initial conversion of mod_authz_default to the provider based

authorization

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@355684 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h
index 7569fd402b8a571c52fd48d76ec2731ee31cc35b..1d13ca03e47511e8f497a01b2c556c846cdf6891 100644 (file)
--- a/modules/aaa/mod_auth.h
+++ b/modules/aaa/mod_auth.h
@@ -37,7 +37,7 @@ extern "C" {
 #define AUTHN_PROVIDER_GROUP "authn"
 #define AUTHZ_PROVIDER_GROUP "authz"
 #define AUTHN_DEFAULT_PROVIDER "file"
-#define AUTHZ_DEFAULT_PROVIDER "valid-user"
+#define AUTHZ_DEFAULT_PROVIDER "default"
 
 #define AUTHZ_GROUP_NOTE "authz_group_note"
 #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"

diff --git a/modules/aaa/mod_authz_default.c b/modules/aaa/mod_authz_default.c
index 0576a0c24bfca609bcb2854f0026e6340b58fef9..c76ff91d62032246155641d17ead6d66673d93c2 100644 (file)
--- a/modules/aaa/mod_authz_default.c
+++ b/modules/aaa/mod_authz_default.c
@@ -20,87 +20,45 @@
 #include "ap_config.h"
 #include "httpd.h"
 #include "http_config.h"
+#include "ap_provider.h"
 #include "http_core.h"
 #include "http_log.h"
 #include "http_protocol.h"
 #include "http_request.h"
 
+#include "mod_auth.h"
+                          
 typedef struct {
-    int authoritative;
 } authz_default_config_rec;
 
 static void *create_authz_default_dir_config(apr_pool_t *p, char *d)
 {
     authz_default_config_rec *conf = apr_palloc(p, sizeof(*conf));
 
-    conf->authoritative = 1; /* keep the fortress secure by default */
     return conf;
 }
 
 static const command_rec authz_default_cmds[] =
 {
-    AP_INIT_FLAG("AuthzDefaultAuthoritative", ap_set_flag_slot,
-                 (void *)APR_OFFSETOF(authz_default_config_rec, authoritative),
-                 OR_AUTHCFG,
-                 "Set to 'Off' to allow access control to be passed along to "
-                 "lower modules. (default is On.)"),
     {NULL}
 };
 
 module AP_MODULE_DECLARE_DATA authz_default_module;
 
-static int check_user_access(request_rec *r)
+static authz_status default_check_authorization(request_rec *r, const char *require_line)
 {
-    authz_default_config_rec *conf = ap_get_module_config(r->per_dir_config,
-                                                 &authz_default_module);
-    int m = r->method_number;
-    int method_restricted = 0;
-    register int x;
-    const apr_array_header_t *reqs_arr = ap_requires(r);
-    require_line *reqs;
-
-    /* BUG FIX: tadc, 11-Nov-1995.  If there is no "requires" directive,
-     * then any user will do.
-     */
-    if (!reqs_arr) {
-        return OK;
-    }
-    reqs = (require_line *)reqs_arr->elts;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-        if (!(reqs[x].method_mask & (AP_METHOD_BIT << m))) {
-            continue;
-        }
-        method_restricted = 1;
-        break;
-    }
-
-    if (method_restricted == 0) {
-        return OK;
-    }
-
-    if (!(conf->authoritative)) {
-        return DECLINED;
-    }
-
-    /* if we aren't authoritative, any require directive could be
-     * considered valid even if noone groked it.  However, if we are
-     * authoritative, we can warn the user they did something wrong.
-     *
-     * That something could be a missing "AuthAuthoritative off", but
-     * more likely is a typo in the require directive.
-     */
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "access to %s failed, reason: require directives "
-                          "present and no Authoritative handler.", r->uri);
-
-    ap_note_auth_failure(r);
-    return HTTP_UNAUTHORIZED;
+    return AUTHZ_DENIED;
 }
 
+static const authz_provider authz_default_provider =
+{
+    &default_check_authorization,
+};
+
 static void register_hooks(apr_pool_t *p)
 {
-    ap_hook_auth_checker(check_user_access,NULL,NULL,APR_HOOK_LAST);
+    ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "default", "0",
+                         &authz_default_provider);
 }
 
 module AP_MODULE_DECLARE_DATA authz_default_module =