-/* Copyright 1999-2006 The Apache Software Foundation or its licensors, as
- * applicable.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* @file http_request.h
* @brief Apache Request library
*
+ * @defgroup APACHE_CORE_REQ Apache Request Processing
+ * @ingroup APACHE_CORE
+ * @{
+ */
+
+/*
* request.c is the code which handles the main line of request
* processing, once a request has been read in (finding the right per-
* directory configuration, building it if necessary, and calling all
#define APACHE_HTTP_REQUEST_H
#include "apr_hooks.h"
+#include "apr_optional.h"
#include "util_filter.h"
#ifdef __cplusplus
* @return 1 if authentication is required, 0 otherwise
*/
AP_DECLARE(int) ap_some_auth_required(request_rec *r);
-
+
+/**
+ * @defgroup APACHE_CORE_REQ_AUTH Access Control for Sub-Requests and
+ * Internal Redirects
+ * @ingroup APACHE_CORE_REQ
+ * @{
+ */
+
+#define AP_AUTH_INTERNAL_PER_URI 0 /**< Run access control hooks on all
+ internal requests with URIs
+ distinct from that of initial
+ request */
+#define AP_AUTH_INTERNAL_PER_CONF 1 /**< Run access control hooks only on
+ internal requests with
+ configurations distinct from
+ that of initial request */
+#define AP_AUTH_INTERNAL_MASK 0x000F /**< mask to extract internal request
+ processing mode */
+
+/**
+ * Clear flag which determines when access control hooks will be run for
+ * internal requests.
+ */
+AP_DECLARE(void) ap_clear_auth_internal(void);
+
+/**
+ * Determine whether access control hooks will be run for all internal
+ * requests with URIs distinct from that of the initial request, or only
+ * those for which different configurations apply than those which applied
+ * to the initial request. To accomodate legacy external modules which
+ * may expect access control hooks to be run for all internal requests
+ * with distinct URIs, this is the default behaviour unless all access
+ * control hooks and authentication and authorization providers are
+ * registered with AP_AUTH_INTERNAL_PER_CONF.
+ * @param ptemp Pool used for temporary allocations
+ */
+AP_DECLARE(void) ap_setup_auth_internal(apr_pool_t *ptemp);
+
+/**
+ * Register an authentication or authorization provider with the global
+ * provider pool.
+ * @param pool The pool to create any storage from
+ * @param provider_group The group to store the provider in
+ * @param provider_name The name for this provider
+ * @param provider_version The version for this provider
+ * @param provider Opaque structure for this provider
+ * @param type Internal request processing mode, either
+ * AP_AUTH_INTERNAL_PER_URI or AP_AUTH_INTERNAL_PER_CONF
+ * @return APR_SUCCESS if all went well
+ */
+AP_DECLARE(apr_status_t) ap_register_auth_provider(apr_pool_t *pool,
+ const char *provider_group,
+ const char *provider_name,
+ const char *provider_version,
+ const void *provider,
+ int type);
+
+/** @} */
+
+/* Optional functions coming from mod_authn_core and mod_authz_core
+ * that list all registered authn/z providers.
+ */
+APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, authn_ap_list_provider_names,
+ (apr_pool_t *ptemp));
+APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, authz_ap_list_provider_names,
+ (apr_pool_t *ptemp));
+
/**
* Determine if the current request is the main request or a subrequest
* @param r The current request
#define MERGE_ALLOW 0
#define REPLACE_ALLOW 1
-#ifdef CORE_PRIVATE
/**
* Process a top-level request from a client, and synchronously write
* the response to the client
* @param r The current request
*/
AP_DECLARE(void) ap_die(int type, request_rec *r);
-#endif
/* Hooks */
* r->ap_auth_type). This hook is only run when Apache determines that
* authentication/authorization is required for this resource (as determined
* by the 'Require' directive). It runs after the access_checker hook, and
- * before the auth_checker hook.
+ * before the auth_checker hook. This hook should be registered with
+ * ap_hook_check_authn().
*
* @param r The current request
* @return OK, DECLINED, or HTTP_...
* @ingroup hooks
+ * @see ap_hook_check_authn
*/
AP_DECLARE_HOOK(int,check_user_id,(request_rec *r))
* This hook is used to apply additional access control to this resource.
* It runs *before* a user is authenticated, so this hook is really to
* apply additional restrictions independent of a user. It also runs
- * independent of 'Require' directive usage.
+ * independent of 'Require' directive usage. This hook should be registered
+ * with ap_hook_check_access().
*
* @param r the current request
* @return OK, DECLINED, or HTTP_...
* @ingroup hooks
+ * @see ap_hook_check_access
*/
AP_DECLARE_HOOK(int,access_checker,(request_rec *r))
* is available for the authenticated user (r->user and r->ap_auth_type).
* It runs after the access_checker and check_user_id hooks. Note that
* it will *only* be called if Apache determines that access control has
- * been applied to this resource (through a 'Require' directive).
+ * been applied to this resource (through a 'Require' directive). This
+ * hook should be registered with ap_hook_check_authz().
*
* @param r the current request
* @return OK, DECLINED, or HTTP_...
* @ingroup hooks
+ * @see ap_hook_check_authz
*/
AP_DECLARE_HOOK(int,auth_checker,(request_rec *r))
+/**
+ * Register a hook function that will apply additional access control to
+ * the current request.
+ * @param pf An access_checker hook function
+ * @param aszPre A NULL-terminated array of strings that name modules whose
+ * hooks should precede this one
+ * @param aszSucc A NULL-terminated array of strings that name modules whose
+ * hooks should succeed this one
+ * @param nOrder An integer determining order before honouring aszPre and
+ * aszSucc (for example, HOOK_MIDDLE)
+ * @param type Internal request processing mode, either
+ * AP_AUTH_INTERNAL_PER_URI or AP_AUTH_INTERNAL_PER_CONF
+ */
+AP_DECLARE(void) ap_hook_check_access(ap_HOOK_access_checker_t *pf,
+ const char * const *aszPre,
+ const char * const *aszSucc,
+ int nOrder, int type);
+
+/**
+ * Register a hook function that will analyze the request headers,
+ * authenticate the user, and set the user information in the request record.
+ * @param pf A check_user_id hook function
+ * @param aszPre A NULL-terminated array of strings that name modules whose
+ * hooks should precede this one
+ * @param aszSucc A NULL-terminated array of strings that name modules whose
+ * hooks should succeed this one
+ * @param nOrder An integer determining order before honouring aszPre and
+ * aszSucc (for example, HOOK_MIDDLE)
+ * @param type Internal request processing mode, either
+ * AP_AUTH_INTERNAL_PER_URI or AP_AUTH_INTERNAL_PER_CONF
+ */
+AP_DECLARE(void) ap_hook_check_authn(ap_HOOK_check_user_id_t *pf,
+ const char * const *aszPre,
+ const char * const *aszSucc,
+ int nOrder, int type);
+
+/**
+ * Register a hook function that determine if the resource being requested
+ * is available for the currently authenticated user.
+ * @param pf An auth_checker hook function
+ * @param aszPre A NULL-terminated array of strings that name modules whose
+ * hooks should precede this one
+ * @param aszSucc A NULL-terminated array of strings that name modules whose
+ * hooks should succeed this one
+ * @param nOrder An integer determining order before honouring aszPre and
+ * aszSucc (for example, HOOK_MIDDLE)
+ * @param type Internal request processing mode, either
+ * AP_AUTH_INTERNAL_PER_URI or AP_AUTH_INTERNAL_PER_CONF
+ */
+AP_DECLARE(void) ap_hook_check_authz(ap_HOOK_auth_checker_t *pf,
+ const char * const *aszPre,
+ const char * const *aszSucc,
+ int nOrder, int type);
+
/**
* This hook allows modules to insert filters for the current request
* @param r the current request
#endif
#endif /* !APACHE_HTTP_REQUEST_H */
+/** @} */