You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Artem Lantsev <ar...@itm.nkz.ru> on 2004/07/06 12:31:22 UTC

Proposal: add another hook to make it possible modify acl for the certain resources at runtime

hello

I want to have a way to perform authentication process for the certain
recources in the directory and process requests for the another resources in
the same directory without any authentication.
I'm working at implementing acl extencion for webdav - and the
authentiacation will based on access control list concerning with certain
recource. And this access control list will be modified during runtime. And
I want to use different *standard* apache authentication modules.

so I propose make following changes - (diffs based on v.2.0.49)

=================================
--- orig/http_request.h Tue Jul  6 17:41:31 2004
+++ http_request.h  Sat Jul  3 22:33:35 2004
@@ -361,6 +361,14 @@
  */
 AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))

+/**
+ * This hook allows modules to make authentication for the certain requests
+ * @param r the current request
+ * @return OK, DECLINED
+ * @ingroup hooks
+ */
+AP_DECLARE_HOOK(int,not_require_authentication,(request_rec *r))
+
 AP_DECLARE(int) ap_location_walk(request_rec *r);
 AP_DECLARE(int) ap_directory_walk(request_rec *r);
 AP_DECLARE(int) ap_file_walk(request_rec *r);

=================================

--- orig/request.c  Tue Jul  6 17:19:27 2004
+++ request.c Tue Jul  6 17:22:13 2004
@@ -59,6 +59,7 @@
     APR_HOOK_LINK(auth_checker)
     APR_HOOK_LINK(insert_filter)
     APR_HOOK_LINK(create_request)
+    APR_HOOK_LINK(not_require_authentication)
 )

 AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
@@ -78,6 +79,8 @@
 AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r))
 AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
                           (request_rec *r), (r), OK, DECLINED)
+AP_IMPLEMENT_HOOK_RUN_FIRST(int,not_require_authentication,
+                          (request_rec *r), (r), DECLINED)


 static int decl_die(int status, char *phase, request_rec *r)
@@ -1558,7 +1561,10 @@

     for (i = 0; i < reqs_arr->nelts; ++i) {
         if (reqs[i].method_mask & (AP_METHOD_BIT << r->method_number)) {
-            return 1;
+     if (ap_run_not_require_authentication(r) == OK)
+       return 0;
+     else
+         return 1;
         }
     }

please, let me know is it possible -
or  may be exists another way to use standard authentication modules with
access control modifing at runtime.

thanks
Artem