| 161 | } |
| 162 | |
| 163 | static authz_status host_check_authorization(request_rec *r, |
| 164 | const char *require_line, |
| 165 | const void *parsed_require_line) |
| 166 | { |
| 167 | const char *t, *w; |
| 168 | const char *remotehost = NULL; |
| 169 | int remotehost_is_ip; |
| 170 | |
| 171 | remotehost = ap_get_useragent_host(r, REMOTE_DOUBLE_REV, &remotehost_is_ip); |
| 172 | |
| 173 | if ((remotehost == NULL) || remotehost_is_ip) { |
| 174 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01753) |
| 175 | "access check of '%s' to %s failed, reason: unable to get the " |
| 176 | "remote host name", require_line, r->uri); |
| 177 | } |
| 178 | else { |
| 179 | const char *err = NULL; |
| 180 | const ap_expr_info_t *expr = parsed_require_line; |
| 181 | const char *require; |
| 182 | |
| 183 | require = ap_expr_str_exec(r, expr, &err); |
| 184 | if (err) { |
| 185 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02593) |
| 186 | "authz_host authorize: require host: Can't " |
| 187 | "evaluate require expression: %s", err); |
| 188 | return AUTHZ_DENIED; |
| 189 | } |
| 190 | |
| 191 | /* The 'host' provider will allow the configuration to specify a list of |
| 192 | host names to check rather than a single name. This is different |
| 193 | from the previous host based syntax. */ |
| 194 | t = require; |
| 195 | |
| 196 | /* '#' is not a valid hostname character and admin could |
| 197 | * specify 'Require host localhost# Add example.com later'. We |
| 198 | * should not grant access to 'example.com' in that case. */ |
| 199 | w = ap_strchr_c(t, '#'); |
| 200 | if (w) { |
| 201 | if (w == t) { |
| 202 | ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10120) |
| 203 | "authz_host authorize: dubious empty " |
| 204 | "'Require host %s' with only comment", t); |
| 205 | return AUTHZ_DENIED; |
| 206 | } |
| 207 | |
| 208 | ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10121) |
| 209 | "authz_host authorize: ignoring comment in " |
| 210 | "'Require host %s'", t); |
| 211 | |
| 212 | /* Truncate the string at the #. */ |
| 213 | t = apr_pstrmemdup(r->pool, t, w - t); |
| 214 | } |
| 215 | |
| 216 | while ((w = ap_getword_conf(r->pool, &t)) && w[0]) { |
| 217 | if (in_domain(w, remotehost)) { |
| 218 | return AUTHZ_GRANTED; |
| 219 | } |
| 220 | } |
nothing calls this directly
no test coverage detected