You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Artem L <ar...@itm.nkz.ru> on 2004/07/18 22:19:50 UTC

question concerning with authentication process

hello :)

I want to have a way to perform authentication process for the certain
recources in the directory, and process requests for the another resources
in the same directory without any authentication.

I'm working at implementing acl extension for webdav - and the
authentiacation will based on access control list concerning with certain
recource. And this access control list will be modified during runtime. And
I want to use different *standard* apache authentication modules.

Actually, I've written the some draft version - and to perfome such
authentication I've added another hook (not_require_authentication) and made
some changes in the ap_some_auth_required function

AP_DECLARE(int) ap_some_auth_required(request_rec *r)
{
    /* Is there a require line configured for the type of *this* req? */

    const apr_array_header_t *reqs_arr = ap_requires(r);
    require_line *reqs;
    int i;

    if (!reqs_arr) {
        return 0;
    }

    reqs = (require_line *) reqs_arr->elts;

    for (i = 0; i < reqs_arr->nelts; ++i) {
        if (reqs[i].method_mask & (AP_METHOD_BIT << r->method_number)) {
     if (ap_run_not_require_authentication(r) == OK)
                return 0;
            else
                return 1;
        }
    }

    return 0;
}

Does it have sence or there is another standrd way (without introducing
addtional hooks) to use standard authentication modules with access control
modifing at runtime?

I've read Apache Server Project Plan - and found several points concerning
with authentication - but I have not found the implementation of these
points in the 2.1 branch
may be I've missed something?

Your advice will be very much appreciated :)

thank you
Artem Lantsev

Re: question concerning with authentication process

Posted by Geoffrey Young <ge...@modperlcookbook.org>.

> Does it have sence or there is another standrd way (without introducing
> addtional hooks) to use standard authentication modules with access control
> modifing at runtime?

I would look into the Satisfy directive, specifically whether "Satisfy any"
could be used in conjunction with core access directives to get you where
you want.  something like (untested, but you get the idea ;)

<Location /foo>
  Satisfy any
  require valid-user

  <Limit POST>
    allow from all
  </Limit>

  ...
</Location>

HTH

--Geoff