You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dr...@apache.org on 2006/02/17 01:04:06 UTC
svn commit: r378400 - /httpd/httpd/trunk/modules/aaa/mod_authz_core.c
Author: dreid
Date: Thu Feb 16 16:04:05 2006
New Revision: 378400
URL: http://svn.apache.org/viewcvs?rev=378400&view=rev
Log:
- tidy up some of the comments and make the file more readable
Modified:
httpd/httpd/trunk/modules/aaa/mod_authz_core.c
Modified: httpd/httpd/trunk/modules/aaa/mod_authz_core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/aaa/mod_authz_core.c?rev=378400&r1=378399&r2=378400&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_core.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_core.c Thu Feb 16 16:04:05 2006
@@ -57,7 +57,7 @@
core request handling to allow the hooks to be called
in all cases. Is this function even necessary
anymore?
-- Determine of merge_authz_dir_config is even
+ - Determine of merge_authz_dir_config is even
necessary and remove if not
X- Split the authz type from the arguments when the
authz provider is registered and store the type
@@ -201,10 +201,12 @@
int level = conf->req_state_level;
/* if the level is 0 then take care of the implicit 'or'
- operation at this level. */
+ * operation at this level.
+ */
if (level == 0) {
/* Just run through the Require_one list and add the
- node */
+ * node
+ */
while (last->one_next) {
last = last->one_next;
}
@@ -212,17 +214,20 @@
}
else {
/* Traverse the list to find the last entry.Each level
- indicates a transition in the logic. */
+ * indicates a transition in the logic.
+ */
for (;level;level--) {
/* if we are in a Require_all block then run through
- all of the Require_all nodes to the end of the list */
+ * all of the Require_all nodes to the end of the list
+ */
if (last->req_state == AUTHZ_REQSTATE_ALL) {
while (last->all_next) {
last = last->all_next;
}
/* If the end of the list contains a node state
- change then run through all of the Require_one
- nodes to the end of that list */
+ * change then run through all of the Require_one
+ * nodes to the end of that list
+ */
if (level >= last->req_state_level) {
while (last->one_next) {
last = last->one_next;
@@ -231,14 +236,16 @@
continue;
}
/* if we are in a Require_one block then run through
- all of the Require_one nodes to the end of the list */
+ * all of the Require_one nodes to the end of the list
+ */
if (last->req_state == AUTHZ_REQSTATE_ONE) {
while (last->one_next) {
last = last->one_next;
}
/* If the end of the list contains a node state
- change then run through all of the Require_all
- nodes to the end of that list */
+ * change then run through all of the Require_all
+ * nodes to the end of that list
+ */
if (level >= last->req_state_level) {
while (last->all_next) {
last = last->all_next;
@@ -249,11 +256,13 @@
}
/* The current state flag indicates which way the transition should
- go. If ALL then take the all_next path, otherwise one_next */
+ * go. If ALL then take the all_next path, otherwise one_next
+ */
if (last->req_state == AUTHZ_REQSTATE_ALL) {
/* If we already have an all_next node, then
- we must have dropped back a level so assign
- the node to one_next */
+ * we must have dropped back a level so assign
+ * the node to one_next
+ */
if (!last->all_next) {
last->all_next = newp;
}
@@ -262,8 +271,9 @@
}
else {
/* If we already have a one_next node, then
- we must have dropped back a level so assign
- the node to all_next */
+ * we must have dropped back a level so assign
+ * the node to all_next
+ */
if (!last->one_next) {
last->one_next = newp;
}
@@ -277,14 +287,16 @@
}
/* This is a fake authz provider that really merges various authz alias
- configurations and then envokes them. */
+ * configurations and then envokes them.
+ */
static authz_status authz_alias_check_authorization(request_rec *r,
- const char *require_args)
+ const char *require_args)
{
- /* Look up the provider alias in the alias list */
- /* Get the the dir_config and call ap_Merge_per_dir_configs() */
- /* Call the real provider->check_authorization() function */
- /* return the result of the above function call */
+ /* Look up the provider alias in the alias list.
+ * Get the the dir_config and call ap_Merge_per_dir_configs()
+ * Call the real provider->check_authorization() function
+ * return the result of the above function call
+ */
const char *provider_name = apr_table_get(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
authz_status ret = AUTHZ_DENIED;
@@ -294,7 +306,8 @@
if (provider_name) {
provider_alias_rec *prvdraliasrec = apr_hash_get(authcfg->alias_rec,
- provider_name, APR_HASH_KEY_STRING);
+ provider_name,
+ APR_HASH_KEY_STRING);
ap_conf_vector_t *orig_dir_config = r->per_dir_config;
/* If we found the alias provider in the list, then merge the directory
@@ -302,7 +315,8 @@
if (prvdraliasrec) {
r->per_dir_config = ap_merge_per_dir_configs(r->pool, orig_dir_config,
prvdraliasrec->sec_auth);
- ret = prvdraliasrec->provider->check_authorization(r, prvdraliasrec->provider_args);
+ ret = prvdraliasrec->provider->check_authorization(r,
+ prvdraliasrec->provider_args);
r->per_dir_config = orig_dir_config;
}
}
@@ -315,7 +329,8 @@
&authz_alias_check_authorization,
};
-static const char *authz_require_alias_section(cmd_parms *cmd, void *mconfig, const char *arg)
+static const char *authz_require_alias_section(cmd_parms *cmd, void *mconfig,
+ const char *arg)
{
int old_overrides = cmd->override;
const char *endp = ap_strrchr_c(arg, '>');
@@ -357,23 +372,28 @@
}
/* walk the subsection configuration to get the per_dir config that we will
- merge just before the real provider is called. */
+ * merge just before the real provider is called.
+ */
cmd->override = OR_ALL|ACCESS_CONF;
errmsg = ap_walk_config(cmd->directive->first_child, cmd, new_authz_config);
if (!errmsg) {
- provider_alias_rec *prvdraliasrec = apr_pcalloc(cmd->pool, sizeof(provider_alias_rec));
- const authz_provider *provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP, provider_name,"0");
+ provider_alias_rec *prvdraliasrec = apr_pcalloc(cmd->pool,
+ sizeof(provider_alias_rec));
+ const authz_provider *provider = ap_lookup_provider(AUTHZ_PROVIDER_GROUP,
+ provider_name,"0");
/* Save off the new directory config along with the original provider name
- and function pointer data */
+ * and function pointer data
+ */
prvdraliasrec->sec_auth = new_authz_config;
prvdraliasrec->provider_name = provider_name;
prvdraliasrec->provider_alias = provider_alias;
prvdraliasrec->provider_args = provider_args;
prvdraliasrec->provider = provider;
- apr_hash_set(authcfg->alias_rec, provider_alias, APR_HASH_KEY_STRING, prvdraliasrec);
+ apr_hash_set(authcfg->alias_rec, provider_alias,
+ APR_HASH_KEY_STRING, prvdraliasrec);
/* Register the fake provider so that we get called first */
ap_register_provider(cmd->pool, AUTHZ_PROVIDER_GROUP, provider_alias, "0",
@@ -407,11 +427,12 @@
}
/* Save off the current request state so that we can go back to it after walking
- the subsection. Indicate a transition in the logic incrementing the level.
- After the subsection walk the level will be decremented to indicate the
- path to follow. As the require directives are read by the configuration
- the req_state and the level will allow it to traverse the list to find
- the last element in the provider calling list. */
+ * the subsection. Indicate a transition in the logic incrementing the level.
+ * After the subsection walk the level will be decremented to indicate the
+ * path to follow. As the require directives are read by the configuration
+ * the req_state and the level will allow it to traverse the list to find
+ * the last element in the provider calling list.
+ */
old_reqstate = conf->req_state;
if (strcasecmp (cmd->directive->directive, "<SatisfyAll") == 0) {
conf->req_state = AUTHZ_REQSTATE_ALL;
@@ -422,8 +443,9 @@
conf->req_state_level++;
cmd->override = OR_ALL|ACCESS_CONF;
- /* walk the subsection configuration to get the per_dir config that we will
- merge just before the real provider is called. */
+ /* Walk the subsection configuration to get the per_dir config that we will
+ * merge just before the real provider is called.
+ */
errmsg = ap_walk_config(cmd->directive->first_child, cmd, cmd->context);
conf->req_state_level--;
@@ -439,7 +461,8 @@
"Selects which authenticated users or groups may access "
"a protected space"),
AP_INIT_RAW_ARGS("Reject", add_authz_provider, (void*)1, OR_AUTHCFG,
- "Rejects the specified authenticated users or groups from accessing "
+ "Rejects the specified authenticated users or groups "
+ "from accessing "
"a protected space"),
AP_INIT_RAW_ARGS("<RequireAlias", authz_require_alias_section, NULL, RSRC_CONF,
"Container for authorization directives grouped under "
@@ -482,7 +505,8 @@
}
/* check to make sure that the request method requires
- authorization before calling the provider */
+ * authorization before calling the provider
+ */
if (!(current_provider->method_mask &
(AP_METHOD_BIT << r->method_number))) {
return AUTHZ_DENIED;
@@ -503,8 +527,10 @@
/* If the current node is a Require_One type */
if (current_provider->req_state == AUTHZ_REQSTATE_ONE) {
- /* if the auth_result of *this* node was GRANTED and we are embedded in a Require_all block
- then look to see if there is another Require_all node that needs to be satisfied */
+ /* If the auth_result of *this* node was GRANTED and we are
+ * embedded in a Require_all block then look to see if there
+ * is another Require_all node that needs to be satisfied
+ */
if (auth_result == AUTHZ_GRANTED) {
if ((current_provider->all_next) &&
(current_provider->all_next->req_state_level < current_provider->req_state_level)) {
@@ -516,7 +542,8 @@
one_next:
/* Traverse forward to the next Require_one node it one exists
- otherwise just return the auth_result */
+ * otherwise just return the auth_result
+ */
if (current_provider->one_next) {
auth_result = check_provider_list (r, current_provider->one_next,
current_provider->req_state_level);
@@ -524,15 +551,19 @@
else
return auth_result;
- /* if the *last* auth_result was GRANTED and we are embedded in a Require_all block
- then look to see if there is another Require_all node that needs to be satisfied */
+ /* If the *last* auth_result was GRANTED and we are embedded in
+ * a Require_all block then look to see if there is another
+ * Require_all node that needs to be satisfied
+ */
if ((auth_result == AUTHZ_GRANTED) && (current_provider->all_next) &&
(current_provider->all_next->req_state_level < current_provider->req_state_level)) {
auth_result = check_provider_list (r, current_provider->all_next,
current_provider->req_state_level);
}
- /* If the *last* auth_result was DENIED and we are inside of a Require_one block
- then look to see if there is another Require_one node that can be satisfied */
+ /* If the *last* auth_result was DENIED and we are inside of a
+ * Require_one block then look to see if there is another
+ * Require_one node that can be satisfied
+ */
else if ((auth_result == AUTHZ_DENIED) && (current_provider->one_next) &&
(current_provider->one_next->req_state_level < current_provider->req_state_level)) {
goto one_next;
@@ -543,8 +574,10 @@
/* If the current node is a Require_All type */
if (current_provider->req_state == AUTHZ_REQSTATE_ALL) {
- /* if the auth_result of *this* node was DENIED and we are embedded in a Require_one block
- then look to see if there is another Require_one node that can be satisfied */
+ /* if the auth_result of *this* node was DENIED and we are
+ * embedded in a Require_one block then look to see if there
+ * is another Require_one node that can be satisfied
+ */
if (auth_result == AUTHZ_DENIED) {
if ((current_provider->one_next) &&
(current_provider->one_next->req_state_level < current_provider->req_state_level)) {
@@ -556,7 +589,8 @@
all_next:
/* Traverse forward to the next Require_all node it one exists
- otherwise just return the auth_result */
+ * otherwise just return the auth_result
+ */
if (current_provider->all_next) {
auth_result = check_provider_list (r, current_provider->all_next,
current_provider->req_state_level);
@@ -564,15 +598,19 @@
else
return auth_result;
- /* if the *last* auth_result was DENIED and we are embedded in a Require_one block
- then look to see if there is another Require_one node that can be satisfied */
+ /* if the *last* auth_result was DENIED and we are embedded
+ * in a Require_one block then look to see if there is another
+ * Require_one node that can be satisfied
+ */
if ((auth_result == AUTHZ_DENIED) && (current_provider->one_next) &&
(current_provider->one_next->req_state_level < current_provider->req_state_level)) {
auth_result = check_provider_list (r, current_provider->one_next,
current_provider->req_state_level);
}
- /* If the *last* auth_result was GRANTED and we are inside of a Require_all block
- then look to see if there is another Require_all node that needs to be satisfied */
+ /* If the *last* auth_result was GRANTED and we are inside of a
+ * Require_all block then look to see if there is another
+ * Require_all node that needs to be satisfied
+ */
else if ((auth_result == AUTHZ_GRANTED) && (current_provider->all_next) &&
(current_provider->all_next->req_state_level < current_provider->req_state_level)) {
goto all_next;
@@ -650,6 +688,7 @@
int req_authz = 0;
current_provider = conf->providers;
+
while (current_provider) {
/* Does this provider config apply for this method */