microsoft
/
ModSecurity
зеркало из https://github.com/microsoft/ModSecurity.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Change names of HMAC feature to HASH

This commit is contained in:
Breno Silva 2012-10-30 18:02:22 -04:00
Родитель af22ddf87e
Коммит 53d422e9de
7 изменённых файлов: 162 добавлений и 160 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
CHANGES
Просмотреть файл

@ -1,6 +1,8 @@
29 Oct 2012 - 2.7.1
-------------------
* Changed "Encryption" name of directives and options related to hmac feature to "Hash".
* Added a better random bytes generator using apr_generate_random_bytes() to create
the HMAC key.

116
apache2/apache2_config.c
Просмотреть файл

@ -67,7 +67,7 @@ void *create_directory_config(apr_pool_t *mp, char *path)
dcfg->rule_inheritance = NOT_SET;
dcfg->rule_exceptions = apr_array_make(mp, 16, sizeof(rule_exception *));
dcfg->encryption_method = apr_array_make(mp, 16, sizeof(encryption_method *));
dcfg->hash_method = apr_array_make(mp, 16, sizeof(hash_method *));
/* audit log variables */
dcfg->auditlog_flag = NOT_SET;
@ -139,8 +139,8 @@ void *create_directory_config(apr_pool_t *mp, char *path)
dcfg->crypto_key_len = NOT_SET;
dcfg->crypto_key_add = NOT_SET;
dcfg->crypto_param_name = NOT_SET_P;
dcfg->encryption_is_enabled = NOT_SET;
dcfg->encryption_enforcement = NOT_SET;
dcfg->hash_is_enabled = NOT_SET;
dcfg->hash_enforcement = NOT_SET;
dcfg->crypto_hash_href_rx = NOT_SET;
dcfg->crypto_hash_faction_rx = NOT_SET;
dcfg->crypto_hash_location_rx = NOT_SET;
@ -446,8 +446,8 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
merged->rule_exceptions = apr_array_append(mp, parent->rule_exceptions,
child->rule_exceptions);
merged->encryption_method = apr_array_append(mp, parent->encryption_method,
child->encryption_method);
merged->hash_method = apr_array_append(mp, parent->hash_method,
child->hash_method);
/* audit log variables */
merged->auditlog_flag = (child->auditlog_flag == NOT_SET
@ -552,7 +552,7 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
merged->col_timeout = (child->col_timeout == NOT_SET
? parent->col_timeout : child->col_timeout);
/* Encryption */
/* Hash */
merged->crypto_key = (child->crypto_key == NOT_SET_P
? parent->crypto_key : child->crypto_key);
merged->crypto_key_len = (child->crypto_key_len == NOT_SET
@ -561,10 +561,10 @@ void *merge_directory_configs(apr_pool_t *mp, void *_parent, void *_child)
? parent->crypto_key_add : child->crypto_key_add);
merged->crypto_param_name = (child->crypto_param_name == NOT_SET_P
? parent->crypto_param_name : child->crypto_param_name);
merged->encryption_is_enabled = (child->encryption_is_enabled == NOT_SET
? parent->encryption_is_enabled : child->encryption_is_enabled);
merged->encryption_enforcement = (child->encryption_enforcement == NOT_SET
? parent->encryption_enforcement : child->encryption_enforcement);
merged->hash_is_enabled = (child->hash_is_enabled == NOT_SET
? parent->hash_is_enabled : child->hash_is_enabled);
merged->hash_enforcement = (child->hash_enforcement == NOT_SET
? parent->hash_enforcement : child->hash_enforcement);
merged->crypto_hash_href_rx = (child->crypto_hash_href_rx == NOT_SET
? parent->crypto_hash_href_rx : child->crypto_hash_href_rx);
merged->crypto_hash_faction_rx = (child->crypto_hash_faction_rx == NOT_SET
@ -687,13 +687,13 @@ void init_directory_config(directory_config *dcfg)
if (dcfg->col_timeout == NOT_SET) dcfg->col_timeout = 3600;
/* Encryption */
/* Hash */
if (dcfg->crypto_key == NOT_SET_P) dcfg->crypto_key = getkey(dcfg->mp);
if (dcfg->crypto_key_len == NOT_SET) dcfg->crypto_key_len = strlen(dcfg->crypto_key);
if (dcfg->crypto_key_add == NOT_SET) dcfg->crypto_key_add = ENCRYPTION_KEYONLY;
if (dcfg->crypto_key_add == NOT_SET) dcfg->crypto_key_add = HASH_KEYONLY;
if (dcfg->crypto_param_name == NOT_SET_P) dcfg->crypto_param_name = "crypt";
if (dcfg->encryption_is_enabled == NOT_SET) dcfg->encryption_is_enabled = ENCRYPTION_DISABLED;
if (dcfg->encryption_enforcement == NOT_SET) dcfg->encryption_enforcement = ENCRYPTION_DISABLED;
if (dcfg->hash_is_enabled == NOT_SET) dcfg->hash_is_enabled = HASH_DISABLED;
if (dcfg->hash_enforcement == NOT_SET) dcfg->hash_enforcement = HASH_DISABLED;
if (dcfg->crypto_hash_href_rx == NOT_SET) dcfg->crypto_hash_href_rx = 0;
if (dcfg->crypto_hash_faction_rx == NOT_SET) dcfg->crypto_hash_faction_rx = 0;
if (dcfg->crypto_hash_location_rx == NOT_SET) dcfg->crypto_hash_location_rx = 0;
@ -2255,7 +2255,7 @@ static const char *cmd_sensor_id(cmd_parms *cmd, void *_dcfg, const char *p1)
/**
* \brief Add SecEncryption configuration option
* \brief Add SecHash configuration option
*
* \param cmd Pointer to configuration data
* \param _dcfg Pointer to directory configuration
@ -2264,18 +2264,18 @@ static const char *cmd_sensor_id(cmd_parms *cmd, void *_dcfg, const char *p1)
* \retval NULL On failure
* \retval apr_psprintf On Success
*/
static const char *cmd_encryption_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
static const char *cmd_hash_engine(cmd_parms *cmd, void *_dcfg, const char *p1)
{
directory_config *dcfg = (directory_config *)_dcfg;
if (dcfg == NULL) return NULL;
if (strcasecmp(p1, "on") == 0) {
dcfg->encryption_is_enabled = ENCRYPTION_ENABLED;
dcfg->encryption_enforcement = ENCRYPTION_ENABLED;
dcfg->hash_is_enabled = HASH_ENABLED;
dcfg->hash_enforcement = HASH_ENABLED;
}
else if (strcasecmp(p1, "off") == 0) {
dcfg->encryption_is_enabled = ENCRYPTION_DISABLED;
dcfg->encryption_enforcement = ENCRYPTION_DISABLED;
dcfg->hash_is_enabled = HASH_DISABLED;
dcfg->hash_enforcement = HASH_DISABLED;
}
else return apr_psprintf(cmd->pool, "ModSecurity: Invalid value for SecRuleEngine: %s", p1);
@ -2283,7 +2283,7 @@ static const char *cmd_encryption_engine(cmd_parms *cmd, void *_dcfg, const char
}
/**
* \brief Add SecEncryptionPram configuration option
* \brief Add SecHashPram configuration option
*
* \param cmd Pointer to configuration data
* \param _dcfg Pointer to directory configuration
@ -2291,7 +2291,7 @@ static const char *cmd_encryption_engine(cmd_parms *cmd, void *_dcfg, const char
*
* \retval NULL On success
*/
static const char *cmd_encryption_param(cmd_parms *cmd, void *_dcfg, const char *p1)
static const char *cmd_hash_param(cmd_parms *cmd, void *_dcfg, const char *p1)
{
directory_config *dcfg = (directory_config *)_dcfg;
@ -2304,7 +2304,7 @@ static const char *cmd_encryption_param(cmd_parms *cmd, void *_dcfg, const char
}
/**
* \brief Add SecEncryptionKey configuration option
* \brief Add SecHashKey configuration option
*
* \param cmd Pointer to configuration data
* \param _dcfg Pointer to directory configuration
@ -2313,7 +2313,7 @@ static const char *cmd_encryption_param(cmd_parms *cmd, void *_dcfg, const char
*
* \retval NULL On success
*/
static const char *cmd_encryption_key(cmd_parms *cmd, void *_dcfg, const char *_p1, const char *_p2)
static const char *cmd_hash_key(cmd_parms *cmd, void *_dcfg, const char *_p1, const char *_p2)
{
directory_config *dcfg = (directory_config *)_dcfg;
char *p1 = NULL;
@ -2335,17 +2335,17 @@ static const char *cmd_encryption_key(cmd_parms *cmd, void *_dcfg, const char *_
return NULL;
} else {
if (strcasecmp(_p2, "KeyOnly") == 0)
dcfg->crypto_key_add = ENCRYPTION_KEYONLY;
dcfg->crypto_key_add = HASH_KEYONLY;
else if (strcasecmp(_p2, "SessionID") == 0)
dcfg->crypto_key_add = ENCRYPTION_SESSIONID;
dcfg->crypto_key_add = HASH_SESSIONID;
else if (strcasecmp(_p2, "RemoteIP") == 0)
dcfg->crypto_key_add = ENCRYPTION_REMOTEIP;
dcfg->crypto_key_add = HASH_REMOTEIP;
}
return NULL;
}
/**
* \brief Add SecEncryptionMethodPm configuration option
* \brief Add SecHashMethodPm configuration option
*
* \param cmd Pointer to configuration data
* \param _dcfg Pointer to directory configuration
@ -2355,11 +2355,11 @@ static const char *cmd_encryption_key(cmd_parms *cmd, void *_dcfg, const char *_
* \retval NULL On failure
* \retval apr_psprintf On Success
*/
static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
static const char *cmd_hash_method_pm(cmd_parms *cmd, void *_dcfg,
const char *p1, const char *p2)
{
directory_config *dcfg = (directory_config *)_dcfg;
rule_exception *re = apr_pcalloc(cmd->pool, sizeof(encryption_method));
rule_exception *re = apr_pcalloc(cmd->pool, sizeof(hash_method));
const char *_p2 = apr_pstrdup(cmd->pool, p2);
ACMP *p = NULL;
const char *phrase = NULL;
@ -2385,7 +2385,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
acmp_prepare(p);
if (strcasecmp(p1, "HashHref") == 0) {
re->type = ENCRYPTION_URL_HREF_HASH_PM;
re->type = HASH_URL_HREF_HASH_PM;
re->param = _p2;
re->param_data = (void *)p;
if (re->param_data == NULL) {
@ -2394,7 +2394,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_href_pm = 1;
}
else if (strcasecmp(p1, "HashFormAction") == 0) {
re->type = ENCRYPTION_URL_FACTION_HASH_PM;
re->type = HASH_URL_FACTION_HASH_PM;
re->param = _p2;
re->param_data = (void *)p;
if (re->param_data == NULL) {
@ -2403,7 +2403,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_faction_pm = 1;
}
else if (strcasecmp(p1, "HashLocation") == 0) {
re->type = ENCRYPTION_URL_LOCATION_HASH_PM;
re->type = HASH_URL_LOCATION_HASH_PM;
re->param = _p2;
re->param_data = (void *)p;
if (re->param_data == NULL) {
@ -2412,7 +2412,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_location_pm = 1;
}
else if (strcasecmp(p1, "HashIframeSrc") == 0) {
re->type = ENCRYPTION_URL_IFRAMESRC_HASH_PM;
re->type = HASH_URL_IFRAMESRC_HASH_PM;
re->param = _p2;
re->param_data = (void *)p;
if (re->param_data == NULL) {
@ -2421,7 +2421,7 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_iframesrc_pm = 1;
}
else if (strcasecmp(p1, "HashFrameSrc") == 0) {
re->type = ENCRYPTION_URL_FRAMESRC_HASH_PM;
re->type = HASH_URL_FRAMESRC_HASH_PM;
re->param = _p2;
re->param_data = (void *)p;
if (re->param_data == NULL) {
@ -2430,13 +2430,13 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_framesrc_pm = 1;
}
*(encryption_method **)apr_array_push(dcfg->encryption_method) = re;
*(hash_method **)apr_array_push(dcfg->hash_method) = re;
return NULL;
}
/**
* \brief Add SecEncryptionMethodRx configuration option
* \brief Add SecHashMethodRx configuration option
*
* \param cmd Pointer to configuration data
* \param _dcfg Pointer to directory configuration
@ -2446,16 +2446,16 @@ static const char *cmd_encryption_method_pm(cmd_parms *cmd, void *_dcfg,
* \retval NULL On failure
* \retval apr_psprintf On Success
*/
static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg,
static const char *cmd_hash_method_rx(cmd_parms *cmd, void *_dcfg,
const char *p1, const char *p2)
{
directory_config *dcfg = (directory_config *)_dcfg;
rule_exception *re = apr_pcalloc(cmd->pool, sizeof(encryption_method));
rule_exception *re = apr_pcalloc(cmd->pool, sizeof(hash_method));
const char *_p2 = apr_pstrdup(cmd->pool, p2);
if (dcfg == NULL) return NULL;
if (strcasecmp(p1, "HashHref") == 0) {
re->type = ENCRYPTION_URL_HREF_HASH_RX;
re->type = HASH_URL_HREF_HASH_RX;
re->param = _p2;
re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
if (re->param_data == NULL) {
@ -2464,7 +2464,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_href_rx = 1;
}
else if (strcasecmp(p1, "HashFormAction") == 0) {
re->type = ENCRYPTION_URL_FACTION_HASH_RX;
re->type = HASH_URL_FACTION_HASH_RX;
re->param = _p2;
re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
if (re->param_data == NULL) {
@ -2473,7 +2473,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_faction_rx = 1;
}
else if (strcasecmp(p1, "HashLocation") == 0) {
re->type = ENCRYPTION_URL_LOCATION_HASH_RX;
re->type = HASH_URL_LOCATION_HASH_RX;
re->param = _p2;
re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
if (re->param_data == NULL) {
@ -2482,7 +2482,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_location_rx = 1;
}
else if (strcasecmp(p1, "HashIframeSrc") == 0) {
re->type = ENCRYPTION_URL_IFRAMESRC_HASH_RX;
re->type = HASH_URL_IFRAMESRC_HASH_RX;
re->param = _p2;
re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
if (re->param_data == NULL) {
@ -2491,7 +2491,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_iframesrc_rx = 1;
}
else if (strcasecmp(p1, "HashFrameSrc") == 0) {
re->type = ENCRYPTION_URL_FRAMESRC_HASH_RX;
re->type = HASH_URL_FRAMESRC_HASH_RX;
re->param = _p2;
re->param_data = msc_pregcomp(cmd->pool, p2, 0, NULL, NULL);
if (re->param_data == NULL) {
@ -2500,7 +2500,7 @@ static const char *cmd_encryption_method_rx(cmd_parms *cmd, void *_dcfg,
dcfg->crypto_hash_framesrc_rx = 1;
}
*(encryption_method **)apr_array_push(dcfg->encryption_method) = re;
*(hash_method **)apr_array_push(dcfg->hash_method) = re;
return NULL;
}
@ -3203,19 +3203,19 @@ const command_rec module_directives[] = {
),
AP_INIT_TAKE2 (
"SecEncryptionMethodPm",
cmd_encryption_method_pm,
"SecHashMethodPm",
cmd_hash_method_pm,
NULL,
CMD_SCOPE_ANY,
"Encryption method and pattern"
"Hash method and pattern"
),
AP_INIT_TAKE2 (
"SecEncryptionMethodRx",
cmd_encryption_method_rx,
"SecHashMethodRx",
cmd_hash_method_rx,
NULL,
CMD_SCOPE_ANY,
"Encryption method and regex"
"Hash method and regex"
),
AP_INIT_TAKE2 (
@ -3324,27 +3324,27 @@ const command_rec module_directives[] = {
),
AP_INIT_TAKE1 (
"SecEncryptionEngine",
cmd_encryption_engine,
"SecHashEngine",
cmd_hash_engine,
NULL,
CMD_SCOPE_ANY,
"On or Off"
),
AP_INIT_TAKE2 (
"SecEncryptionKey",
cmd_encryption_key,
"SecHashKey",
cmd_hash_key,
NULL,
CMD_SCOPE_ANY,
"Set Encrytion key"
),
AP_INIT_TAKE1 (
"SecEncryptionParam",
cmd_encryption_param,
"SecHashParam",
cmd_hash_param,
NULL,
CMD_SCOPE_ANY,
"Set Encryption parameter"
"Set Hash parameter"
),
{ NULL }

6
apache2/apache2_io.c
Просмотреть файл

@ -577,7 +577,7 @@ static int flatten_response_body(modsec_rec *msr) {
msr->resbody_data[msr->resbody_length] = '\0';
msr->resbody_status = RESBODY_STATUS_READ;
if (msr->txcfg->stream_outbody_inspection && msr->txcfg->encryption_is_enabled == ENCRYPTION_DISABLED) {
if (msr->txcfg->stream_outbody_inspection && msr->txcfg->hash_is_enabled == HASH_DISABLED) {
msr->stream_output_length = msr->resbody_length;
@ -590,7 +590,7 @@ static int flatten_response_body(modsec_rec *msr) {
memset(msr->stream_output_data, 0, msr->stream_output_length+1);
strncpy(msr->stream_output_data, msr->resbody_data, msr->stream_output_length);
msr->stream_output_data[msr->stream_output_length] = '\0';
} else if (msr->txcfg->stream_outbody_inspection && msr->txcfg->encryption_is_enabled == ENCRYPTION_ENABLED) {
} else if (msr->txcfg->stream_outbody_inspection && msr->txcfg->hash_is_enabled == HASH_ENABLED) {
int retval = 0;
apr_time_t time1 = apr_time_now();
@ -601,7 +601,7 @@ static int flatten_response_body(modsec_rec *msr) {
if(retval > 0) {
retval = inject_encrypted_response_body(msr, retval);
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Encryption completed in %" APR_TIME_T_FMT " usec.", (apr_time_now() - time1));
msr_log(msr, 4, "Hash completed in %" APR_TIME_T_FMT " usec.", (apr_time_now() - time1));
}
}

40
apache2/modsecurity.h
Просмотреть файл

@ -23,7 +23,7 @@
#include <libxml/HTMLparser.h>
typedef struct rule_exception rule_exception;
typedef struct rule_exception encryption_method;
typedef struct rule_exception hash_method;
typedef struct modsec_rec modsec_rec;
typedef struct directory_config directory_config;
typedef struct error_message_t error_message_t;
@ -182,23 +182,23 @@ extern DSOLOCAL int *unicode_map_table;
#define MODSEC_DETECTION_ONLY 1
#define MODSEC_ENABLED 2
#define ENCRYPTION_DISABLED 0
#define ENCRYPTION_ENABLED 1
#define HASH_DISABLED 0
#define HASH_ENABLED 1
#define ENCRYPTION_URL_HREF_HASH_RX 0
#define ENCRYPTION_URL_HREF_HASH_PM 1
#define ENCRYPTION_URL_FACTION_HASH_RX 2
#define ENCRYPTION_URL_FACTION_HASH_PM 3
#define ENCRYPTION_URL_LOCATION_HASH_RX 4
#define ENCRYPTION_URL_LOCATION_HASH_PM 5
#define ENCRYPTION_URL_IFRAMESRC_HASH_RX 6
#define ENCRYPTION_URL_IFRAMESRC_HASH_PM 7
#define ENCRYPTION_URL_FRAMESRC_HASH_RX 8
#define ENCRYPTION_URL_FRAMESRC_HASH_PM 9
#define HASH_URL_HREF_HASH_RX 0
#define HASH_URL_HREF_HASH_PM 1
#define HASH_URL_FACTION_HASH_RX 2
#define HASH_URL_FACTION_HASH_PM 3
#define HASH_URL_LOCATION_HASH_RX 4
#define HASH_URL_LOCATION_HASH_PM 5
#define HASH_URL_IFRAMESRC_HASH_RX 6
#define HASH_URL_IFRAMESRC_HASH_PM 7
#define HASH_URL_FRAMESRC_HASH_RX 8
#define HASH_URL_FRAMESRC_HASH_PM 9
#define ENCRYPTION_KEYONLY 0
#define ENCRYPTION_SESSIONID 1
#define ENCRYPTION_REMOTEIP 2
#define HASH_KEYONLY 0
#define HASH_SESSIONID 1
#define HASH_REMOTEIP 2
#define MODSEC_CACHE_DISABLED 0
#define MODSEC_CACHE_ENABLED 1
@ -571,13 +571,13 @@ struct directory_config {
/* Collection timeout */
int col_timeout;
/* Encryption */
apr_array_header_t *encryption_method;
/* Hash */
apr_array_header_t *hash_method;
const char *crypto_key;
int crypto_key_len;
const char *crypto_param_name;
int encryption_is_enabled;
int encryption_enforcement;
int hash_is_enabled;
int hash_enforcement;
int crypto_key_add;
int crypto_hash_href_rx;
int crypto_hash_faction_rx;

100
apache2/msc_crypt.c
Просмотреть файл

@ -304,18 +304,18 @@ int init_response_body_html_parser(modsec_rec *msr) {
}
/**
* \brief Execute all encryption methods
* \brief Execute all hash methods
*
* \param msr ModSecurity transaction resource
* \param link The html attr value to be checked
* \param type The encryption method type
* \param type The hash method type
*
* \retval 1 Match
* \retval 0 No Match
* \retval -1 on fail
*/
int do_encryption_method(modsec_rec *msr, char *link, int type) {
encryption_method **em = NULL;
int do_hash_method(modsec_rec *msr, char *link, int type) {
hash_method **em = NULL;
int i = 0;
char *error_msg = NULL;
char *my_error_msg = NULL;
@ -324,18 +324,18 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
if(msr == NULL) return -1;
em = (encryption_method **)msr->txcfg->encryption_method->elts;
em = (hash_method **)msr->txcfg->hash_method->elts;
if(msr->txcfg->encryption_method->nelts == 0)
if(msr->txcfg->hash_method->nelts == 0)
return 1;
for (i = 0; i < msr->txcfg->encryption_method->nelts; i++) {
for (i = 0; i < msr->txcfg->hash_method->nelts; i++) {
if(em[i] != NULL && em[i]->param_data != NULL){
switch(type) {
case ENCRYPTION_URL_HREF_HASH_PM:
if(em[i]->type == ENCRYPTION_URL_HREF_HASH_PM) {
case HASH_URL_HREF_HASH_PM:
if(em[i]->type == HASH_URL_HREF_HASH_PM) {
const char *match = NULL;
apr_status_t rc = 0;
ACMPT pt;
@ -352,8 +352,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_HREF_HASH_RX:
if(em[i]->type == ENCRYPTION_URL_HREF_HASH_RX) {
case HASH_URL_HREF_HASH_RX:
if(em[i]->type == HASH_URL_HREF_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@ -389,8 +389,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_FACTION_HASH_PM:
if(em[i]->type == ENCRYPTION_URL_FACTION_HASH_PM) {
case HASH_URL_FACTION_HASH_PM:
if(em[i]->type == HASH_URL_FACTION_HASH_PM) {
const char *match = NULL;
apr_status_t rc = 0;
ACMPT pt;
@ -407,8 +407,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_FACTION_HASH_RX:
if(em[i]->type == ENCRYPTION_URL_FACTION_HASH_RX) {
case HASH_URL_FACTION_HASH_RX:
if(em[i]->type == HASH_URL_FACTION_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@ -444,8 +444,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_LOCATION_HASH_PM:
if(em[i]->type == ENCRYPTION_URL_LOCATION_HASH_PM) {
case HASH_URL_LOCATION_HASH_PM:
if(em[i]->type == HASH_URL_LOCATION_HASH_PM) {
const char *match = NULL;
apr_status_t rc = 0;
ACMPT pt;
@ -462,8 +462,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_LOCATION_HASH_RX:
if(em[i]->type == ENCRYPTION_URL_LOCATION_HASH_RX) {
case HASH_URL_LOCATION_HASH_RX:
if(em[i]->type == HASH_URL_LOCATION_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@ -499,8 +499,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_IFRAMESRC_HASH_PM:
if(em[i]->type == ENCRYPTION_URL_IFRAMESRC_HASH_PM) {
case HASH_URL_IFRAMESRC_HASH_PM:
if(em[i]->type == HASH_URL_IFRAMESRC_HASH_PM) {
const char *match = NULL;
apr_status_t rc = 0;
ACMPT pt;
@ -517,8 +517,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_IFRAMESRC_HASH_RX:
if(em[i]->type == ENCRYPTION_URL_IFRAMESRC_HASH_RX) {
case HASH_URL_IFRAMESRC_HASH_RX:
if(em[i]->type == HASH_URL_IFRAMESRC_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@ -554,8 +554,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_FRAMESRC_HASH_PM:
if(em[i]->type == ENCRYPTION_URL_FRAMESRC_HASH_PM) {
case HASH_URL_FRAMESRC_HASH_PM:
if(em[i]->type == HASH_URL_FRAMESRC_HASH_PM) {
const char *match = NULL;
apr_status_t rc = 0;
ACMPT pt;
@ -572,8 +572,8 @@ int do_encryption_method(modsec_rec *msr, char *link, int type) {
}
}
break;
case ENCRYPTION_URL_FRAMESRC_HASH_RX:
if(em[i]->type == ENCRYPTION_URL_FRAMESRC_HASH_RX) {
case HASH_URL_FRAMESRC_HASH_RX:
if(em[i]->type == HASH_URL_FRAMESRC_HASH_RX) {
rc = msc_regexec_capture(em[i]->param_data, link, strlen(link), ovector, 30, &my_error_msg);
if ((rc == PCRE_ERROR_MATCHLIMIT) || (rc == PCRE_ERROR_RECURSIONLIMIT)) {
msc_string *s = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
@ -679,7 +679,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
if(content_href != NULL && strstr(content_href,msr->txcfg->crypto_param_name) == NULL) {
if(msr->txcfg->crypto_hash_href_rx == 1) {
rc = do_encryption_method(msr, (char *)content_href, ENCRYPTION_URL_HREF_HASH_RX);
rc = do_hash_method(msr, (char *)content_href, HASH_URL_HREF_HASH_RX);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_href, FULL_LINK);
@ -695,7 +695,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
}
}
if(msr->txcfg->crypto_hash_href_pm == 1) {
rc = do_encryption_method(msr, (char *)content_href, ENCRYPTION_URL_HREF_HASH_PM);
rc = do_hash_method(msr, (char *)content_href, HASH_URL_HREF_HASH_PM);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_href, FULL_LINK);
@ -750,7 +750,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
if(content_action != NULL && content_option == NULL && strstr(content_action,msr->txcfg->crypto_param_name) == NULL) {
if(msr->txcfg->crypto_hash_faction_rx == 1) {
rc = do_encryption_method(msr, (char *)content_action, ENCRYPTION_URL_FACTION_HASH_RX);
rc = do_hash_method(msr, (char *)content_action, HASH_URL_FACTION_HASH_RX);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_action, FULL_LINK);
@ -766,7 +766,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
}
}
if(msr->txcfg->crypto_hash_faction_pm == 1) {
rc = do_encryption_method(msr, (char *)content_action, ENCRYPTION_URL_FACTION_HASH_PM);
rc = do_hash_method(msr, (char *)content_action, HASH_URL_FACTION_HASH_PM);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_action, FULL_LINK);
@ -820,7 +820,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
if(content_src != NULL && strstr(content_src,msr->txcfg->crypto_param_name) == NULL) {
if(msr->txcfg->crypto_hash_iframesrc_rx == 1) {
rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_IFRAMESRC_HASH_RX);
rc = do_hash_method(msr, (char *)content_src, HASH_URL_IFRAMESRC_HASH_RX);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK);
@ -836,7 +836,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
}
}
if(msr->txcfg->crypto_hash_iframesrc_pm == 1) {
rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_IFRAMESRC_HASH_PM);
rc = do_hash_method(msr, (char *)content_src, HASH_URL_IFRAMESRC_HASH_PM);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK);
@ -885,7 +885,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
if(content_src != NULL && strstr(content_src,msr->txcfg->crypto_param_name) == NULL) {
if(msr->txcfg->crypto_hash_framesrc_rx == 1) {
rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_FRAMESRC_HASH_RX);
rc = do_hash_method(msr, (char *)content_src, HASH_URL_FRAMESRC_HASH_RX);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK);
@ -901,7 +901,7 @@ int encrypt_response_body_links(modsec_rec *msr) {
}
}
if(msr->txcfg->crypto_hash_framesrc_pm == 1) {
rc = do_encryption_method(msr, (char *)content_src, ENCRYPTION_URL_FRAMESRC_HASH_PM);
rc = do_hash_method(msr, (char *)content_src, HASH_URL_FRAMESRC_HASH_PM);
if(rc > 0) {
mac_link = NULL;
mac_link = do_hash_link(msr, (char *)content_src, FULL_LINK);
@ -1192,7 +1192,7 @@ int inject_encrypted_response_body(modsec_rec *msr, int elts) {
*
* \param msr ModSecurity transaction resource
* \param link The html attr value to be checked
* \param type The encryption method type
* \param type The hash method type
*
* \retval mac_link MACed link
* \retval NULL on fail
@ -1211,10 +1211,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
if (msr->txcfg->debuglog_level >= 4)
msr_log(msr, 4, "Signing data [%s]", path_chunk+1);
if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY)
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) path_chunk+1, strlen((char*)path_chunk)-1);
if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) {
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
@ -1234,7 +1234,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
}
}
if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) {
if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@ -1253,10 +1253,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
if (msr->txcfg->debuglog_level >= 4)
msr_log(msr, 4, "Signing data [%s]", path_chunk+1);
if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY)
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) path_chunk+1, strlen((char*)path_chunk)-1);
if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) {
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
@ -1276,7 +1276,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
}
}
if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) {
if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@ -1293,10 +1293,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
if (msr->txcfg->debuglog_level >= 4)
msr_log(msr, 4, "Signing data [%s]", link+1);
if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY)
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) link+1, strlen((char*)link)-1);
if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) {
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
@ -1316,7 +1316,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
}
}
if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) {
if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@ -1346,10 +1346,10 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
if (msr->txcfg->debuglog_level >= 4)
msr_log(msr, 4, "Signing data [%s] size %d", relative_link, strlen(relative_link));
if(msr->txcfg->crypto_key_add == ENCRYPTION_KEYONLY)
if(msr->txcfg->crypto_key_add == HASH_KEYONLY)
hash_value = hmac(msr, msr->txcfg->crypto_key, msr->txcfg->crypto_key_len, (unsigned char *) relative_link, strlen((char*)relative_link));
if(msr->txcfg->crypto_key_add == ENCRYPTION_SESSIONID) {
if(msr->txcfg->crypto_key_add == HASH_SESSIONID) {
if(strlen(msr->sessionid) == 0) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
@ -1369,7 +1369,7 @@ char *do_hash_link(modsec_rec *msr, char *link, int type) {
}
}
if(msr->txcfg->crypto_key_add == ENCRYPTION_REMOTEIP) {
if(msr->txcfg->crypto_key_add == HASH_REMOTEIP) {
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
const char *new_pwd = apr_psprintf(msr->mp,"%s%s", msr->txcfg->crypto_key, msr->r->connection->client_ip);
#else
@ -1430,7 +1430,7 @@ int modify_response_header(modsec_rec *msr) {
msr_log(msr, 4, "Processing reponse header location [%s]", location);
if(msr->txcfg->crypto_hash_location_rx == 1) {
rc = do_encryption_method(msr, (char *)location, ENCRYPTION_URL_LOCATION_HASH_RX);
rc = do_hash_method(msr, (char *)location, HASH_URL_LOCATION_HASH_RX);
if(rc > 0) {
mac_link = NULL;
@ -1440,7 +1440,7 @@ int modify_response_header(modsec_rec *msr) {
}
} else if(msr->txcfg->crypto_hash_location_pm == 1) {
rc = do_encryption_method(msr, (char *)location, ENCRYPTION_URL_LOCATION_HASH_PM);
rc = do_hash_method(msr, (char *)location, HASH_URL_LOCATION_HASH_PM);
if(rc > 0) {
mac_link = NULL;

32
apache2/re_actions.c
Просмотреть файл

@ -921,15 +921,15 @@ static char *msre_action_ctl_validate(msre_engine *engine, msre_action *action)
}
return NULL;
} else
if (strcasecmp(name, "EncryptionEnforcement") == 0) {
if (strcasecmp(name, "HashEnforcement") == 0) {
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name EncryptionEnforcement: %s", value);
return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEnforcement: %s", value);
} else
if (strcasecmp(name, "EncryptionEngine") == 0) {
if (strcasecmp(name, "HashEngine") == 0) {
if (strcasecmp(value, "on") == 0) return NULL;
if (strcasecmp(value, "off") == 0) return NULL;
return apr_psprintf(engine->mp, "Invalid setting for ctl name EncryptionEngine: %s", value);
return apr_psprintf(engine->mp, "Invalid setting for ctl name HashEngine: %s", value);
} else {
return apr_psprintf(engine->mp, "Invalid ctl name setting: %s", name);
}
@ -979,31 +979,31 @@ static apr_status_t msre_action_ctl_execute(modsec_rec *msr, apr_pool_t *mptmp,
return 1;
} else
if (strcasecmp(name, "EncryptionEnforcement") == 0) {
if (strcasecmp(name, "HashEnforcement") == 0) {
if (strcasecmp(value, "on") == 0) {
msr->txcfg->encryption_enforcement = ENCRYPTION_ENABLED;
msr->usercfg->encryption_enforcement = ENCRYPTION_ENABLED;
msr->txcfg->hash_enforcement = HASH_ENABLED;
msr->usercfg->hash_enforcement = HASH_ENABLED;
}
if (strcasecmp(value, "off") == 0) {
msr->txcfg->encryption_enforcement = ENCRYPTION_DISABLED;
msr->usercfg->encryption_enforcement = ENCRYPTION_DISABLED;
msr->txcfg->hash_enforcement = HASH_DISABLED;
msr->usercfg->hash_enforcement = HASH_DISABLED;
}
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: Set EncryptionEnforcement to %s.", value);
msr_log(msr, 4, "Ctl: Set HashEnforcement to %s.", value);
}
return 1;
} else
if (strcasecmp(name, "EncryptionEngine") == 0) {
if (strcasecmp(name, "HashEngine") == 0) {
if (strcasecmp(value, "on") == 0) {
msr->txcfg->encryption_is_enabled = ENCRYPTION_ENABLED;
msr->usercfg->encryption_is_enabled = ENCRYPTION_ENABLED;
msr->txcfg->hash_is_enabled = HASH_ENABLED;
msr->usercfg->hash_is_enabled = HASH_ENABLED;
}
if (strcasecmp(value, "off") == 0) {
msr->txcfg->encryption_is_enabled = ENCRYPTION_DISABLED;
msr->usercfg->encryption_is_enabled = ENCRYPTION_DISABLED;
msr->txcfg->hash_is_enabled = HASH_DISABLED;
msr->usercfg->hash_is_enabled = HASH_DISABLED;
}
if (msr->txcfg->debuglog_level >= 4) {
msr_log(msr, 4, "Ctl: Set EncryptionEngine to %s.", value);
msr_log(msr, 4, "Ctl: Set HashEngine to %s.", value);
}
return 1;
} else

26
apache2/re_operators.c
Просмотреть файл

@ -721,7 +721,7 @@ nextround:
#endif /* MSC_TEST */
/**
* \brief Init function to validateEncryption
* \brief Init function to validateHash
*
* \param rule ModSecurity rule struct
* \param error_msg Error message
@ -729,7 +729,7 @@ nextround:
* \retval 1 On success
* \retval 0 On fail
*/
static int msre_op_validateEncryption_param_init(msre_rule *rule, char **error_msg) {
static int msre_op_validateHash_param_init(msre_rule *rule, char **error_msg) {
const char *errptr = NULL;
int erroffset;
msc_regex_t *regex;
@ -778,7 +778,7 @@ static int msre_op_validateEncryption_param_init(msre_rule *rule, char **error_m
}
/**
* \brief Execute function to validateEncryption
* \brief Execute function to validateHash
*
* \param msr ModSecurity transaction resource
* \param rule ModSecurity rule struct
@ -788,7 +788,7 @@ static int msre_op_validateEncryption_param_init(msre_rule *rule, char **error_m
* \retval 1 On success
* \retval 0 On fail
*/
static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
static int msre_op_validateHash_execute(modsec_rec *msr, msre_rule *rule, msre_var *var, char **error_msg) {
msc_regex_t *regex = (msc_regex_t *)rule->op_param_data;
msc_string *re_pattern = (msc_string *)apr_pcalloc(msr->mp, sizeof(msc_string));
const char *target;
@ -809,7 +809,7 @@ static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule,
if (error_msg == NULL) return -1;
*error_msg = NULL;
if (msr->txcfg->encryption_enforcement == ENCRYPTION_DISABLED || msr->txcfg->encryption_is_enabled == ENCRYPTION_DISABLED)
if (msr->txcfg->hash_enforcement == HASH_DISABLED || msr->txcfg->hash_is_enabled == HASH_DISABLED)
return 0;
if (regex == NULL) {
@ -926,13 +926,13 @@ static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule,
if(valid == NULL) {
if (msr->txcfg->debuglog_level >= 9)
msr_log(msr, 9, "Request URI without encryption parameter [%s]", target);
msr_log(msr, 9, "Request URI without hash parameter [%s]", target);
if (strlen(pattern) > 252) {
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. No Encryption parameter",
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. No Hash parameter",
pattern, var->name);
} else {
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. No Encryption parameter",
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. No Hash parameter",
pattern, var->name);
}
return 1;
@ -952,10 +952,10 @@ static int msre_op_validateEncryption_execute(modsec_rec *msr, msre_rule *rule,
if(strcmp(hmac, hash_link) != 0) {
if (strlen(pattern) > 252) {
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. Encryption parameter hash value = [%s] Requested URI hash value = [%s]",
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%.252s ...\" at %s. Hash parameter hash value = [%s] Requested URI hash value = [%s]",
pattern, var->name, hmac, hash_link);
} else {
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. Encryption parameter hash value = [%s] Requested URI hash value = [%s]",
*error_msg = apr_psprintf(msr->mp, "Request URI matched \"%s\" at %s. Hash parameter hash value = [%s] Requested URI hash value = [%s]",
pattern, var->name, hmac, hash_link);
}
return 1;
@ -4434,9 +4434,9 @@ void msre_engine_register_default_operators(msre_engine *engine) {
/* validateEncyption */
msre_engine_op_register(engine,
"validateEncryption",
msre_op_validateEncryption_param_init,
msre_op_validateEncryption_execute
"validateHash",
msre_op_validateHash_param_init,
msre_op_validateHash_execute
);
/* pm */