httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r355670 - in /httpd/httpd/branches/authz-dev/modules/aaa: mod_authnz_ldap.c mod_authz_core.c mod_authz_dbd.c mod_authz_dbm.c mod_authz_groupfile.c mod_authz_owner.c mod_authz_user.c
Date Sat, 10 Dec 2005 00:56:03 GMT
Author: bnicholes
Date: Fri Dec  9 16:55:59 2005
New Revision: 355670

URL: http://svn.apache.org/viewcvs?rev=355670&view=rev
Log:
Remove the AuthzXXXAuthoritative directives from all of the authz
modules.  This functionality will be handled by the Satify directive
when that gets refactored.

Modified:
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c Fri Dec  9 16:55:59 2005
@@ -46,9 +46,6 @@
 #if APR_HAS_THREADS
     apr_thread_mutex_t *lock;       /* Lock for this config */
 #endif
-    int auth_authoritative;         /* Is this auth method the one and only? */
-/*    int authz_enabled;              Is ldap authorization enabled in this directory? */
-
 
     /* These parameters are all derived from the AuthLDAPURL directive */
     char *url;                      /* String representation of the URL */
@@ -295,12 +292,6 @@
     sec->bindpw = NULL;
     sec->deref = always;
     sec->group_attrib_is_dn = 1;
-    sec->auth_authoritative = 1;
-
-/*
-    sec->frontpage_hack = 0;
-*/
-
     sec->secure = -1;   /*Initialize to unset*/
 
     sec->user_is_dn = 0;
@@ -1036,7 +1027,7 @@
         if(result != LDAP_SUCCESS) {
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                 "auth_ldap authorise: User DN not found, %s", ldc->reason);
-            return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+            return AUTHZ_DENIED;
         }
 
         req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1166,7 +1157,7 @@
         if(result != LDAP_SUCCESS) {
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                 "auth_ldap authorise: User DN not found, %s", ldc->reason);
-            return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+            return AUTHZ_DENIED;
         }
 
         req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1273,7 +1264,7 @@
         if(result != LDAP_SUCCESS) {
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                 "auth_ldap authorise: User DN not found, %s", ldc->reason);
-            return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+            return AUTHZ_DENIED;
         }
 
         req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1385,7 +1376,7 @@
         if(result != LDAP_SUCCESS) {
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
                 "auth_ldap authorise: User DN not found, %s", ldc->reason);
-            return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+            return AUTHZ_DENIED;
         }
 
         req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1669,11 +1660,6 @@
                  "DN of the remote user. By default, this is set to off, meaning that "
                  "the REMOTE_USER variable will contain whatever value the remote user sent."),
 
-    AP_INIT_FLAG("AuthzLDAPAuthoritative", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authn_ldap_config_t, auth_authoritative), OR_AUTHCFG,
-                 "Set to 'off' to allow access control to be passed along to lower modules
if "
-                 "the UserID and/or group is not known to this module"),
-
     AP_INIT_FLAG("AuthLDAPCompareDNOnServer", ap_set_flag_slot,
                  (void *)APR_OFFSETOF(authn_ldap_config_t, compare_dn_on_server), OR_AUTHCFG,
                  "Set to 'on' to force auth_ldap to do DN compares (for the \"require dn\"
"
@@ -1695,12 +1681,6 @@
                   "Determines how aliases are handled during a search. Can bo one of the"
                   "values \"never\", \"searching\", \"finding\", or \"always\". "
                   "Defaults to always."),
-
-/*
-    AP_INIT_FLAG("AuthLDAPAuthzEnabled", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authn_ldap_config_t, authz_enabled), OR_AUTHCFG,
-                 "Set to off to disable the LDAP authorization handler, even if it's been
enabled in a higher tree"),
-*/
 
     AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF,
                   "Character set conversion configuration file. If omitted, character set"

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c Fri Dec  9 16:55:59 2005
@@ -46,7 +46,7 @@
 
 /* TODO List
 
-- Convert all of the authz modules to providers
+X- Convert all of the authz modules to providers
 - Remove the ap_requires field from the request_rec
 - Remove the ap_requires field from authz_dir_conf   
 - Remove the function ap_requires() and authz_ap_requires()
@@ -73,7 +73,7 @@
 - Expand the Satisfy directive to handle 'and' and 'or'
    logic for determining which authorization must succeed
    vs. may succeed
-- Remove the AuthzXXXAuthoritative directives from all of
+X- Remove the AuthzXXXAuthoritative directives from all of
    the authz providers
       
 */

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c Fri Dec  9 16:55:59 2005
@@ -44,7 +44,6 @@
     const char *query;
     const char *redir_query;
     int redirect;
-    int authoritative;
 } authz_dbd_cfg ;
 
 static ap_dbd_t *(*dbd_handle)(request_rec*) = NULL;
@@ -55,7 +54,7 @@
 static void *authz_dbd_cr_cfg(apr_pool_t *pool, char *dummy)
 {
     authz_dbd_cfg *ret = apr_pcalloc(pool, sizeof(authz_dbd_cfg));
-    ret->redirect = ret->authoritative = -1;
+    ret->redirect = -1;
     return ret;
 }
 static void *authz_dbd_merge_cfg(apr_pool_t *pool, void *BASE, void *ADD)
@@ -67,8 +66,6 @@
     ret->query = (add->query == NULL) ? base->query : add->query;
     ret->redir_query = (add->redir_query == NULL)
                             ? base->redir_query : add->redir_query;
-    ret->authoritative = (add->authoritative == -1)
-                            ? base->authoritative : add->authoritative;
     ret->redirect = (add->redirect == -1) ? base->redirect : add->redirect;
     return ret;
 }
@@ -93,9 +90,6 @@
     return ap_set_string_slot(cmd, cfg, label);
 }
 static const command_rec authz_dbd_cmds[] = {
-    AP_INIT_FLAG("AuthzDBDAuthoritative", ap_set_flag_slot,
-                 (void*)APR_OFFSETOF(authz_dbd_cfg, authoritative), ACCESS_CONF,
-                 "Whether dbd-group is authoritative"),
     AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot,
                  (void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF,
                  "Whether to redirect to referer on successful login"),

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c Fri Dec  9 16:55:59 2005
@@ -33,7 +33,6 @@
 typedef struct {
     char *grpfile;
     char *dbmtype;
-    int authoritative;
 } authz_dbm_config_rec;
 
 APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
@@ -66,7 +65,6 @@
 
     conf->grpfile = NULL;
     conf->dbmtype = "default";
-    conf->authoritative = 1;  /* fortress is secure by default */
 
     return conf;
 }
@@ -79,11 +77,6 @@
     AP_INIT_TAKE1("AuthzDBMType", ap_set_string_slot,
      (void *)APR_OFFSETOF(authz_dbm_config_rec, dbmtype),
      OR_AUTHCFG, "what type of DBM file the group file is"),
-    AP_INIT_FLAG("AuthzDBMAuthoritative", ap_set_flag_slot,
-     (void *)APR_OFFSETOF(authz_dbm_config_rec, authoritative),
-     OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to "
-     "lower modules, if the group required is not found or empty, or the user "
-     " is not in the required groups. (default is On.)"),
     {NULL}
 };
 

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c Fri Dec  9 16:55:59 2005
@@ -38,8 +38,6 @@
  *
  * If there are any 'require group' blocks and we
  * are not in any group - we HTTP_UNAUTHORIZE
- * unless we are non-authoritative; in which
- * case we DECLINED.
  *
  */
 
@@ -59,7 +57,6 @@
 
 typedef struct {
     char *groupfile;
-    int authoritative;
 } authz_groupfile_config_rec;
 
 APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
@@ -69,7 +66,6 @@
     authz_groupfile_config_rec *conf = apr_palloc(p, sizeof(*conf));
 
     conf->groupfile = NULL;
-    conf->authoritative = 1; /* keep the fortress secure by default */
     return conf;
 }
 
@@ -89,13 +85,6 @@
                    (void *)APR_OFFSETOF(authz_groupfile_config_rec, groupfile),
                    OR_AUTHCFG,
                    "text file containing group names and member user IDs"),
-    AP_INIT_FLAG("AuthzGroupFileAuthoritative", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authz_groupfile_config_rec,
-                                      authoritative),
-                 OR_AUTHCFG,
-                 "Set to 'Off' to allow access control to be passed along to "
-                 "lower modules if the 'require group' fails. (default is "
-                 "On)."),
     {NULL}
 };
 

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c Fri Dec  9 16:55:59 2005
@@ -30,7 +30,6 @@
 #include "mod_auth.h"     /* for AUTHZ_GROUP_NOTE */
 
 typedef struct {
-    int authoritative;
 } authz_owner_config_rec;
 
 APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
@@ -39,17 +38,11 @@
 {
     authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf));
 
-    conf->authoritative = 1; /* keep the fortress secure by default */
     return conf;
 }
 
 static const command_rec authz_owner_cmds[] =
 {
-    AP_INIT_FLAG("AuthzOwnerAuthoritative", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authz_owner_config_rec, authoritative),
-                 OR_AUTHCFG,
-                 "Set to 'Off' to allow access control to be passed along to "
-                 "lower modules. (default is On.)"),
     {NULL}
 };
 

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c Fri Dec  9 16:55:59 2005
@@ -28,25 +28,17 @@
 #include "mod_auth.h"
 
 typedef struct {
-    int authoritative;
 } authz_user_config_rec;
 
 static void *create_authz_user_dir_config(apr_pool_t *p, char *d)
 {
     authz_user_config_rec *conf = apr_palloc(p, sizeof(*conf));
 
-    conf->authoritative = 1; /* keep the fortress secure by default */
     return conf;
 }
 
 static const command_rec authz_user_cmds[] =
 {
-    AP_INIT_FLAG("AuthzUserAuthoritative", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authz_user_config_rec, authoritative),
-                 OR_AUTHCFG,
-                 "Set to 'Off' to allow access control to be passed along to "
-                 "lower modules if the 'require user' or 'require valid-user' "
-                 "statement is not met. (default: On)."),
     {NULL}
 };
 



Mime
View raw message