httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r354716 - in /httpd/httpd/branches/authz-dev/modules/aaa: mod_auth.h mod_authz_core.c mod_authz_user.c
Date Wed, 07 Dec 2005 05:19:25 GMT
Author: bnicholes
Date: Tue Dec  6 21:19:21 2005
New Revision: 354716

URL: http://svn.apache.org/viewcvs?rev=354716&view=rev
Log:

Split the authz type from the arguments when the
   authz provider is registered and store the type
   in ->provider_name and the arguments in ->requirement
Move the check for METHOD_MASK out of the authz 
   providers and into the provider vector
Change the status code to AUTHZ_DENIED, AUTHZ_GRANTED
   and AUTHZ_GENERAL_ERROR   

Modified:
    httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h?rev=354716&r1=354715&r2=354716&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h Tue Dec  6 21:19:21 2005
@@ -53,7 +53,6 @@
 
 typedef enum {
     AUTHZ_DENIED,
-    AUTHZ_DECLINED,
     AUTHZ_GRANTED,
     AUTHZ_GENERAL_ERROR
 } authz_status;
@@ -86,7 +85,6 @@
      * if we can authorize user access.
      */
     authz_status (*check_authorization)(request_rec *r,
-                                        apr_int64_t method_mask,
                                         const char *require_line);
 } authz_provider;
 

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c?rev=354716&r1=354715&r2=354716&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c Tue Dec  6 21:19:21 2005
@@ -117,11 +117,18 @@
 {
     authz_core_dir_conf *conf = (authz_core_dir_conf*)config;
     authz_provider_list *newp;
+    const char *t, *w;
 
     newp = apr_pcalloc(cmd->pool, sizeof(authz_provider_list));
     /* XXX: Split this out to the name and then the rest of the directive. */
-    newp->provider_name = apr_pstrdup(cmd->pool, arg);
-    newp->requirement = apr_pstrdup(cmd->pool, arg);
+
+    t = arg;
+    w = ap_getword_white(cmd->pool, &t);
+
+    if (w)
+        newp->provider_name = apr_pstrdup(cmd->pool, w);
+    if (t)
+        newp->requirement = apr_pstrdup(cmd->pool, t);
     newp->method_mask = cmd->limited;
 
     /* lookup and cache the actual provider now */
@@ -202,9 +209,14 @@
                            current_provider->provider_name);
         }
 
+        /* check to make sure that the request method requires
+        authorization before calling the provider */
+        if (!(current_provider->method_mask & 
+            (AP_METHOD_BIT << r->method_number))) {
+            continue;
+        }
 
         auth_result = provider->check_authorization(r,
-                        current_provider->method_mask,
                         current_provider->requirement);
 
         apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
@@ -247,8 +259,7 @@
 
         /* If we're returning 403, tell them to try again. */
         if (return_code == HTTP_UNAUTHORIZED) {
-            /* XXX: Why is this a basic auth failure? */
-            ap_note_basic_auth_failure (r);
+            ap_note_auth_failure (r);
         }
         return return_code;
     }

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c?rev=354716&r1=354715&r2=354716&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c Tue Dec  6 21:19:21 2005
@@ -118,27 +118,14 @@
 #endif
 
 static authz_status user_check_authorization(request_rec *r,
-                                             apr_int64_t method_mask,
-                                             const char *require_line)
+                                             const char *require_args)
 {
-    int m = r->method_number;
     const char *t, *w;
 
-    if (!(method_mask & (AP_METHOD_BIT << m))) {
-        return AUTHZ_DECLINED;
-    }
-
-    t = require_line;
-    w = ap_getword_white(r->pool, &t);
-    if (!strcasecmp(w, "user")) {
-        /* And note that there are applicable requirements
-         * which we consider ourselves the owner of.
-         */
-        while (t[0]) {
-            w = ap_getword_conf(r->pool, &t);
-            if (!strcmp(r->user, w)) {
-                return AUTHZ_GRANTED;
-            }
+    t = require_args;
+    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+        if (!strcmp(r->user, w)) {
+            return AUTHZ_GRANTED;
         }
     }
 
@@ -151,13 +138,8 @@
     return AUTHZ_DENIED;
 }
 
-static authz_status validuser_check_authorization(request_rec *r, apr_int64_t method_mask,
const char *require_line)
+static authz_status validuser_check_authorization(request_rec *r, const char *require_line)
 {
-    int m = r->method_number;
-
-    if (!(method_mask & (AP_METHOD_BIT << m))) {
-        return AUTHZ_DECLINED;
-    }
     return AUTHZ_GRANTED;
 }
 
@@ -176,8 +158,6 @@
                          &authz_user_provider);
     ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0",
                          &authz_validuser_provider);
-
-    /*    ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);*/
 }
 
 module AP_MODULE_DECLARE_DATA authz_user_module =



Mime
View raw message