authz provider is registered and store the type
in ->provider_name and the arguments in ->requirement
Move the check for METHOD_MASK out of the authz
providers and into the provider vector
Change the status code to AUTHZ_DENIED, AUTHZ_GRANTED
and AUTHZ_GENERAL_ERROR
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@354716
13f79535-47bb-0310-9956-
ffa450edef68
typedef enum {
AUTHZ_DENIED,
- AUTHZ_DECLINED,
AUTHZ_GRANTED,
AUTHZ_GENERAL_ERROR
} authz_status;
* if we can authorize user access.
*/
authz_status (*check_authorization)(request_rec *r,
- apr_int64_t method_mask,
const char *require_line);
} authz_provider;
{
authz_core_dir_conf *conf = (authz_core_dir_conf*)config;
authz_provider_list *newp;
+ const char *t, *w;
newp = apr_pcalloc(cmd->pool, sizeof(authz_provider_list));
/* XXX: Split this out to the name and then the rest of the directive. */
- newp->provider_name = apr_pstrdup(cmd->pool, arg);
- newp->requirement = apr_pstrdup(cmd->pool, arg);
+
+ t = arg;
+ w = ap_getword_white(cmd->pool, &t);
+
+ if (w)
+ newp->provider_name = apr_pstrdup(cmd->pool, w);
+ if (t)
+ newp->requirement = apr_pstrdup(cmd->pool, t);
newp->method_mask = cmd->limited;
/* lookup and cache the actual provider now */
current_provider->provider_name);
}
+ /* check to make sure that the request method requires
+ authorization before calling the provider */
+ if (!(current_provider->method_mask &
+ (AP_METHOD_BIT << r->method_number))) {
+ continue;
+ }
auth_result = provider->check_authorization(r,
- current_provider->method_mask,
current_provider->requirement);
apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
/* If we're returning 403, tell them to try again. */
if (return_code == HTTP_UNAUTHORIZED) {
- /* XXX: Why is this a basic auth failure? */
- ap_note_basic_auth_failure (r);
+ ap_note_auth_failure (r);
}
return return_code;
}
#endif
static authz_status user_check_authorization(request_rec *r,
- apr_int64_t method_mask,
- const char *require_line)
+ const char *require_args)
{
- int m = r->method_number;
const char *t, *w;
- if (!(method_mask & (AP_METHOD_BIT << m))) {
- return AUTHZ_DECLINED;
- }
-
- t = require_line;
- w = ap_getword_white(r->pool, &t);
- if (!strcasecmp(w, "user")) {
- /* And note that there are applicable requirements
- * which we consider ourselves the owner of.
- */
- while (t[0]) {
- w = ap_getword_conf(r->pool, &t);
- if (!strcmp(r->user, w)) {
- return AUTHZ_GRANTED;
- }
+ t = require_args;
+ while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+ if (!strcmp(r->user, w)) {
+ return AUTHZ_GRANTED;
}
}
return AUTHZ_DENIED;
}
-static authz_status validuser_check_authorization(request_rec *r, apr_int64_t method_mask, const char *require_line)
+static authz_status validuser_check_authorization(request_rec *r, const char *require_line)
{
- int m = r->method_number;
-
- if (!(method_mask & (AP_METHOD_BIT << m))) {
- return AUTHZ_DECLINED;
- }
return AUTHZ_GRANTED;
}
&authz_user_provider);
ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "valid-user", "0",
&authz_validuser_provider);
-
- /* ap_hook_auth_checker(check_user_access, NULL, NULL, APR_HOOK_MIDDLE);*/
}
module AP_MODULE_DECLARE_DATA authz_user_module =
projects / thirdparty / apache / httpd.git / commitdiff
