httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r354331 - in /httpd/httpd/branches/authz-dev: include/http_core.h modules/aaa/config.m4 modules/aaa/mod_auth_basic.c modules/aaa/mod_authn.c modules/aaa/mod_authz.c modules/aaa/mod_authz_host.c server/core.c server/request.c
Date Tue, 06 Dec 2005 06:07:10 GMT
Author: bnicholes
Date: Mon Dec  5 22:07:04 2005
New Revision: 354331

URL: http://svn.apache.org/viewcvs?rev=354331&view=rev
Log:
Add general authn and authz modules to hold non-authxxx specific directives such as authtype,
authname and require.  Remove authtype and authname from mod_core.

Added:
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authn.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz.c
Modified:
    httpd/httpd/branches/authz-dev/include/http_core.h
    httpd/httpd/branches/authz-dev/modules/aaa/config.m4
    httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
    httpd/httpd/branches/authz-dev/server/core.c
    httpd/httpd/branches/authz-dev/server/request.c

Modified: httpd/httpd/branches/authz-dev/include/http_core.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/include/http_core.h?rev=354331&r1=354330&r2=354331&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/include/http_core.h (original)
+++ httpd/httpd/branches/authz-dev/include/http_core.h Mon Dec  5 22:07:04 2005
@@ -454,9 +454,9 @@
     /* Authentication stuff.  Groan... */
     
     int *satisfy; /* for every method one */
-    char *ap_auth_type; /* Deprecated see mod_authz_host */
-    char *ap_auth_name; /* Deprecated see mod_authz_host */
-    apr_array_header_t *ap_requires; /* Deprecated see mod_authz_host */
+    char *ap_auth_type; /* Deprecated see mod_authn */
+    char *ap_auth_name; /* Deprecated see mod_authn */
+    apr_array_header_t *ap_requires; /* Deprecated see mod_authz */
 
     /* Custom response config. These can contain text or a URL to redirect to.
      * if response_code_strings is NULL then there are none in the config,
@@ -685,13 +685,11 @@
  * authorization values with mod_authz_host
  */
 
-APR_DECLARE_OPTIONAL_FN(const apr_array_header_t *, authz_host_ap_requires,
+APR_DECLARE_OPTIONAL_FN(const apr_array_header_t *, authz_ap_requires,
                         (request_rec *r));
 APR_DECLARE_OPTIONAL_FN(int, authz_some_auth_required, (request_rec *r));
-/*
-APR_DECLARE_OPTIONAL_FN(const char *, authz_host_ap_auth_type, (request_rec *r));
-APR_DECLARE_OPTIONAL_FN(const char *, authz_host_ap_auth_name, (request_rec *r));
-*/
+APR_DECLARE_OPTIONAL_FN(const char *, authn_ap_auth_type, (request_rec *r));
+APR_DECLARE_OPTIONAL_FN(const char *, authn_ap_auth_name, (request_rec *r));
 
 /* ---------------------------------------------------------------------- */
 

Modified: httpd/httpd/branches/authz-dev/modules/aaa/config.m4
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/config.m4?rev=354331&r1=354330&r2=354331&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/config.m4 (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/config.m4 Mon Dec  5 22:07:04 2005
@@ -21,6 +21,11 @@
 dnl Provider alias module.
 APACHE_MODULE(authn_alias, auth provider alias, , , no)
 
+dnl General Authentication modules; module which implements the 
+dnl non-authn module specific directives.
+dnl
+APACHE_MODULE(authn, general authentication module, , , yes)
+
 dnl Authorization modules: modules which verify a certain property such as
 dnl membership of a group, value of the IP address against a list of pre
 dnl configured directives (e.g. require, allow) or against an external file
@@ -32,6 +37,11 @@
 APACHE_MODULE(authz_dbm, DBM-based authorization control, , , most)
 APACHE_MODULE(authz_owner, 'require file-owner' authorization control, , , most)
 APACHE_MODULE(authz_dbd, SQL based authorization and Login/Session support, , , most)
+
+dnl General Authorization modules; provider module which implements the 
+dnl non-authz module specific directives.
+dnl
+APACHE_MODULE(authz, general authorization provider vector module, , , yes)
 
 dnl LDAP authentication module. This module has both the authn and authz
 dnl modules in one, so as to share the LDAP server config directives.

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c?rev=354331&r1=354330&r2=354331&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c Mon Dec  5 22:07:04 2005
@@ -195,7 +195,11 @@
         return HTTP_INTERNAL_SERVER_ERROR;
     }
 
-    r->ap_auth_type = "Basic";
+    /*XXX Need to figure out how to remove ap_auth_type from 
+      the request_rec yet still make the data available
+      on a per-request basis.
+    */
+    r->ap_auth_type = current_auth;
 
     res = get_basic_auth(r, &sent_user, &sent_pw);
     if (res) {

Added: httpd/httpd/branches/authz-dev/modules/aaa/mod_authn.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authn.c?rev=354331&view=auto
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authn.c (added)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authn.c Mon Dec  5 22:07:04 2005
@@ -0,0 +1,141 @@
+/* Copyright 2002-2005 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Security options etc.
+ *
+ * Module derived from code originally written by Rob McCool
+ *
+ */
+
+#include "apr_strings.h"
+#include "apr_network_io.h"
+#define APR_WANT_STRFUNC
+#define APR_WANT_BYTEFUNC
+#include "apr_want.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_core.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "http_request.h"
+#include "http_protocol.h"
+
+#include "mod_auth.h"
+
+#if APR_HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+typedef struct {
+    char *ap_auth_type;
+    char *ap_auth_name;
+} authn_dir_conf;
+
+module AP_MODULE_DECLARE_DATA authn_module;
+
+static void *create_authn_dir_config(apr_pool_t *p, char *dummy)
+{
+    authn_dir_conf *conf =
+            (authn_dir_conf *)apr_pcalloc(p, sizeof(authn_dir_conf));
+
+    return (void *)conf;
+}
+
+static void *merge_authn_dir_config(apr_pool_t *a, void *basev, void *newv)
+{
+    authn_dir_conf *base = (authn_dir_conf *)basev;
+    authn_dir_conf *new = (authn_dir_conf *)newv;
+    authn_dir_conf *conf;
+
+    /* Create this conf by duplicating the base, replacing elements
+    * (or creating copies for merging) where new-> values exist.
+    */
+    conf = (authn_dir_conf *)apr_palloc(a, sizeof(authn_dir_conf));
+    memcpy(conf, base, sizeof(authn_dir_conf));
+
+    if (new->ap_auth_type) {
+        conf->ap_auth_type = new->ap_auth_type;
+    }
+
+    if (new->ap_auth_name) {
+        conf->ap_auth_name = new->ap_auth_name;
+    }
+
+    return (void*)conf;
+}
+
+/*
+ * Load an authorisation realm into our location configuration, applying the
+ * usual rules that apply to realms.
+ */
+static const char *set_authname(cmd_parms *cmd, void *mconfig,
+                                const char *word1)
+{
+    authn_dir_conf *aconfig = (authn_dir_conf *)mconfig;
+
+    aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1);
+    return NULL;
+}
+
+
+static const char *authn_ap_auth_type(request_rec *r)
+{
+    authn_dir_conf *conf;
+
+    conf = (authn_dir_conf *)ap_get_module_config(r->per_dir_config,
+        &authn_module);
+
+    return apr_pstrdup(r->pool, conf->ap_auth_type);
+}
+
+static const char *authn_ap_auth_name(request_rec *r)
+{
+    authn_dir_conf *conf;
+
+    conf = (authn_dir_conf *)ap_get_module_config(r->per_dir_config,
+        &authn_module);
+
+    return apr_pstrdup(r->pool, conf->ap_auth_name);
+}
+
+static const command_rec authn_cmds[] =
+{
+    AP_INIT_TAKE1("AuthType", ap_set_string_slot,
+                  (void*)APR_OFFSETOF(authn_dir_conf, ap_auth_type), OR_AUTHCFG,
+                  "An HTTP authorization type (e.g., \"Basic\")"),
+    AP_INIT_TAKE1("AuthName", set_authname, NULL, OR_AUTHCFG,
+                  "The authentication realm (e.g. \"Members Only\")"),
+    {NULL}
+};
+
+static void register_hooks(apr_pool_t *p)
+{
+    APR_REGISTER_OPTIONAL_FN(authn_ap_auth_type);
+    APR_REGISTER_OPTIONAL_FN(authn_ap_auth_name);
+}
+
+module AP_MODULE_DECLARE_DATA authn_module =
+{
+    STANDARD20_MODULE_STUFF,
+    create_authn_dir_config,        /* dir config creater */
+    merge_authn_dir_config,         /* dir merger --- default is to override */
+    NULL,                           /* server config */
+    NULL,                           /* merge server config */
+    authn_cmds,
+    register_hooks                  /* register hooks */
+};

Added: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz.c?rev=354331&view=auto
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz.c (added)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz.c Mon Dec  5 22:07:04 2005
@@ -0,0 +1,275 @@
+/* Copyright 2002-2005 The Apache Software Foundation or its licensors, as
+ * applicable.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Security options etc.
+ *
+ * Module derived from code originally written by Rob McCool
+ *
+ */
+
+#include "apr_strings.h"
+#include "apr_network_io.h"
+#include "apr_md5.h"
+
+#define APR_WANT_STRFUNC
+#define APR_WANT_BYTEFUNC
+#include "apr_want.h"
+
+#include "ap_config.h"
+#include "httpd.h"
+#include "http_core.h"
+#include "http_config.h"
+#include "http_log.h"
+#include "http_request.h"
+#include "http_protocol.h"
+#include "ap_provider.h"
+
+#include "mod_auth.h"
+
+#if APR_HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+typedef struct {
+    apr_array_header_t *ap_requires;
+    authz_provider_list *providers;
+} authz_dir_conf;
+
+module AP_MODULE_DECLARE_DATA authz_module;
+
+static void *create_authz_dir_config(apr_pool_t *p, char *dummy)
+{
+    authz_dir_conf *conf =
+            (authz_dir_conf *)apr_pcalloc(p, sizeof(authz_dir_conf));
+
+    return (void *)conf;
+}
+
+static void *merge_authz_dir_config(apr_pool_t *a, void *basev, void *newv)
+{
+    authz_dir_conf *base = (authz_dir_conf *)basev;
+    authz_dir_conf *new = (authz_dir_conf *)newv;
+    authz_dir_conf *conf;
+
+    /* Create this conf by duplicating the base, replacing elements
+    * (or creating copies for merging) where new-> values exist.
+    */
+    conf = (authz_dir_conf *)apr_palloc(a, sizeof(authz_dir_conf));
+    memcpy(conf, base, sizeof(authz_dir_conf));
+
+    if (new->ap_requires) {
+        conf->ap_requires = new->ap_requires;
+    }
+
+    return (void*)conf;
+}
+
+static const char *add_authz_provider(cmd_parms *cmd, void *config,
+                                      const char *arg)
+{
+    authz_dir_conf *conf = (authz_dir_conf*)config;
+    authz_provider_list *newp;
+
+    newp = apr_pcalloc(cmd->pool, sizeof(authz_provider_list));
+    /* XXX: Split this out to the name and then the rest of the directive. */
+    newp->provider_name = apr_pstrdup(cmd->pool, arg);
+    newp->requirement = apr_pstrdup(cmd->pool, arg);
+    newp->method_mask = cmd->limited;
+
+    /* lookup and cache the actual provider now */
+    newp->provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP,
+                                        newp->provider_name, "0");
+
+    /* by the time the config file is used, the provider should be loaded
+     * and registered with us.
+     */
+    if (newp->provider == NULL) {
+        return apr_psprintf(cmd->pool,
+                            "Unknown Authz provider: %s",
+                            newp->provider_name);
+    }
+
+    /* if the provider doesn't provide the appropriate function, reject it */
+    if (!newp->provider->check_authorization) {
+        return apr_psprintf(cmd->pool,
+                            "The '%s' Authz provider is not supported by any "
+                            "of the loaded authorization modules ",
+                            newp->provider_name);
+    }
+
+    /* Add it to the list now. */
+    if (!conf->providers) {
+        conf->providers = newp;
+    }
+    else {
+        authz_provider_list *last = conf->providers;
+
+        while (last->next) {
+            last = last->next;
+        }
+        last->next = newp;
+    }
+
+    return NULL;
+}
+
+static const command_rec authz_cmds[] =
+{
+    AP_INIT_RAW_ARGS("Require", add_authz_provider, NULL, OR_AUTHCFG,
+                     "Selects which authenticated users or groups may access "
+                     "a protected space"),
+    {NULL}
+};
+
+static int authorize_user(request_rec *r)
+{
+    authz_dir_conf *conf = ap_get_module_config(r->per_dir_config,
+            &authz_module);
+    authz_status auth_result;
+    authz_provider_list *current_provider;
+
+    current_provider = conf->providers;
+    do {
+        const authz_provider *provider;
+
+        /* For now, if a provider isn't set, we'll be nice and use the file
+         * provider.
+         */
+        if (!current_provider) {
+            provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP,
+                                          AUTHZ_DEFAULT_PROVIDER, "0");
+
+            if (!provider || !provider->check_authorization) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "No default authz provider configured");
+                auth_result = AUTHZ_GENERAL_ERROR;
+                break;
+            }
+            apr_table_setn(r->notes, AUTHZ_PROVIDER_NAME_NOTE,
+                           AUTHZ_DEFAULT_PROVIDER);
+        }
+        else {
+            provider = current_provider->provider;
+            apr_table_setn(r->notes, AUTHZ_PROVIDER_NAME_NOTE,
+                           current_provider->provider_name);
+        }
+
+
+        auth_result = provider->check_authorization(r,
+                        current_provider->method_mask,
+                        current_provider->requirement);
+
+        apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
+
+        /* Something occured. Stop checking. */
+        /* XXX: We need to figure out what the implications of multiple
+         * require directives are.  Must all satisfy?  Can we leverage
+         * satisfy here then?
+         */
+        if (auth_result != AUTHZ_DENIED) {
+            break;
+        }
+
+        /* If we're not really configured for providers, stop now. */
+        if (!conf->providers) {
+            break;
+        }
+
+        current_provider = current_provider->next;
+    } while (current_provider);
+
+    if (auth_result != AUTHZ_GRANTED) {
+        int return_code;
+
+        switch (auth_result) {
+            case AUTHZ_DENIED:
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                              "user %s: authorization failure for \"%s\": ",
+                              r->user, r->uri);
+                return_code = HTTP_UNAUTHORIZED;
+                break;
+            case AUTHZ_GENERAL_ERROR:
+            default:
+                /* We'll assume that the module has already said what its
+                 * error was in the logs.
+                 */
+                return_code = HTTP_INTERNAL_SERVER_ERROR;
+                break;
+        }
+
+        /* If we're returning 403, tell them to try again. */
+        if (return_code == HTTP_UNAUTHORIZED) {
+            /* XXX: Why is this a basic auth failure? */
+            ap_note_basic_auth_failure (r);
+        }
+        return return_code;
+    }
+
+    return OK;
+}
+
+static const apr_array_header_t *authz_ap_requires(request_rec *r)
+{
+    authz_dir_conf *conf;
+
+    conf = (authz_dir_conf *)ap_get_module_config(r->per_dir_config,
+        &authz_module);
+
+    return conf->ap_requires;
+}
+
+static int authz_some_auth_required(request_rec *r)
+{
+    authz_dir_conf *conf = ap_get_module_config(r->per_dir_config,
+            &authz_module);
+    authz_provider_list *current_provider;
+    int req_authz = 0;
+
+    current_provider = conf->providers;
+    while (current_provider) {
+
+        /* Does this provider config apply for this method */
+        if (current_provider->method_mask &
+                (AP_METHOD_BIT << r->method_number)) {
+            req_authz = 1;
+            break;
+        }
+
+        current_provider = current_provider->next;
+    }
+
+    return req_authz;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+    APR_REGISTER_OPTIONAL_FN(authz_ap_requires);
+    APR_REGISTER_OPTIONAL_FN(authz_some_auth_required);
+   
+    ap_hook_auth_checker(authorize_user, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA authz_module =
+{
+    STANDARD20_MODULE_STUFF,
+    create_authz_dir_config,   /* dir config creater */
+    NULL,                           /* dir merger --- default is to override */
+    NULL,                           /* server config */
+    NULL,                           /* merge server config */
+    authz_cmds,
+    register_hooks                  /* register hooks */
+};

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c?rev=354331&r1=354330&r2=354331&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c Mon Dec  5 22:07:04 2005
@@ -35,10 +35,6 @@
 #include "http_config.h"
 #include "http_log.h"
 #include "http_request.h"
-#include "http_protocol.h"
-#include "ap_provider.h"
-
-#include "mod_auth.h"
 
 #if APR_HAVE_NETINET_IN_H
 #include <netinet/in.h>
@@ -70,8 +66,6 @@
     int order[METHODS];
     apr_array_header_t *allows;
     apr_array_header_t *denys;
-    apr_array_header_t *ap_requires;
-    authz_provider_list *providers;
 } authz_host_dir_conf;
 
 module AP_MODULE_DECLARE_DATA authz_host_module;
@@ -91,35 +85,6 @@
     return (void *)conf;
 }
 
-static void *merge_authz_host_dir_config(apr_pool_t *a, void *basev, void *newv)
-{
-    authz_host_dir_conf *base = (authz_host_dir_conf *)basev;
-    authz_host_dir_conf *new = (authz_host_dir_conf *)newv;
-    authz_host_dir_conf *conf;
-
-    /* Create this conf by duplicating the base, replacing elements
-    * (or creating copies for merging) where new-> values exist.
-    */
-    conf = (authz_host_dir_conf *)apr_palloc(a, sizeof(authz_host_dir_conf));
-    memcpy(conf, base, sizeof(authz_host_dir_conf));
-
-    /*
-    if (new->ap_auth_type) {
-        conf->ap_auth_type = new->ap_auth_type;
-    }
-
-    if (new->ap_auth_name) {
-        conf->ap_auth_name = new->ap_auth_name;
-    }
-    */
-
-    if (new->ap_requires) {
-        conf->ap_requires = new->ap_requires;
-    }
-
-    return (void*)conf;
-}
-
 static const char *order(cmd_parms *cmd, void *dv, const char *arg)
 {
     authz_host_dir_conf *d = (authz_host_dir_conf *) dv;
@@ -194,88 +159,6 @@
     return NULL;
 }
 
-/*
- * Load an authorisation realm into our location configuration, applying the
- * usual rules that apply to realms.
- */
-/*
-static const char *set_authname(cmd_parms *cmd, void *mconfig,
-                                const char *word1)
-{
-    authz_host_dir_conf *aconfig = (authz_host_dir_conf *)mconfig;
-
-    aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1);
-    return NULL;
-}
-*/
-
-/*
-static const char *require(cmd_parms *cmd, void *c_, const char *arg)
-{
-    require_line *r;
-    authz_host_dir_conf *c = c_;
-
-    if (!c->ap_requires) {
-        c->ap_requires = apr_array_make(cmd->pool, 2, sizeof(require_line));
-    }
-
-    r = (require_line *)apr_array_push(c->ap_requires);
-    r->requirement = apr_pstrdup(cmd->pool, arg);
-    r->method_mask = cmd->limited;
-
-    return NULL;
-}
-*/
-
-static const char *add_authz_provider(cmd_parms *cmd, void *config,
-                                      const char *arg)
-{
-    authz_host_dir_conf *conf = (authz_host_dir_conf*)config;
-    authz_provider_list *newp;
-
-    newp = apr_pcalloc(cmd->pool, sizeof(authz_provider_list));
-    /* XXX: Split this out to the name and then the rest of the directive. */
-    newp->provider_name = apr_pstrdup(cmd->pool, arg);
-    newp->requirement = apr_pstrdup(cmd->pool, arg);
-    newp->method_mask = cmd->limited;
-
-    /* lookup and cache the actual provider now */
-    newp->provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP,
-                                        newp->provider_name, "0");
-
-    /* by the time the config file is used, the provider should be loaded
-     * and registered with us.
-     */
-    if (newp->provider == NULL) {
-        return apr_psprintf(cmd->pool,
-                            "Unknown Authz provider: %s",
-                            newp->provider_name);
-    }
-
-    /* if the provider doesn't provide the appropriate function, reject it */
-    if (!newp->provider->check_authorization) {
-        return apr_psprintf(cmd->pool,
-                            "The '%s' Authz provider is not supported by any "
-                            "of the loaded authorization modules ",
-                            newp->provider_name);
-    }
-
-    /* Add it to the list now. */
-    if (!conf->providers) {
-        conf->providers = newp;
-    }
-    else {
-        authz_provider_list *last = conf->providers;
-
-        while (last->next) {
-            last = last->next;
-        }
-        last->next = newp;
-    }
-
-    return NULL;
-}
-
 static char its_an_allow;
 
 static const command_rec authz_host_cmds[] =
@@ -286,18 +169,8 @@
                      "'from' followed by hostnames or IP-address wildcards"),
     AP_INIT_ITERATE2("deny", allow_cmd, NULL, OR_LIMIT,
                      "'from' followed by hostnames or IP-address wildcards"),
-    AP_INIT_RAW_ARGS("Require", add_authz_provider, NULL, OR_AUTHCFG,
-                     "Selects which authenticated users or groups may access "
-                     "a protected space"),
     {NULL}
 };
-/*
-    AP_INIT_TAKE1("AuthType", ap_set_string_slot,
-                  (void*)APR_OFFSETOF(authz_host_dir_conf, ap_auth_type), OR_AUTHCFG,
-                  "An HTTP authorization type (e.g., \"Basic\")"),
-    AP_INIT_TAKE1("AuthName", set_authname, NULL, OR_AUTHCFG,
-                  "The authentication realm (e.g. \"Members Only\")"),
-*/
 
 static int in_domain(const char *domain, const char *what)
 {
@@ -431,160 +304,10 @@
     return ret;
 }
 
-static int authorize_user(request_rec *r)
-{
-    authz_host_dir_conf *conf = ap_get_module_config(r->per_dir_config,
-                                                     &authz_host_module);
-    authz_status auth_result;
-    authz_provider_list *current_provider;
-
-    current_provider = conf->providers;
-    do {
-        const authz_provider *provider;
-
-        /* For now, if a provider isn't set, we'll be nice and use the file
-         * provider.
-         */
-        if (!current_provider) {
-            provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP,
-                                          AUTHZ_DEFAULT_PROVIDER, "0");
-
-            if (!provider || !provider->check_authorization) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                              "No default authz provider configured");
-                auth_result = AUTHZ_GENERAL_ERROR;
-                break;
-            }
-            apr_table_setn(r->notes, AUTHZ_PROVIDER_NAME_NOTE,
-                           AUTHZ_DEFAULT_PROVIDER);
-        }
-        else {
-            provider = current_provider->provider;
-            apr_table_setn(r->notes, AUTHZ_PROVIDER_NAME_NOTE,
-                           current_provider->provider_name);
-        }
-
-
-        auth_result = provider->check_authorization(r,
-                        current_provider->method_mask,
-                        current_provider->requirement);
-
-        apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
-
-        /* Something occured. Stop checking. */
-        /* XXX: We need to figure out what the implications of multiple
-         * require directives are.  Must all satisfy?  Can we leverage
-         * satisfy here then?
-         */
-        if (auth_result != AUTHZ_DENIED) {
-            break;
-        }
-
-        /* If we're not really configured for providers, stop now. */
-        if (!conf->providers) {
-            break;
-        }
-
-        current_provider = current_provider->next;
-    } while (current_provider);
-
-    if (auth_result != AUTHZ_GRANTED) {
-        int return_code;
-
-        switch (auth_result) {
-            case AUTHZ_DENIED:
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                              "user %s: authorization failure for \"%s\": ",
-                              r->user, r->uri);
-                return_code = HTTP_UNAUTHORIZED;
-                break;
-            case AUTHZ_GENERAL_ERROR:
-            default:
-                /* We'll assume that the module has already said what its
-                 * error was in the logs.
-                 */
-                return_code = HTTP_INTERNAL_SERVER_ERROR;
-                break;
-        }
-
-        /* If we're returning 403, tell them to try again. */
-        if (return_code == HTTP_UNAUTHORIZED) {
-            /* XXX: Why is this a basic auth failure? */
-            ap_note_basic_auth_failure (r);
-        }
-        return return_code;
-    }
-
-    return OK;
-}
-
-static const apr_array_header_t *authz_host_ap_requires(request_rec *r)
-{
-    authz_host_dir_conf *conf;
-
-    conf = (authz_host_dir_conf *)ap_get_module_config(r->per_dir_config,
-        &authz_host_module);
-
-    return conf->ap_requires;
-}
-
-static int authz_some_auth_required(request_rec *r)
-{
-    authz_host_dir_conf *conf = ap_get_module_config(r->per_dir_config,
-            &authz_host_module);
-    authz_provider_list *current_provider;
-    int req_authz = 0;
-
-    current_provider = conf->providers;
-    while (current_provider) {
-
-        /* Does this provider config apply for this method */
-        if (current_provider->method_mask &
-                (AP_METHOD_BIT << r->method_number)) {
-            req_authz = 1;
-            break;
-        }
-
-        current_provider = current_provider->next;
-    }
-
-    return req_authz;
-}
-
-/*
-static const char *authz_host_ap_auth_type(request_rec *r)
-{
-    authz_host_dir_conf *conf;
-
-    conf = (authz_host_dir_conf *)ap_get_module_config(r->per_dir_config,
-        &authz_host_module);
-
-    return conf->ap_auth_type;
-}
-
-static const char *authz_host_ap_auth_name(request_rec *r)
-{
-    authz_host_dir_conf *conf;
-
-    conf = (authz_host_dir_conf *)ap_get_module_config(r->per_dir_config,
-        &authz_host_module);
-
-    return conf->ap_auth_name;
-}
-*/
-
 static void register_hooks(apr_pool_t *p)
 {
-    APR_REGISTER_OPTIONAL_FN(authz_host_ap_requires);
-    APR_REGISTER_OPTIONAL_FN(authz_some_auth_required);
-    /*
-    APR_REGISTER_OPTIONAL_FN(authz_host_ap_auth_type);
-    APR_REGISTER_OPTIONAL_FN(authz_host_ap_auth_name);
-    */
-
     /* This can be access checker since we don't require r->user to be set. */
-    ap_hook_access_checker(check_dir_access, NULL, NULL, APR_HOOK_MIDDLE);
-    ap_hook_auth_checker(authorize_user, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_access_checker(check_dir_access,NULL,NULL,APR_HOOK_MIDDLE);
 }
 
 module AP_MODULE_DECLARE_DATA authz_host_module =

Modified: httpd/httpd/branches/authz-dev/server/core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/server/core.c?rev=354331&r1=354330&r2=354331&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/server/core.c (original)
+++ httpd/httpd/branches/authz-dev/server/core.c Mon Dec  5 22:07:04 2005
@@ -268,14 +268,6 @@
         conf->ap_default_type = new->ap_default_type;
     }
 
-    if (new->ap_auth_type) {
-        conf->ap_auth_type = new->ap_auth_type;
-    }
-
-    if (new->ap_auth_name) {
-        conf->ap_auth_name = new->ap_auth_name;
-    }
-
     if (conf->response_code_strings == NULL) {
         conf->response_code_strings = new->response_code_strings;
     }
@@ -666,6 +658,7 @@
     return conf->override;
 }
 
+/*
 AP_DECLARE(const char *) ap_auth_type(request_rec *r)
 {
     core_dir_config *conf;
@@ -675,22 +668,22 @@
 
     return conf->ap_auth_type;
 }
+*/
 
 /*
  * Optional function coming from mod_ident, used for looking up ident user
  */
-/*
-static APR_OPTIONAL_FN_TYPE(authz_host_ap_auth_type) *azh_ap_auth_type;
+static APR_OPTIONAL_FN_TYPE(authn_ap_auth_type) *authn_ap_auth_type;
 
 AP_DECLARE(const char *) ap_auth_type(request_rec *r)
 {
-    if (azh_ap_auth_type) {
-        return azh_ap_auth_type(r);
+    if (authn_ap_auth_type) {
+        return authn_ap_auth_type(r);
     }
     return NULL;
 }
-*/
 
+/*
 AP_DECLARE(const char *) ap_auth_name(request_rec *r)
 {
     core_dir_config *conf;
@@ -700,21 +693,20 @@
 
     return conf->ap_auth_name;
 }
+*/
 
 /*
  * Optional function coming from mod_ident, used for looking up ident user
  */
-/*
-static APR_OPTIONAL_FN_TYPE(authz_host_ap_auth_name) *azh_ap_auth_name;
+static APR_OPTIONAL_FN_TYPE(authn_ap_auth_name) *authn_ap_auth_name;
 
 AP_DECLARE(const char *) ap_auth_name(request_rec *r)
 {
-    if (azh_ap_auth_name) {
-        return azh_ap_auth_name(r);
+    if (authn_ap_auth_name) {
+        return authn_ap_auth_name(r);
     }
     return NULL;
 }
-*/
 
 AP_DECLARE(const char *) ap_default_type(request_rec *r)
 {
@@ -741,12 +733,12 @@
 /*
  * Optional function coming from mod_ident, used for looking up ident user
  */
-static APR_OPTIONAL_FN_TYPE(authz_host_ap_requires) *azh_ap_requires;
+static APR_OPTIONAL_FN_TYPE(authz_ap_requires) *authz_ap_requires;
 
 AP_DECLARE(const apr_array_header_t *) ap_requires(request_rec *r)
 {
-    if (azh_ap_requires) {
-        return azh_ap_requires(r);
+    if (authz_ap_requires) {
+        return authz_ap_requires(r);
     }
     return NULL;
 }
@@ -2672,19 +2664,6 @@
 }
 
 /*
- * Load an authorisation realm into our location configuration, applying the
- * usual rules that apply to realms.
- */
-static const char *set_authname(cmd_parms *cmd, void *mconfig,
-                                const char *word1)
-{
-    core_dir_config *aconfig = (core_dir_config *)mconfig;
-
-    aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1);
-    return NULL;
-}
-
-/*
  * Handle a request to include the server's OS platform in the Server
  * response header field (the ServerTokens directive).  Unfortunately
  * this requires a new global in order to communicate the setting back to
@@ -3240,11 +3219,6 @@
   "specified URL paths"),
 AP_INIT_RAW_ARGS("<FilesMatch", filesection, (void*)1, OR_ALL,
   "Container for directives affecting files matching specified patterns"),
-AP_INIT_TAKE1("AuthType", ap_set_string_slot,
-  (void*)APR_OFFSETOF(core_dir_config, ap_auth_type), OR_AUTHCFG,
-  "An HTTP authorization type (e.g., \"Basic\")"),
-AP_INIT_TAKE1("AuthName", set_authname, NULL, OR_AUTHCFG,
-  "The authentication realm (e.g. \"Members Only\")"),
 AP_INIT_TAKE1("Satisfy", satisfy, NULL, OR_AUTHCFG,
   "access policy if both allow and require used ('all' or 'any')"),
 #ifdef GPROF
@@ -3729,18 +3703,16 @@
  * traffic
  */
 APR_OPTIONAL_FN_TYPE(ap_logio_add_bytes_out) *logio_add_bytes_out;
-APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *azh_ap_some_auth_required;
+APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;
 
 static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec
*s)
 {
     logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
     ident_lookup = APR_RETRIEVE_OPTIONAL_FN(ap_ident_lookup);
-    azh_ap_requires = APR_RETRIEVE_OPTIONAL_FN(authz_host_ap_requires);
-    azh_ap_some_auth_required = APR_RETRIEVE_OPTIONAL_FN(authz_some_auth_required);
-    /*
-    azh_ap_auth_type = APR_RETRIEVE_OPTIONAL_FN(authz_host_ap_auth_type);
-    azh_ap_auth_name = APR_RETRIEVE_OPTIONAL_FN(authz_host_ap_auth_name);
-    */
+    authz_ap_requires = APR_RETRIEVE_OPTIONAL_FN(authz_ap_requires);
+    authz_ap_some_auth_required = APR_RETRIEVE_OPTIONAL_FN(authz_some_auth_required);
+    authn_ap_auth_type = APR_RETRIEVE_OPTIONAL_FN(authn_ap_auth_type);
+    authn_ap_auth_name = APR_RETRIEVE_OPTIONAL_FN(authn_ap_auth_name);
 
     ap_set_version(pconf);
     ap_setup_make_content_type(pconf);

Modified: httpd/httpd/branches/authz-dev/server/request.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/server/request.c?rev=354331&r1=354330&r2=354331&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/server/request.c (original)
+++ httpd/httpd/branches/authz-dev/server/request.c Mon Dec  5 22:07:04 2005
@@ -1555,32 +1555,13 @@
     return APR_SUCCESS;
 }
 
-extern APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *azh_ap_some_auth_required;
+extern APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;
 
 AP_DECLARE(int) ap_some_auth_required(request_rec *r)
 {
     /* Is there a require line configured for the type of *this* req? */
-/*
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-    int i;
-
-    if (!reqs_arr) {
-        return 0;
-    }
-
-    reqs = (require_line *) reqs_arr->elts;
-
-    for (i = 0; i < reqs_arr->nelts; ++i) {
-        if (reqs[i].method_mask & (AP_METHOD_BIT << r->method_number)) {
-            return 1;
-        }
-    }
-
-    return 0;
-*/
-    if (azh_ap_some_auth_required) {
-        return azh_ap_some_auth_required(r);
+    if (authz_ap_some_auth_required) {
+        return authz_ap_some_auth_required(r);
     }
     else
         return 0;



Mime
View raw message