Add PSHandlers Directive

matsumotory · Apr 9, 2015 · 9cf14a0 · 9cf14a0
1 parent f65426e
commit 9cf14a0
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -7,7 +7,7 @@
 TARGET=mod_process_security.c
 
 #   the used tools
-APXS=/usr/sbin/apxs
+APXS=apxs
 APACHECTL=/etc/init.d/httpd
 #APXS=/usr/local/apache2.4/bin/apxs
 #APACHECTL=/usr/local/apache2.4/bin/apachectl

diff --git a/README.md b/README.md
@@ -44,6 +44,11 @@ PSExCGI On
 PSExtensions .php .pl .py
 ```
 
+* [Optional] Set Enable Custom Handlers. (unset PSExAll)
+```
+PSHandlers application/x-httpd-php hoge-script
+```
+
 * [Optional] Set Ignore Custom Extensions.
 ```
 # .html and .css were ignored

diff --git a/mod_process_security.c b/mod_process_security.c
@@ -96,6 +96,7 @@ typedef struct {
     uid_t min_uid;
     gid_t min_gid;
     apr_array_header_t *extensions;
+    apr_array_header_t *handlers;
     apr_array_header_t *ignore_extensions;
 
 } process_security_config_t;
@@ -129,6 +130,7 @@ static void *create_config(apr_pool_t *p, server_rec *s)
     conf->all_cgi_enable        = OFF;
     conf->root_enable           = OFF;
     conf->extensions            = apr_array_make(p, PS_MAXEXTENSIONS, sizeof(char *));
+    conf->handlers              = apr_array_make(p, PS_MAXEXTENSIONS, sizeof(char *));
     conf->ignore_extensions     = apr_array_make(p, PS_MAXEXTENSIONS, sizeof(char *));
 
     return conf;
@@ -239,6 +241,20 @@ static const char * set_extensions(cmd_parms *cmd, void *mconfig, const char *ar
 }
 
 
+static const char * set_handlers(cmd_parms *cmd, void *mconfig, const char *arg)
+{
+    process_security_config_t *conf = ap_get_module_config (cmd->server->module_config, &process_security_module);
+    const char *err = ap_check_cmd_context (cmd, NOT_IN_FILES | NOT_IN_LIMIT);
+
+    if (err != NULL)
+        return err;
+
+    *(const char **)apr_array_push(conf->handlers) = arg;
+
+    return NULL;
+}
+
+
 static const char * set_ignore_extensions(cmd_parms *cmd, void *mconfig, const char *arg)
 {
     process_security_config_t *conf = ap_get_module_config (cmd->server->module_config, &process_security_module);
@@ -411,7 +427,7 @@ static void * APR_THREAD_FUNC process_security_thread_handler(apr_thread_t *thre
 static int process_security_handler(request_rec *r)
 {
     int i;
-    const char *extension;
+    const char *extension, *handler;
     apr_threadattr_t *thread_attr;
     apr_thread_t *thread;
     apr_status_t status, thread_status;
@@ -440,6 +456,12 @@ static int process_security_handler(request_rec *r)
             if (name_len >= 0 && strcmp(&r->filename[name_len], extension) == 0)
                 enable = ON;
         }
+        // check handler
+        for (i = 0; i < conf->handlers->nelts; i++) {
+            handler = ((char **)conf->handlers->elts)[i];
+            if (strcmp(r->handler, handler) == 0)
+                enable = ON;
+        }
     }
 
     if (conf->all_cgi_enable && strcmp(r->handler, "cgi-script") == 0)
@@ -497,6 +519,7 @@ static const command_rec process_security_cmds[] = {
     AP_INIT_TAKE2("PSMinUidGid", set_minuidgid, NULL, RSRC_CONF, "Minimal uid and gid."),
     AP_INIT_TAKE2("PSDefaultUidGid", set_defuidgid, NULL, RSRC_CONF, "Default uid and gid."),
     AP_INIT_ITERATE("PSExtensions", set_extensions, NULL, ACCESS_CONF | RSRC_CONF, "Set Enable Extensions."),
+    AP_INIT_ITERATE("PSHandlers", set_handlers, NULL, ACCESS_CONF | RSRC_CONF, "Set Enable handlers."),
     AP_INIT_ITERATE("PSIgnoreExtensions", set_ignore_extensions, NULL, ACCESS_CONF | RSRC_CONF, "Set Ignore Extensions."),
     {NULL}
 };