DO NOT REPLY [Bug 48807] New: Design policy of "aaa module" is incomplete because of hard coded string.

Wed, 24 Feb 2010 04:09:38 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=48807

           Summary: Design policy of "aaa module" is incomplete because of
                    hard coded string.
           Product: Apache httpd-2
           Version: 2.2.14
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Created an attachment (id=25050)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=25050)
for protocol.c

I'm coding a new authentication module and have some trouble with adding a
proper 'WWW-Authenticate' header.

Apaceh2 separates aaa module to mod_auth_X and mod_authz_Y.
In current implementation, if mod_auth_X authenticates user 'foo' successfully
and
mod_authz_Y does not authorize 'foo', mod_authz_Y calls function
'ap_note_auth_failure()'.
This function gets the authentication scheme by calling 'ap_auth_type(r)' and
adds the associated 'WWW-Authenticate' header.

There are hard-coded invocations of 'ap_note_X_auth_failure' where X is 'basic'
or 'digest', and there are almost same function in mod_auth_X as
'ap_note_X_auth_failure'.
This design also causes problem when making a new authentication module without
editing 'server/protocol.c'.

I think the routine should reside only in mod_auth_X.
The following patch solves only the new scheme problem by setting a
'note-auth-failure' property in mod_auth_X.
'ap_note_X_auth_failure' in 'server/protocol.c' are not touched but can be
removed by the same way.

The reason of the list structure has multiple headers.

(This issue was found during "HTTP Mutual Access Authentication Protocol"
development. 
http://tools.ietf.org/html/draft-oiwa-http-mutualauth , 
https://www.rcis.aist.go.jp/special/MutualAuth/index-en.html ,
https://www.rcis.aist.go.jp/special/MutualAuth/software/mod_auth_mutual/index-en.html
)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to