_allow; |
| |
| static const command_rec access_compat_cmds[] = |
| { |
| AP_INIT_TAKE1("order", order, NULL, OR_LIMIT, |
| "'allow,deny', 'deny,allow', or 'mutual-failure'"), |
| AP_INIT_ITERATE2("allow", allow_cmd, &its_an_allow, OR_LIMIT, |
| "'from' followed by hostnames or IP-address wildcards"), |
| AP_INIT_ITERATE2("deny", allow_cmd, NULL, OR_LIMIT, |
| "'from' followed by hostnames or IP-address wildcards"), |
| AP_INIT_TAKE1("Satisfy", satisfy, NULL, OR_AUTHCFG, |
| "access policy if both allow and require used ('all' or 'any')"), |
| {NULL} |
| }; |
| |
| static int in_domain(const char *domain, const char *what) |
| { |
| int dl = strlen(domain); |
| int wl = strlen(what); |
| |
| if ((wl - dl) >= 0) { |
| if (strcasecmp(domain, &what[wl - dl]) != 0) { |
| return 0; |
| } |
| |
| /* Make sure we matched an *entire* subdomain --- if the user |
| * said 'allow from good.com', we don't want people from nogood.com |
| * to be able to get in. |
| */ |
| |
| if (wl == dl) { |
| return 1; /* matched whole thing */ |
| } |
| else { |
| return (domain[0] == '.' || what[wl - dl - 1] == '.'); |
| } |
| } |
| else { |
| return 0; |
| } |
| } |
| |
| static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method) |
| { |
| |
| allowdeny *ap = (allowdeny *) a->elts; |
| apr_int64_t mmask = (AP_METHOD_BIT << method); |
| int i; |
| int gothost = 0; |
| const char *remotehost = NULL; |
| |
| for (i = 0; i < a->nelts; ++i) { |
| if (!(mmask & ap[i].limited)) { |
| continue; |
| } |
| |
| switch (ap[i].type) { |
| case T_ENV: |
| if (apr_table_get(r->subprocess_env, ap[i].x.from)) { |
| return 1; |
| } |
| break; |
| |
| case T_NENV: |
| if (!apr_table_get(r->subprocess_env, ap[i].x.from)) { |
| return 1; |
| } |
| break; |
| |
| case T_ALL: |
| return 1; |
| |
| case T_IP: |
| if (apr_ipsubnet_test(ap[i].x.ip, r->useragent_addr)) { |
| return 1; |
| } |
| break; |
| |
| case T_HOST: |
| if (!gothost) { |
| int remotehost_is_ip; |
| |
| remotehost = ap_get_useragent_host(r, REMOTE_DOUBLE_REV, |
| &remotehost_is_ip); |
| |
| if ((remotehost == NULL) || remotehost_is_ip) { |
| gothost = 1; |
| } |
| else { |
| gothost = 2; |
| } |
| } |
| |
| if ((gothost == 2) && in_domain(ap[i].x.from, remotehost)) { |
| return 1; |
| } |
| break; |
| |
| case T_FAIL: |
| /* do nothing? */ |
| break; |
| } |
| } |
| |
| return 0; |
| } |
| |
| static int access_compat_ap_satisfies(request_rec *r) |
| { |
| access_compat_dir_conf *conf = (access_compat_dir_conf *) |
| ap_get_module_config(r->per_dir_config, &access_compat_module); |
| |
| return conf->satisfy[r->method_number]; |
| } |
| |
| static int check_dir_access(request_rec *r) |
| { |
| int method = r->method_number; |
| int ret = OK; |
| access_compat_dir_conf *a = (access_compat_dir_conf *) |
| ap_get_module_config(r->per_dir_config, &access_compat_module); |
| |
| if (a->order[method] == ALLOW_THEN_DENY) { |
| ret = HTTP_FORBIDDEN; |
| if (find_allowdeny(r, a->allows, method)) { |
| ret = OK; |
| } |
| if (find_allowdeny(r, a->denys, method)) { |
| ret = HTTP_FORBIDDEN; |
| } |
| } |
| else if (a->order[method] == DENY_THEN_ALLOW) { |
| if (find_allowdeny(r, a->denys, method)) { |
| ret = HTTP_FORBIDDEN; |
| } |
| if (find_allowdeny(r, a->allows, method)) { |
| ret = OK; |
| } |
| } |
| else { |
| if (find_allowdeny(r, a->allows, method) |
| && !find_allowdeny(r, a->denys, method)) { |
| ret = OK; |
| } |
| else { |
| ret = HTTP_FORBIDDEN; |
| } |
| } |
| |
| if (ret == HTTP_FORBIDDEN) { |
| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01797) |
| "client denied by server configuration: %s%s", |
| r->filename ? "" : "uri ", |
| r->filename ? r->filename : r->uri); |
| } |
| |
| return ret; |
| } |
| |
| static void register_hooks(apr_pool_t *p) |
| { |
| APR_REGISTER_OPTIONAL_FN(access_compat_ap_satisfies); |
| |
| /* This can be access checker since we don't require r->user to be set. */ |
| ap_hook_check_access(check_dir_access, NULL, NULL, APR_HOOK_MIDDLE, |
| AP_AUTH_INTERNAL_PER_CONF); |
| } |
| |
| AP_DECLARE_MODULE(access_compat) = |
| { |
| STANDARD20_MODULE_STUFF, |
| create_access_compat_dir_config, /* dir config creater */ |
| NULL, /* dir merger --- default is to override */ |
| NULL, /* server config */ |
| NULL, /* merge server config */ |
| access_compat_cmds, |
| register_hooks /* register hooks */ |
| }; |