From: Bradley Nicholes <bnicholes@apache.org>
Date: Tue, 27 Dec 2005 05:29:37 +0000 (+0000)
Subject: Implement the 'Reject' directive into authz.  The 'Reject' directive acts just like... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f8e59ced471ed1a1af1334ff4d7f87d7727da15a;p=thirdparty%2Fapache%2Fhttpd.git

Implement the 'Reject' directive into authz.  The 'Reject' directive acts just like a NOT Require.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@359176 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/aaa/mod_auth.h b/modules/aaa/mod_auth.h
index 84e12f0ae35..0a413946e21 100644
--- a/modules/aaa/mod_auth.h
+++ b/modules/aaa/mod_auth.h
@@ -107,6 +107,7 @@ struct authz_provider_list {
     int req_state_level;
     /** String following 'require <provider>' from config file */
     char *requirement;
+    int is_reject;
 };
 
 #ifdef __cplusplus
diff --git a/modules/aaa/mod_authz_core.c b/modules/aaa/mod_authz_core.c
index e0d3c8bcb5b..7906dcff58c 100644
--- a/modules/aaa/mod_authz_core.c
+++ b/modules/aaa/mod_authz_core.c
@@ -166,6 +166,7 @@ static const char *add_authz_provider(cmd_parms *cmd, void *config,
                                         newp->provider_name, "0");
     newp->req_state = conf->req_state;
     newp->req_state_level = conf->req_state_level;
+    newp->is_reject = (int)cmd->info;
 
     /* by the time the config file is used, the provider should be loaded
      * and registered with us.
@@ -433,6 +434,9 @@ static const command_rec authz_cmds[] =
     AP_INIT_RAW_ARGS("Require", add_authz_provider, NULL, OR_AUTHCFG,
                      "Selects which authenticated users or groups may access "
                      "a protected space"),
+    AP_INIT_RAW_ARGS("Reject", add_authz_provider, (void*)1, OR_AUTHCFG,
+                     "Rejects the specified authenticated users or groups from accessing "
+                     "a protected space"),
     AP_INIT_RAW_ARGS("<RequireAlias", authz_require_alias_section, NULL, RSRC_CONF,
                      "Container for authorization directives grouped under "
                      "an authz provider alias"),
@@ -483,6 +487,14 @@ static authz_status check_provider_list (request_rec *r, authz_provider_list *cu
     auth_result = provider->check_authorization(r,
                     current_provider->requirement);
 
+    if (auth_result == AUTHZ_GENERAL_ERROR) {
+        return auth_result;
+    }
+
+    if (current_provider->is_reject) {
+        auth_result = auth_result == AUTHZ_DENIED ? AUTHZ_GRANTED : AUTHZ_DENIED;
+    }
+
     apr_table_unset(r->notes, AUTHZ_PROVIDER_NAME_NOTE);
 
     /* If the current node is a Require_One type */