diff options
author | Bradley Nicholes <bnicholes@apache.org> | 2005-12-10 00:55:59 +0000 |
---|---|---|
committer | Bradley Nicholes <bnicholes@apache.org> | 2005-12-10 00:55:59 +0000 |
commit | 03a1ef2828506d940745292089161f75cc88ab9e (patch) | |
tree | 55b04f8218285668b389dcac134eeb4bd78db540 | |
parent | 9cc14fdbb628779b4cca684f5af2544c53e1ac3a (diff) | |
download | httpd-03a1ef2828506d940745292089161f75cc88ab9e.tar.gz |
Remove the AuthzXXXAuthoritative directives from all of the authz
modules. This functionality will be handled by the Satify directive
when that gets refactored.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@355670 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | modules/aaa/mod_authnz_ldap.c | 28 | ||||
-rw-r--r-- | modules/aaa/mod_authz_core.c | 4 | ||||
-rw-r--r-- | modules/aaa/mod_authz_dbd.c | 8 | ||||
-rw-r--r-- | modules/aaa/mod_authz_dbm.c | 7 | ||||
-rw-r--r-- | modules/aaa/mod_authz_groupfile.c | 11 | ||||
-rw-r--r-- | modules/aaa/mod_authz_owner.c | 7 | ||||
-rw-r--r-- | modules/aaa/mod_authz_user.c | 8 |
7 files changed, 7 insertions, 66 deletions
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c index 1061e33dd4..5b8023233d 100644 --- a/modules/aaa/mod_authnz_ldap.c +++ b/modules/aaa/mod_authnz_ldap.c @@ -46,9 +46,6 @@ typedef struct { #if APR_HAS_THREADS apr_thread_mutex_t *lock; /* Lock for this config */ #endif - int auth_authoritative; /* Is this auth method the one and only? */ -/* int authz_enabled; Is ldap authorization enabled in this directory? */ - /* These parameters are all derived from the AuthLDAPURL directive */ char *url; /* String representation of the URL */ @@ -295,12 +292,6 @@ static void *create_authnz_ldap_dir_config(apr_pool_t *p, char *d) sec->bindpw = NULL; sec->deref = always; sec->group_attrib_is_dn = 1; - sec->auth_authoritative = 1; - -/* - sec->frontpage_hack = 0; -*/ - sec->secure = -1; /*Initialize to unset*/ sec->user_is_dn = 0; @@ -1036,7 +1027,7 @@ static authz_status ldapgroup_check_authorization(request_rec *r, if(result != LDAP_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "auth_ldap authorise: User DN not found, %s", ldc->reason); - return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + return AUTHZ_DENIED; } req = (authn_ldap_request_t *)apr_pcalloc(r->pool, @@ -1166,7 +1157,7 @@ static authz_status ldapdn_check_authorization(request_rec *r, if(result != LDAP_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "auth_ldap authorise: User DN not found, %s", ldc->reason); - return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + return AUTHZ_DENIED; } req = (authn_ldap_request_t *)apr_pcalloc(r->pool, @@ -1273,7 +1264,7 @@ static authz_status ldapattribute_check_authorization(request_rec *r, if(result != LDAP_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "auth_ldap authorise: User DN not found, %s", ldc->reason); - return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + return AUTHZ_DENIED; } req = (authn_ldap_request_t *)apr_pcalloc(r->pool, @@ -1385,7 +1376,7 @@ static authz_status ldapfilter_check_authorization(request_rec *r, if(result != LDAP_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "auth_ldap authorise: User DN not found, %s", ldc->reason); - return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED; + return AUTHZ_DENIED; } req = (authn_ldap_request_t *)apr_pcalloc(r->pool, @@ -1669,11 +1660,6 @@ static const command_rec authnz_ldap_cmds[] = "DN of the remote user. By default, this is set to off, meaning that " "the REMOTE_USER variable will contain whatever value the remote user sent."), - AP_INIT_FLAG("AuthzLDAPAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_ldap_config_t, auth_authoritative), OR_AUTHCFG, - "Set to 'off' to allow access control to be passed along to lower modules if " - "the UserID and/or group is not known to this module"), - AP_INIT_FLAG("AuthLDAPCompareDNOnServer", ap_set_flag_slot, (void *)APR_OFFSETOF(authn_ldap_config_t, compare_dn_on_server), OR_AUTHCFG, "Set to 'on' to force auth_ldap to do DN compares (for the \"require dn\" " @@ -1696,12 +1682,6 @@ static const command_rec authnz_ldap_cmds[] = "values \"never\", \"searching\", \"finding\", or \"always\". " "Defaults to always."), -/* - AP_INIT_FLAG("AuthLDAPAuthzEnabled", ap_set_flag_slot, - (void *)APR_OFFSETOF(authn_ldap_config_t, authz_enabled), OR_AUTHCFG, - "Set to off to disable the LDAP authorization handler, even if it's been enabled in a higher tree"), -*/ - AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF, "Character set conversion configuration file. If omitted, character set" "conversion is disabled."), diff --git a/modules/aaa/mod_authz_core.c b/modules/aaa/mod_authz_core.c index 5d98c07297..af72b50a9c 100644 --- a/modules/aaa/mod_authz_core.c +++ b/modules/aaa/mod_authz_core.c @@ -46,7 +46,7 @@ /* TODO List -- Convert all of the authz modules to providers +X- Convert all of the authz modules to providers - Remove the ap_requires field from the request_rec - Remove the ap_requires field from authz_dir_conf - Remove the function ap_requires() and authz_ap_requires() @@ -73,7 +73,7 @@ X- Change the status code to AUTHZ_DENIED, AUTHZ_GRANTED - Expand the Satisfy directive to handle 'and' and 'or' logic for determining which authorization must succeed vs. may succeed -- Remove the AuthzXXXAuthoritative directives from all of +X- Remove the AuthzXXXAuthoritative directives from all of the authz providers */ diff --git a/modules/aaa/mod_authz_dbd.c b/modules/aaa/mod_authz_dbd.c index cff9ea2e08..7bdf07ad7c 100644 --- a/modules/aaa/mod_authz_dbd.c +++ b/modules/aaa/mod_authz_dbd.c @@ -44,7 +44,6 @@ typedef struct { const char *query; const char *redir_query; int redirect; - int authoritative; } authz_dbd_cfg ; static ap_dbd_t *(*dbd_handle)(request_rec*) = NULL; @@ -55,7 +54,7 @@ static const char *const noerror = "???"; static void *authz_dbd_cr_cfg(apr_pool_t *pool, char *dummy) { authz_dbd_cfg *ret = apr_pcalloc(pool, sizeof(authz_dbd_cfg)); - ret->redirect = ret->authoritative = -1; + ret->redirect = -1; return ret; } static void *authz_dbd_merge_cfg(apr_pool_t *pool, void *BASE, void *ADD) @@ -67,8 +66,6 @@ static void *authz_dbd_merge_cfg(apr_pool_t *pool, void *BASE, void *ADD) ret->query = (add->query == NULL) ? base->query : add->query; ret->redir_query = (add->redir_query == NULL) ? base->redir_query : add->redir_query; - ret->authoritative = (add->authoritative == -1) - ? base->authoritative : add->authoritative; ret->redirect = (add->redirect == -1) ? base->redirect : add->redirect; return ret; } @@ -93,9 +90,6 @@ static const char *authz_dbd_prepare(cmd_parms *cmd, void *cfg, return ap_set_string_slot(cmd, cfg, label); } static const command_rec authz_dbd_cmds[] = { - AP_INIT_FLAG("AuthzDBDAuthoritative", ap_set_flag_slot, - (void*)APR_OFFSETOF(authz_dbd_cfg, authoritative), ACCESS_CONF, - "Whether dbd-group is authoritative"), AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot, (void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF, "Whether to redirect to referer on successful login"), diff --git a/modules/aaa/mod_authz_dbm.c b/modules/aaa/mod_authz_dbm.c index 826512359d..6c067b7518 100644 --- a/modules/aaa/mod_authz_dbm.c +++ b/modules/aaa/mod_authz_dbm.c @@ -33,7 +33,6 @@ typedef struct { char *grpfile; char *dbmtype; - int authoritative; } authz_dbm_config_rec; APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); @@ -66,7 +65,6 @@ static void *create_authz_dbm_dir_config(apr_pool_t *p, char *d) conf->grpfile = NULL; conf->dbmtype = "default"; - conf->authoritative = 1; /* fortress is secure by default */ return conf; } @@ -79,11 +77,6 @@ static const command_rec authz_dbm_cmds[] = AP_INIT_TAKE1("AuthzDBMType", ap_set_string_slot, (void *)APR_OFFSETOF(authz_dbm_config_rec, dbmtype), OR_AUTHCFG, "what type of DBM file the group file is"), - AP_INIT_FLAG("AuthzDBMAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_dbm_config_rec, authoritative), - OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " - "lower modules, if the group required is not found or empty, or the user " - " is not in the required groups. (default is On.)"), {NULL} }; diff --git a/modules/aaa/mod_authz_groupfile.c b/modules/aaa/mod_authz_groupfile.c index 88946c70d3..6b886b5a97 100644 --- a/modules/aaa/mod_authz_groupfile.c +++ b/modules/aaa/mod_authz_groupfile.c @@ -38,8 +38,6 @@ * * If there are any 'require group' blocks and we * are not in any group - we HTTP_UNAUTHORIZE - * unless we are non-authoritative; in which - * case we DECLINED. * */ @@ -59,7 +57,6 @@ typedef struct { char *groupfile; - int authoritative; } authz_groupfile_config_rec; APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); @@ -69,7 +66,6 @@ static void *create_authz_groupfile_dir_config(apr_pool_t *p, char *d) authz_groupfile_config_rec *conf = apr_palloc(p, sizeof(*conf)); conf->groupfile = NULL; - conf->authoritative = 1; /* keep the fortress secure by default */ return conf; } @@ -89,13 +85,6 @@ static const command_rec authz_groupfile_cmds[] = (void *)APR_OFFSETOF(authz_groupfile_config_rec, groupfile), OR_AUTHCFG, "text file containing group names and member user IDs"), - AP_INIT_FLAG("AuthzGroupFileAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_groupfile_config_rec, - authoritative), - OR_AUTHCFG, - "Set to 'Off' to allow access control to be passed along to " - "lower modules if the 'require group' fails. (default is " - "On)."), {NULL} }; diff --git a/modules/aaa/mod_authz_owner.c b/modules/aaa/mod_authz_owner.c index 09e7374da4..2163f35141 100644 --- a/modules/aaa/mod_authz_owner.c +++ b/modules/aaa/mod_authz_owner.c @@ -30,7 +30,6 @@ #include "mod_auth.h" /* for AUTHZ_GROUP_NOTE */ typedef struct { - int authoritative; } authz_owner_config_rec; APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r)); @@ -39,17 +38,11 @@ static void *create_authz_owner_dir_config(apr_pool_t *p, char *d) { authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf)); - conf->authoritative = 1; /* keep the fortress secure by default */ return conf; } static const command_rec authz_owner_cmds[] = { - AP_INIT_FLAG("AuthzOwnerAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_owner_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'Off' to allow access control to be passed along to " - "lower modules. (default is On.)"), {NULL} }; diff --git a/modules/aaa/mod_authz_user.c b/modules/aaa/mod_authz_user.c index 9785582baf..a08e940ad0 100644 --- a/modules/aaa/mod_authz_user.c +++ b/modules/aaa/mod_authz_user.c @@ -28,25 +28,17 @@ #include "mod_auth.h" typedef struct { - int authoritative; } authz_user_config_rec; static void *create_authz_user_dir_config(apr_pool_t *p, char *d) { authz_user_config_rec *conf = apr_palloc(p, sizeof(*conf)); - conf->authoritative = 1; /* keep the fortress secure by default */ return conf; } static const command_rec authz_user_cmds[] = { - AP_INIT_FLAG("AuthzUserAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_user_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'Off' to allow access control to be passed along to " - "lower modules if the 'require user' or 'require valid-user' " - "statement is not met. (default: On)."), {NULL} }; |