httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: svn commit: r817064 - in /httpd/httpd/branches/2.2.x: STATUS modules/aaa/mod_authnz_ldap.c
Date Mon, 21 Sep 2009 10:54:28 GMT
Ruediger Pluem wrote:

>> +    /* pre-scan for ldap-* requirements so we can get out of the way early */
>> +    for(x=0; x < reqs_arr->nelts; x++) {
> 
> Why do we know that reqs_arr != NULL always?

Wasn't that the FIXME comment that was included in the previous version
of this patch?

>> +        if (! (reqs[x].method_mask & (AP_METHOD_BIT << m))) {
>> +            continue;
>> +        }
>> +
>> +        t = reqs[x].requirement;
>> +        w = ap_getword_white(r->pool, &t);
>> +
>> +        if (strncmp(w, "ldap-",5) == 0) {
>> +            required_ldap = 1;
>> +            break;
>> +        }
>> +    }
>> +
>> +    if (!required_ldap) {
>> +        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
>> +                      "[%" APR_PID_T_FMT "] auth_ldap authorise: declining to authorise
(no ldap requirements)", getpid());
>> +        return DECLINED;
>> +    }
>> +
>> +
>> +
>>      if (sec->host) {
>>          ldc = util_ldap_connection_find(r, sec->host, sec->port,
>>                                         sec->binddn, sec->bindpw, sec->deref,
>> @@ -559,12 +582,6 @@
>>  #endif
>>      }
>>  
>> -    if (!reqs_arr) {
>> -        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
>> -                      "[%" APR_PID_T_FMT "] auth_ldap authorise: no requirements
array", getpid());
>> -        return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
>> -    }
>> -
> 
> Why is this not needed any longer?

I read it that this:

>> -    if (!reqs_arr) {
>> -        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
>> -                      "[%" APR_PID_T_FMT "] auth_ldap authorise: no
requirements array", getpid());
>> -        return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
>> -    }
>> -

was replaced by this:

>> +    if (!required_ldap) {
>> +        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
>> +                      "[%" APR_PID_T_FMT "] auth_ldap authorise:
declining to authorise (no ldap requirements)", getpid());
>> +        return DECLINED;
>> +    }

Regards,
Graham
--

Mime
View raw message