diff options
| author | Chris Darroch <chrisd@apache.org> | 2008-04-03 23:51:07 +0200 |
|---|---|---|
| committer | Chris Darroch <chrisd@apache.org> | 2008-04-03 23:51:07 +0200 |
| commit | c8ba67fb8353858e536fd40cd9ea314a9dc54da2 (patch) | |
| tree | 25ac9179608e3d687485d29df91b914bed63e00c /modules/aaa/mod_authz_host.c | |
| parent | close PR 44381 (diff) | |
| download | apache2-c8ba67fb8353858e536fd40cd9ea314a9dc54da2.tar.xz apache2-c8ba67fb8353858e536fd40cd9ea314a9dc54da2.zip | |
Avoid calling access control hooks for internal requests with
configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644525 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/aaa/mod_authz_host.c')
| -rw-r--r-- | modules/aaa/mod_authz_host.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_authz_host.c index 77af896568..e6d6ec79d3 100644 --- a/modules/aaa/mod_authz_host.c +++ b/modules/aaa/mod_authz_host.c @@ -241,14 +241,14 @@ static const authz_provider authz_all_provider = static void register_hooks(apr_pool_t *p) { - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "env", "0", - &authz_env_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "ip", "0", - &authz_ip_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "host", "0", - &authz_host_provider); - ap_register_provider(p, AUTHZ_PROVIDER_GROUP, "all", "0", - &authz_all_provider); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "env", "0", + &authz_env_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "ip", "0", + &authz_ip_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "host", "0", + &authz_host_provider, AP_AUTH_INTERNAL_PER_CONF); + ap_register_auth_provider(p, AUTHZ_PROVIDER_GROUP, "all", "0", + &authz_all_provider, AP_AUTH_INTERNAL_PER_CONF); } module AP_MODULE_DECLARE_DATA authz_host_module = |