httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r998708 - in /httpd/httpd/trunk: docs/manual/mod/mod_authz_host.xml modules/aaa/mod_authz_host.c
Date Sun, 19 Sep 2010 18:09:19 GMT
Author: sf
Date: Sun Sep 19 18:09:18 2010
New Revision: 998708

URL: http://svn.apache.org/viewvc?rev=998708&view=rev
Log:
Add method authz provider as potential Limit/LimitExcept replacement.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
    httpd/httpd/trunk/modules/aaa/mod_authz_host.c

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml?rev=998708&r1=998707&r2=998708&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authz_host.xml Sun Sep 19 18:09:18 2010
@@ -202,6 +202,33 @@ address)</description>
 
 </section>
 
+<section id="reqmethod"><title>Require method</title>
+
+    <p>The <code>method</code> provider allows to use the HTTP method in
+    authorization decisions. The GET and HEAD methods are treated as
+    equivalent. The TRACE method is not available to this provider,
+    use <directive module="core">TraceEnable</directive> instead.</p>
+
+    <p>The following examples will only allow GET, HEAD, POST, and OPTIONS
+    requests:</p>
+
+    <example>
+        Require method GET POST OPTIONS<br />
+    </example>
+
+    <p>The following examples will allow GET, HEAD, POST, and OPTIONS
+    requests without authentication, and require a valid user for all other
+    methods:</p>
+
+    <example>
+        &lt;RequireAny&gt;<br />
+        Require method GET POST OPTIONS<br />
+        Require valid-user<br />
+        &lt;/RequireAny&gt;<br />
+    </example>
+
+</section>
+
 
 </section>
 

Modified: httpd/httpd/trunk/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_host.c?rev=998708&r1=998707&r2=998708&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_host.c Sun Sep 19 18:09:18 2010
@@ -244,6 +244,38 @@ static const char *all_parse_config(cmd_
     }
 }
 
+static authz_status method_check_authorization(request_rec *r,
+                                               const char *require_line,
+                                               const void *parsed_require_line)
+{
+    const apr_int64_t *allowed = parsed_require_line;
+    if (*allowed & (AP_METHOD_BIT << r->method_number))
+        return AUTHZ_GRANTED;
+    else
+        return AUTHZ_DENIED;
+}
+
+static const char *method_parse_config(cmd_parms *cmd, const char *require_line,
+                                       const void **parsed_require_line)
+{
+    const char *w, *t;
+    apr_int64_t *allowed = apr_pcalloc(cmd->pool, sizeof(apr_int64_t));
+
+    t = require_line;
+
+    while ((w = ap_getword_conf(cmd->temp_pool, &t)) && w[0]) {
+        int m = ap_method_number_of(w);
+        if (m == M_INVALID) {
+            return apr_pstrcat(cmd->pool, "Invalid Method '", w, "'", NULL);
+        }
+
+        *allowed |= (AP_METHOD_BIT << m);
+    }
+
+    *parsed_require_line = allowed;
+    return NULL;
+}
+
 static const authz_provider authz_env_provider =
 {
     &env_check_authorization,
@@ -268,6 +300,12 @@ static const authz_provider authz_all_pr
     &all_parse_config,
 };
 
+static const authz_provider authz_method_provider =
+{
+    &method_check_authorization,
+    &method_parse_config,
+};
+
 static void register_hooks(apr_pool_t *p)
 {
     ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "env",
@@ -282,6 +320,9 @@ static void register_hooks(apr_pool_t *p
     ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "all",
                               AUTHZ_PROVIDER_VERSION,
                               &authz_all_provider, AP_AUTH_INTERNAL_PER_CONF);
+    ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "method",
+                              AUTHZ_PROVIDER_VERSION,
+                              &authz_method_provider, AP_AUTH_INTERNAL_PER_CONF);
 }
 
 AP_DECLARE_MODULE(authz_host) =



Mime
View raw message