Implement the 'Reject' directive into authz. The 'Reject' directive acts just like...

author Bradley Nicholes <bnicholes@apache.org>

Tue, 27 Dec 2005 05:29:37 +0000 (05:29 +0000)

committer Bradley Nicholes <bnicholes@apache.org>

Tue, 27 Dec 2005 05:29:37 +0000 (05:29 +0000)
author Bradley Nicholes <bnicholes@apache.org>
Tue, 27 Dec 2005 05:29:37 +0000 (05:29 +0000)
committer Bradley Nicholes <bnicholes@apache.org>
Tue, 27 Dec 2005 05:29:37 +0000 (05:29 +0000)
diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h

index 84e12f0ae351c271ee3c52a54a6cfa73ba88282e..0a413946e218ecf64c9921e9714a85c2a0805d64 100644 (file)
--- a/modules/aaa/mod_auth.h
+++ b/modules/aaa/mod_auth.h
@@ -107,6 +107,7 @@ struct authz_provider_list {
      int req_state_level;
      /** String following 'require <provider>' from config file */
      char *requirement;
+    int is_reject;
  };
  
  #ifdef __cplusplus
diff --git a/modules/aaa/mod_authz_core.c b/modules/aaa/mod_authz_core.c

index e0d3c8bcb5b3e4c887929a008e867d274d933ec2..7906dcff58c0d4543774bb63dbc48daa37a077e2 100644 (file)
--- a/modules/aaa/mod_authz_core.c
+++ b/modules/aaa/mod_authz_core.c
@@ -166,6 +166,7 @@ static const char *add_authz_provider(cmd_parms *cmd, void *config,
                                          newp->provider_name, "0");
      newp->req_state = conf->req_state;
      newp->req_state_level = conf->req_state_level;
+    newp->is_reject = (int)cmd->info;
  
      /* by the time the config file is used, the provider should be loaded
       * and registered with us.
@@ -433,6 +434,9 @@ static const command_rec authz_cmds[] =
      AP_INIT_RAW_ARGS("Require", add_authz_provider, NULL, OR_AUTHCFG,
                       "Selects which authenticated users or groups may access "
                       "a protected space"),
+    AP_INIT_RAW_ARGS("Reject", add_authz_provider, (void*)1, OR_AUTHCFG,
+                     "Rejects the specified authenticated users or groups from accessing "
+                     "a protected space"),
      AP_INIT_RAW_ARGS("<RequireAlias", authz_require_alias_section, NULL, RSRC_CONF,
                       "Container for authorization directives grouped under "
                       "an authz provider alias"),
@@ -483,6 +487,14 @@ static authz_status check_provider_list (request_rec *r, authz_provider_list *cu
      auth_result = provider->check_authorization(r,
                      current_provider->requirement);
  
+    if (auth_result == AUTHZ_GENERAL_ERROR) {
+        return auth_result;
+    }
+
+    if (current_provider->is_reject) {
+        auth_result = auth_result == AUTHZ_DENIED ? AUTHZ_GRANTED : AUTHZ_DENIED;
+    }
+
      apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
  
      /* If the current node is a Require_One type */
author	Bradley Nicholes <bnicholes@apache.org>
	Tue, 27 Dec 2005 05:29:37 +0000 (05:29 +0000)
committer	Bradley Nicholes <bnicholes@apache.org>
	Tue, 27 Dec 2005 05:29:37 +0000 (05:29 +0000)
modules/aaa/mod_auth.h		patch \| blob \| blame \| history
modules/aaa/mod_authz_core.c		patch \| blob \| blame \| history