| 225 | } |
| 226 | |
| 227 | static authz_status |
| 228 | forward_dns_check_authorization(request_rec *r, |
| 229 | const char *require_line, |
| 230 | const void *parsed_require_line) |
| 231 | { |
| 232 | const char *err = NULL; |
| 233 | const ap_expr_info_t *expr = parsed_require_line; |
| 234 | const char *require, *t; |
| 235 | char *w; |
| 236 | |
| 237 | /* the require line is an expression, which is evaluated now. */ |
| 238 | require = ap_expr_str_exec(r, expr, &err); |
| 239 | if (err) { |
| 240 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(03354) |
| 241 | "authz_host authorize: require forward-dns: " |
| 242 | "Can't evaluate require expression: %s", err); |
| 243 | return AUTHZ_DENIED; |
| 244 | } |
| 245 | |
| 246 | /* tokenize expected list of names */ |
| 247 | t = require; |
| 248 | while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { |
| 249 | |
| 250 | apr_sockaddr_t *sa; |
| 251 | apr_status_t rv; |
| 252 | char *hash_ptr; |
| 253 | |
| 254 | /* stop on apache configuration file comments */ |
| 255 | if ((hash_ptr = ap_strchr(w, '#'))) { |
| 256 | if (hash_ptr == w) { |
| 257 | break; |
| 258 | } |
| 259 | *hash_ptr = '\0'; |
| 260 | } |
| 261 | |
| 262 | /* does the client ip match one of the names? */ |
| 263 | rv = apr_sockaddr_info_get(&sa, w, APR_UNSPEC, 0, 0, r->pool); |
| 264 | if (rv == APR_SUCCESS) { |
| 265 | |
| 266 | while (sa) { |
| 267 | int match = apr_sockaddr_equal(sa, r->useragent_addr); |
| 268 | |
| 269 | ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03355) |
| 270 | "access check for %s as '%s': %s", |
| 271 | r->useragent_ip, w, match? "yes": "no"); |
| 272 | if (match) { |
| 273 | return AUTHZ_GRANTED; |
| 274 | } |
| 275 | |
| 276 | sa = sa->next; |
| 277 | } |
| 278 | } |
| 279 | else { |
| 280 | ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(03356) |
| 281 | "No sockaddr info for \"%s\"", w); |
| 282 | } |
| 283 | |
| 284 | /* stop processing, we are in a comment */ |
nothing calls this directly
no test coverage detected