diff options
author | Bradley Nicholes <bnicholes@apache.org> | 2006-01-10 16:35:10 +0000 |
---|---|---|
committer | Bradley Nicholes <bnicholes@apache.org> | 2006-01-10 16:35:10 +0000 |
commit | ccff75199f162c9844970d95f5295421a4d27b18 (patch) | |
tree | 1bfa3351b5e4d83a2416e6e6f3b1f04c328d5b4d | |
parent | 2b438a059c48f1589acdf621ceaf062c09d9e8d1 (diff) | |
download | httpd-authz-dev.tar.gz |
Change <RequireAll><RequireOne> to <SatisfyAll><SatisfyOne>. The keyword 'Satisfy' seems to fit a little better since the blocks can contain both 'Require' and 'Reject' directivesauthz-dev
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@367678 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | docs/manual/howto/auth.xml | 20 | ||||
-rw-r--r-- | docs/manual/mod/mod_authz_core.xml | 34 | ||||
-rw-r--r-- | modules/aaa/mod_authz_core.c | 12 |
3 files changed, 33 insertions, 33 deletions
diff --git a/docs/manual/howto/auth.xml b/docs/manual/howto/auth.xml index 5e29279298..cad2eb8e72 100644 --- a/docs/manual/howto/auth.xml +++ b/docs/manual/howto/auth.xml @@ -380,24 +380,24 @@ do?</title> you can specify just part of an address or domain name:</p> <example> - <RequireAll><br /> + <SatisfyAll><br /> Reject ip <var>192.101.205</var><br /> Reject host <var>cyberthugs.com</var> <var>moreidiots.com</var><br /> Reject host ke<br /> - </RequireAll> + </SatisfyAll> </example> <p>Using the <directive module="mod_authz_host">Reject</directive> directive - inside of a <directive module="mod_authz_core"><RequireAll></directive> + inside of a <directive module="mod_authz_core"><SatisfyAll></directive> block, will let you be sure that you are actually restricting things to only the group that you want to let in.</p> <p>The above example uses the <directive module="mod_authz_core"> - <RequireAll></directive> block to make sure that all of the + <SatisfyAll></directive> block to make sure that all of the <directive module="mod_authz_host">Reject</directive> directives are satisfied before granting access. The <directive module="mod_authz_core"> - <RequireAll></directive> block as well as the - <directive module="mod_authz_core"><RequireOne></directive> block + <SatisfyAll></directive> block as well as the + <directive module="mod_authz_core"><SatisfyOne></directive> block allow you to apply "AND" and "OR" logic to the authorization processing. For example the following authorization block would apply the logic:</p> @@ -418,14 +418,14 @@ do?</title> AuthBasicProvider ...<br /> ...<br /> Require user John<br /> - <RequireAll><br /> + <SatisfyAll><br /> Require Group admins<br /> Require ldap-group cn=mygroup,o=foo<br /> - <RequireOne><br /> + <SatisfyOne><br /> Require ldap-attribute dept="sales"<br /> Require file-group<br /> - </RequireOne><br /> - </RequireAll><br /> + </SatisfyOne><br /> + </SatisfyAll><br /> </Directory><br /> </example> diff --git a/docs/manual/mod/mod_authz_core.xml b/docs/manual/mod/mod_authz_core.xml index 52a57e345b..9faac243ee 100644 --- a/docs/manual/mod/mod_authz_core.xml +++ b/docs/manual/mod/mod_authz_core.xml @@ -134,25 +134,25 @@ a resource</description> </directivesynopsis>
<directivesynopsis type="section">
-<name>RequireAll</name>
+<name>SatisfyAll</name>
<description>Enclose a group of authorization directives that must all
be satisfied in order to grant access to a resource. This block allows
for 'AND' logic to be applied to various authorization providers.</description>
-<syntax><RequireAll>
-... </RequireAll></syntax>
+<syntax><SatisfyAll>
+... </SatisfyAll></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
- <p><directive type="section">RequireAll</directive> and
- <code></RequireAll></code> are used to enclose a group of
+ <p><directive type="section">SatisfyAll</directive> and
+ <code></SatisfyAll></code> are used to enclose a group of
authorization directives that must all be satisfied in order to
grant access to a resource.</p>
<p>The <directive module="mod_authz_core">
- <RequireAll></directive> block as well as the
- <directive module="mod_authz_core"><RequireOne></directive> block
+ <SatisfyAll></directive> block as well as the
+ <directive module="mod_authz_core"><SatisfyOne></directive> block
allow you to apply "AND" and "OR" logic to the authorization processing.
For example the following authorization block would apply the logic:</p>
@@ -173,14 +173,14 @@ for 'AND' logic to be applied to various authorization providers.</description> AuthBasicProvider ...<br />
...<br />
Require user John<br />
- <RequireAll><br />
+ <SatisfyAll><br />
Require Group admins<br />
Require ldap-group cn=mygroup,o=foo<br />
- <RequireOne><br />
+ <SatisfyOne><br />
Require ldap-attribute dept="sales"<br />
Require file-group<br />
- </RequireOne><br />
- </RequireAll><br />
+ </SatisfyOne><br />
+ </SatisfyAll><br />
</Directory><br />
</example>
@@ -192,25 +192,25 @@ for 'AND' logic to be applied to various authorization providers.</description> </directivesynopsis>
<directivesynopsis type="section">
-<name>RequireOne</name>
+<name>SatisfyOne</name>
<description>Enclose a group of authorization directives that must
satisfy at least one in order to grant access to a resource. This
block allows for 'OR' logic to be applied to various authorization
providers.</description>
-<syntax><RequireOne>
-... </RequireOne></syntax>
+<syntax><SatisfyOne>
+... </SatisfyOne></syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
- <p><directive type="section">RequireOne</directive> and
- <code></RequireOne></code> are used to enclose a group of
+ <p><directive type="section">SatisfyOne</directive> and
+ <code></SatisfyOne></code> are used to enclose a group of
authorization directives that must satisfy at least one in order to
grant access to a resource.</p>
<p>See the <directive module="mod_authz_core">
- <RequireAll></directive> directive for a usage example.</p>
+ <SatisfyAll></directive> directive for a usage example.</p>
</usage>
diff --git a/modules/aaa/mod_authz_core.c b/modules/aaa/mod_authz_core.c index 68ee794fbe..b3493ac4f7 100644 --- a/modules/aaa/mod_authz_core.c +++ b/modules/aaa/mod_authz_core.c @@ -70,15 +70,15 @@ X- Change the status code to AUTHZ_DENIED, AUTHZ_GRANTED is even necessary. This was used in authn to support authn_alias. Is there a need for an authz_alias? X- Remove the Satisfy directive functionality and replace it with the - <RequireAll>, <RequireOne> directives + <SatisfyAll>, <SatisfyOne> directives X- Remove the Satisfy directive -X- Implement the <RequireAll> <RequireOne> block directives +X- Implement the <SatisfyAll> <SatisfyOne> block directives to handle the 'and' and 'or' logic for authorization. X- Remove the AuthzXXXAuthoritative directives from all of the authz providers X- Implement the Reject directive that will deny authorization if the argument is true -X- Fold the Reject directive into the <RequireAll> <RequireOne> +X- Fold the Reject directive into the <SatisfyAll> <SatisfyOne> logic X- Reimplement the host based authorization 'allow', 'deny' and 'order' as authz providers @@ -414,7 +414,7 @@ static const char *authz_require_section(cmd_parms *cmd, void *mconfig, const ch the req_state and the level will allow it to traverse the list to find the last element in the provider calling list. */ old_reqstate = conf->req_state; - if (strcasecmp (cmd->directive->directive, "<RequireAll") == 0) { + if (strcasecmp (cmd->directive->directive, "<SatisfyAll") == 0) { conf->req_state = AUTHZ_REQSTATE_ALL; } else { @@ -445,10 +445,10 @@ static const command_rec authz_cmds[] = AP_INIT_RAW_ARGS("<RequireAlias", authz_require_alias_section, NULL, RSRC_CONF, "Container for authorization directives grouped under " "an authz provider alias"), - AP_INIT_RAW_ARGS("<RequireAll", authz_require_section, NULL, OR_AUTHCFG, + AP_INIT_RAW_ARGS("<SatisfyAll", authz_require_section, NULL, OR_AUTHCFG, "Container for grouping require statements that must all " "succeed for authorization to be granted"), - AP_INIT_RAW_ARGS("<RequireOne", authz_require_section, NULL, OR_AUTHCFG, + AP_INIT_RAW_ARGS("<SatisfyOne", authz_require_section, NULL, OR_AUTHCFG, "Container for grouping require statements of which one " "must succeed for authorization to be granted"), {NULL} |