You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2005/12/01 05:14:56 UTC

svn commit: r350149 - in /httpd/httpd/branches/authz-dev/modules/aaa: mod_auth.h mod_authz_host.c mod_authz_user.c

Author: bnicholes
Date: Wed Nov 30 20:14:50 2005
New Revision: 350149

URL: http://svn.apache.org/viewcvs?rev=350149&view=rev
Log:
convert mod_authz_user to register its require providers

Modified:
    httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
    httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h?rev=350149&r1=350148&r2=350149&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h Wed Nov 30 20:14:50 2005
@@ -75,10 +75,10 @@
 };
 
 typedef struct {
-    /* Given a username and password, expected to return AUTH_GRANTED
-    * if we can validate this user/password combination.
+    /* Given a request_rec, expected to return AUTH_GRANTED
+    * if we can authorize user access.
     */
-    authn_status (*check_authorization)(request_rec *r);
+    authn_status (*check_authorization)(request_rec *r, apr_int64_t method_mask, const char *require_line);
 } authz_provider;
 
 /* A linked-list of authn providers. */

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c?rev=350149&r1=350148&r2=350149&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c Wed Nov 30 20:14:50 2005
@@ -459,7 +459,7 @@
         }
 
 
-        auth_result = provider->check_authorization(r);
+        auth_result = provider->check_authorization(r, current_provider->method_mask, current_provider->requirement);
 
         apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
 

Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c?rev=350149&r1=350148&r2=350149&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c Wed Nov 30 20:14:50 2005
@@ -17,6 +17,7 @@
 #include "apr_strings.h"
 
 #include "ap_config.h"
+#include "ap_provider.h"
 #include "httpd.h"
 #include "http_config.h"
 #include "http_core.h"
@@ -24,6 +25,8 @@
 #include "http_protocol.h"
 #include "http_request.h"
 
+#include "mod_auth.h"
+
 typedef struct {
     int authoritative;
 } authz_user_config_rec;
@@ -49,6 +52,7 @@
 
 module AP_MODULE_DECLARE_DATA authz_user_module;
 
+#if 0
 static int check_user_access(request_rec *r)
 {
     authz_user_config_rec *conf = ap_get_module_config(r->per_dir_config,
@@ -111,10 +115,68 @@
     ap_note_auth_failure(r);
     return HTTP_UNAUTHORIZED;
 }
+#endif
+
+static authn_status user_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line)
+{
+    char *user = r->user;
+    int m = r->method_number;
+    const char *t, *w;
+
+    if (!(method_mask & (AP_METHOD_BIT << m))) {
+        return DECLINED;
+    }
+
+    t = require_line;
+    w = ap_getword_white(r->pool, &t);
+    if (!strcasecmp(w, "user")) {
+        /* And note that there are applicable requirements
+        * which we consider ourselves the owner of.
+        */
+        while (t[0]) {
+            w = ap_getword_conf(r->pool, &t);
+            if (!strcmp(user, w)) {
+                return OK;
+            }
+        }
+    }
+
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                  "access to %s failed, reason: user '%s' does not meet "
+                          "'require'ments for user to be allowed access",
+                  r->uri, user);
+
+    ap_note_auth_failure(r);
+    return HTTP_UNAUTHORIZED;
+}
+
+static authn_status validuser_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line)
+{
+    int m = r->method_number;
+
+    if (!(method_mask & (AP_METHOD_BIT << m))) {
+        return DECLINED;
+    }
+    return OK;
+}
+
+static const authz_provider authz_user_provider =
+{
+    &user_check_authorization,
+};
+static const authz_provider authz_validuser_provider =
+{
+    &validuser_check_authorization,
+};
 
 static void register_hooks(apr_pool_t *p)
 {
-    ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "user", "0",
+                         &authz_user_provider);
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0",
+                         &authz_validuser_provider);
+
+    /*    ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);*/
 }
 
 module AP_MODULE_DECLARE_DATA authz_user_module =