On 12/12/2008 07:25 PM, [email protected] wrote:
> Author: chrisd
> Date: Fri Dec 12 10:25:17 2008
> New Revision: 726082
>
> URL: http://svn.apache.org/viewvc?rev=726082&view=rev
> Log:
> Per suggestions by Roy T. Fielding:
>
> - remove Match directive, allow Require to be negated
> - rename <Match*> directives to <Require*>
> - rename <RequireNotAny> to <RequireNone>
> - disable <RequireNotAll>
> - rename MergeAuthz to AuthMerging and change its arguments to Off|And|Or
>
> Also convert text formatting macros into functions, and revise
> authz_core_check_section() so that check for non-negative directives
> follows De Morgan optimization.
>
> Modified:
> httpd/httpd/trunk/modules/aaa/mod_authz_core.c
>
> Modified: httpd/httpd/trunk/modules/aaa/mod_authz_core.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_core.c?rev=726082&r1=726081&r2=726082&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/aaa/mod_authz_core.c (original)
> +++ httpd/httpd/trunk/modules/aaa/mod_authz_core.c Fri Dec 12 10:25:17 2008
> @@ -543,28 +529,6 @@
> int ret = !OK;
>
> while (child) {
> - if (!child->negate) {
> - ret = OK;
> - break;
> - }
> -
> - child = child->next;
> - }
> -
> - if (ret != OK) {
> - ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, APR_SUCCESS, s,
> - apr_pstrcat(p, (is_conf
> - ? "<Directory>, <Location>, or similar"
> - : FORMAT_AUTHZ_COMMAND(p, section)),
> - " directive contains only negative "
> - "authorization directives", NULL));
> -
> - return ret;
> - }
> -
> - child = section->first;
> -
> - while (child) {
> if (child->first) {
> if (authz_core_check_section(p, s, child, 0) != OK) {
> return !OK;
> @@ -595,7 +559,27 @@
> child = child->next;
> }
>
> - return OK;
> + child = section->first;
> +
> + while (child) {
> + if (!child->negate) {
> + ret = OK;
> + break;
> + }
> +
> + child = child->next;
> + }
> +
> + if (ret != OK) {
> + ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_STARTUP, APR_SUCCESS, s,
> + apr_pstrcat(p, (is_conf
> + ? "<Directory>, <Location>, or similar"
> + : format_authz_command(p, section)),
> + " directive contains only negative "
> + "authorization directives", NULL));
> + }
> +
> + return ret;
Sorry, but I currently don't get the reason for moving the negate check down
in the code.
> @@ -631,29 +615,27 @@
> "container for grouping an authorization provider's "
> "directives under a provider alias"),
> AP_INIT_RAW_ARGS("Require", add_authz_provider, NULL, OR_AUTHCFG,
> - "specifies legacy authorization directives "
> - "of which one must pass "
> - "for a request to suceeed"),
> - AP_INIT_RAW_ARGS("Match", add_authz_provider, NULL, OR_AUTHCFG,
> - "specifies authorization directives that must pass "
> - "(or not) for a request to suceeed"),
> - AP_INIT_RAW_ARGS("<MatchAll", add_authz_section, NULL, OR_AUTHCFG,
> + "specifies authorization directives "
> + "which one must pass (or not) for a request to
> suceeed"),
> + AP_INIT_RAW_ARGS("<RequireAll", add_authz_section, NULL, OR_AUTHCFG,
> "container for grouping authorization directives "
> "of which none must fail and at least one must pass "
> "for a request to succeed"),
> - AP_INIT_RAW_ARGS("<MatchAny", add_authz_section, NULL, OR_AUTHCFG,
> + AP_INIT_RAW_ARGS("<RequireAny", add_authz_section, NULL, OR_AUTHCFG,
> "container for grouping authorization directives "
> "of which one must pass "
> "for a request to succeed"),
> - AP_INIT_RAW_ARGS("<MatchNotAll", add_authz_section, NULL, OR_AUTHCFG,
> +#ifdef AUTHZ_EXTRA_CONFIGS
> + AP_INIT_RAW_ARGS("<RequireNotAll", add_authz_section, NULL, OR_AUTHCFG,
> "container for grouping authorization directives "
> "of which some must fail or none must pass "
> "for a request to succeed"),
> - AP_INIT_RAW_ARGS("<MatchNotAny", add_authz_section, NULL, OR_AUTHCFG,
> +#endif
> + AP_INIT_RAW_ARGS("<RequireNone", add_authz_section, NULL, OR_AUTHCFG,
Why do we still need AUTHZ_EXTRA_CONFIGS?
Regards
RĂ¼diger
