httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r367678 - in /httpd/httpd/branches/authz-dev: docs/manual/howto/auth.xml docs/manual/mod/mod_authz_core.xml modules/aaa/mod_authz_core.c
Date Tue, 10 Jan 2006 16:35:13 GMT
Author: bnicholes
Date: Tue Jan 10 08:35:10 2006
New Revision: 367678

URL: http://svn.apache.org/viewcvs?rev=367678&view=rev
Log:
Change <RequireAll><RequireOne> to <SatisfyAll><SatisfyOne>.  The
keyword 'Satisfy' seems to fit a little better since the blocks can contain both 'Require'
and 'Reject' directives

Modified:
    httpd/httpd/branches/authz-dev/docs/manual/howto/auth.xml
    httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_core.xml
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c

Modified: httpd/httpd/branches/authz-dev/docs/manual/howto/auth.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/howto/auth.xml?rev=367678&r1=367677&r2=367678&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/howto/auth.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/howto/auth.xml Tue Jan 10 08:35:10 2006
@@ -380,24 +380,24 @@
     you can specify just part of an address or domain name:</p>
 
     <example>
-      &lt;RequireAll&gt;<br />
+      &lt;SatisfyAll&gt;<br />
       &nbsp;  Reject ip <var>192.101.205</var><br />
       &nbsp;  Reject host <var>cyberthugs.com</var> <var>moreidiots.com</var><br
/>
       &nbsp;  Reject host ke<br />
-      &lt;/RequireAll&gt;
+      &lt;/SatisfyAll&gt;
     </example>
 
     <p>Using the <directive module="mod_authz_host">Reject</directive>
directive
-    inside of a <directive module="mod_authz_core">&lt;RequireAll&gt;</directive>
+    inside of a <directive module="mod_authz_core">&lt;SatisfyAll&gt;</directive>
     block, will let you be sure that you are actually restricting things to 
     only the group that you want to let in.</p>
 
     <p>The above example uses the <directive module="mod_authz_core">
-    &lt;RequireAll&gt;</directive> block to make sure that all of the 
+    &lt;SatisfyAll&gt;</directive> block to make sure that all of the 
     <directive module="mod_authz_host">Reject</directive> directives are 
     satisfied before granting access. The <directive module="mod_authz_core">
-    &lt;RequireAll&gt;</directive> block as well as the 
-    <directive module="mod_authz_core">&lt;RequireOne&gt;</directive>
block 
+    &lt;SatisfyAll&gt;</directive> block as well as the 
+    <directive module="mod_authz_core">&lt;SatisfyOne&gt;</directive>
block 
     allow you to apply "AND" and "OR" logic to the authorization processing. 
     For example the following authorization block would apply the logic:</p>
 
@@ -418,14 +418,14 @@
     &nbsp;  AuthBasicProvider ...<br />
     &nbsp;  ...<br />
     &nbsp;  Require user John<br />
-    &nbsp;  &lt;RequireAll&gt;<br />
+    &nbsp;  &lt;SatisfyAll&gt;<br />
     &nbsp;&nbsp;    Require Group admins<br />
     &nbsp;&nbsp;    Require ldap-group cn=mygroup,o=foo<br />
-    &nbsp;&nbsp;    &lt;RequireOne&gt;<br />
+    &nbsp;&nbsp;    &lt;SatisfyOne&gt;<br />
     &nbsp;&nbsp;&nbsp;      Require ldap-attribute dept="sales"<br />
     &nbsp;&nbsp;&nbsp;      Require file-group<br />
-    &nbsp;&nbsp;    &lt;/RequireOne&gt;<br />
-    &nbsp;  &lt;/RequireAll&gt;<br />
+    &nbsp;&nbsp;    &lt;/SatisfyOne&gt;<br />
+    &nbsp;  &lt;/SatisfyAll&gt;<br />
     &lt;/Directory&gt;<br />
     </example>
 

Modified: httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_core.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_core.xml?rev=367678&r1=367677&r2=367678&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_core.xml (original)
+++ httpd/httpd/branches/authz-dev/docs/manual/mod/mod_authz_core.xml Tue Jan 10 08:35:10
2006
@@ -134,25 +134,25 @@
 </directivesynopsis>
 
 <directivesynopsis type="section">
-<name>RequireAll</name>
+<name>SatisfyAll</name>
 <description>Enclose a group of authorization directives that must all
 be satisfied in order to grant access to a resource.  This block allows
 for 'AND' logic to be applied to various authorization providers.</description>
-<syntax>&lt;RequireAll&gt;
-... &lt;/RequireAll&gt;</syntax>
+<syntax>&lt;SatisfyAll&gt;
+... &lt;/SatisfyAll&gt;</syntax>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>
 
 <usage>
-    <p><directive type="section">RequireAll</directive> and
-    <code>&lt;/RequireAll&gt;</code> are used to enclose a group of
+    <p><directive type="section">SatisfyAll</directive> and
+    <code>&lt;/SatisfyAll&gt;</code> are used to enclose a group of
     authorization directives that must all be satisfied in order to 
     grant access to a resource.</p>
 
     <p>The <directive module="mod_authz_core">
-    &lt;RequireAll&gt;</directive> block as well as the 
-    <directive module="mod_authz_core">&lt;RequireOne&gt;</directive>
block 
+    &lt;SatisfyAll&gt;</directive> block as well as the 
+    <directive module="mod_authz_core">&lt;SatisfyOne&gt;</directive>
block 
     allow you to apply "AND" and "OR" logic to the authorization processing. 
     For example the following authorization block would apply the logic:</p>
 
@@ -173,14 +173,14 @@
     &nbsp;  AuthBasicProvider ...<br />
     &nbsp;  ...<br />
     &nbsp;  Require user John<br />
-    &nbsp;  &lt;RequireAll&gt;<br />
+    &nbsp;  &lt;SatisfyAll&gt;<br />
     &nbsp;&nbsp;    Require Group admins<br />
     &nbsp;&nbsp;    Require ldap-group cn=mygroup,o=foo<br />
-    &nbsp;&nbsp;    &lt;RequireOne&gt;<br />
+    &nbsp;&nbsp;    &lt;SatisfyOne&gt;<br />
     &nbsp;&nbsp;&nbsp;      Require ldap-attribute dept="sales"<br />
     &nbsp;&nbsp;&nbsp;      Require file-group<br />
-    &nbsp;&nbsp;    &lt;/RequireOne&gt;<br />
-    &nbsp;  &lt;/RequireAll&gt;<br />
+    &nbsp;&nbsp;    &lt;/SatisfyOne&gt;<br />
+    &nbsp;  &lt;/SatisfyAll&gt;<br />
     &lt;/Directory&gt;<br />
     </example>
 
@@ -192,25 +192,25 @@
 </directivesynopsis>
 
 <directivesynopsis type="section">
-<name>RequireOne</name>
+<name>SatisfyOne</name>
 <description>Enclose a group of authorization directives that must 
 satisfy at least one in order to grant access to a resource.  This 
 block allows for 'OR' logic to be applied to various authorization 
 providers.</description>
-<syntax>&lt;RequireOne&gt;
-... &lt;/RequireOne&gt;</syntax>
+<syntax>&lt;SatisfyOne&gt;
+... &lt;/SatisfyOne&gt;</syntax>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>
 
 <usage>
-    <p><directive type="section">RequireOne</directive> and
-    <code>&lt;/RequireOne&gt;</code> are used to enclose a group of
+    <p><directive type="section">SatisfyOne</directive> and
+    <code>&lt;/SatisfyOne&gt;</code> are used to enclose a group of
     authorization directives that must satisfy at least one in order to 
     grant access to a resource.</p>
 
     <p>See the <directive module="mod_authz_core">
-    &lt;RequireAll&gt;</directive> directive for a usage example.</p>
+    &lt;SatisfyAll&gt;</directive> directive for a usage example.</p>
 
 </usage>
 

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c?rev=367678&r1=367677&r2=367678&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c Tue Jan 10 08:35:10 2006
@@ -70,15 +70,15 @@
    is even necessary.  This was used in authn to support
    authn_alias.  Is there a need for an authz_alias?
 X- Remove the Satisfy directive functionality and replace it with the
-   <RequireAll>, <RequireOne> directives
+   <SatisfyAll>, <SatisfyOne> directives
 X- Remove the Satisfy directive 
-X- Implement the <RequireAll> <RequireOne> block directives
+X- Implement the <SatisfyAll> <SatisfyOne> block directives
    to handle the 'and' and 'or' logic for authorization.
 X- Remove the AuthzXXXAuthoritative directives from all of
    the authz providers
 X- Implement the Reject directive that will deny authorization
    if the argument is true
-X- Fold the Reject directive into the <RequireAll> <RequireOne>
+X- Fold the Reject directive into the <SatisfyAll> <SatisfyOne>
    logic
 X- Reimplement the host based authorization 'allow', 'deny'
    and 'order' as authz providers   
@@ -414,7 +414,7 @@
        the req_state and the level will allow it to traverse the list to find
        the last element in the provider calling list. */
     old_reqstate = conf->req_state;
-    if (strcasecmp (cmd->directive->directive, "<RequireAll") == 0) {
+    if (strcasecmp (cmd->directive->directive, "<SatisfyAll") == 0) {
         conf->req_state = AUTHZ_REQSTATE_ALL;
     }
     else {
@@ -445,10 +445,10 @@
     AP_INIT_RAW_ARGS("<RequireAlias", authz_require_alias_section, NULL, RSRC_CONF,
                      "Container for authorization directives grouped under "
                      "an authz provider alias"),
-    AP_INIT_RAW_ARGS("<RequireAll", authz_require_section, NULL, OR_AUTHCFG,
+    AP_INIT_RAW_ARGS("<SatisfyAll", authz_require_section, NULL, OR_AUTHCFG,
                      "Container for grouping require statements that must all " 
                      "succeed for authorization to be granted"),
-    AP_INIT_RAW_ARGS("<RequireOne", authz_require_section, NULL, OR_AUTHCFG,
+    AP_INIT_RAW_ARGS("<SatisfyOne", authz_require_section, NULL, OR_AUTHCFG,
                      "Container for grouping require statements of which one " 
                      "must succeed for authorization to be granted"),
     {NULL}



Mime
View raw message