httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r360213 - in /httpd/httpd/branches/authz-dev: include/ modules/aaa/ server/
Date Sat, 31 Dec 2005 01:12:37 GMT
Author: bnicholes
Date: Fri Dec 30 17:12:27 2005
New Revision: 360213

URL: http://svn.apache.org/viewcvs?rev=360213&view=rev
Log:
Clean up and remove dead code

Modified:
    httpd/httpd/branches/authz-dev/include/http_core.h
    httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
    httpd/httpd/branches/authz-dev/server/core.c
    httpd/httpd/branches/authz-dev/server/request.c

Modified: httpd/httpd/branches/authz-dev/include/http_core.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/include/http_core.h?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/include/http_core.h (original)
+++ httpd/httpd/branches/authz-dev/include/http_core.h Fri Dec 30 17:12:27 2005
@@ -294,27 +294,6 @@
  */
 AP_DECLARE(const char *) ap_auth_name(request_rec *r);     
 
-/**
- * How the requires lines must be met.
- * @param r The current request
- * @return How the requirements must be met.  One of:
- * <pre>
- *      SATISFY_ANY    -- any of the requirements must be met.
- *      SATISFY_ALL    -- all of the requirements must be met.
- *      SATISFY_NOSPEC -- There are no applicable satisfy lines
- * </pre>
- *
-AP_DE CLARE(int) ap_satisfies(request_rec *r);
-*/
-
-/**
- * Retrieve information about all of the requires directives for this request
- * @param r The current request
- * @return An array of all requires directives for this request
- *
-AP_DE CLARE(const apr_array_header_t *) ap_requires(request_rec *r);    
-*/
-
 #ifdef CORE_PRIVATE
 
 /**
@@ -453,13 +432,6 @@
     
     char *ap_default_type;
   
-//    /* Authentication stuff.  Groan... */
-//    
-//    int *satisfy; /* for every method one */
-//    char *ap_auth_type; /* Deprecated see mod_authn */
-//    char *ap_auth_name; /* Deprecated see mod_authn */
-//    apr_array_header_t *ap_requires; /* Deprecated see mod_authz */
-
     /* Custom response config. These can contain text or a URL to redirect to.
      * if response_code_strings is NULL then there are none in the config,
      * if it's not null then it's allocated to sizeof(char*)*RESPONSE_CODES.
@@ -687,9 +659,6 @@
  * authorization values with mod_authz_host
  */
 
-/*APR_DECLARE_OPTIONAL_FN(const apr_array_header_t *, authz_ap_requires,
-                        (request_rec *r));
-*/                        
 APR_DECLARE_OPTIONAL_FN(int, authz_some_auth_required, (request_rec *r));
 APR_DECLARE_OPTIONAL_FN(const char *, authn_ap_auth_type, (request_rec *r));
 APR_DECLARE_OPTIONAL_FN(const char *, authn_ap_auth_name, (request_rec *r));

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_auth_basic.c Fri Dec 30 17:12:27 2005
@@ -195,10 +195,6 @@
         return HTTP_INTERNAL_SERVER_ERROR;
     }
 
-    /*XXX Need to figure out how to remove ap_auth_type from 
-      the request_rec yet still make the data available
-      on a per-request basis.
-    */
     r->ap_auth_type = (char*)current_auth;
 
     res = get_basic_auth(r, &sent_user, &sent_pw);

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c Fri Dec 30 17:12:27 2005
@@ -440,381 +440,6 @@
     return AUTH_GRANTED;
 }
 
-#if 0
-/*
- * Authorisation Phase
- * -------------------
- *
- * After checking whether the username and password are correct, we need
- * to check whether that user is authorised to view this resource. The
- * require directive is used to do this:
- *
- *  require valid-user          Any authenticated is allowed in.
- *  require user <username>     This particular user is allowed in.
- *  require group <groupname>   The user must be a member of this group
- *                              in order to be allowed in.
- *  require dn <dn>             The user must have the following DN in the
- *                              LDAP tree to be let in.
- *
- */
-static int authz_ldap_check_user_access(request_rec *r)
-{
-    int result = 0;
-    authn_ldap_request_t *req =
-        (authn_ldap_request_t *)ap_get_module_config(r->request_config, &authnz_ldap_module);
-    authn_ldap_config_t *sec =
-        (authn_ldap_config_t *)ap_get_module_config(r->per_dir_config, &authnz_ldap_module);
-
-    util_ldap_connection_t *ldc = NULL;
-    int m = r->method_number;
-
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs = reqs_arr ? (require_line *)reqs_arr->elts : NULL;
-
-    register int x;
-    const char *t;
-    char *w, *value;
-    int method_restricted = 0;
-
-    char filtbuf[FILTER_LENGTH];
-    const char *dn = NULL;
-    const char **vals = NULL;
-
-/*
-    if (!sec->enabled) {
-        return DECLINED;
-    }
-*/
-
-    if (!sec->have_ldap_url) {
-        return DECLINED;
-    }
-
-    if (sec->host) {
-        ldc = util_ldap_connection_find(r, sec->host, sec->port,
-                                       sec->binddn, sec->bindpw, sec->deref,
-                                       sec->secure);
-        apr_pool_cleanup_register(r->pool, ldc,
-                                  authnz_ldap_cleanup_connection_close,
-                                  apr_pool_cleanup_null);
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
-                      "[%" APR_PID_T_FMT "] auth_ldap authorise: no sec->host - weird...?", getpid());
-        return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-    }
-
-    /*
-     * If there are no elements in the group attribute array, the default should be
-     * member and uniquemember; populate the array now.
-     */
-    if (sec->groupattr->nelts == 0) {
-        struct mod_auth_ldap_groupattr_entry_t *grp;
-#if APR_HAS_THREADS
-        apr_thread_mutex_lock(sec->lock);
-#endif
-        grp = apr_array_push(sec->groupattr);
-        grp->name = "member";
-        grp = apr_array_push(sec->groupattr);
-        grp->name = "uniquemember";
-#if APR_HAS_THREADS
-        apr_thread_mutex_unlock(sec->lock);
-#endif
-    }
-
-    if (!reqs_arr) {
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                      "[%" APR_PID_T_FMT "] auth_ldap authorise: no requirements array", getpid());
-        return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-    }
-
-    /*
-     * If we have been authenticated by some other module than mod_auth_ldap,
-     * the req structure needed for authorization needs to be created
-     * and populated with the userid and DN of the account in LDAP
-     */
-
-    /* Check that we have a userid to start with */
-    if ((!r->user) || (strlen(r->user) == 0)) {
-        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
-            "ldap authorize: Userid is blank, AuthType=%s",
-            r->ap_auth_type);
-    }
-
-    if(!req) {
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-            "ldap authorize: Creating LDAP req structure");
-
-        /* Build the username filter */
-        authn_ldap_build_filter(filtbuf, r, r->user, NULL, sec);
-
-        /* Search for the user DN */
-        result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn,
-             sec->scope, sec->attributes, filtbuf, &dn, &vals);
-
-        /* Search failed, log error and return failure */
-        if(result != LDAP_SUCCESS) {
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                "auth_ldap authorise: User DN not found, %s", ldc->reason);
-            return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-        }
-
-        req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
-            sizeof(authn_ldap_request_t));
-        ap_set_module_config(r->request_config, &authnz_ldap_module, req);
-        req->dn = apr_pstrdup(r->pool, dn);
-        req->user = r->user;
-    }
-
-    /* Loop through the requirements array until there's no elements
-     * left, or something causes a return from inside the loop */
-    for(x=0; x < reqs_arr->nelts; x++) {
-        if (! (reqs[x].method_mask & (1 << m))) {
-            continue;
-        }
-        method_restricted = 1;
-
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-
-        if (strcmp(w, "ldap-user") == 0) {
-            if (req->dn == NULL || strlen(req->dn) == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                              "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                              "require user: user's DN has not been defined; failing authorisation",
-                              getpid());
-                return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-            }
-            /*
-             * First do a whole-line compare, in case it's something like
-             *   require user Babs Jensen
-             */
-            result = util_ldap_cache_compare(r, ldc, sec->url, req->dn, sec->attribute, t);
-            switch(result) {
-                case LDAP_COMPARE_TRUE: {
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                  "require user: authorisation successful", getpid());
-                    return OK;
-                }
-                default: {
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "[%" APR_PID_T_FMT "] auth_ldap authorise: require user: "
-                                  "authorisation failed [%s][%s]", getpid(),
-                                  ldc->reason, ldap_err2string(result));
-                }
-            }
-            /*
-             * Now break apart the line and compare each word on it
-             */
-            while (t[0]) {
-                w = ap_getword_conf(r->pool, &t);
-                result = util_ldap_cache_compare(r, ldc, sec->url, req->dn, sec->attribute, w);
-                switch(result) {
-                    case LDAP_COMPARE_TRUE: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                      "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                      "require user: authorisation successful", getpid());
-                        return OK;
-                    }
-                    default: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                      "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                      "require user: authorisation failed [%s][%s]",
-                                      getpid(), ldc->reason, ldap_err2string(result));
-                    }
-                }
-            }
-        }
-        else if (strcmp(w, "ldap-dn") == 0) {
-            if (req->dn == NULL || strlen(req->dn) == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                              "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                              "require dn: user's DN has not been defined; failing authorisation",
-                              getpid());
-                return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-            }
-
-            result = util_ldap_cache_comparedn(r, ldc, sec->url, req->dn, t, sec->compare_dn_on_server);
-            switch(result) {
-                case LDAP_COMPARE_TRUE: {
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                  "require dn: authorisation successful", getpid());
-                    return OK;
-                }
-                default: {
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                  "require dn \"%s\": LDAP error [%s][%s]",
-                                  getpid(), t, ldc->reason, ldap_err2string(result));
-                }
-            }
-        }
-        else if (strcmp(w, "ldap-group") == 0) {
-            struct mod_auth_ldap_groupattr_entry_t *ent = (struct mod_auth_ldap_groupattr_entry_t *) sec->groupattr->elts;
-            int i;
-
-            if (sec->group_attrib_is_dn) {
-                if (req->dn == NULL || strlen(req->dn) == 0) {
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "[%" APR_PID_T_FMT "] auth_ldap authorise: require group: "
-                                  "user's DN has not been defined; failing authorisation",
-                                  getpid());
-                    return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-                }
-            }
-            else {
-                if (req->user == NULL || strlen(req->user) == 0) {
-                    /* We weren't called in the authentication phase, so we didn't have a
-                     * chance to set the user field. Do so now. */
-                    req->user = r->user;
-                }
-            }
-
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                          "[%" APR_PID_T_FMT "] auth_ldap authorise: require group: "
-                          "testing for group membership in \"%s\"",
-                          getpid(), t);
-
-            for (i = 0; i < sec->groupattr->nelts; i++) {
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                              "[%" APR_PID_T_FMT "] auth_ldap authorise: require group: "
-                              "testing for %s: %s (%s)", getpid(),
-                              ent[i].name, sec->group_attrib_is_dn ? req->dn : req->user, t);
-
-                result = util_ldap_cache_compare(r, ldc, sec->url, t, ent[i].name,
-                                     sec->group_attrib_is_dn ? req->dn : req->user);
-                switch(result) {
-                    case LDAP_COMPARE_TRUE: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                      "[%" APR_PID_T_FMT "] auth_ldap authorise: require group: "
-                                      "authorisation successful (attribute %s) [%s][%s]",
-                                      getpid(), ent[i].name, ldc->reason, ldap_err2string(result));
-                        return OK;
-                    }
-                    default: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                      "[%" APR_PID_T_FMT "] auth_ldap authorise: require group \"%s\": "
-                                      "authorisation failed [%s][%s]",
-                                      getpid(), t, ldc->reason, ldap_err2string(result));
-                    }
-                }
-            }
-        }
-        else if (strcmp(w, "ldap-attribute") == 0) {
-            if (req->dn == NULL || strlen(req->dn) == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                              "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                              "require ldap-attribute: user's DN has not been defined; failing authorisation",
-                              getpid());
-                return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-            }
-            while (t[0]) {
-                w = ap_getword(r->pool, &t, '=');
-                value = ap_getword_conf(r->pool, &t);
-
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                              "[%" APR_PID_T_FMT "] auth_ldap authorise: checking attribute"
-                              " %s has value %s", getpid(), w, value);
-                result = util_ldap_cache_compare(r, ldc, sec->url, req->dn,
-                                                 w, value);
-                switch(result) {
-                    case LDAP_COMPARE_TRUE: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG,
-                                      0, r, "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                      "require attribute: authorisation "
-                                      "successful", getpid());
-                        return OK;
-                    }
-                    default: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG,
-                                      0, r, "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                      "require attribute: authorisation "
-                                      "failed [%s][%s]", getpid(),
-                                      ldc->reason, ldap_err2string(result));
-                    }
-                }
-            }
-        }
-        else if (strcmp(w, "ldap-filter") == 0) {
-            if (req->dn == NULL || strlen(req->dn) == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                              "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                              "require ldap-filter: user's DN has not been defined; failing authorisation",
-                              getpid());
-                return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
-            }
-            if (t[0]) {
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                              "[%" APR_PID_T_FMT "] auth_ldap authorise: checking filter %s",
-                              getpid(), t);
-
-                /* Build the username filter */
-                authn_ldap_build_filter(filtbuf, r, req->user, t, sec);
-
-                /* Search for the user DN */
-                result = util_ldap_cache_getuserdn(r, ldc, sec->url, sec->basedn,
-                     sec->scope, sec->attributes, filtbuf, &dn, &vals);
-
-                /* Make sure that the filtered search returned the correct user dn */
-                if (result == LDAP_SUCCESS) {
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "[%" APR_PID_T_FMT "] auth_ldap authorise: checking dn match %s",
-                                  getpid(), dn);
-                    result = util_ldap_cache_comparedn(r, ldc, sec->url, req->dn, dn,
-                         sec->compare_dn_on_server);
-                }
-
-                switch(result) {
-                    case LDAP_COMPARE_TRUE: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG,
-                                      0, r, "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                      "require ldap-filter: authorisation "
-                                      "successful", getpid());
-                        return OK;
-                    }
-                    case LDAP_FILTER_ERROR: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG,
-                                      0, r, "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                      "require ldap-filter: %s authorisation "
-                                      "failed [%s][%s]", getpid(),
-                                      filtbuf, ldc->reason, ldap_err2string(result));
-                        break;
-                    }
-                    default: {
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG,
-                                      0, r, "[%" APR_PID_T_FMT "] auth_ldap authorise: "
-                                      "require ldap-filter: authorisation "
-                                      "failed [%s][%s]", getpid(),
-                                      ldc->reason, ldap_err2string(result));
-                    }
-                }
-            }
-        }
-    }
-
-    if (!method_restricted) {
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                      "[%" APR_PID_T_FMT "] auth_ldap authorise: agreeing because non-restricted",
-                      getpid());
-        return OK;
-    }
-
-    if (!sec->auth_authoritative) {
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                      "[%" APR_PID_T_FMT "] auth_ldap authorise: declining to authorise", getpid());
-        return DECLINED;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                  "[%" APR_PID_T_FMT "] auth_ldap authorise: authorisation denied", getpid());
-    ap_note_basic_auth_failure (r);
-
-    return HTTP_UNAUTHORIZED;
-}
-#endif
-
 static authz_status ldapuser_check_authorization(request_rec *r,
                                              const char *require_args)
 {

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c Fri Dec 30 17:12:27 2005
@@ -242,66 +242,6 @@
     return OK;
 }
 
-#if 0
-static int authz_dbd_check(request_rec *r)
-{
-    int i, x, rv;
-    const char *w;
-    int m = r->method_number;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
-    apr_array_header_t *groups = NULL;
-    const char *t;
-    authz_dbd_cfg *cfg = ap_get_module_config(r->per_dir_config,
-                                              &authz_dbd_module);
-
-    if (!reqs_arr) {
-        return DECLINED;
-    }
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
-
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-        if (!strcasecmp(w, "dbd-group")) {
-            if (groups == NULL) {
-                groups = apr_array_make(r->pool, 4, sizeof(const char*));
-                rv = authz_dbd_group_query(r, cfg, groups);
-                if (rv != OK) {
-                    return rv;
-                }
-            }
-            while (t[0]) {
-                w = ap_getword_white(r->pool, &t);
-                for (i=0; i < groups->nelts; ++i) {
-                    if (!strcmp(w, ((const char**)groups->elts)[i])) {
-                        return OK;
-                    }
-                }
-            }
-        }
-        else if (!strcasecmp(w, "dbd-login")) {
-            return authz_dbd_login(r, cfg, "login");
-        }
-        else if (!strcasecmp(w, "dbd-logout")) {
-            return authz_dbd_login(r, cfg, "logout");
-        }
-    }
-
-    if ((groups != NULL) && cfg->authoritative) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                   "authz_dbd: user %s denied access to %s",
-                   r->user, r->uri);
-        ap_note_auth_failure(r);
-        return HTTP_UNAUTHORIZED;
-    }
-    return DECLINED;
-}
-#endif
-
 static authz_status dbdgroup_check_authorization(request_rec *r,
                                               const char *require_args)
 {

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c Fri Dec 30 17:12:27 2005
@@ -130,139 +130,6 @@
     return retval;
 }
 
-#if 0
-/* Checking ID */
-static int dbm_check_auth(request_rec *r)
-{
-    authz_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config,
-                                                      &authz_dbm_module);
-    char *user = r->user;
-    int m = r->method_number;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
-    register int x;
-    const char *t;
-    char *w;
-    int required_group = 0;
-    const char *filegroup = NULL;
-    const char *orig_groups = NULL;
-    char *reason = NULL;
-
-    if (!conf->grpfile) {
-        return DECLINED;
-    }
-
-    if (!reqs_arr) {
-        return DECLINED;
-    }
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
-
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-
-        if (!strcasecmp(w, "file-group")) {
-            filegroup = apr_table_get(r->notes, AUTHZ_GROUP_NOTE);
-
-            if (!filegroup) {
-                /* mod_authz_owner is not present or not
-                 * authoritative. We are just a helper module for testing
-                 * group membership, so we don't care and decline.
-                 */
-                continue;
-            }
-        }
-
-        if (!strcasecmp(w, "group") || filegroup) {
-            const char *realm = ap_auth_name(r);
-            const char *groups;
-            char *v;
-
-            /* remember that actually a group is required */
-            required_group = 1;
-
-            /* fetch group data from dbm file only once. */
-            if (!orig_groups) {
-                apr_status_t status;
-
-                status = get_dbm_grp(r, apr_pstrcat(r->pool, user, ":", realm,
-                                                    NULL),
-                                     user,
-                                     conf->grpfile, conf->dbmtype, &groups);
-
-                if (status != APR_SUCCESS) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
-                                  "could not open dbm (type %s) group access "
-                                  "file: %s", conf->dbmtype, conf->grpfile);
-                    return HTTP_INTERNAL_SERVER_ERROR;
-                }
-
-                if (groups == NULL) {
-                    /* no groups available, so exit immediately */
-                    reason = apr_psprintf(r->pool,
-                                          "user doesn't appear in DBM group "
-                                          "file (%s).", conf->grpfile);
-                    break;
-                }
-
-                orig_groups = groups;
-            }
-
-            if (filegroup) {
-                groups = orig_groups;
-                while (groups[0]) {
-                    v = ap_getword(r->pool, &groups, ',');
-                    if (!strcmp(v, filegroup)) {
-                        return OK;
-                    }
-                }
-
-                if (conf->authoritative) {
-                    reason = apr_psprintf(r->pool,
-                                          "file group '%s' does not match.",
-                                          filegroup);
-                    break;
-                }
-
-                /* now forget the filegroup, thus alternatively require'd
-                   groups get a real chance */
-                filegroup = NULL;
-            }
-            else {
-                while (t[0]) {
-                    w = ap_getword_white(r->pool, &t);
-                    groups = orig_groups;
-                    while (groups[0]) {
-                        v = ap_getword(r->pool, &groups, ',');
-                        if (!strcmp(v, w)) {
-                            return OK;
-                        }
-                    }
-                }
-            }
-        }
-    }
-
-    /* No applicable "require group" for this method seen */
-    if (!required_group || !conf->authoritative) {
-        return DECLINED;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                  "Authorization of user %s to access %s failed, reason: %s",
-                  r->user, r->uri,
-                  reason ? reason : "user is not part of the "
-                                    "'require'ed group(s).");
-
-    ap_note_auth_failure(r);
-    return HTTP_UNAUTHORIZED;
-}
-#endif
-
 static authz_status dbmgroup_check_authorization(request_rec *r,
                                              const char *require_args)
 {

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c Fri Dec 30 17:12:27 2005
@@ -137,128 +137,6 @@
     return APR_SUCCESS;
 }
 
-#if 0
-/* Checking ID */
-
-static int check_user_access(request_rec *r)
-{
-    authz_groupfile_config_rec *conf = ap_get_module_config(r->per_dir_config,
-                                                      &authz_groupfile_module);
-    char *user = r->user;
-    int m = r->method_number;
-    int required_group = 0;
-    register int x;
-    const char *t, *w;
-    apr_table_t *grpstatus = NULL;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-    const char *filegroup = NULL;
-    char *reason = NULL;
-
-    /* If there is no group file - then we are not
-     * configured. So decline.
-     */
-    if (!(conf->groupfile)) {
-        return DECLINED;
-    }
-
-    if (!reqs_arr) {
-        return DECLINED; /* XXX change from legacy */
-    }
-
-    reqs = (require_line *)reqs_arr->elts;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
-
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-
-        /* needs mod_authz_owner to be present */
-        if (!strcasecmp(w, "file-group")) {
-            filegroup = apr_table_get(r->notes, AUTHZ_GROUP_NOTE);
-
-            if (!filegroup) {
-                /* mod_authz_owner is not present or not
-                 * authoritative. We are just a helper module for testing
-                 * group membership, so we don't care and decline.
-                 */
-                continue;
-            }
-        }
-
-        if (!strcasecmp(w, "group") || filegroup) {
-            required_group = 1; /* remember the requirement */
-
-            /* create group table only if actually needed. */
-            if (!grpstatus) {
-                apr_status_t status;
-
-                status = groups_for_user(r->pool, user, conf->groupfile,
-                                         &grpstatus);
-
-                if (status != APR_SUCCESS) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
-                                  "Could not open group file: %s",
-                                  conf->groupfile);
-                    return HTTP_INTERNAL_SERVER_ERROR;
-                }
-
-                if (apr_table_elts(grpstatus)->nelts == 0) {
-                    /* no groups available, so exit immediately */
-                    reason = apr_psprintf(r->pool,
-                                          "user doesn't appear in group file "
-                                          "(%s).", conf->groupfile);
-                    break;
-                }
-            }
-
-            if (filegroup) {
-                if (apr_table_get(grpstatus, filegroup)) {
-                    return OK;
-                }
-
-                if (conf->authoritative) {
-                    reason = apr_psprintf(r->pool,
-                                          "file group '%s' does not match.",
-                                          filegroup);
-                    break;
-                }
-
-                /* now forget the filegroup, thus alternatively require'd
-                   groups get a real chance */
-                filegroup = NULL;
-            }
-            else {
-                while (t[0]) {
-                    w = ap_getword_conf(r->pool, &t);
-                    if (apr_table_get(grpstatus, w)) {
-                        return OK;
-                    }
-                }
-            }
-        }
-    }
-
-    /* No applicable "require group" for this method seen */
-    if (!required_group || !conf->authoritative) {
-        return DECLINED;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                  "Authorization of user %s to access %s failed, reason: %s",
-                  r->user, r->uri,
-                  reason ? reason : "user is not part of the "
-                                    "'require'ed group(s).");
-
-    ap_note_auth_failure(r);
-    return HTTP_UNAUTHORIZED;
-}
-#endif
-
 static authz_status group_check_authorization(request_rec *r,
                                              const char *require_args)
 {

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c Fri Dec 30 17:12:27 2005
@@ -44,36 +44,7 @@
 #include <netinet/in.h>
 #endif
 
-/*
-enum allowdeny_type {
-    T_ENV,
-    T_ALL,
-    T_IP,
-    T_HOST,
-    T_FAIL
-};
-
-typedef struct {
-    apr_int64_t limited;
-    union {
-        char *from;
-        apr_ipsubnet_t *ip;
-    } x;
-    enum allowdeny_type type;
-} allowdeny;
-*/
-
-/* things in the 'order' array */
-/*
-#define DENY_THEN_ALLOW 0
-#define ALLOW_THEN_DENY 1
-#define MUTUAL_FAILURE 2
-*/
-
 typedef struct {
-/*    int order[METHODS];
-    apr_array_header_t *allows;
-    apr_array_header_t *denys; */
 	int dummy;  /* just here to stop compiler warnings for now. */
 } authz_host_dir_conf;
 
@@ -81,111 +52,14 @@
 
 static void *create_authz_host_dir_config(apr_pool_t *p, char *dummy)
 {
-/*    int i;*/
     authz_host_dir_conf *conf =
         (authz_host_dir_conf *)apr_pcalloc(p, sizeof(authz_host_dir_conf));
 
-/*
-    for (i = 0; i < METHODS; ++i) {
-        conf->order[i] = DENY_THEN_ALLOW;
-    }
-    conf->allows = apr_array_make(p, 1, sizeof(allowdeny));
-    conf->denys = apr_array_make(p, 1, sizeof(allowdeny));
-*/    
-
     return (void *)conf;
 }
 
-/*
-static const char *order(cmd_parms *cmd, void *dv, const char *arg)
-{
-    authz_host_dir_conf *d = (authz_host_dir_conf *) dv;
-    int i, o;
-
-    if (!strcasecmp(arg, "allow,deny"))
-        o = ALLOW_THEN_DENY;
-    else if (!strcasecmp(arg, "deny,allow"))
-        o = DENY_THEN_ALLOW;
-    else if (!strcasecmp(arg, "mutual-failure"))
-        o = MUTUAL_FAILURE;
-    else
-        return "unknown order";
-
-    for (i = 0; i < METHODS; ++i)
-        if (cmd->limited & (AP_METHOD_BIT << i))
-            d->order[i] = o;
-
-    return NULL;
-}
-*/
-
-/*
-static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from,
-                             const char *where_c)
-{
-    authz_host_dir_conf *d = (authz_host_dir_conf *) dv;
-    allowdeny *a;
-    char *where = apr_pstrdup(cmd->pool, where_c);
-    char *s;
-    char msgbuf[120];
-    apr_status_t rv;
-
-    if (strcasecmp(from, "from"))
-        return "allow and deny must be followed by 'from'";
-
-    a = (allowdeny *) apr_array_push(cmd->info ? d->allows : d->denys);
-    a->x.from = where;
-    a->limited = cmd->limited;
-
-    if (!strncasecmp(where, "env=", 4)) {
-        a->type = T_ENV;
-        a->x.from += 4;
-
-    }
-    else if (!strcasecmp(where, "all")) {
-        a->type = T_ALL;
-    }
-    else if ((s = ap_strchr(where, '/'))) {
-        *s++ = '\0';
-        rv = apr_ipsubnet_create(&a->x.ip, where, s, cmd->pool);
-        if(APR_STATUS_IS_EINVAL(rv)) {
-            /* looked nothing like an IP address *
-            return "An IP address was expected";
-        }
-        else if (rv != APR_SUCCESS) {
-            apr_strerror(rv, msgbuf, sizeof msgbuf);
-            return apr_pstrdup(cmd->pool, msgbuf);
-        }
-        a->type = T_IP;
-    }
-    else if (!APR_STATUS_IS_EINVAL(rv = apr_ipsubnet_create(&a->x.ip, where,
-                                                            NULL, cmd->pool))) {
-        if (rv != APR_SUCCESS) {
-            apr_strerror(rv, msgbuf, sizeof msgbuf);
-            return apr_pstrdup(cmd->pool, msgbuf);
-        }
-        a->type = T_IP;
-    }
-    else { /* no slash, didn't look like an IP address => must be a host *
-        a->type = T_HOST;
-    }
-
-    return NULL;
-}
-*/
-
-/*static char its_an_allow;*/
-
 static const command_rec authz_host_cmds[] =
 {
-/*
-    AP_INIT_TAKE1("order", order, NULL, OR_LIMIT,
-                  "'allow,deny', 'deny,allow', or 'mutual-failure'"),
-    AP_INIT_ITERATE2("allow", allow_cmd, &its_an_allow, OR_LIMIT,
-                     "'from' followed by hostnames or IP-address wildcards"),
-    AP_INIT_ITERATE2("deny", allow_cmd, NULL, OR_LIMIT,
-                     "'from' followed by hostnames or IP-address wildcards"),
-*/                     
     {NULL}
 };
 
@@ -216,113 +90,6 @@
     }
 }
 
-/*
-static int find_allowdeny(request_rec *r, apr_array_header_t *a, int method)
-{
-
-    allowdeny *ap = (allowdeny *) a->elts;
-    apr_int64_t mmask = (AP_METHOD_BIT << method);
-    int i;
-    int gothost = 0;
-    const char *remotehost = NULL;
-
-    for (i = 0; i < a->nelts; ++i) {
-        if (!(mmask & ap[i].limited)) {
-            continue;
-        }
-
-        switch (ap[i].type) {
-        case T_ENV:
-            if (apr_table_get(r->subprocess_env, ap[i].x.from)) {
-                return 1;
-            }
-            break;
-
-        case T_ALL:
-            return 1;
-
-        case T_IP:
-            if (apr_ipsubnet_test(ap[i].x.ip, r->connection->remote_addr)) {
-                return 1;
-            }
-            break;
-
-        case T_HOST:
-            if (!gothost) {
-                int remotehost_is_ip;
-
-                remotehost = ap_get_remote_host(r->connection,
-                                                r->per_dir_config,
-                                                REMOTE_DOUBLE_REV,
-                                                &remotehost_is_ip);
-
-                if ((remotehost == NULL) || remotehost_is_ip) {
-                    gothost = 1;
-                }
-                else {
-                    gothost = 2;
-                }
-            }
-
-            if ((gothost == 2) && in_domain(ap[i].x.from, remotehost)) {
-                return 1;
-            }
-            break;
-
-        case T_FAIL:
-            /* do nothing? *
-            break;
-        }
-    }
-
-    return 0;
-}
-
-static int check_dir_access(request_rec *r)
-{
-    int method = r->method_number;
-    int ret = OK;
-    authz_host_dir_conf *a = (authz_host_dir_conf *)
-        ap_get_module_config(r->per_dir_config, &authz_host_module);
-
-    if (a->order[method] == ALLOW_THEN_DENY) {
-        ret = HTTP_FORBIDDEN;
-        if (find_allowdeny(r, a->allows, method)) {
-            ret = OK;
-        }
-        if (find_allowdeny(r, a->denys, method)) {
-            ret = HTTP_FORBIDDEN;
-        }
-    }
-    else if (a->order[method] == DENY_THEN_ALLOW) {
-        if (find_allowdeny(r, a->denys, method)) {
-            ret = HTTP_FORBIDDEN;
-        }
-        if (find_allowdeny(r, a->allows, method)) {
-            ret = OK;
-        }
-    }
-    else {
-        if (find_allowdeny(r, a->allows, method)
-            && !find_allowdeny(r, a->denys, method)) {
-            ret = OK;
-        }
-        else {
-            ret = HTTP_FORBIDDEN;
-        }
-    }
-
-    if (ret == HTTP_FORBIDDEN
-        && (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-            "client denied by server configuration: %s",
-            r->filename);
-    }
-
-    return ret;
-}
-*/
-
 static authz_status env_check_authorization(request_rec *r, const char *require_line)
 {
     const char *t, *w;
@@ -485,9 +252,6 @@
                          &authz_host_provider);
     ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "all", "0",
                          &authz_all_provider);
-
-    /* This can be access checker since we don't require r->user to be set. */
-/*    ap_hook_access_checker(check_dir_access,NULL,NULL,APR_HOOK_MIDDLE); */
 }
 
 module AP_MODULE_DECLARE_DATA authz_host_module =

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c Fri Dec 30 17:12:27 2005
@@ -48,178 +48,6 @@
 
 module AP_MODULE_DECLARE_DATA authz_owner_module;
 
-#if 0
-static int check_file_owner(request_rec *r)
-{
-    authz_owner_config_rec *conf = ap_get_module_config(r->per_dir_config,
-                                                        &authz_owner_module);
-    int m = r->method_number;
-    register int x;
-    const char *t, *w;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-    int required_owner = 0;
-    apr_status_t status = 0;
-    char *reason = NULL;
-
-    if (!reqs_arr) {
-        return DECLINED;
-    }
-
-    reqs = (require_line *)reqs_arr->elts;
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        /* if authoritative = On then break if a require already failed. */
-        if (reason && conf->authoritative) {
-            break;
-        }
-
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
-
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-
-        if (!strcmp(w, "file-owner")) {
-#if !APR_HAS_USER
-            if ((required_owner & ~1) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 1; /* remember the requirement */
-            reason = "'Require file-owner' is not supported on this platform.";
-            continue;
-#else  /* APR_HAS_USER */
-            char *owner = NULL;
-            apr_finfo_t finfo;
-
-            if ((required_owner & ~1) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 1; /* remember the requirement */
-
-            if (!r->filename) {
-                reason = "no filename available";
-                continue;
-            }
-
-            status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
-            if (status != APR_SUCCESS) {
-                reason = apr_pstrcat(r->pool, "could not stat file ",
-                                     r->filename, NULL);
-                continue;
-            }
-
-            if (!(finfo.valid & APR_FINFO_USER)) {
-                reason = "no file owner information available";
-                continue;
-            }
-
-            status = apr_uid_name_get(&owner, finfo.user, r->pool);
-            if (status != APR_SUCCESS || !owner) {
-                reason = "could not get name of file owner";
-                continue;
-            }
-
-            if (strcmp(owner, r->user)) {
-                reason = apr_psprintf(r->pool, "file owner %s does not match.",
-                                      owner);
-                continue;
-            }
-
-            /* this user is authorized */
-            return OK;
-#endif /* APR_HAS_USER */
-        }
-
-        /* file-group only figures out the file's group and lets
-         * other modules do the actual authorization (against a group file/db).
-         * Thus, these modules have to hook themselves after
-         * mod_authz_owner and of course recognize 'file-group', too.
-         */
-        if (!strcmp(w, "file-group")) {
-#if !APR_HAS_USER
-            if ((required_owner & ~6) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 2; /* remember the requirement */
-            reason = "'Require file-group' is not supported on this platform.";
-            continue;
-#else  /* APR_HAS_USER */
-            char *group = NULL;
-            apr_finfo_t finfo;
-
-            if ((required_owner & ~6) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 2; /* remember the requirement */
-
-            if (!r->filename) {
-                reason = "no filename available";
-                continue;
-            }
-
-            status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
-            if (status != APR_SUCCESS) {
-                reason = apr_pstrcat(r->pool, "could not stat file ",
-                                     r->filename, NULL);
-                continue;
-            }
-
-            if (!(finfo.valid & APR_FINFO_GROUP)) {
-                reason = "no file group information available";
-                continue;
-            }
-
-            status = apr_gid_name_get(&group, finfo.group, r->pool);
-            if (status != APR_SUCCESS || !group) {
-                reason = "could not get name of file group";
-                continue;
-            }
-
-            /* store group name in a note and let others decide... */
-            apr_table_setn(r->notes, AUTHZ_GROUP_NOTE, group);
-            required_owner |= 4;
-            continue;
-#endif /* APR_HAS_USER */
-        }
-    }
-
-    if (!required_owner || !conf->authoritative) {
-        return DECLINED;
-    }
-
-    /* allow file-group passed to group db modules either if this is the
-     * only applicable requirement here or if a file-owner failed but we're
-     * not authoritative.
-     * This allows configurations like:
-     *
-     * AuthzOwnerAuthoritative Off
-     * require file-owner
-     * require file-group
-     *
-     * with the semantical meaning of "either owner or group must match"
-     * (inclusive or)
-     *
-     * [ 6 == 2 | 4; 7 == 1 | 2 | 4 ] should I use #defines instead?
-     */
-    if (required_owner == 6 || (required_owner == 7 && !conf->authoritative)) {
-        return DECLINED;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
-                  "Authorization of user %s to access %s failed, reason: %s",
-                  r->user, r->uri, reason ? reason : "unknown");
-
-    ap_note_auth_failure(r);
-    return HTTP_UNAUTHORIZED;
-}
-#endif
-
 static authz_status fileowner_check_authorization(request_rec *r,
                                              const char *require_args)
 {

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c Fri Dec 30 17:12:27 2005
@@ -45,71 +45,6 @@
 
 module AP_MODULE_DECLARE_DATA authz_user_module;
 
-#if 0
-static int check_user_access(request_rec *r)
-{
-    authz_user_config_rec *conf = ap_get_module_config(r->per_dir_config,
-                                                       &authz_user_module);
-    char *user = r->user;
-    int m = r->method_number;
-    int required_user = 0;
-    register int x;
-    const char *t, *w;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-
-    /* BUG FIX: tadc, 11-Nov-1995.  If there is no "requires" directive,
-     * then any user will do.
-     */
-    if (!reqs_arr) {
-        return DECLINED;
-    }
-    reqs = (require_line *)reqs_arr->elts;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
-
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-        if (!strcasecmp(w, "valid-user")) {
-            return OK;
-        }
-        if (!strcasecmp(w, "user")) {
-            /* And note that there are applicable requirements
-             * which we consider ourselves the owner of.
-             */
-            required_user = 1;
-            while (t[0]) {
-                w = ap_getword_conf(r->pool, &t);
-                if (!strcmp(user, w)) {
-                    return OK;
-                }
-            }
-        }
-    }
-
-    if (!required_user) {
-        /* no applicable requirements */
-        return DECLINED;
-    }
-
-    if (!conf->authoritative) {
-        return DECLINED;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                  "access to %s failed, reason: user '%s' does not meet "
-                  "'require'ments for user/valid-user to be allowed access",
-                  r->uri, user);
-
-    ap_note_auth_failure(r);
-    return HTTP_UNAUTHORIZED;
-}
-#endif
-
 static authz_status user_check_authorization(request_rec *r,
                                              const char *require_args)
 {

Modified: httpd/httpd/branches/authz-dev/server/core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/server/core.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/server/core.c (original)
+++ httpd/httpd/branches/authz-dev/server/core.c Fri Dec 30 17:12:27 2005
@@ -99,7 +99,6 @@
 static void *create_core_dir_config(apr_pool_t *a, char *dir)
 {
     core_dir_config *conf;
-/*    int i;*/
 
     conf = (core_dir_config *)apr_pcalloc(a, sizeof(core_dir_config));
 
@@ -118,12 +117,6 @@
     conf->use_canonical_phys_port = USE_CANONICAL_PHYS_PORT_UNSET;
 
     conf->hostname_lookups = HOSTNAME_LOOKUP_UNSET;
-/*
-    conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
-    for (i = 0; i < METHODS; ++i) {
-        conf->satisfy[i] = SATISFY_NOSPEC;
-    }
-*/    
 
 #ifdef RLIMIT_CPU
     conf->limit_cpu = NULL;
@@ -348,17 +341,6 @@
     /* Otherwise we simply use the base->sec_file array
      */
 
-    /* use a separate ->satisfy[] array either way */
-/*    conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
-    for (i = 0; i < METHODS; ++i) {
-        if (new->satisfy[i] != SATISFY_NOSPEC) {
-            conf->satisfy[i] = new->satisfy[i];
-        } else {
-            conf->satisfy[i] = base->satisfy[i];
-        }
-    }
-*/    
-
     if (new->server_signature != srv_sig_unset) {
         conf->server_signature = new->server_signature;
     }
@@ -662,18 +644,6 @@
 }
 
 /*
-AP_DECLARE(const char *) ap_auth_type(request_rec *r)
-{
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-    &core_module);
-
-    return conf->ap_auth_type;
-}
-*/
-
-/*
  * Optional function coming from mod_ident, used for looking up ident user
  */
 static APR_OPTIONAL_FN_TYPE(authn_ap_auth_type) *authn_ap_auth_type;
@@ -687,18 +657,6 @@
 }
 
 /*
-AP_DECLARE(const char *) ap_auth_name(request_rec *r)
-{
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-    &core_module);
-
-    return conf->ap_auth_name;
-}
-*/
-
-/*
  * Optional function coming from mod_ident, used for looking up ident user
  */
 static APR_OPTIONAL_FN_TYPE(authn_ap_auth_name) *authn_ap_auth_name;
@@ -733,32 +691,6 @@
     return conf->ap_document_root;
 }
 
-/*
- * Optional function coming from mod_ident, used for looking up ident user
- *
-static APR_OPTIONAL_FN_TYPE(authz_ap_requires) *authz_ap_requires;
-
-AP_DECLARE(const apr_array_header_t *) ap_requires(request_rec *r)
-{
-    if (authz_ap_requires) {
-        return authz_ap_requires(r);
-    }
-    return NULL;
-}
-*/
-
-/*
-AP_DECLARE(int) ap_satisfies(request_rec *r)
-{
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
-
-    return conf->satisfy[r->method_number];
-}
-*/
-
 /* Should probably just get rid of this... the only code that cares is
  * part of the core anyway (and in fact, it isn't publicised to other
  * modules).
@@ -1686,32 +1618,6 @@
     return NULL;
 }
 
-/*
-static const char *satisfy(cmd_parms *cmd, void *c_, const char *arg)
-{
-    core_dir_config *c = c_;
-    int satisfy = SATISFY_NOSPEC;
-    int i;
-
-    if (!strcasecmp(arg, "all")) {
-        satisfy = SATISFY_ALL;
-    }
-    else if (!strcasecmp(arg, "any")) {
-        satisfy = SATISFY_ANY;
-    }
-    else {
-        return "Satisfy either 'any' or 'all'.";
-    }
-
-    for (i = 0; i < METHODS; ++i) {
-        if (cmd->limited & (AP_METHOD_BIT << i)) {
-            c->satisfy[i] = satisfy;
-        }
-    }
-
-    return NULL;
-}
-*/
 
 /*
  * Report a missing-'>' syntax error.
@@ -3227,10 +3133,6 @@
   "specified URL paths"),
 AP_INIT_RAW_ARGS("<FilesMatch", filesection, (void*)1, OR_ALL,
   "Container for directives affecting files matching specified patterns"),
-/*
-AP_INIT_TAKE1("Satisfy", satisfy, NULL, OR_AUTHCFG,
-  "access policy if both allow and require used ('all' or 'any')"),
-*/  
 #ifdef GPROF
 AP_INIT_TAKE1("GprofDir", set_gprof_dir, NULL, RSRC_CONF,
   "Directory to plop gmon.out files"),
@@ -3719,7 +3621,6 @@
 {
     logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
     ident_lookup = APR_RETRIEVE_OPTIONAL_FN(ap_ident_lookup);
-/*    authz_ap_requires = APR_RETRIEVE_OPTIONAL_FN(authz_ap_requires); */
     authz_ap_some_auth_required = APR_RETRIEVE_OPTIONAL_FN(authz_some_auth_required);
     authn_ap_auth_type = APR_RETRIEVE_OPTIONAL_FN(authn_ap_auth_type);
     authn_ap_auth_name = APR_RETRIEVE_OPTIONAL_FN(authn_ap_auth_name);

Modified: httpd/httpd/branches/authz-dev/server/request.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/server/request.c?rev=360213&r1=360212&r2=360213&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/server/request.c (original)
+++ httpd/httpd/branches/authz-dev/server/request.c Fri Dec 30 17:12:27 2005
@@ -195,53 +195,6 @@
             return decl_die(access_status, "check authorization", r);
         }
 
-/*
-        switch (ap_satisfies(r)) {
-        case SATISFY_ALL:
-        case SATISFY_NOSPEC:
-            if ((access_status = ap_run_access_checker(r)) != 0) {
-                return decl_die(access_status, "check access", r);
-            }
-
-            if (((access_status = ap_run_check_user_id(r)) != 0)
-                || !ap_auth_type(r)) {
-                return decl_die(access_status, ap_auth_type(r)
-                              ? "check user.  No user file?"
-                              : "perform authentication. AuthType not set!",
-                              r);
-            }
-
-            if (((access_status = ap_run_auth_checker(r)) != 0)
-                || !ap_auth_type(r)) {
-                return decl_die(access_status, ap_auth_type(r)
-                              ? "check access.  No groups file?"
-                              : "perform authentication. AuthType not set!",
-                               r);
-            }
-            break;
-
-        case SATISFY_ANY:
-            if (((access_status = ap_run_access_checker(r)) != 0)) {
-
-                if (((access_status = ap_run_check_user_id(r)) != 0)
-                    || !ap_auth_type(r)) {
-                    return decl_die(access_status, ap_auth_type(r)
-                                  ? "check user.  No user file?"
-                                  : "perform authentication. AuthType not set!",
-                                  r);
-                }
-
-                if (((access_status = ap_run_auth_checker(r)) != 0)
-                    || !ap_auth_type(r)) {
-                    return decl_die(access_status, ap_auth_type(r)
-                                  ? "check access.  No groups file?"
-                                  : "perform authentication. AuthType not set!",
-                                  r);
-                }
-            }
-            break;
-        }
-*/        
     }
     /* XXX Must make certain the ap_run_type_checker short circuits mime
      * in mod-proxy for r->proxyreq && r->parsed_uri.scheme



Mime
View raw message