You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2005/12/01 05:14:56 UTC
svn commit: r350149 - in /httpd/httpd/branches/authz-dev/modules/aaa:
mod_auth.h mod_authz_host.c mod_authz_user.c
Author: bnicholes
Date: Wed Nov 30 20:14:50 2005
New Revision: 350149
URL: http://svn.apache.org/viewcvs?rev=350149&view=rev
Log:
convert mod_authz_user to register its require providers
Modified:
httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h?rev=350149&r1=350148&r2=350149&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_auth.h Wed Nov 30 20:14:50 2005
@@ -75,10 +75,10 @@
};
typedef struct {
- /* Given a username and password, expected to return AUTH_GRANTED
- * if we can validate this user/password combination.
+ /* Given a request_rec, expected to return AUTH_GRANTED
+ * if we can authorize user access.
*/
- authn_status (*check_authorization)(request_rec *r);
+ authn_status (*check_authorization)(request_rec *r, apr_int64_t method_mask, const char *require_line);
} authz_provider;
/* A linked-list of authn providers. */
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c?rev=350149&r1=350148&r2=350149&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_host.c Wed Nov 30 20:14:50 2005
@@ -459,7 +459,7 @@
}
- auth_result = provider->check_authorization(r);
+ auth_result = provider->check_authorization(r, current_provider->method_mask, current_provider->requirement);
apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c?rev=350149&r1=350148&r2=350149&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c Wed Nov 30 20:14:50 2005
@@ -17,6 +17,7 @@
#include "apr_strings.h"
#include "ap_config.h"
+#include "ap_provider.h"
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
@@ -24,6 +25,8 @@
#include "http_protocol.h"
#include "http_request.h"
+#include "mod_auth.h"
+
typedef struct {
int authoritative;
} authz_user_config_rec;
@@ -49,6 +52,7 @@
module AP_MODULE_DECLARE_DATA authz_user_module;
+#if 0
static int check_user_access(request_rec *r)
{
authz_user_config_rec *conf = ap_get_module_config(r->per_dir_config,
@@ -111,10 +115,68 @@
ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
+#endif
+
+static authn_status user_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line)
+{
+ char *user = r->user;
+ int m = r->method_number;
+ const char *t, *w;
+
+ if (!(method_mask & (AP_METHOD_BIT << m))) {
+ return DECLINED;
+ }
+
+ t = require_line;
+ w = ap_getword_white(r->pool, &t);
+ if (!strcasecmp(w, "user")) {
+ /* And note that there are applicable requirements
+ * which we consider ourselves the owner of.
+ */
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (!strcmp(user, w)) {
+ return OK;
+ }
+ }
+ }
+
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "access to %s failed, reason: user '%s' does not meet "
+ "'require'ments for user to be allowed access",
+ r->uri, user);
+
+ ap_note_auth_failure(r);
+ return HTTP_UNAUTHORIZED;
+}
+
+static authn_status validuser_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line)
+{
+ int m = r->method_number;
+
+ if (!(method_mask & (AP_METHOD_BIT << m))) {
+ return DECLINED;
+ }
+ return OK;
+}
+
+static const authz_provider authz_user_provider =
+{
+ &user_check_authorization,
+};
+static const authz_provider authz_validuser_provider =
+{
+ &validuser_check_authorization,
+};
static void register_hooks(apr_pool_t *p)
{
- ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "user", "0",
+ &authz_user_provider);
+ ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0",
+ &authz_validuser_provider);
+
+ /* ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);*/
}
module AP_MODULE_DECLARE_DATA authz_user_module =