httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject svn commit: r368027 [3/3] - in /httpd/httpd/trunk: docs/conf/ docs/conf/extra/ docs/manual/developer/ docs/manual/mod/ include/ modules/aaa/ server/
Date Wed, 11 Jan 2006 14:31:02 GMT
Modified: httpd/httpd/trunk/modules/aaa/mod_authz_owner.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/aaa/mod_authz_owner.c?rev=368027&r1=368026&r2=368027&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_owner.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_owner.c Wed Jan 11 06:30:28 2006
@@ -19,6 +19,7 @@
 #include "apr_user.h"
 
 #include "ap_config.h"
+#include "ap_provider.h"
 #include "httpd.h"
 #include "http_config.h"
 #include "http_core.h"
@@ -29,202 +30,155 @@
 #include "mod_auth.h"     /* for AUTHZ_GROUP_NOTE */
 
 typedef struct {
-    int authoritative;
 } authz_owner_config_rec;
 
+APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
+
 static void *create_authz_owner_dir_config(apr_pool_t *p, char *d)
 {
     authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf));
 
-    conf->authoritative = 1; /* keep the fortress secure by default */
     return conf;
 }
 
 static const command_rec authz_owner_cmds[] =
 {
-    AP_INIT_FLAG("AuthzOwnerAuthoritative", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authz_owner_config_rec, authoritative),
-                 OR_AUTHCFG,
-                 "Set to 'Off' to allow access control to be passed along to "
-                 "lower modules. (default is On.)"),
     {NULL}
 };
 
 module AP_MODULE_DECLARE_DATA authz_owner_module;
 
-static int check_file_owner(request_rec *r)
+static authz_status fileowner_check_authorization(request_rec *r,
+                                             const char *require_args)
 {
-    authz_owner_config_rec *conf = ap_get_module_config(r->per_dir_config,
-                                                        &authz_owner_module);
-    int m = r->method_number;
-    register int x;
-    const char *t, *w;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-    int required_owner = 0;
-    apr_status_t status = 0;
     char *reason = NULL;
+    apr_status_t status = 0;
 
-    if (!reqs_arr) {
-        return DECLINED;
-    }
-
-    reqs = (require_line *)reqs_arr->elts;
-    for (x = 0; x < reqs_arr->nelts; x++) {
+#if !APR_HAS_USER
+    reason = "'Require file-owner' is not supported on this platform.";
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                  "Authorization of user %s to access %s failed, reason: %s",
+                  r->user, r->uri, reason ? reason : "unknown");
+    return AUTHZ_DENIED;
+#else  /* APR_HAS_USER */
+    char *owner = NULL;
+    apr_finfo_t finfo;
 
-        /* if authoritative = On then break if a require already failed. */
-        if (reason && conf->authoritative) {
-            break;
-        }
+    if (!r->filename) {
+        reason = "no filename available";
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return AUTHZ_DENIED;
+    }
 
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
+    status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
+    if (status != APR_SUCCESS) {
+        reason = apr_pstrcat(r->pool, "could not stat file ",
+                                r->filename, NULL);
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return AUTHZ_DENIED;
+    }
 
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
+    if (!(finfo.valid & APR_FINFO_USER)) {
+        reason = "no file owner information available";
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return AUTHZ_DENIED;
+    }
 
-        if (!strcmp(w, "file-owner")) {
-#if !APR_HAS_USER
-            if ((required_owner & ~1) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 1; /* remember the requirement */
-            reason = "'Require file-owner' is not supported on this platform.";
-            continue;
-#else  /* APR_HAS_USER */
-            char *owner = NULL;
-            apr_finfo_t finfo;
+    status = apr_uid_name_get(&owner, finfo.user, r->pool);
+    if (status != APR_SUCCESS || !owner) {
+        reason = "could not get name of file owner";
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return AUTHZ_DENIED;
+    }
 
-            if ((required_owner & ~1) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 1; /* remember the requirement */
-
-            if (!r->filename) {
-                reason = "no filename available";
-                continue;
-            }
-
-            status = apr_stat(&finfo, r->filename, APR_FINFO_USER, r->pool);
-            if (status != APR_SUCCESS) {
-                reason = apr_pstrcat(r->pool, "could not stat file ",
-                                     r->filename, NULL);
-                continue;
-            }
-
-            if (!(finfo.valid & APR_FINFO_USER)) {
-                reason = "no file owner information available";
-                continue;
-            }
-
-            status = apr_uid_name_get(&owner, finfo.user, r->pool);
-            if (status != APR_SUCCESS || !owner) {
-                reason = "could not get name of file owner";
-                continue;
-            }
-
-            if (strcmp(owner, r->user)) {
-                reason = apr_psprintf(r->pool, "file owner %s does not match.",
-                                      owner);
-                continue;
-            }
+    if (strcmp(owner, r->user)) {
+        reason = apr_psprintf(r->pool, "file owner %s does not match.",
+                                owner);
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return AUTHZ_DENIED;
+    }
 
-            /* this user is authorized */
-            return OK;
+    /* this user is authorized */
+    return AUTHZ_GRANTED;
 #endif /* APR_HAS_USER */
-        }
+}
+
+static char *authz_owner_get_file_group(request_rec *r)
+{
+    char *reason = NULL;
 
-        /* file-group only figures out the file's group and lets
-         * other modules do the actual authorization (against a group file/db).
-         * Thus, these modules have to hook themselves after
-         * mod_authz_owner and of course recognize 'file-group', too.
-         */
-        if (!strcmp(w, "file-group")) {
+    /* file-group only figures out the file's group and lets
+    * other modules do the actual authorization (against a group file/db).
+    * Thus, these modules have to hook themselves after
+    * mod_authz_owner and of course recognize 'file-group', too.
+    */
 #if !APR_HAS_USER
-            if ((required_owner & ~6) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 2; /* remember the requirement */
-            reason = "'Require file-group' is not supported on this platform.";
-            continue;
+    return NULL;
 #else  /* APR_HAS_USER */
-            char *group = NULL;
-            apr_finfo_t finfo;
+    char *group = NULL;
+    apr_finfo_t finfo;
+    apr_status_t status = 0;
 
-            if ((required_owner & ~6) && conf->authoritative) {
-                break;
-            }
-
-            required_owner |= 2; /* remember the requirement */
-
-            if (!r->filename) {
-                reason = "no filename available";
-                continue;
-            }
-
-            status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
-            if (status != APR_SUCCESS) {
-                reason = apr_pstrcat(r->pool, "could not stat file ",
-                                     r->filename, NULL);
-                continue;
-            }
-
-            if (!(finfo.valid & APR_FINFO_GROUP)) {
-                reason = "no file group information available";
-                continue;
-            }
-
-            status = apr_gid_name_get(&group, finfo.group, r->pool);
-            if (status != APR_SUCCESS || !group) {
-                reason = "could not get name of file group";
-                continue;
-            }
-
-            /* store group name in a note and let others decide... */
-            apr_table_setn(r->notes, AUTHZ_GROUP_NOTE, group);
-            required_owner |= 4;
-            continue;
-#endif /* APR_HAS_USER */
-        }
+    if (!r->filename) {
+        reason = "no filename available";
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return NULL;
     }
 
-    if (!required_owner || !conf->authoritative) {
-        return DECLINED;
+    status = apr_stat(&finfo, r->filename, APR_FINFO_GROUP, r->pool);
+    if (status != APR_SUCCESS) {
+        reason = apr_pstrcat(r->pool, "could not stat file ",
+                                r->filename, NULL);
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return NULL;
     }
 
-    /* allow file-group passed to group db modules either if this is the
-     * only applicable requirement here or if a file-owner failed but we're
-     * not authoritative.
-     * This allows configurations like:
-     *
-     * AuthzOwnerAuthoritative Off
-     * require file-owner
-     * require file-group
-     *
-     * with the semantical meaning of "either owner or group must match"
-     * (inclusive or)
-     *
-     * [ 6 == 2 | 4; 7 == 1 | 2 | 4 ] should I use #defines instead?
-     */
-    if (required_owner == 6 || (required_owner == 7 && !conf->authoritative))
{
-        return DECLINED;
+    if (!(finfo.valid & APR_FINFO_GROUP)) {
+        reason = "no file group information available";
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return NULL;
     }
 
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
-                  "Authorization of user %s to access %s failed, reason: %s",
-                  r->user, r->uri, reason ? reason : "unknown");
+    status = apr_gid_name_get(&group, finfo.group, r->pool);
+    if (status != APR_SUCCESS || !group) {
+        reason = "could not get name of file group";
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
+                      "Authorization of user %s to access %s failed, reason: %s",
+                      r->user, r->uri, reason ? reason : "unknown");
+        return NULL;
+    }
 
-    ap_note_auth_failure(r);
-    return HTTP_UNAUTHORIZED;
+    return group;
+#endif /* APR_HAS_USER */
 }
 
+static const authz_provider authz_fileowner_provider =
+{
+    &fileowner_check_authorization,
+};
+
 static void register_hooks(apr_pool_t *p)
 {
-    ap_hook_auth_checker(check_file_owner, NULL, NULL, APR_HOOK_MIDDLE);
+    APR_REGISTER_OPTIONAL_FN(authz_owner_get_file_group);
+
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "file-owner", "0",
+                         &authz_fileowner_provider);
 }
 
 module AP_MODULE_DECLARE_DATA authz_owner_module =

Modified: httpd/httpd/trunk/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/aaa/mod_authz_user.c?rev=368027&r1=368026&r2=368027&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_user.c Wed Jan 11 06:30:28 2006
@@ -17,6 +17,7 @@
 #include "apr_strings.h"
 
 #include "ap_config.h"
+#include "ap_provider.h"
 #include "httpd.h"
 #include "http_config.h"
 #include "http_core.h"
@@ -24,97 +25,67 @@
 #include "http_protocol.h"
 #include "http_request.h"
 
+#include "mod_auth.h"
+
 typedef struct {
-    int authoritative;
+	int dummy;  /* just here to stop compiler warnings for now. */
 } authz_user_config_rec;
 
 static void *create_authz_user_dir_config(apr_pool_t *p, char *d)
 {
     authz_user_config_rec *conf = apr_palloc(p, sizeof(*conf));
 
-    conf->authoritative = 1; /* keep the fortress secure by default */
     return conf;
 }
 
 static const command_rec authz_user_cmds[] =
 {
-    AP_INIT_FLAG("AuthzUserAuthoritative", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authz_user_config_rec, authoritative),
-                 OR_AUTHCFG,
-                 "Set to 'Off' to allow access control to be passed along to "
-                 "lower modules if the 'require user' or 'require valid-user' "
-                 "statement is not met. (default: On)."),
     {NULL}
 };
 
 module AP_MODULE_DECLARE_DATA authz_user_module;
 
-static int check_user_access(request_rec *r)
+static authz_status user_check_authorization(request_rec *r,
+                                             const char *require_args)
 {
-    authz_user_config_rec *conf = ap_get_module_config(r->per_dir_config,
-                                                       &authz_user_module);
-    char *user = r->user;
-    int m = r->method_number;
-    int required_user = 0;
-    register int x;
     const char *t, *w;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-
-    /* BUG FIX: tadc, 11-Nov-1995.  If there is no "requires" directive,
-     * then any user will do.
-     */
-    if (!reqs_arr) {
-        return DECLINED;
-    }
-    reqs = (require_line *)reqs_arr->elts;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
 
-        t = reqs[x].requirement;
-        w = ap_getword_white(r->pool, &t);
-        if (!strcasecmp(w, "valid-user")) {
-            return OK;
-        }
-        if (!strcasecmp(w, "user")) {
-            /* And note that there are applicable requirements
-             * which we consider ourselves the owner of.
-             */
-            required_user = 1;
-            while (t[0]) {
-                w = ap_getword_conf(r->pool, &t);
-                if (!strcmp(user, w)) {
-                    return OK;
-                }
-            }
+    t = require_args;
+    while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+        if (!strcmp(r->user, w)) {
+            return AUTHZ_GRANTED;
         }
     }
 
-    if (!required_user) {
-        /* no applicable requirements */
-        return DECLINED;
-    }
-
-    if (!conf->authoritative) {
-        return DECLINED;
-    }
-
     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                   "access to %s failed, reason: user '%s' does not meet "
-                  "'require'ments for user/valid-user to be allowed access",
-                  r->uri, user);
+                  "'require'ments for user to be allowed access",
+                  r->uri, r->user);
 
     ap_note_auth_failure(r);
-    return HTTP_UNAUTHORIZED;
+    return AUTHZ_DENIED;
 }
 
+static authz_status validuser_check_authorization(request_rec *r, const char *require_line)
+{
+    return AUTHZ_GRANTED;
+}
+
+static const authz_provider authz_user_provider =
+{
+    &user_check_authorization,
+};
+static const authz_provider authz_validuser_provider =
+{
+    &validuser_check_authorization,
+};
+
 static void register_hooks(apr_pool_t *p)
 {
-    ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "user", "0",
+                         &authz_user_provider);
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0",
+                         &authz_validuser_provider);
 }
 
 module AP_MODULE_DECLARE_DATA authz_user_module =

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/server/core.c?rev=368027&r1=368026&r2=368027&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Wed Jan 11 06:30:28 2006
@@ -99,7 +99,6 @@
 static void *create_core_dir_config(apr_pool_t *a, char *dir)
 {
     core_dir_config *conf;
-    int i;
 
     conf = (core_dir_config *)apr_pcalloc(a, sizeof(core_dir_config));
 
@@ -118,10 +117,6 @@
     conf->use_canonical_phys_port = USE_CANONICAL_PHYS_PORT_UNSET;
 
     conf->hostname_lookups = HOSTNAME_LOOKUP_UNSET;
-    conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
-    for (i = 0; i < METHODS; ++i) {
-        conf->satisfy[i] = SATISFY_NOSPEC;
-    }
 
 #ifdef RLIMIT_CPU
     conf->limit_cpu = NULL;
@@ -268,18 +263,6 @@
         conf->ap_default_type = new->ap_default_type;
     }
 
-    if (new->ap_auth_type) {
-        conf->ap_auth_type = new->ap_auth_type;
-    }
-
-    if (new->ap_auth_name) {
-        conf->ap_auth_name = new->ap_auth_name;
-    }
-
-    if (new->ap_requires) {
-        conf->ap_requires = new->ap_requires;
-    }
-
     if (conf->response_code_strings == NULL) {
         conf->response_code_strings = new->response_code_strings;
     }
@@ -358,16 +341,6 @@
     /* Otherwise we simply use the base->sec_file array
      */
 
-    /* use a separate ->satisfy[] array either way */
-    conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
-    for (i = 0; i < METHODS; ++i) {
-        if (new->satisfy[i] != SATISFY_NOSPEC) {
-            conf->satisfy[i] = new->satisfy[i];
-        } else {
-            conf->satisfy[i] = base->satisfy[i];
-        }
-    }
-
     if (new->server_signature != srv_sig_unset) {
         conf->server_signature = new->server_signature;
     }
@@ -670,24 +643,30 @@
     return conf->override;
 }
 
+/*
+ * Optional function coming from mod_ident, used for looking up ident user
+ */
+static APR_OPTIONAL_FN_TYPE(authn_ap_auth_type) *authn_ap_auth_type;
+
 AP_DECLARE(const char *) ap_auth_type(request_rec *r)
 {
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
-
-    return conf->ap_auth_type;
+    if (authn_ap_auth_type) {
+        return authn_ap_auth_type(r);
+    }
+    return NULL;
 }
 
+/*
+ * Optional function coming from mod_ident, used for looking up ident user
+ */
+static APR_OPTIONAL_FN_TYPE(authn_ap_auth_name) *authn_ap_auth_name;
+
 AP_DECLARE(const char *) ap_auth_name(request_rec *r)
 {
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
-
-    return conf->ap_auth_name;
+    if (authn_ap_auth_name) {
+        return authn_ap_auth_name(r);
+    }
+    return NULL;
 }
 
 AP_DECLARE(const char *) ap_default_type(request_rec *r)
@@ -712,26 +691,6 @@
     return conf->ap_document_root;
 }
 
-AP_DECLARE(const apr_array_header_t *) ap_requires(request_rec *r)
-{
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
-
-    return conf->ap_requires;
-}
-
-AP_DECLARE(int) ap_satisfies(request_rec *r)
-{
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
-
-    return conf->satisfy[r->method_number];
-}
-
 /* Should probably just get rid of this... the only code that cares is
  * part of the core anyway (and in fact, it isn't publicised to other
  * modules).
@@ -1659,46 +1618,6 @@
     return NULL;
 }
 
-static const char *satisfy(cmd_parms *cmd, void *c_, const char *arg)
-{
-    core_dir_config *c = c_;
-    int satisfy = SATISFY_NOSPEC;
-    int i;
-
-    if (!strcasecmp(arg, "all")) {
-        satisfy = SATISFY_ALL;
-    }
-    else if (!strcasecmp(arg, "any")) {
-        satisfy = SATISFY_ANY;
-    }
-    else {
-        return "Satisfy either 'any' or 'all'.";
-    }
-
-    for (i = 0; i < METHODS; ++i) {
-        if (cmd->limited & (AP_METHOD_BIT << i)) {
-            c->satisfy[i] = satisfy;
-        }
-    }
-
-    return NULL;
-}
-
-static const char *require(cmd_parms *cmd, void *c_, const char *arg)
-{
-    require_line *r;
-    core_dir_config *c = c_;
-
-    if (!c->ap_requires) {
-        c->ap_requires = apr_array_make(cmd->pool, 2, sizeof(require_line));
-    }
-
-    r = (require_line *)apr_array_push(c->ap_requires);
-    r->requirement = apr_pstrdup(cmd->pool, arg);
-    r->method_mask = cmd->limited;
-
-    return NULL;
-}
 
 /*
  * Report a missing-'>' syntax error.
@@ -2659,19 +2578,6 @@
 }
 
 /*
- * Load an authorisation realm into our location configuration, applying the
- * usual rules that apply to realms.
- */
-static const char *set_authname(cmd_parms *cmd, void *mconfig,
-                                const char *word1)
-{
-    core_dir_config *aconfig = (core_dir_config *)mconfig;
-
-    aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1);
-    return NULL;
-}
-
-/*
  * Handle a request to include the server's OS platform in the Server
  * response header field (the ServerTokens directive).  Unfortunately
  * this requires a new global in order to communicate the setting back to
@@ -3227,15 +3133,6 @@
   "specified URL paths"),
 AP_INIT_RAW_ARGS("<FilesMatch", filesection, (void*)1, OR_ALL,
   "Container for directives affecting files matching specified patterns"),
-AP_INIT_TAKE1("AuthType", ap_set_string_slot,
-  (void*)APR_OFFSETOF(core_dir_config, ap_auth_type), OR_AUTHCFG,
-  "An HTTP authorization type (e.g., \"Basic\")"),
-AP_INIT_TAKE1("AuthName", set_authname, NULL, OR_AUTHCFG,
-  "The authentication realm (e.g. \"Members Only\")"),
-AP_INIT_RAW_ARGS("Require", require, NULL, OR_AUTHCFG,
-  "Selects which authenticated users or groups may access a protected space"),
-AP_INIT_TAKE1("Satisfy", satisfy, NULL, OR_AUTHCFG,
-  "access policy if both allow and require used ('all' or 'any')"),
 #ifdef GPROF
 AP_INIT_TAKE1("GprofDir", set_gprof_dir, NULL, RSRC_CONF,
   "Directory to plop gmon.out files"),
@@ -3718,11 +3615,15 @@
  * traffic
  */
 APR_OPTIONAL_FN_TYPE(ap_logio_add_bytes_out) *logio_add_bytes_out;
+APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;
 
 static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp, server_rec
*s)
 {
     logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
     ident_lookup = APR_RETRIEVE_OPTIONAL_FN(ap_ident_lookup);
+    authz_ap_some_auth_required = APR_RETRIEVE_OPTIONAL_FN(authz_some_auth_required);
+    authn_ap_auth_type = APR_RETRIEVE_OPTIONAL_FN(authn_ap_auth_type);
+    authn_ap_auth_name = APR_RETRIEVE_OPTIONAL_FN(authn_ap_auth_name);
 
     ap_set_version(pconf);
     ap_setup_make_content_type(pconf);

Modified: httpd/httpd/trunk/server/request.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/server/request.c?rev=368027&r1=368026&r2=368027&view=diff
==============================================================================
--- httpd/httpd/trunk/server/request.c (original)
+++ httpd/httpd/trunk/server/request.c Wed Jan 11 06:30:28 2006
@@ -183,56 +183,18 @@
         r->ap_auth_type = r->prev->ap_auth_type;
     }
     else {
-        switch (ap_satisfies(r)) {
-        case SATISFY_ALL:
-        case SATISFY_NOSPEC:
-            if ((access_status = ap_run_access_checker(r)) != 0) {
-                return decl_die(access_status, "check access", r);
-            }
-
-            if (ap_some_auth_required(r)) {
-                if (((access_status = ap_run_check_user_id(r)) != 0)
-                    || !ap_auth_type(r)) {
-                    return decl_die(access_status, ap_auth_type(r)
-                                  ? "check user.  No user file?"
-                                  : "perform authentication. AuthType not set!",
-                                  r);
-                }
-
-                if (((access_status = ap_run_auth_checker(r)) != 0)
-                    || !ap_auth_type(r)) {
-                    return decl_die(access_status, ap_auth_type(r)
-                                  ? "check access.  No groups file?"
-                                  : "perform authentication. AuthType not set!",
-                                   r);
-                }
-            }
-            break;
-
-        case SATISFY_ANY:
-            if (((access_status = ap_run_access_checker(r)) != 0)) {
-                if (!ap_some_auth_required(r)) {
-                    return decl_die(access_status, "check access", r);
-                }
+        if ((access_status = ap_run_access_checker(r)) != 0) {
+            return decl_die(access_status, "check access", r);
+        }
 
-                if (((access_status = ap_run_check_user_id(r)) != 0)
-                    || !ap_auth_type(r)) {
-                    return decl_die(access_status, ap_auth_type(r)
-                                  ? "check user.  No user file?"
-                                  : "perform authentication. AuthType not set!",
-                                  r);
-                }
+        if ((access_status = ap_run_check_user_id(r)) != 0) {
+            return decl_die(access_status, "check user", r);
+        }
 
-                if (((access_status = ap_run_auth_checker(r)) != 0)
-                    || !ap_auth_type(r)) {
-                    return decl_die(access_status, ap_auth_type(r)
-                                  ? "check access.  No groups file?"
-                                  : "perform authentication. AuthType not set!",
-                                  r);
-                }
-            }
-            break;
+        if ((access_status = ap_run_auth_checker(r)) != 0) {
+            return decl_die(access_status, "check authorization", r);
         }
+
     }
     /* XXX Must make certain the ap_run_type_checker short circuits mime
      * in mod-proxy for r->proxyreq && r->parsed_uri.scheme
@@ -1555,28 +1517,16 @@
     return APR_SUCCESS;
 }
 
+extern APR_OPTIONAL_FN_TYPE(authz_some_auth_required) *authz_ap_some_auth_required;
 
 AP_DECLARE(int) ap_some_auth_required(request_rec *r)
 {
     /* Is there a require line configured for the type of *this* req? */
-
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-    int i;
-
-    if (!reqs_arr) {
-        return 0;
+    if (authz_ap_some_auth_required) {
+        return authz_ap_some_auth_required(r);
     }
-
-    reqs = (require_line *) reqs_arr->elts;
-
-    for (i = 0; i < reqs_arr->nelts; ++i) {
-        if (reqs[i].method_mask & (AP_METHOD_BIT << r->method_number)) {
-            return 1;
-        }
-    }
-
-    return 0;
+    else
+        return 0;
 }
 
 



Mime
View raw message