Skip to content
  1. Jul 14, 2010
    • Stefan Fritsch's avatar
      The approach for allowing authorization by user or IP introduced in r956387, · cf618538
      Stefan Fritsch authored 
      etc. causes problems because the authentication module calls
note_*_auth_failure if authentication fails. This is inappropriate if access is
later allowed because of the IP.

So, instead of calling the auth_checker hook even if authentication failed, we
introduce a new access_checker_ex hook that runs between the access_checker and
the check_user_id hooks. If an access_checker_ex functions returns OK, the
request will be allowed without authentication.

To make use of this, change mod_authz_core to walk the require blocks in the
access_checker_ex phase and deny/allow the request if the authz result does not
depend on an authenticated user. To distinguish a real AUTHZ_DENIED from an
authz provider from an authz provider needing an authenticated user, the latter
must return the new AUTHZ_DENIED_NO_USER code.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@964156 13f79535-47bb-0310-9956-ffa450edef68
      cf618538
    • Jim Jagielski's avatar
      Allow for modules to keep track of worker slot · d5bb8744
      Jim Jagielski authored 
      numbers themselves if they want, by allowing for
worker create/alloc functions to take a slot number id.
Done via _wid() variants of 3 proxy funcs.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@964089 13f79535-47bb-0310-9956-ffa450edef68
      d5bb8744
  3. Jul 13, 2010
  5. Jul 11, 2010
  7. Jul 06, 2010
  9. Jul 05, 2010
  11. Jul 04, 2010
  13. Jul 03, 2010
  15. Jul 02, 2010
  17. Jul 01, 2010
  19. Jun 30, 2010
  21. Jun 29, 2010
  23. Jun 28, 2010
  25. Jun 26, 2010
  27. Jun 25, 2010