The patch below tells the caller of ap_get_remote_host() when an IP
address string is returned.
(I guess I should just commit it, but it seems a little ugly to me
since most code doesn't care. Any better ideas?)
mod_access needs to know whether or not the returned string is an IP
address. Currently, it runs through the string and as long as it
consists of digits and dots then it is an IP address. This isn't cool
with IPv6. Also, why parse it again if ap_get_remote_host() already
knows?)
I'm working on a security fix for mod_access (the existing IPv4
controls can break when Apache has an IPv6 socket) as well as adding
IPv6 controls. Resolving this is one of the steps along the way.
Index: include/http_core.h
===================================================================
RCS file: /home/cvspublic/httpd-2.0/include/http_core.h,v
retrieving revision 1.41
diff -u -r1.41 http_core.h
--- include/http_core.h 2001/02/22 08:42:09 1.41
+++ include/http_core.h 2001/03/09 16:35:31
@@ -184,10 +184,11 @@
* setting. The result is the (double reverse checked)
* hostname, or NULL if any of the lookups fail.
* </PRE>
+ * @param str_is_ip non-zero on output if an IP address string was returned
* @return The remote hostname
- * @deffunc const char *ap_get_remote_host(conn_rec *conn, void *dir_config, int type)
+ * @deffunc const char *ap_get_remote_host(conn_rec *conn, void *dir_config, int
+type, int *str_is_ip)
*/
-AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int
type);
+AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int
+type, int *str_is_ip);
/**
* Retrieve the login name of the remote user. Undef if it could not be
Index: modules/aaa/mod_access.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/aaa/mod_access.c,v
retrieving revision 1.29
diff -u -r1.29 mod_access.c
--- modules/aaa/mod_access.c 2001/02/16 04:26:34 1.29
+++ modules/aaa/mod_access.c 2001/03/09 16:35:31
@@ -341,10 +341,12 @@
case T_HOST:
if (!gothost) {
+ int remotehost_is_ip;
+
remotehost = ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_DOUBLE_REV);
+ REMOTE_DOUBLE_REV, &remotehost_is_ip);
- if ((remotehost == NULL) || is_ip(remotehost))
+ if ((remotehost == NULL) || remotehost_is_ip)
gothost = 1;
else
gothost = 2;
Index: modules/loggers/mod_log_config.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/loggers/mod_log_config.c,v
retrieving revision 1.51
diff -u -r1.51 mod_log_config.c
--- modules/loggers/mod_log_config.c 2001/02/22 04:05:58 1.51
+++ modules/loggers/mod_log_config.c 2001/03/09 16:35:33
@@ -302,8 +302,10 @@
static const char *log_remote_host(request_rec *r, char *a)
{
+ int ignored;
+
return ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_NAME);
+ REMOTE_NAME, &ignored);
}
static const char *log_remote_address(request_rec *r, char *a)
Index: modules/mappers/mod_rewrite.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/mappers/mod_rewrite.c,v
retrieving revision 1.74
diff -u -r1.74 mod_rewrite.c
--- modules/mappers/mod_rewrite.c 2001/03/03 01:46:16 1.74
+++ modules/mappers/mod_rewrite.c 2001/03/09 16:35:38
@@ -3108,6 +3108,7 @@
request_rec *req;
char *ruser;
const char *rhost;
+ int ignored;
va_start(ap, text);
conf = ap_get_module_config(r->server->module_config, &rewrite_module);
@@ -3138,7 +3139,7 @@
}
rhost = ap_get_remote_host(conn, r->server->module_config,
- REMOTE_NOLOOKUP);
+ REMOTE_NOLOOKUP, &ignored);
if (rhost == NULL) {
rhost = "UNKNOWN-HOST";
}
@@ -3373,6 +3374,7 @@
char resultbuf[LONG_STRING_LEN];
apr_exploded_time_t tm;
request_rec *rsub;
+ int ignored;
result = NULL;
@@ -3409,7 +3411,7 @@
}
else if (strcasecmp(var, "REMOTE_HOST") == 0) {
result = (char *)ap_get_remote_host(r->connection,
- r->per_dir_config, REMOTE_NAME);
+ r->per_dir_config, REMOTE_NAME, &ignored);
}
else if (strcasecmp(var, "REMOTE_USER") == 0) {
result = r->user;
Index: modules/metadata/mod_setenvif.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/metadata/mod_setenvif.c,v
retrieving revision 1.26
diff -u -r1.26 mod_setenvif.c
--- modules/metadata/mod_setenvif.c 2001/02/24 01:38:49 1.26
+++ modules/metadata/mod_setenvif.c 2001/03/09 16:35:39
@@ -388,6 +388,7 @@
val = NULL;
for (i = 0; i < sconf->conditionals->nelts; ++i) {
sei_entry *b = &entries[i];
+ int ignored;
/* Optimize the case where a bunch of directives in a row use the
* same header. Remember we don't need to strcmp the two header
@@ -402,7 +403,7 @@
break;
case SPECIAL_REMOTE_HOST:
val = ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_NAME);
+ REMOTE_NAME, &ignored);
break;
case SPECIAL_REMOTE_USER:
val = r->user;
Index: modules/metadata/mod_usertrack.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/metadata/mod_usertrack.c,v
retrieving revision 1.29
diff -u -r1.29 mod_usertrack.c
--- modules/metadata/mod_usertrack.c 2001/02/16 04:26:41 1.29
+++ modules/metadata/mod_usertrack.c 2001/03/09 16:35:39
@@ -137,8 +137,9 @@
/* 1024 == hardcoded constant */
char cookiebuf[1024];
char *new_cookie;
+ int ignored;
const char *rname = ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_NAME);
+ REMOTE_NAME, &ignored);
cookie_dir_rec *dcfg;
dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
Index: server/core.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/core.c,v
retrieving revision 1.1
diff -u -r1.1 core.c
--- server/core.c 2001/03/04 06:27:27 1.1
+++ server/core.c 2001/03/09 16:35:43
@@ -607,10 +607,12 @@
}
AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config,
- int type)
+ int type, int *str_is_ip)
{
int hostname_lookups;
+ *str_is_ip = 0;
+
/* If we haven't checked the host name, and we want to */
if (dir_config) {
hostname_lookups =
@@ -667,6 +669,7 @@
return NULL;
}
else {
+ *str_is_ip = 1;
return conn->remote_ip;
}
}
Index: server/scoreboard.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/scoreboard.c,v
retrieving revision 1.19
diff -u -r1.19 scoreboard.c
--- server/scoreboard.c 2001/03/02 22:46:31 1.19
+++ server/scoreboard.c 2001/03/09 16:35:44
@@ -299,8 +299,11 @@
}
if (r) {
conn_rec *c = r->connection;
+ int ignored;
+
apr_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config,
- REMOTE_NOLOOKUP), sizeof(ss->client));
+ REMOTE_NOLOOKUP, &ignored),
+ sizeof(ss->client));
if (r->the_request == NULL) {
apr_cpystrn(ss->request, "NULL", sizeof(ss->request));
} else if (r->parsed_uri.password == NULL) {
Index: server/util_script.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/util_script.c,v
retrieving revision 1.55
diff -u -r1.55 util_script.c
--- server/util_script.c 2001/02/16 04:26:48 1.55
+++ server/util_script.c 2001/03/09 16:35:45
@@ -163,7 +163,7 @@
const char *host;
apr_array_header_t *hdrs_arr = apr_table_elts(r->headers_in);
apr_table_entry_t *hdrs = (apr_table_entry_t *) hdrs_arr->elts;
- int i;
+ int i, ignored;
apr_port_t rport;
apr_sockaddr_t *remotesa;
@@ -247,7 +247,7 @@
apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
apr_table_addn(e, "SERVER_PORT",
apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
- host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST);
+ host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST, &ignored);
if (host) {
apr_table_addn(e, "REMOTE_HOST", host);
}
--
Jeff Trawick | [EMAIL PROTECTED] | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...
