On 05/02/2007 06:31 PM, [EMAIL PROTECTED] wrote: > Author: bnicholes > Date: Wed May 2 09:31:39 2007 > New Revision: 534533 > > URL: http://svn.apache.org/viewvc?view=rev&rev=534533 > Log: > re-introduce ap_satisfies API back into core and modify how the > access_checker, check_user_id and auth_checker hooks are called so that they > respect the precedence that is set through the satisfy ALL/ANY directive. > This also restores the directives order, allow, deny, satisfyas supported > directives rather than being deprecated. These directives still remain in > mod_access_compat however. > > Modified: > httpd/httpd/trunk/include/http_core.h > httpd/httpd/trunk/modules/aaa/mod_access_compat.c > httpd/httpd/trunk/modules/aaa/mod_auth.h > httpd/httpd/trunk/modules/aaa/mod_authz_core.c > httpd/httpd/trunk/modules/aaa/mod_authz_default.c > httpd/httpd/trunk/server/core.c > httpd/httpd/trunk/server/request.c
<Location /> AuthType basic AuthName "private area" AuthUserFile conf/passwd Require valid-user Satisfy all deny from all </Location> does not work correctly. If the user credentials are valid access is granted even if the access control (deny from all) denies access. > Modified: httpd/httpd/trunk/modules/aaa/mod_auth.h > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth.h?view=diff&rev=534533&r1=534532&r2=534533 > ============================================================================== > --- httpd/httpd/trunk/modules/aaa/mod_auth.h (original) > +++ httpd/httpd/trunk/modules/aaa/mod_auth.h Wed May 2 09:31:39 2007 > @@ -47,20 +47,17 @@ > #define AUTHN_PREFIX "AUTHENTICATE_" > > /** all of the requirements must be met */ > +#ifndef SATISFY_ALL > #define SATISFY_ALL 0 > +#endif > /** any of the requirements must be met */ > +#ifndef SATISFY_ANY > #define SATISFY_ANY 1 > +#endif > /** There are no applicable satisfy lines */ > +#ifndef SATISFY_NOSPEC > #define SATISFY_NOSPEC 2 Why do we need to keep the defines of SATISFY_* here? Isn't it sufficient to have them in http_core.h? Regards RĂ¼diger
