httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: svn commit: r817064 - in /httpd/httpd/branches/2.2.x: STATUS modules/aaa/mod_authnz_ldap.c
Date Mon, 21 Sep 2009 12:16:10 GMT
 

> -----Original Message-----
> From: Graham Leggett 
> Sent: Montag, 21. September 2009 12:54
> To: dev@httpd.apache.org
> Subject: Re: svn commit: r817064 - in 
> /httpd/httpd/branches/2.2.x: STATUS modules/aaa/mod_authnz_ldap.c
> 
> Ruediger Pluem wrote:
> 

> >> @@ -559,12 +582,6 @@
> >>  #endif
> >>      }
> >>  
> >> -    if (!reqs_arr) {
> >> -        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> >> -                      "[%" APR_PID_T_FMT "] auth_ldap 
> authorise: no requirements array", getpid());
> >> -        return sec->auth_authoritative? HTTP_UNAUTHORIZED 
> : DECLINED;
> >> -    }
> >> -
> > 
> > Why is this not needed any longer?
> 
> I read it that this:
> 
> >> -    if (!reqs_arr) {
> >> -        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> >> -                      "[%" APR_PID_T_FMT "] auth_ldap 
> authorise: no
> requirements array", getpid());
> >> -        return sec->auth_authoritative? HTTP_UNAUTHORIZED 
> : DECLINED;
> >> -    }
> >> -
> 
> was replaced by this:
> 
> >> +    if (!required_ldap) {
> >> +        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> >> +                      "[%" APR_PID_T_FMT "] auth_ldap authorise:
> declining to authorise (no ldap requirements)", getpid());
> >> +        return DECLINED;
> >> +    }

Yes, but the new code always returns DECLINED whereas the old one does
return DECLINED or HTTP_UNAUTHORIZED depending on sec->auth_authoritative.
But maybe it makes sense to return always DECLINED if there is no ldap-
require.

Regards

Rüdiger


Mime
View raw message