NotificationsYou must be signed in to change notification settings
Fork0
Star0

Commit59fc243

Felipe Zimmerle

committed

Adds the `crypto' option to SecRemoteRules directive

Originally the SecRemoteRules fetch the rules from an remote server in anspecific format, using cryptography. This patch adds the possibility toload rules in plain/text format.

1 parentc54bb74 commit59fc243Copy full SHA for 59fc243

File tree

3 files changed

+47

-13

lines changed

apache2

3 files changed

+47

-13

lines changed

`‎apache2/apache2_config.c‎`

Lines changed: 27 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -2240,18 +2240,37 @@ static const char cmd_remote_rules_fail(cmd_parms cmd, void *_dcfg, const char`
`2240`	`2240`	`}`
`2241`	`2241`
`2242`	`2242`	`staticconstcharcmd_remote_rules(cmd_parmscmd,void_dcfg,constcharp1,`
`2243`		`-constchar*p2)`
	`2243`	`+constcharp2,constcharp3)`
`2244`	`2244`	`{`
`2245`	`2245`	`char*error_msg=NULL;`
`2246`	`2246`	`directory_configdcfg= (directory_config)_dcfg;`
	`2247`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
	`2248`	`+intcrypto=0;`
	`2249`	`+constchar*uri=p2;`
	`2250`	`+constchar*key=p1;`
	`2251`	`+#endif`
	`2252`	`+`
`2247`	`2253`	`if (dcfg==NULL)returnNULL;`
`2248`	`2254`
`2249`	`2255`	`#ifdefWITH_REMOTE_RULES_SUPPORT`
	`2256`	`+if (strncasecmp(p1,"crypto",6)==0)`
	`2257`	`+ {`
	`2258`	`+uri=p3;`
	`2259`	`+key=p2;`
	`2260`	`+crypto=1;`
	`2261`	`+ }`
	`2262`	`+`
	`2263`	`+if (uri==NULL\|\|key==NULL)`
	`2264`	`+ {`
	`2265`	`+returnapr_psprintf(cmd->pool,"ModSecurity: Use SecRemoteRule with " \`
	`2266`	`+"Key and URI");`
	`2267`	`+ }`
	`2268`	`+`
`2250`	`2269`	`// FIXME: make it https only.`
`2251`	`2270`	`// if (strncasecmp(p1, "https", 5) != 0) {`
`2252`		`-if (strncasecmp(p2,"http",4)!=0) {`
`2253`		`-returnapr_psprintf(cmd->pool,"ModSecurity: Invalidvalue for" \`
`2254`		`-" %s, expected an HTTPS address.",p2);`
	`2271`	`+if (strncasecmp(uri,"http",4)!=0) {`
	`2272`	`+returnapr_psprintf(cmd->pool,"ModSecurity: InvalidURI:" \`
	`2273`	`+" %s, expected an HTTPS address.",uri);`
`2255`	`2274`	`}`
`2256`	`2275`
`2257`	`2276`	`// FIXME: Should we handle more then one server at once?`
`@@ -2270,9 +2289,10 @@ static const char cmd_remote_rules(cmd_parms cmd, void _dcfg, const char p1,`
`2270`	`2289`
`2271`	`2290`	`remote_rules_server->context=dcfg;`
`2272`	`2291`	`remote_rules_server->context_label=apr_pstrdup(cmd->pool,"Unkwon context");`
`2273`		`-remote_rules_server->key=p1;`
`2274`		`-remote_rules_server->uri=p2;`
	`2292`	`+remote_rules_server->key=key;`
	`2293`	`+remote_rules_server->uri=uri;`
`2275`	`2294`	`remote_rules_server->amount_of_rules=0;`
	`2295`	`+remote_rules_server->crypto=crypto;`
`2276`	`2296`
`2277`	`2297`	`msc_remote_add_rules_from_uri(cmd,remote_rules_server,&error_msg);`
`2278`	`2298`	`if (error_msg!=NULL)`
`@@ -3575,7 +3595,7 @@ const command_rec module_directives[] = {`
`3575`	`3595`	`"On or Off"`
`3576`	`3596`	`),`
`3577`	`3597`
`3578`		`-AP_INIT_TAKE2 (`
	`3598`	`+AP_INIT_TAKE23 (`
`3579`	`3599`	`"SecRemoteRules",`
`3580`	`3600`	`cmd_remote_rules,`
`3581`	`3601`	`NULL,`

`‎apache2/msc_remote_rules.c‎`

Lines changed: 19 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -607,17 +607,25 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,`
`607`	`607`	`returnres;`
`608`	`608`	`}`
`609`	`609`
`610`		`-msc_remote_decrypt(mp,remote_rules_server->key,&chunk_encrypted,`
	`610`	`+if (remote_rules_server->crypto==1)`
	`611`	`+ {`
	`612`	`+msc_remote_decrypt(mp,remote_rules_server->key,&chunk_encrypted,`
`611`	`613`	`&plain_text,`
`612`	`614`	`&plain_text_len,`
`613`	`615`	`error_msg);`
`614`		`-if (*error_msg!=NULL)`
	`616`	`+if (*error_msg!=NULL)`
	`617`	`+ {`
	`618`	`+return-1;`
	`619`	`+ }`
	`620`	`+`
	`621`	`+msc_remote_clean_chunk(&chunk_encrypted);`
	`622`	`+ }`
	`623`	`+else`
`615`	`624`	`{`
`616`		`-return-1;`
	`625`	`+plain_text=chunk_encrypted.memory;`
	`626`	`+plain_text_len=strlen(plain_text);`
`617`	`627`	`}`
`618`	`628`
`619`		`-msc_remote_clean_chunk(&chunk_encrypted);`
`620`		`-`
`621`	`629`	`len=0;`
`622`	`630`	`plain_text_len=strlen(plain_text);`
`623`	`631`	`while (len<plain_text_len)`
`@@ -679,7 +687,7 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,`
`679`	`687`	`}`
`680`	`688`	`__except(EXCEPTION_EXECUTE_HANDLER)`
`681`	`689`	`{`
`682`		`-error_msg="Command failed to execute (check file/folder" \`
	`690`	`+*error_msg="Command failed to execute (check file/folder" \`
`683`	`691`	`"permissions, syntax, etc.).";`
`684`	`692`	`return-1;`
`685`	`693`	`}`
`@@ -692,6 +700,11 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,`
`692`	`700`	`}`
`693`	`701`
`694`	`702`	`remote_rules_server->amount_of_rules=added_rules;`
	`703`	`+`
	`704`	`+if (remote_rules_server->crypto==1)`
	`705`	`+ {`
	`706`	`+msc_remote_clean_chunk(&chunk_encrypted);`
	`707`	`+ }`
`695`	`708`	`}`
`696`	`709`
`697`	`710`

`‎apache2/msc_remote_rules.h‎`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ struct msc_remote_rules_server {`
`45`	`45`	`constchar*uri;`
`46`	`46`	`constchar*key;`
`47`	`47`	`intamount_of_rules;`
	`48`	`+intcrypto;`
`48`	`49`	`};`
`49`	`50`
`50`	`51`	`constcharmsc_remote_invoke_cmd(constcommand_reccmd,cmd_parms*parms,`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit59fc243

File tree

3 files changed

3 files changed

`‎apache2/apache2_config.c‎`

`‎apache2/msc_remote_rules.c‎`

`‎apache2/msc_remote_rules.h‎`

0 commit comments