You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2005/12/10 01:56:03 UTC
svn commit: r355670 - in /httpd/httpd/branches/authz-dev/modules/aaa:
mod_authnz_ldap.c mod_authz_core.c mod_authz_dbd.c mod_authz_dbm.c
mod_authz_groupfile.c mod_authz_owner.c mod_authz_user.c
Author: bnicholes
Date: Fri Dec 9 16:55:59 2005
New Revision: 355670
URL: http://svn.apache.org/viewcvs?rev=355670&view=rev
Log:
Remove the AuthzXXXAuthoritative directives from all of the authz
modules. This functionality will be handled by the Satify directive
when that gets refactored.
Modified:
httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c
httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authnz_ldap.c Fri Dec 9 16:55:59 2005
@@ -46,9 +46,6 @@
#if APR_HAS_THREADS
apr_thread_mutex_t *lock; /* Lock for this config */
#endif
- int auth_authoritative; /* Is this auth method the one and only? */
-/* int authz_enabled; Is ldap authorization enabled in this directory? */
-
/* These parameters are all derived from the AuthLDAPURL directive */
char *url; /* String representation of the URL */
@@ -295,12 +292,6 @@
sec->bindpw = NULL;
sec->deref = always;
sec->group_attrib_is_dn = 1;
- sec->auth_authoritative = 1;
-
-/*
- sec->frontpage_hack = 0;
-*/
-
sec->secure = -1; /*Initialize to unset*/
sec->user_is_dn = 0;
@@ -1036,7 +1027,7 @@
if(result != LDAP_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"auth_ldap authorise: User DN not found, %s", ldc->reason);
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+ return AUTHZ_DENIED;
}
req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1166,7 +1157,7 @@
if(result != LDAP_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"auth_ldap authorise: User DN not found, %s", ldc->reason);
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+ return AUTHZ_DENIED;
}
req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1273,7 +1264,7 @@
if(result != LDAP_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"auth_ldap authorise: User DN not found, %s", ldc->reason);
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+ return AUTHZ_DENIED;
}
req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1385,7 +1376,7 @@
if(result != LDAP_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"auth_ldap authorise: User DN not found, %s", ldc->reason);
- return sec->auth_authoritative? HTTP_UNAUTHORIZED : DECLINED;
+ return AUTHZ_DENIED;
}
req = (authn_ldap_request_t *)apr_pcalloc(r->pool,
@@ -1669,11 +1660,6 @@
"DN of the remote user. By default, this is set to off, meaning that "
"the REMOTE_USER variable will contain whatever value the remote user sent."),
- AP_INIT_FLAG("AuthzLDAPAuthoritative", ap_set_flag_slot,
- (void *)APR_OFFSETOF(authn_ldap_config_t, auth_authoritative), OR_AUTHCFG,
- "Set to 'off' to allow access control to be passed along to lower modules if "
- "the UserID and/or group is not known to this module"),
-
AP_INIT_FLAG("AuthLDAPCompareDNOnServer", ap_set_flag_slot,
(void *)APR_OFFSETOF(authn_ldap_config_t, compare_dn_on_server), OR_AUTHCFG,
"Set to 'on' to force auth_ldap to do DN compares (for the \"require dn\" "
@@ -1695,12 +1681,6 @@
"Determines how aliases are handled during a search. Can bo one of the"
"values \"never\", \"searching\", \"finding\", or \"always\". "
"Defaults to always."),
-
-/*
- AP_INIT_FLAG("AuthLDAPAuthzEnabled", ap_set_flag_slot,
- (void *)APR_OFFSETOF(authn_ldap_config_t, authz_enabled), OR_AUTHCFG,
- "Set to off to disable the LDAP authorization handler, even if it's been enabled in a higher tree"),
-*/
AP_INIT_TAKE1("AuthLDAPCharsetConfig", set_charset_config, NULL, RSRC_CONF,
"Character set conversion configuration file. If omitted, character set"
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_core.c Fri Dec 9 16:55:59 2005
@@ -46,7 +46,7 @@
/* TODO List
-- Convert all of the authz modules to providers
+X- Convert all of the authz modules to providers
- Remove the ap_requires field from the request_rec
- Remove the ap_requires field from authz_dir_conf
- Remove the function ap_requires() and authz_ap_requires()
@@ -73,7 +73,7 @@
- Expand the Satisfy directive to handle 'and' and 'or'
logic for determining which authorization must succeed
vs. may succeed
-- Remove the AuthzXXXAuthoritative directives from all of
+X- Remove the AuthzXXXAuthoritative directives from all of
the authz providers
*/
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbd.c Fri Dec 9 16:55:59 2005
@@ -44,7 +44,6 @@
const char *query;
const char *redir_query;
int redirect;
- int authoritative;
} authz_dbd_cfg ;
static ap_dbd_t *(*dbd_handle)(request_rec*) = NULL;
@@ -55,7 +54,7 @@
static void *authz_dbd_cr_cfg(apr_pool_t *pool, char *dummy)
{
authz_dbd_cfg *ret = apr_pcalloc(pool, sizeof(authz_dbd_cfg));
- ret->redirect = ret->authoritative = -1;
+ ret->redirect = -1;
return ret;
}
static void *authz_dbd_merge_cfg(apr_pool_t *pool, void *BASE, void *ADD)
@@ -67,8 +66,6 @@
ret->query = (add->query == NULL) ? base->query : add->query;
ret->redir_query = (add->redir_query == NULL)
? base->redir_query : add->redir_query;
- ret->authoritative = (add->authoritative == -1)
- ? base->authoritative : add->authoritative;
ret->redirect = (add->redirect == -1) ? base->redirect : add->redirect;
return ret;
}
@@ -93,9 +90,6 @@
return ap_set_string_slot(cmd, cfg, label);
}
static const command_rec authz_dbd_cmds[] = {
- AP_INIT_FLAG("AuthzDBDAuthoritative", ap_set_flag_slot,
- (void*)APR_OFFSETOF(authz_dbd_cfg, authoritative), ACCESS_CONF,
- "Whether dbd-group is authoritative"),
AP_INIT_FLAG("AuthzDBDLoginToReferer", ap_set_flag_slot,
(void*)APR_OFFSETOF(authz_dbd_cfg, redirect), ACCESS_CONF,
"Whether to redirect to referer on successful login"),
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_dbm.c Fri Dec 9 16:55:59 2005
@@ -33,7 +33,6 @@
typedef struct {
char *grpfile;
char *dbmtype;
- int authoritative;
} authz_dbm_config_rec;
APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
@@ -66,7 +65,6 @@
conf->grpfile = NULL;
conf->dbmtype = "default";
- conf->authoritative = 1; /* fortress is secure by default */
return conf;
}
@@ -79,11 +77,6 @@
AP_INIT_TAKE1("AuthzDBMType", ap_set_string_slot,
(void *)APR_OFFSETOF(authz_dbm_config_rec, dbmtype),
OR_AUTHCFG, "what type of DBM file the group file is"),
- AP_INIT_FLAG("AuthzDBMAuthoritative", ap_set_flag_slot,
- (void *)APR_OFFSETOF(authz_dbm_config_rec, authoritative),
- OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to "
- "lower modules, if the group required is not found or empty, or the user "
- " is not in the required groups. (default is On.)"),
{NULL}
};
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_groupfile.c Fri Dec 9 16:55:59 2005
@@ -38,8 +38,6 @@
*
* If there are any 'require group' blocks and we
* are not in any group - we HTTP_UNAUTHORIZE
- * unless we are non-authoritative; in which
- * case we DECLINED.
*
*/
@@ -59,7 +57,6 @@
typedef struct {
char *groupfile;
- int authoritative;
} authz_groupfile_config_rec;
APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
@@ -69,7 +66,6 @@
authz_groupfile_config_rec *conf = apr_palloc(p, sizeof(*conf));
conf->groupfile = NULL;
- conf->authoritative = 1; /* keep the fortress secure by default */
return conf;
}
@@ -89,13 +85,6 @@
(void *)APR_OFFSETOF(authz_groupfile_config_rec, groupfile),
OR_AUTHCFG,
"text file containing group names and member user IDs"),
- AP_INIT_FLAG("AuthzGroupFileAuthoritative", ap_set_flag_slot,
- (void *)APR_OFFSETOF(authz_groupfile_config_rec,
- authoritative),
- OR_AUTHCFG,
- "Set to 'Off' to allow access control to be passed along to "
- "lower modules if the 'require group' fails. (default is "
- "On)."),
{NULL}
};
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_owner.c Fri Dec 9 16:55:59 2005
@@ -30,7 +30,6 @@
#include "mod_auth.h" /* for AUTHZ_GROUP_NOTE */
typedef struct {
- int authoritative;
} authz_owner_config_rec;
APR_DECLARE_OPTIONAL_FN(char*, authz_owner_get_file_group, (request_rec *r));
@@ -39,17 +38,11 @@
{
authz_owner_config_rec *conf = apr_palloc(p, sizeof(*conf));
- conf->authoritative = 1; /* keep the fortress secure by default */
return conf;
}
static const command_rec authz_owner_cmds[] =
{
- AP_INIT_FLAG("AuthzOwnerAuthoritative", ap_set_flag_slot,
- (void *)APR_OFFSETOF(authz_owner_config_rec, authoritative),
- OR_AUTHCFG,
- "Set to 'Off' to allow access control to be passed along to "
- "lower modules. (default is On.)"),
{NULL}
};
Modified: httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c?rev=355670&r1=355669&r2=355670&view=diff
==============================================================================
--- httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c (original)
+++ httpd/httpd/branches/authz-dev/modules/aaa/mod_authz_user.c Fri Dec 9 16:55:59 2005
@@ -28,25 +28,17 @@
#include "mod_auth.h"
typedef struct {
- int authoritative;
} authz_user_config_rec;
static void *create_authz_user_dir_config(apr_pool_t *p, char *d)
{
authz_user_config_rec *conf = apr_palloc(p, sizeof(*conf));
- conf->authoritative = 1; /* keep the fortress secure by default */
return conf;
}
static const command_rec authz_user_cmds[] =
{
- AP_INIT_FLAG("AuthzUserAuthoritative", ap_set_flag_slot,
- (void *)APR_OFFSETOF(authz_user_config_rec, authoritative),
- OR_AUTHCFG,
- "Set to 'Off' to allow access control to be passed along to "
- "lower modules if the 'require user' or 'require valid-user' "
- "statement is not met. (default: On)."),
{NULL}
};