Fix handling of authz configurations, make default authz logic replicate (df1587b0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,11 @@
		Changes with Apache 2.3.0
		[ When backported to 2.2.x, remove entry from this file ]

		*) authz: Fix handling of authz configurations, make default authz
		logic replicate 2.2.x authz logic, and replace <Satisfy*>, Reject,
		and AuthzMergeRules directives with Match, <Match*>, and AuthzMerge
		directives. [Chris Darroch]

		*) mod_proxy_ajp: Do not fail if response data is sent before all request
		data is read. PR 45911 [Ruediger Pluem]

+3 −1

Original line number	Diff line number	Diff line
		@@ -172,13 +172,15 @@
		* 20080920.1 (2.3.0-dev) Export mod_rewrite.h in the public API.
		* 20080920.2 (2.3.0-dev) Added ap_timeout_parameter_parse to util.c / httpd.h
		* 20081101.0 (2.3.0-dev) Remove unused AUTHZ_GROUP_NOTE define.
		* 20081102.0 (2.3.0-dev) Remove authz_provider_list, authz_request_state,
		* and AUTHZ_ACCESS_PASSED_NOTE.
		*
		*/

		#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */

		#ifndef MODULE_MAGIC_NUMBER_MAJOR
		#define MODULE_MAGIC_NUMBER_MAJOR 20081101
		#define MODULE_MAGIC_NUMBER_MAJOR 20081102
		#endif
		#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */

+2 −25

Original line number	Diff line number	Diff line
		@@ -44,7 +44,6 @@ extern "C" {

		#define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name"
		#define AUTHZ_PROVIDER_NAME_NOTE "authz_provider_name"
		#define AUTHZ_ACCESS_PASSED_NOTE "authz_access_passed"

		#define AUTHN_PREFIX "AUTHENTICATE_"

		@@ -72,15 +71,10 @@ typedef enum {
		typedef enum {
		AUTHZ_DENIED,
		AUTHZ_GRANTED,
		AUTHZ_GENERAL_ERROR,
		AUTHZ_NEUTRAL
		AUTHZ_NEUTRAL,
		AUTHZ_GENERAL_ERROR
		} authz_status;

		typedef enum {
		AUTHZ_REQSTATE_ONE,
		AUTHZ_REQSTATE_ALL
		} authz_request_state;

		typedef struct {
		/* Given a username and password, expected to return AUTH_GRANTED
		* if we can validate this user/password combination.
		@@ -112,23 +106,6 @@ typedef struct {
		const char *require_line);
		} authz_provider;

		/* A linked-list of authn providers. */
		typedef struct authz_provider_list authz_provider_list;

		struct authz_provider_list {
		const char *provider_name;
		const authz_provider *provider;
		authz_provider_list *one_next;
		authz_provider_list *all_next;
		/** If a Limit method is in effect, this field will be set */
		apr_int64_t method_mask;
		authz_request_state req_state;
		int req_state_level;
		/** String following 'require <provider>' from config file */
		char *requirement;
		int is_reject;
		};

		#ifdef __cplusplus
		}
		#endif

+0 −12

Original line number	Diff line number	Diff line
		@@ -349,18 +349,6 @@ static int check_dir_access(request_rec *r)
		}
		}

		if (ret == OK) {
		apr_table_setn(r->notes, AUTHZ_ACCESS_PASSED_NOTE, "Y");
		}
		else {
		apr_table_setn(r->notes, AUTHZ_ACCESS_PASSED_NOTE, "N");
		/* If Satisfy is not Any and authorization is required, then
		defer to the authorization stage */
		if ((access_compat_ap_satisfies(r) != SATISFY_ANY) && ap_some_auth_required(r)) {
		ret = OK;
		}
		}

		if (ret == HTTP_FORBIDDEN) {
		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
		"client denied by server configuration: %s%s",

+467 −503

File changed.

Preview size limit exceeded, changes collapsed.