httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.com>
Subject cvs commit: apache/src http_core.h http_core.c http_request.h http_request.c mod_access.c
Date Mon, 18 Nov 1996 19:40:54 GMT
brian       96/11/18 11:40:53

  Modified:    src       http_core.h http_core.c http_request.h
                        http_request.c  mod_access.c
  Log:
  Reviewed by:	Brian Behlendorf, Roy Fielding, Jim Jagielski
  Submitted by:	Lou Langholtz
  
  Added NCSA-compliant "Satisfy" directive for use with access control.
  
  Revision  Changes    Path
  1.16      +5 -0      apache/src/http_core.h
  
  Index: http_core.h
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_core.h,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -C3 -r1.15 -r1.16
  *** http_core.h	1996/11/04 09:43:07	1.15
  --- http_core.h	1996/11/18 19:40:45	1.16
  ***************
  *** 78,83 ****
  --- 78,86 ----
    #define REMOTE_NAME (1)
    #define REMOTE_NOLOOKUP (2)
    
  + #define SATISFY_ALL 0
  + #define SATISFY_ANY 1
  + 
    int allow_options (request_rec *);
    int allow_overrides (request_rec *);
    char *default_type (request_rec *);     
  ***************
  *** 103,108 ****
  --- 106,112 ----
         
    char *auth_type (request_rec *);
    char *auth_name (request_rec *);     
  + int satisfies (request_rec *r);
    array_header *requires (request_rec *);    
    
    #ifdef CORE_PRIVATE
  ***************
  *** 138,143 ****
  --- 142,148 ----
      
        /* Authentication stuff.  Groan... */
        
  +     int satisfy;
        char *auth_type;
        char *auth_name;
        array_header *requires;
  
  
  
  1.49      +23 -1     apache/src/http_core.c
  
  Index: http_core.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_core.c,v
  retrieving revision 1.48
  retrieving revision 1.49
  diff -C3 -r1.48 -r1.49
  *** http_core.c	1996/11/18 03:38:04	1.48
  --- http_core.c	1996/11/18 19:40:46	1.49
  ***************
  *** 92,97 ****
  --- 92,98 ----
    
        conf->hostname_lookups = 2;/* binary, but will use 2 as an "unset = on" */
        conf->do_rfc1413 = DEFAULT_RFC1413 | 2;  /* set bit 1 to indicate default */
  +     conf->satisfy = SATISFY_ALL;
    
    #ifdef RLIMIT_CPU
        conf->limit_cpu = NULL;
  ***************
  *** 152,157 ****
  --- 153,159 ----
    
        conf->sec = append_arrays (a, base->sec, new->sec);
    
  +     conf->satisfy = new->satisfy;
        return (void*)conf;
    }
    
  ***************
  *** 279,284 ****
  --- 281,293 ----
        return conf->requires;
    }
    
  + int satisfies (request_rec *r)
  + {
  +     core_dir_config *conf =
  +       (core_dir_config *)get_module_config(r->per_dir_config, &core_module);
  + 
  +     return conf->satisfy;
  + }
    
    /* Should probably just get rid of this... the only code that cares is
     * part of the core anyway (and in fact, it isn't publicised to other
  ***************
  *** 520,525 ****
  --- 529,545 ----
        return NULL;
    }
    
  + const char *satisfy (cmd_parms *cmd, core_dir_config *c, char *arg)
  + {
  +     if(!strcasecmp(arg,"all"))
  +         c->satisfy = SATISFY_ALL;
  +     else if(!strcasecmp(arg,"any"))
  +         c->satisfy = SATISFY_ANY;
  +     else
  +         return "Satisfy either 'any' or 'all'.";
  +     return NULL;
  + }
  + 
    const char *require (cmd_parms *cmd, core_dir_config *c, char *arg)
    {
        require_line *r;
  ***************
  *** 1088,1094 ****
    { "AuthName", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_name),
        OR_AUTHCFG, RAW_ARGS, "The authentication realm (e.g. \"Members Only\")" },
    { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which authenticated users or
groups may access a protected space" },
  !     
    /* Old resource config file commands */
      
    { "AccessFileName", set_access_name, NULL, RSRC_CONF, TAKE1, "Name of per-directory config
files (default: .htaccess)" },
  --- 1108,1116 ----
    { "AuthName", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_name),
        OR_AUTHCFG, RAW_ARGS, "The authentication realm (e.g. \"Members Only\")" },
    { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which authenticated users or
groups may access a protected space" },
  ! { "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
  !     "access policy if both allow and require used ('all' or 'any')" },    
  ! 
    /* Old resource config file commands */
      
    { "AccessFileName", set_access_name, NULL, RSRC_CONF, TAKE1, "Name of per-directory config
files (default: .htaccess)" },
  
  
  
  1.8       +1 -0      apache/src/http_request.h
  
  Index: http_request.h
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_request.h,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -C3 -r1.7 -r1.8
  *** http_request.h	1996/11/03 21:25:08	1.7
  --- http_request.h	1996/11/18 19:40:48	1.8
  ***************
  *** 83,88 ****
  --- 83,89 ----
    
    void internal_redirect (const char *new_uri, request_rec *);     
    void internal_redirect_handler (const char *new_uri, request_rec *);
  + int some_auth_required (request_rec *r);
    
    #ifdef CORE_PRIVATE
    /* Function called by main.c to handle first-level request */
  
  
  
  1.28      +47 -21    apache/src/http_request.c
  
  Index: http_request.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_request.c,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -C3 -r1.27 -r1.28
  *** http_request.c	1996/11/03 20:52:11	1.27
  --- http_request.c	1996/11/18 19:40:48	1.28
  ***************
  *** 552,559 ****
    }
    
    
  - static int some_auth_required (request_rec *r);
  - 
    request_rec *sub_req_lookup_uri (const char *new_file, const request_rec *r)
    {
        request_rec *rnew;
  --- 552,557 ----
  ***************
  *** 610,618 ****
        if ((res = directory_walk (rnew))
    	|| (res = file_walk (rnew))
    	|| (res = location_walk (rnew))
  ! 	|| (!some_auth_required (rnew) ? 0 :
  ! 	     ((res = check_user_id (rnew)) || (res = check_auth (rnew))))
  ! 	|| (res = check_access (rnew))
    	|| (res = find_types (rnew))
    	|| (res = run_fixups (rnew))
    	)
  --- 608,621 ----
        if ((res = directory_walk (rnew))
    	|| (res = file_walk (rnew))
    	|| (res = location_walk (rnew))
  !         || (satisfies(rnew) == SATISFY_ALL?
  ! 	    ((res = check_access (rnew))
  ! 	     || (some_auth_required (rnew) &&
  ! 		 ((res = check_user_id (rnew)) || (res = check_auth (rnew))))):
  ! 	    ((res = check_access (rnew))
  ! 	     && (!some_auth_required (rnew) ||
  ! 		 ((res = check_user_id (rnew)) || (res = check_auth (rnew)))))
  ! 	    )
    	|| (res = find_types (rnew))
    	|| (res = run_fixups (rnew))
    	)
  ***************
  *** 653,661 ****
    	
        if ((res = directory_walk (rnew))
    	|| (res = file_walk (rnew))
  ! 	|| (res = check_access (rnew))
  ! 	|| (!some_auth_required (rnew) ? 0 :
  ! 	     ((res = check_user_id (rnew)) && (res = check_auth (rnew))))
    	|| (res = find_types (rnew))
    	|| (res = run_fixups (rnew))
    	)
  --- 656,669 ----
    	
        if ((res = directory_walk (rnew))
    	|| (res = file_walk (rnew))
  ! 	|| (satisfies(rnew) == SATISFY_ALL?
  ! 	    ((res = check_access (rnew))
  ! 	     || (some_auth_required (rnew) &&
  ! 		 ((res = check_user_id (rnew)) || (res = check_auth (rnew))))):
  ! 	    ((res = check_access (rnew))
  ! 	     && (!some_auth_required (rnew) ||
  ! 		 ((res = check_user_id (rnew)) || (res = check_auth (rnew)))))
  ! 	    )
    	|| (res = find_types (rnew))
    	|| (res = run_fixups (rnew))
    	)
  ***************
  *** 760,766 ****
        else die (status, r);
    }
    
  ! static int some_auth_required (request_rec *r)
    {
        /* Is there a require line configured for the type of *this* req? */
        
  --- 768,774 ----
        else die (status, r);
    }
    
  ! int some_auth_required (request_rec *r)
    {
        /* Is there a require line configured for the type of *this* req? */
        
  ***************
  *** 850,870 ****
    	return;
        }	
        
  !     if ((access_status = check_access (r)) != 0) {
  !         decl_die (access_status, "check access", r);
  ! 	return;
  !     }
  !     
  !     if (some_auth_required (r)) {
  !         if ((access_status = check_user_id (r)) != 0) {
  ! 	    decl_die (access_status, "check user.  No user file?", r);
    	    return;
    	}
  ! 
  ! 	if ((access_status = check_auth (r)) != 0) {
  ! 	    decl_die (access_status, "check access.  No groups file?", r);
  ! 	    return;
    	}
        }
    
        if ((access_status = find_types (r)) != 0) {
  --- 858,896 ----
    	return;
        }	
        
  !     switch (satisfies(r)) {
  !     case SATISFY_ALL:
  ! 	if ((access_status = check_access (r)) != 0) {
  ! 	    decl_die (access_status, "check access", r);
    	    return;
    	}
  ! 	if (some_auth_required (r)) {
  ! 	    if ((access_status = check_user_id (r)) != 0) {
  ! 		decl_die (access_status, "check user.  No user file?", r);
  ! 		return;
  ! 	    }
  ! 	    if ((access_status = check_auth (r)) != 0) {
  ! 		decl_die (access_status, "check access.  No groups file?", r);
  ! 		return;
  ! 	    }
  ! 	}
  ! 	break;
  !     case SATISFY_ANY:
  ! 	if ((access_status = check_access (r)) != 0) {
  ! 	    if (!some_auth_required (r)) {
  ! 		decl_die (access_status, "check access", r);
  ! 		return;
  ! 	    }
  ! 	    if ((access_status = check_user_id (r)) != 0) {
  ! 		decl_die (access_status, "check user.  No user file?", r);
  ! 		return;
  ! 	    }
  ! 	    if ((access_status = check_auth (r)) != 0) {
  ! 		decl_die (access_status, "check access.  No groups file?", r);
  ! 		return;
  ! 	    }
    	}
  + 	break;
        }
    
        if ((access_status = find_types (r)) != 0) {
  
  
  
  1.10      +5 -1      apache/src/mod_access.c
  
  Index: mod_access.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/mod_access.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -C3 -r1.9 -r1.10
  *** mod_access.c	1996/11/18 03:38:05	1.9
  --- mod_access.c	1996/11/18 19:40:49	1.10
  ***************
  *** 61,66 ****
  --- 61,67 ----
    #include "http_core.h"
    #include "http_config.h"
    #include "http_log.h"
  + #include "http_request.h"
    
    typedef struct {
        char *from;
  ***************
  *** 234,241 ****
    	    ret = FORBIDDEN;
        }
    
  !     if (ret == FORBIDDEN)
    	log_reason ("Client denied by server configuration", r->filename, r);
    
        return ret;
    }
  --- 235,245 ----
    	    ret = FORBIDDEN;
        }
    
  !     if (ret == FORBIDDEN && (
  !         satisfies(r) != SATISFY_ANY || !some_auth_required(r)
  !     )) {
    	log_reason ("Client denied by server configuration", r->filename, r);
  +     }
    
        return ret;
    }
  
  
  

Mime
View raw message