httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: RequireAll: seems to evaluate require lines unnecessarily
Date Sun, 05 Aug 2012 22:01:41 GMT
On Sunday 05 August 2012, Graham Leggett wrote:
> > You mean you can't get "Require expr" to work. All other
> > providers should work ok. Or do you have an example that does
> > not involve "Require expr"?
> 
> Most specifically, as per my original mail, I can't get the
> following to work:
> 
>    <RequireAll>
>      Require valid-user
>      Require expr %{note:mod_userdir_user} == %{REMOTE_USER}
>    </RequireAll>
> 
> Can you clarify what is special about the expr specifically that
> triggers forbidden instead of unauthorized?
> 
> Perhaps this is a bug inside the expr code.

The API is currently such that an authz provider must return 
AUTHZ_DENIED_NO_USER instead of AUTHZ_DENIED if its result may change 
after authentication. Require expr in 2.4.2 does not do that. But it 
will be fixed in 2.4.3 with

http://svn.apache.org/viewvc?view=revision&revision=1364266

Mime
View raw message