httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From WC -Sx- Jones <li...@insecurity.org>
Subject Security Phase for 2.0
Date Wed, 28 May 2003 03:22:53 GMT
Suggested documentation for -
http://httpd.apache.org/docs-2.1/developer/request.html

Security Phase processing:

/*
Determine if request object "r" satisfies user or group access under 
SATISFY_ALL or SATISFY_NOSPEC, if not then a error_log message is 
written and an error code 500 is returned to the browser. SATISFY_ALL 
"falls" though to SATISFY_NOSPEC in the first case; returning DECLINED 
with "check access" error -
*/

switch (ap_satisfies(r)) {
case SATISFY_ALL:
case SATISFY_NOSPEC:
     if ((access_status = ap_run_access_checker(r)) != 0) {
         return decl_die(access_status, "check access", r);
     }

     if (ap_some_auth_required(r)) {
         if (((access_status = ap_run_check_user_id(r)) != 0)
             || !ap_auth_type(r)) {
             return decl_die(access_status, ap_auth_type(r)
                           ? "check user.  No user file?"
                           : "perform authentication. AuthType not set!",
                           r);
         }

         if (((access_status = ap_run_auth_checker(r)) != 0)
             || !ap_auth_type(r)) {
             return decl_die(access_status, ap_auth_type(r)
                           ? "check access.  No groups file?"
                           : "perform authentication. AuthType not set!",
                           r);
         }
     }
     break;
/*
SATISFY_ANY will return DECLINED if there was a access request object 
created but no method offered to satisfy it; an error log is written 
and error 500 is returned to the browser.  Otherwise failure is also 
logged for missing user file or missing group file when Authentication 
Type is not properly set.
*/
case SATISFY_ANY:
     if (((access_status = ap_run_access_checker(r)) != 0)) {
         if (!ap_some_auth_required(r)) {
             return decl_die(access_status, "check access", r);
         }

         if (((access_status = ap_run_check_user_id(r)) != 0)
             || !ap_auth_type(r)) {
             return decl_die(access_status, ap_auth_type(r)
                           ? "check user.  No user file?"
                           : "perform authentication. AuthType not set!",
                           r);
         }

         if (((access_status = ap_run_auth_checker(r)) != 0)
             || !ap_auth_type(r)) {
             return decl_die(access_status, ap_auth_type(r)
                           ? "check access.  No groups file?"
                           : "perform authentication. AuthType not set!",
                           r);
         }
     }
     break;
}


HTH/Sx  :)

http://insecurity.org/
_Sx____________________
  ('>    iudicium ferat
  //\   Have Computer -
  v_/_    Will Hack...

               \|/ ____ \|/
               "@'/ .. \`@"
               /_| \__/ |_\
                  \__U_/


---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message