httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Artem Lantsev" <...@itm.nkz.ru>
Subject Proposal: add another hook to make it possible modify acl for the certain resources at runtime
Date Tue, 06 Jul 2004 10:31:22 GMT
hello

I want to have a way to perform authentication process for the certain
recources in the directory and process requests for the another resources in
the same directory without any authentication.
I'm working at implementing acl extencion for webdav - and the
authentiacation will based on access control list concerning with certain
recource. And this access control list will be modified during runtime. And
I want to use different *standard* apache authentication modules.

so I propose make following changes - (diffs based on v.2.0.49)

=================================
--- orig/http_request.h Tue Jul  6 17:41:31 2004
+++ http_request.h  Sat Jul  3 22:33:35 2004
@@ -361,6 +361,14 @@
  */
 AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))

+/**
+ * This hook allows modules to make authentication for the certain requests
+ * @param r the current request
+ * @return OK, DECLINED
+ * @ingroup hooks
+ */
+AP_DECLARE_HOOK(int,not_require_authentication,(request_rec *r))
+
 AP_DECLARE(int) ap_location_walk(request_rec *r);
 AP_DECLARE(int) ap_directory_walk(request_rec *r);
 AP_DECLARE(int) ap_file_walk(request_rec *r);

=================================

--- orig/request.c  Tue Jul  6 17:19:27 2004
+++ request.c Tue Jul  6 17:22:13 2004
@@ -59,6 +59,7 @@
     APR_HOOK_LINK(auth_checker)
     APR_HOOK_LINK(insert_filter)
     APR_HOOK_LINK(create_request)
+    APR_HOOK_LINK(not_require_authentication)
 )

 AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
@@ -78,6 +79,8 @@
 AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r))
 AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
                           (request_rec *r), (r), OK, DECLINED)
+AP_IMPLEMENT_HOOK_RUN_FIRST(int,not_require_authentication,
+                          (request_rec *r), (r), DECLINED)


 static int decl_die(int status, char *phase, request_rec *r)
@@ -1558,7 +1561,10 @@

     for (i = 0; i < reqs_arr->nelts; ++i) {
         if (reqs[i].method_mask & (AP_METHOD_BIT << r->method_number)) {
-            return 1;
+     if (ap_run_not_require_authentication(r) == OK)
+       return 0;
+     else
+         return 1;
         }
     }

please, let me know is it possible -
or  may be exists another way to use standard authentication modules with
access control modifing at runtime.

thanks
Artem



Mime
View raw message