httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r726082 - /httpd/httpd/trunk/modules/aaa/mod_authz_core.c
Date Fri, 12 Dec 2008 21:26:20 GMT


On 12/12/2008 07:25 PM, chrisd@apache.org wrote:
> Author: chrisd
> Date: Fri Dec 12 10:25:17 2008
> New Revision: 726082
> 
> URL: http://svn.apache.org/viewvc?rev=726082&view=rev
> Log:
> Per suggestions by Roy T. Fielding:
> 
>  - remove Match directive, allow Require to be negated
>  - rename <Match*> directives to <Require*>
>  - rename <RequireNotAny> to <RequireNone>
>  - disable <RequireNotAll>
>  - rename MergeAuthz to AuthMerging and change its arguments to Off|And|Or
> 
> Also convert text formatting macros into functions, and revise
> authz_core_check_section() so that check for non-negative directives
> follows De Morgan optimization.
> 
> Modified:
>     httpd/httpd/trunk/modules/aaa/mod_authz_core.c
> 
> Modified: httpd/httpd/trunk/modules/aaa/mod_authz_core.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_core.c?rev=726082&r1=726081&r2=726082&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/aaa/mod_authz_core.c (original)
> +++ httpd/httpd/trunk/modules/aaa/mod_authz_core.c Fri Dec 12 10:25:17 2008

> @@ -543,28 +529,6 @@
>      int ret = !OK;
>  
>      while (child) {
> -        if (!child->negate) {
> -            ret = OK;
> -            break;
> -        }
> -
> -        child = child->next;
> -    }
> -
> -    if (ret != OK) {
> -        ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, APR_SUCCESS, s,
> -                     apr_pstrcat(p, (is_conf
> -                                     ? "<Directory>, <Location>, or similar"
> -                                     : FORMAT_AUTHZ_COMMAND(p, section)),
> -                                 " directive contains only negative "
> -                                 "authorization directives", NULL));
> -
> -        return ret;
> -    }
> -
> -    child = section->first;
> -
> -    while (child) {
>          if (child->first) {
>              if (authz_core_check_section(p, s, child, 0) != OK) {
>                  return !OK;
> @@ -595,7 +559,27 @@
>          child = child->next;
>      }
>  
> -    return OK;
> +    child = section->first;
> +
> +    while (child) {
> +        if (!child->negate) {
> +            ret = OK;
> +            break;
> +        }
> +
> +        child = child->next;
> +    }
> +
> +    if (ret != OK) {
> +        ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, APR_SUCCESS, s,
> +                     apr_pstrcat(p, (is_conf
> +                                     ? "<Directory>, <Location>, or similar"
> +                                     : format_authz_command(p, section)),
> +                                 " directive contains only negative "
> +                                 "authorization directives", NULL));
> +    }
> +
> +    return ret;

Sorry, but I currently don't get the reason for moving the negate check down
in the code.


> @@ -631,29 +615,27 @@
>                       "container for grouping an authorization provider's "
>                       "directives under a provider alias"),
>      AP_INIT_RAW_ARGS("Require", add_authz_provider, NULL, OR_AUTHCFG,
> -                     "specifies legacy authorization directives "
> -                     "of which one must pass "
> -                     "for a request to suceeed"),
> -    AP_INIT_RAW_ARGS("Match", add_authz_provider, NULL, OR_AUTHCFG,
> -                     "specifies authorization directives that must pass "
> -                     "(or not) for a request to suceeed"),
> -    AP_INIT_RAW_ARGS("<MatchAll", add_authz_section, NULL, OR_AUTHCFG,
> +                     "specifies authorization directives "
> +                     "which one must pass (or not) for a request to suceeed"),
> +    AP_INIT_RAW_ARGS("<RequireAll", add_authz_section, NULL, OR_AUTHCFG,
>                       "container for grouping authorization directives "
>                       "of which none must fail and at least one must pass "
>                       "for a request to succeed"),
> -    AP_INIT_RAW_ARGS("<MatchAny", add_authz_section, NULL, OR_AUTHCFG,
> +    AP_INIT_RAW_ARGS("<RequireAny", add_authz_section, NULL, OR_AUTHCFG,
>                       "container for grouping authorization directives "
>                       "of which one must pass "
>                       "for a request to succeed"),
> -    AP_INIT_RAW_ARGS("<MatchNotAll", add_authz_section, NULL, OR_AUTHCFG,
> +#ifdef AUTHZ_EXTRA_CONFIGS
> +    AP_INIT_RAW_ARGS("<RequireNotAll", add_authz_section, NULL, OR_AUTHCFG,
>                       "container for grouping authorization directives "
>                       "of which some must fail or none must pass "
>                       "for a request to succeed"),
> -    AP_INIT_RAW_ARGS("<MatchNotAny", add_authz_section, NULL, OR_AUTHCFG,
> +#endif
> +    AP_INIT_RAW_ARGS("<RequireNone", add_authz_section, NULL, OR_AUTHCFG,

Why do we still need AUTHZ_EXTRA_CONFIGS?

Regards

RĂ¼diger

Mime
View raw message