NotificationsYou must be signed in to change notification settings
Fork0
Star0

Commitc54bb74

Felipe Zimmerle

committed

Adds SecRemoteRules as an build option

SecRemoteRules adds a new dependency to libcurl. Before only mlogc wasdepending on libcurl. SecRemoteRules also depends on the apr-tools withcrypto support, which (as reported by our buildbots) is not default insome environments such as: MacOS X. This commit disable SecRemoteRulessupport if apr-tools was not compiled with crypto support.

1 parent38b9924 commitc54bb74Copy full SHA for c54bb74

File tree

5 files changed

+38

-12

lines changed

apache2

5 files changed

+38

-12

lines changed

`‎apache2/apache2_config.c‎`

Lines changed: 10 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2217,7 +2217,7 @@ static const char cmd_remote_rules_fail(cmd_parms cmd, void *_dcfg, const char`
`2217`	`2217`	`{`
`2218`	`2218`	`directory_configdcfg= (directory_config)_dcfg;`
`2219`	`2219`	`if (dcfg==NULL)returnNULL;`
`2220`		`-`
	`2220`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
`2221`	`2221`	`if (strncasecmp(p1,"warn",4)==0)`
`2222`	`2222`	`{`
`2223`	`2223`	`remote_rules_fail_action=REMOTE_RULES_WARN_ON_FAIL;`
`@@ -2231,6 +2231,10 @@ static const char cmd_remote_rules_fail(cmd_parms cmd, void *_dcfg, const char`
`2231`	`2231`	`returnapr_psprintf(cmd->pool,"ModSecurity: Invalid value for " \`
`2232`	`2232`	`"SecRemoteRulesFailAction, expected: Abort or Warn.");`
`2233`	`2233`	`}`
	`2234`	`+#else`
	`2235`	`+returnapr_psprintf(cmd->pool,"ModSecurity: " \`
	`2236`	`+"SecRemoteRules: ModSecurity was not compiled with such functionality.");`
	`2237`	`+#endif`
`2234`	`2238`
`2235`	`2239`	`returnNULL;`
`2236`	`2240`	`}`
`@@ -2242,6 +2246,7 @@ static const char cmd_remote_rules(cmd_parms cmd, void _dcfg, const char p1,`
`2242`	`2246`	`directory_configdcfg= (directory_config)_dcfg;`
`2243`	`2247`	`if (dcfg==NULL)returnNULL;`
`2244`	`2248`
	`2249`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
`2245`	`2250`	`// FIXME: make it https only.`
`2246`	`2251`	`// if (strncasecmp(p1, "https", 5) != 0) {`
`2247`	`2252`	`if (strncasecmp(p2,"http",4)!=0) {`
`@@ -2274,6 +2279,10 @@ static const char cmd_remote_rules(cmd_parms cmd, void _dcfg, const char p1,`
`2274`	`2279`	`{`
`2275`	`2280`	`returnerror_msg;`
`2276`	`2281`	`}`
	`2282`	`+#else`
	`2283`	`+returnapr_psprintf(cmd->pool,"ModSecurity: " \`
	`2284`	`+"SecRemoteRules: ModSecurity was not compiled with such functionality.");`
	`2285`	`+#endif`
`2277`	`2286`
`2278`	`2287`	`returnNULL;`
`2279`	`2288`	`}`

`‎apache2/mod_security2.c‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,8 +68,10 @@ unsigned long int DSOLOCAL msc_pcre_match_limit = 0;`
`68`	`68`
`69`	`69`	`unsigned longintDSOLOCALmsc_pcre_match_limit_recursion=0;`
`70`	`70`
	`71`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
`71`	`72`	`msc_remote_rules_serverDSOLOCAL*remote_rules_server=NULL;`
`72`	`73`	`intDSOLOCALremote_rules_fail_action=REMOTE_RULES_ABORT_ON_FAIL;`
	`74`	`+#endif`
`73`	`75`
`74`	`76`	`intDSOLOCALstatus_engine_state=STATUS_ENGINE_DISABLED;`
`75`	`77`
`@@ -759,6 +761,7 @@ static int hook_post_config(apr_pool_t mp, apr_pool_t mp_log, apr_pool_t *mp_t`
`759`	`761`	`}`
`760`	`762`	`#endif`
`761`	`763`
	`764`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
`762`	`765`	`if (remote_rules_server!=NULL)`
`763`	`766`	`{`
`764`	`767`	`if (remote_rules_server->amount_of_rules==1)`
`@@ -776,6 +779,7 @@ static int hook_post_config(apr_pool_t mp, apr_pool_t mp_log, apr_pool_t *mp_t`
`776`	`779`	`remote_rules_server->uri);`
`777`	`780`	`}`
`778`	`781`	`}`
	`782`	`+#endif`
`779`	`783`	`}`
`780`	`784`
`781`	`785`	`srand((unsignedint)(time(NULL)*getpid()));`

`‎apache2/modsecurity.h‎`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,6 @@ typedef struct msc_arg msc_arg;`
`33`	`33`	`typedefstructmsc_stringmsc_string;`
`34`	`34`	`typedefstructmsc_parmmsc_parm;`
`35`	`35`
`36`		`-#include"msc_remote_rules.h"`
`37`	`36`	`#include"msc_release.h"`
`38`	`37`	`#include"msc_logging.h"`
`39`	`38`	`#include"msc_multipart.h"`
`@@ -47,11 +46,13 @@ typedef struct msc_parm msc_parm;`
`47`	`46`	`#include"msc_unicode.h"`
`48`	`47`	`#include"re.h"`
`49`	`48`	`#include"msc_crypt.h"`
	`49`	`+#include"msc_remote_rules.h"`
`50`	`50`
`51`	`51`	`#include"ap_config.h"`
`52`	`52`	`#include"apr_md5.h"`
`53`	`53`	`#include"apr_strings.h"`
`54`	`54`	`#include"apr_hash.h"`
	`55`	`+#include"apr_crypto.h"`
`55`	`56`	`#include"httpd.h"`
`56`	`57`	`#include"http_config.h"`
`57`	`58`	`#include"http_log.h"`
`@@ -145,8 +146,10 @@ extern DSOLOCAL unsigned long int msc_pcre_match_limit;`
`145`	`146`
`146`	`147`	`externDSOLOCAL unsigned longintmsc_pcre_match_limit_recursion;`
`147`	`148`
	`149`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
`148`	`150`	`externDSOLOCALmsc_remote_rules_server*remote_rules_server;`
`149`	`151`	`externDSOLOCALintremote_rules_fail_action;`
	`152`	`+#endif`
`150`	`153`
`151`	`154`	`externDSOLOCALintstatus_engine_state;`
`152`	`155`

`‎apache2/msc_remote_rules.c‎`

Lines changed: 2 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,9 +26,7 @@`
`26`	`26`	`#defineAP_MAX_ARGC 64`
`27`	`27`	`#endif`
`28`	`28`
`29`		`-#ifndefAPU_HAVE_CRYPTO`
`30`		`-#error Missing apu crypto module`
`31`		`-#endif`
	`29`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
`32`	`30`
`33`	`31`	`/**`
`34`	`32`	`* @brief Insert a new SecRule to be processed by ModSecurity`
`@@ -716,3 +714,4 @@ int msc_remote_clean_chunk(struct msc_curl_memory_buffer_t *chunk)`
`716`	`714`	`return0;`
`717`	`715`	`}`
`718`	`716`
	`717`	`+#endif`

`‎apache2/msc_remote_rules.h‎`

Lines changed: 18 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,22 +12,32 @@`
`12`	`12`	`* directly using the email address security@modsecurity.org.`
`13`	`13`	`*/`
`14`	`14`
	`15`	`+#ifAPU_HAVE_CRYPTO`
	`16`	`+#defineWITH_REMOTE_RULES_SUPPORT`
	`17`	`+#endif`
	`18`	`+`
	`19`	`+#ifdefWITH_REMOTE_RULES_SUPPORT`
	`20`	`+`
`15`	`21`	`#ifndefMSC_REMOTE_RULES_H`
`16`	`22`	`#defineMSC_REMOTE_RULES_H`
`17`	`23`
	`24`	`+/* forward declarations */`
	`25`	`+typedefstructmsc_remote_rules_servermsc_remote_rules_server;`
	`26`	`+structmsc_curl_memory_buffer_t;`
	`27`	`+`
	`28`	`+#include"modsecurity.h"`
	`29`	`+`
`18`	`30`	`#include<apr_general.h>`
`19`	`31`	`#include<apr_optional.h>`
`20`	`32`	`#include<apr_thread_pool.h>`
`21`		`-#include<curl/curl.h>`
`22`		`-`
`23`	`33`	`#include<apr_sha1.h>`
`24`		`-#include<apr_crypto.h>`
	`34`	`+`
`25`	`35`	`#include"http_core.h"`
	`36`	`+#include"http_config.h"`
`26`	`37`
`27`		`-typedefstructmsc_remote_rules_servermsc_remote_rules_server;`
`28`		`-structmsc_curl_memory_buffer_t;`
	`38`	`+#include<curl/curl.h>`
`29`	`39`
`30`		`-#include"modsecurity.h"`
	`40`	`+#include<apr_crypto.h>`
`31`	`41`
`32`	`42`	`structmsc_remote_rules_server {`
`33`	`43`	`directory_config*context;`
`@@ -38,7 +48,7 @@ struct msc_remote_rules_server {`
`38`	`48`	`};`
`39`	`49`
`40`	`50`	`constcharmsc_remote_invoke_cmd(constcommand_reccmd,cmd_parms*parms,`
`41`		`-voidmconfig,constcharargs);`
	`51`	`+voidmconfig,constcharargs);`
`42`	`52`
`43`	`53`	`intmsc_remote_grab_content(apr_pool_tmp,constcharuri,constchar*key,`
`44`	`54`	`structmsc_curl_memory_buffer_tchunk,char*error_msg);`
`@@ -64,4 +74,5 @@ int msc_remote_add_rules_from_uri(cmd_parms *orig_parms,`
`64`	`74`	`intmsc_remote_clean_chunk(structmsc_curl_memory_buffer_t*chunk);`
`65`	`75`
`66`	`76`	`#endif`
	`77`	`+#endif`
`67`	`78`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc54bb74

File tree

5 files changed

5 files changed

`‎apache2/apache2_config.c‎`

`‎apache2/mod_security2.c‎`

`‎apache2/modsecurity.h‎`

`‎apache2/msc_remote_rules.c‎`

`‎apache2/msc_remote_rules.h‎`

0 commit comments