configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644525 13f79535-47bb-0310-9956-ffa450edef68
key is "$user:$realm" (perl speaking), the value is the MD5-hash,
optionally followed by a colon and other garbage.
Note that currently there's no tool to create such databases.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98144 13f79535-47bb-0310-9956-ffa450edef68
the DSO link problems for DAV and the new aaa modules by moving the
provider code into the core of the server and generalizing them to be
used by any code.
Remove the auth{nz}_*_provider functions as they are no longer needed.
Change the dav_*_provider functions to wrap the ap_*_provider functions
as they have a bit more of a historical precedent that we should keep
around.
Reviewed by: John K. Sterling <john@sterls.com> (in concept)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96919 13f79535-47bb-0310-9956-ffa450edef68
do not have to re-implement basic auth and to allow mod_auth_digest (and
other modules) to leverage the authn backends.
Adds AuthBasicProvider and AuthDigestProvider directives.
This also moves a lot of the basic auth handling code inside of mod_auth_basic
(but does not remove the code in server/protocol.c - that will have to wait
for a version bump so that we don't totally bust old modules).
This patch incorporates code review comments by Greg Stein.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96739 13f79535-47bb-0310-9956-ffa450edef68
All modules are reorganized under the following scheme:
- mod_auth_*: Front-end (basic, digest)
- mod_authn_*: Authentication (anon, dbm, default, file)
- mod_authz_*: Authorization (dbm, default, groupfile, host, user)
This passes the httpd-test suite when it accounts for the renaming of
aaa modules.
Originally written by: Dirk-Willem van Gulik
Completed by: Justin Erenkrantz
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96728 13f79535-47bb-0310-9956-ffa450edef68
