diff options
author | Bradley Nicholes <bnicholes@apache.org> | 2005-12-02 04:15:56 +0000 |
---|---|---|
committer | Bradley Nicholes <bnicholes@apache.org> | 2005-12-02 04:15:56 +0000 |
commit | 4a8d4c42dded52f2d85953b2259d2353362161e4 (patch) | |
tree | a7e3e5c8374d595cbdfacb3835d17a4c93c03745 | |
parent | 4e7c9f4aa376258c98701305426c63ada0d3199e (diff) | |
download | httpd-4a8d4c42dded52f2d85953b2259d2353362161e4.tar.gz |
work out a few more bugs and now it works. Still needs some clean up and the rest of the authz modules need to be converted
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@351573 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | modules/aaa/mod_auth.h | 9 | ||||
-rw-r--r-- | modules/aaa/mod_authz_host.c | 19 | ||||
-rw-r--r-- | modules/aaa/mod_authz_user.c | 14 | ||||
-rw-r--r-- | server/core.c | 8 |
4 files changed, 33 insertions, 17 deletions
diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h index 1b15633757..43c372bd83 100644 --- a/modules/aaa/mod_auth.h +++ b/modules/aaa/mod_auth.h @@ -51,6 +51,13 @@ typedef enum { AUTH_GENERAL_ERROR } authn_status; +typedef enum { + AUTHZ_DENIED, + AUTHZ_DECLINED, + AUTHZ_GRANTED, + AUTHZ_GENERAL_ERROR +} authz_status; + typedef struct { /* Given a username and password, expected to return AUTH_GRANTED * if we can validate this user/password combination. @@ -78,7 +85,7 @@ typedef struct { /* Given a request_rec, expected to return AUTH_GRANTED * if we can authorize user access. */ - authn_status (*check_authorization)(request_rec *r, apr_int64_t method_mask, const char *require_line); + authz_status (*check_authorization)(request_rec *r, apr_int64_t method_mask, const char *require_line); } authz_provider; /* A linked-list of authn providers. */ diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_authz_host.c index 09e4447aab..6ccbb84f38 100644 --- a/modules/aaa/mod_authz_host.c +++ b/modules/aaa/mod_authz_host.c @@ -431,7 +431,7 @@ static int authorize_user(request_rec *r) { authz_host_dir_conf *conf = ap_get_module_config(r->per_dir_config, &authz_host_module); - authn_status auth_result; + authz_status auth_result; authz_provider_list *current_provider; current_provider = conf->providers; @@ -448,7 +448,7 @@ static int authorize_user(request_rec *r) if (!provider || !provider->check_authorization) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No Authz provider configured"); - auth_result = AUTH_GENERAL_ERROR; + auth_result = AUTHZ_GENERAL_ERROR; break; } apr_table_setn(r->notes, AUTHZ_PROVIDER_NAME_NOTE, AUTHZ_DEFAULT_PROVIDER); @@ -464,7 +464,7 @@ static int authorize_user(request_rec *r) apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE); /* Something occured. Stop checking. */ - if (auth_result != AUTH_DENIED) { + if (auth_result != AUTHZ_DENIED) { break; } @@ -476,7 +476,7 @@ static int authorize_user(request_rec *r) current_provider = current_provider->next; } while (current_provider); - if (auth_result != AUTH_GRANTED) { + if (auth_result != AUTHZ_GRANTED) { int return_code; /* XXX need to deal with DECLINED vs DENIED. DECLINED may not even @@ -485,13 +485,13 @@ static int authorize_user(request_rec *r) according to the order and the Authz_xxx_Authoritative directives. */ switch (auth_result) { - case AUTH_DENIED: + case AUTHZ_DENIED: ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "user %s: authorization failure for \"%s\": ", r->user, r->uri); return_code = HTTP_UNAUTHORIZED; break; - case AUTH_GENERAL_ERROR: + case AUTHZ_GENERAL_ERROR: default: /* We'll assume that the module has already said what its error * was in the logs. @@ -535,15 +535,16 @@ static int authz_some_auth_required(request_rec *r) * provider. */ if (!current_provider) { - provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP, +/* provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP, AUTHZ_DEFAULT_PROVIDER, "0"); if (!provider || !provider->check_authorization) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "No Authz providers configured. Assmuming no authorization required."); +*/ req_authz = 0; break; - } +/* }*/ } else { provider = current_provider->provider; @@ -600,7 +601,7 @@ module AP_MODULE_DECLARE_DATA authz_host_module = { STANDARD20_MODULE_STUFF, create_authz_host_dir_config, /* dir config creater */ - merge_authz_host_dir_config, /* dir merger --- default is to override */ + NULL, /* dir merger --- default is to override */ NULL, /* server config */ NULL, /* merge server config */ authz_host_cmds, diff --git a/modules/aaa/mod_authz_user.c b/modules/aaa/mod_authz_user.c index 82e307b52a..15efaa47d2 100644 --- a/modules/aaa/mod_authz_user.c +++ b/modules/aaa/mod_authz_user.c @@ -117,14 +117,14 @@ static int check_user_access(request_rec *r) } #endif -static authn_status user_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line) +static authz_status user_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line) { char *user = r->user; int m = r->method_number; const char *t, *w; if (!(method_mask & (AP_METHOD_BIT << m))) { - return DECLINED; + return AUTHZ_DECLINED; } t = require_line; @@ -136,7 +136,7 @@ static authn_status user_check_authorization(request_rec *r, apr_int64_t method_ while (t[0]) { w = ap_getword_conf(r->pool, &t); if (!strcmp(user, w)) { - return OK; + return AUTHZ_GRANTED; } } } @@ -147,17 +147,17 @@ static authn_status user_check_authorization(request_rec *r, apr_int64_t method_ r->uri, user); ap_note_auth_failure(r); - return HTTP_UNAUTHORIZED; + return AUTHZ_GENERAL_ERROR; } -static authn_status validuser_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line) +static authz_status validuser_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line) { int m = r->method_number; if (!(method_mask & (AP_METHOD_BIT << m))) { - return DECLINED; + return AUTHZ_DECLINED; } - return OK; + return AUTHZ_GRANTED; } static const authz_provider authz_user_provider = diff --git a/server/core.c b/server/core.c index 8af4c04838..2e18810905 100644 --- a/server/core.c +++ b/server/core.c @@ -268,6 +268,14 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) conf->ap_default_type = new->ap_default_type; } + if (new->ap_auth_type) { + conf->ap_auth_type = new->ap_auth_type; + } + + if (new->ap_auth_name) { + conf->ap_auth_name = new->ap_auth_name; + } + if (conf->response_code_strings == NULL) { conf->response_code_strings = new->response_code_strings; } |