httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From k@rl.pflaesterer.de (Karl Pflästerer)
Subject [users@httpd] mod_lua, authz and merging of directives
Date Thu, 04 Jul 2013 09:29:59 GMT
Hi,
I have a question concernings authz providers, mod_lua and the merging
of Require directives.

I have a lua authz Provider which is configured like that:

---------------------------------------------
LuaRoot /PATH/conf/lua
LuaScope thread

LuaAuthzProvider authzassets authnz.lua check_authz_ok
LuaAuthzProvider authz       authnz.lua check_authz
LuaHookCheckUserID           authnz.lua check_user_id early

<LocationMatch "/admin">
  AuthName foo
  AuthType Basic
  Require authz Redaktion
</LocationMatch>

<LocationMatch "/admin/(css|img|js)">
  AuthName foo
  AuthType Basic
  Require authzassets
</LocationMatch>

<LocationMatch "/sapdoku/admin">
  AuthName foo
  AuthType Basic
  Require authz Sapdoku
</LocationMatch>
---------------------------------------------


If I write it like that it doesn't work. The last Require directive per
authz provider wins. So all users in the group Sapdoku can also access
other /admin areas.

If instead I write:

---------------------------------------------
LuaRoot /PATH/conf/lua
LuaScope thread

LuaAuthzProvider authzassets authnz.lua check_authz_ok
LuaAuthzProvider authz       authnz.lua check_authz
LuaAuthzProvider authz2      authnz.lua check_authz
LuaHookCheckUserID           authnz.lua check_user_id early

<LocationMatch "/admin">
  AuthName foo
  AuthType Basic
  Require authz Redaktion
</LocationMatch>

<LocationMatch "/admin/(css|img|js)">
  AuthName foo
  AuthType Basic
  Require authzassets
</LocationMatch>

<LocationMatch "/sapdoku/admin">
  AuthName foo
  AuthType Basic
  Require authz2 Sapdoku
</LocationMatch>
---------------------------------------------

everything works as expected.

If I read the code in mod_lua.c right (function lua_authz_parse) then
the last Require directive per authz provider will win.

I had expected that I would see the same merging as if I had used e.g
the file authz provider.

Is the configuration with multiple authz providers the only way?

 KP


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message