httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r534533 - in /httpd/httpd/trunk: include/http_core.h modules/aaa/mod_access_compat.c modules/aaa/mod_auth.h modules/aaa/mod_authz_core.c modules/aaa/mod_authz_default.c server/core.c server/request.c
Date Sun, 06 May 2007 13:52:31 GMT


On 05/02/2007 06:31 PM, bnicholes@apache.org wrote:
> Author: bnicholes
> Date: Wed May  2 09:31:39 2007
> New Revision: 534533
> 
> URL: http://svn.apache.org/viewvc?view=rev&rev=534533
> Log:
> re-introduce ap_satisfies API back into core and modify how the access_checker, check_user_id
and auth_checker hooks are called so that they respect the precedence that is set through
the satisfy ALL/ANY directive. This also restores the directives order, allow, deny, satisfyas
supported directives rather than being deprecated.  These directives still remain in mod_access_compat
however.
> 
> Modified:
>     httpd/httpd/trunk/include/http_core.h
>     httpd/httpd/trunk/modules/aaa/mod_access_compat.c
>     httpd/httpd/trunk/modules/aaa/mod_auth.h
>     httpd/httpd/trunk/modules/aaa/mod_authz_core.c
>     httpd/httpd/trunk/modules/aaa/mod_authz_default.c
>     httpd/httpd/trunk/server/core.c
>     httpd/httpd/trunk/server/request.c


<Location />
   AuthType basic
   AuthName "private area"
   AuthUserFile conf/passwd
   Require valid-user
   Satisfy all
   deny from all
</Location>

does not work correctly. If the user credentials are valid access is granted even if the access
control
(deny from all) denies access.



> Modified: httpd/httpd/trunk/modules/aaa/mod_auth.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth.h?view=diff&rev=534533&r1=534532&r2=534533
> ==============================================================================
> --- httpd/httpd/trunk/modules/aaa/mod_auth.h (original)
> +++ httpd/httpd/trunk/modules/aaa/mod_auth.h Wed May  2 09:31:39 2007
> @@ -47,20 +47,17 @@
>  #define AUTHN_PREFIX "AUTHENTICATE_"
>  
>  /** all of the requirements must be met */
> +#ifndef SATISFY_ALL
>  #define SATISFY_ALL 0
> +#endif
>  /**  any of the requirements must be met */
> +#ifndef SATISFY_ANY
>  #define SATISFY_ANY 1
> +#endif
>  /** There are no applicable satisfy lines */
> +#ifndef SATISFY_NOSPEC
>  #define SATISFY_NOSPEC 2

Why do we need to keep the defines of SATISFY_* here?
Isn't it sufficient to have them in http_core.h?

Regards

RĂ¼diger

Mime
View raw message