diff options
author | Bradley Nicholes <bnicholes@apache.org> | 2005-12-10 01:29:48 +0000 |
---|---|---|
committer | Bradley Nicholes <bnicholes@apache.org> | 2005-12-10 01:29:48 +0000 |
commit | 6d9833513405bed7e05f51ce3f4f85eb8f23b48f (patch) | |
tree | b0339241bdb8c654a968fb8cd0d3ffb8e276c596 | |
parent | 4bcd44617dc469c253d0434408d6025ddd8239f7 (diff) | |
download | httpd-6d9833513405bed7e05f51ce3f4f85eb8f23b48f.tar.gz |
initial conversion of mod_authz_default to the provider based
authorization
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@355684 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | modules/aaa/mod_auth.h | 2 | ||||
-rw-r--r-- | modules/aaa/mod_authz_default.c | 66 |
2 files changed, 13 insertions, 55 deletions
diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h index 7569fd402b..1d13ca03e4 100644 --- a/modules/aaa/mod_auth.h +++ b/modules/aaa/mod_auth.h @@ -37,7 +37,7 @@ extern "C" { #define AUTHN_PROVIDER_GROUP "authn" #define AUTHZ_PROVIDER_GROUP "authz" #define AUTHN_DEFAULT_PROVIDER "file" -#define AUTHZ_DEFAULT_PROVIDER "valid-user" +#define AUTHZ_DEFAULT_PROVIDER "default" #define AUTHZ_GROUP_NOTE "authz_group_note" #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name" diff --git a/modules/aaa/mod_authz_default.c b/modules/aaa/mod_authz_default.c index 0576a0c24b..c76ff91d62 100644 --- a/modules/aaa/mod_authz_default.c +++ b/modules/aaa/mod_authz_default.c @@ -20,87 +20,45 @@ #include "ap_config.h" #include "httpd.h" #include "http_config.h" +#include "ap_provider.h" #include "http_core.h" #include "http_log.h" #include "http_protocol.h" #include "http_request.h" +#include "mod_auth.h" + typedef struct { - int authoritative; } authz_default_config_rec; static void *create_authz_default_dir_config(apr_pool_t *p, char *d) { authz_default_config_rec *conf = apr_palloc(p, sizeof(*conf)); - conf->authoritative = 1; /* keep the fortress secure by default */ return conf; } static const command_rec authz_default_cmds[] = { - AP_INIT_FLAG("AuthzDefaultAuthoritative", ap_set_flag_slot, - (void *)APR_OFFSETOF(authz_default_config_rec, authoritative), - OR_AUTHCFG, - "Set to 'Off' to allow access control to be passed along to " - "lower modules. (default is On.)"), {NULL} }; module AP_MODULE_DECLARE_DATA authz_default_module; -static int check_user_access(request_rec *r) +static authz_status default_check_authorization(request_rec *r, const char *require_line) { - authz_default_config_rec *conf = ap_get_module_config(r->per_dir_config, - &authz_default_module); - int m = r->method_number; - int method_restricted = 0; - register int x; - const apr_array_header_t *reqs_arr = ap_requires(r); - require_line *reqs; - - /* BUG FIX: tadc, 11-Nov-1995. If there is no "requires" directive, - * then any user will do. - */ - if (!reqs_arr) { - return OK; - } - reqs = (require_line *)reqs_arr->elts; - - for (x = 0; x < reqs_arr->nelts; x++) { - if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) { - continue; - } - method_restricted = 1; - break; - } - - if (method_restricted == 0) { - return OK; - } - - if (!(conf->authoritative)) { - return DECLINED; - } - - /* if we aren't authoritative, any require directive could be - * considered valid even if noone groked it. However, if we are - * authoritative, we can warn the user they did something wrong. - * - * That something could be a missing "AuthAuthoritative off", but - * more likely is a typo in the require directive. - */ - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "access to %s failed, reason: require directives " - "present and no Authoritative handler.", r->uri); - - ap_note_auth_failure(r); - return HTTP_UNAUTHORIZED; + return AUTHZ_DENIED; } +static const authz_provider authz_default_provider = +{ + &default_check_authorization, +}; + static void register_hooks(apr_pool_t *p) { - ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_LAST); + ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "default", "0", + &authz_default_provider); } module AP_MODULE_DECLARE_DATA authz_default_module = |