* docs/manual/developer/request.xml (security): Replace raw code snippets with a basic description of each hook involved in the security phase.
Index: docs/manual/developer/request.xml =================================================================== --- docs/manual/developer/request.xml (revision 280694) +++ docs/manual/developer/request.xml (working copy) @@ -146,60 +146,56 @@ </section> <section id="security"><title>The Security Phase</title> - <p>Needs Documentation. Code is:</p> + <section id="access_checker"><title>Hook: access_checker</title> - <example><pre> -switch (ap_satisfies(r)) { -case SATISFY_ALL: -case SATISFY_NOSPEC: - if ((access_status = ap_run_access_checker(r)) != 0) { - return decl_die(access_status, "check access", r); - } + <p>The modules have an opportunity to test whether server + configuration allows access to the requested resource. + Directives such as <directive + module="mod_authz_host">Allow</directive>, <directive + module="mod_authz_host">Deny</directive>, and <directive + module="mod_authz_host">Order</directive> come into play.</p> - if (ap_some_auth_required(r)) { - if (((access_status = ap_run_check_user_id(r)) != 0) - || !ap_auth_type(r)) { - return decl_die(access_status, ap_auth_type(r) - ? "check user. No user file?" - : "perform authentication. AuthType not set!", - r); - } + <p>If all modules <code>DECLINE</code> this phase, an error 500 + is returned to the browser, and a "couldn't check access" error + is logged automatically.</p> + </section> - if (((access_status = ap_run_auth_checker(r)) != 0) - || !ap_auth_type(r)) { - return decl_die(access_status, ap_auth_type(r) - ? "check access. No groups file?" - : "perform authentication. AuthType not set!", - r); - } - } - break; + <section id="check_user_id"><title>Hook: check_user_id</title> + <p>The modules have an opportunity to authenticate the client + credentials supplied for the request (usually by analyzing the + request headers). Successful authentication makes a note of the + user and authentication type. This hook runs only when Apache + determines that authentication (and possibly authorization) is + required for the requested resource (as determined by the + presence of the <directive module="core">Require</directive> + directive). mod_auth_mysql uses this phase to compare the HTTP + basic auth user name provided by the client to the configured + user database.</p> -case SATISFY_ANY: - if (((access_status = ap_run_access_checker(r)) != 0)) { - if (!ap_some_auth_required(r)) { - return decl_die(access_status, "check access", r); - } + <p>If all modules <code>DECLINE</code> this phase, an error 500 + is returned to the browser, and a "couldn't check user. No user + file?" or "couldn't perform authentication. AuthType not set!" + error is logged automatically (depending upon whether <directive + module="core">AuthType</directive> is set for the <directive + type="section" module="core">Location</directive>).</p> + </section> - if (((access_status = ap_run_check_user_id(r)) != 0) - || !ap_auth_type(r)) { - return decl_die(access_status, ap_auth_type(r) - ? "check user. No user file?" - : "perform authentication. AuthType not set!", - r); - } + <section id="auth_checker"><title>Hook: auth_checker</title> + <p>The modules have an opportunity to authorize access to the + requested resource based on an authenticated user's credentials. + This hook runs only when Apache determines that authorization is + required for the requested resource (as determined by the + presence of the <directive module="core">Require</directive> + directive).</p> - if (((access_status = ap_run_auth_checker(r)) != 0) - || !ap_auth_type(r)) { - return decl_die(access_status, ap_auth_type(r) - ? "check access. No groups file?" - : "perform authentication. AuthType not set!", - r); - } - } - break; -}</pre> - </example> + <p>If all modules <code>DECLINE</code> this phase, an error 500 + is returned to the browser, and a "couldn't check access. No + groups file?" or "couldn't perform authentication. AuthType not + set!" error is logged automatically (depending upon whether + <directive module="core">AuthType</directive> is set for the + <directive type="section" + module="core">Location</directive>).</p> + </section> </section> <section id="preparation"><title>The Preparation Phase</title>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]