From a8675243f8f387313be053ea007e8f33b0db4515 Mon Sep 17 00:00:00 2001
From: Graham Leggett <minfrin@apache.org>
Date: Sat, 14 Sep 2013 15:15:38 +0000
Subject: [PATCH] authz_groupfile/authz_user: don't log at ERROR for
 AUTHZ_DENIED, since authz_core is collecting providers results. Subsequently
 reported in PR55523?

trunk patch: http://svn.apache.org/r1517366

Submitted by: covener
Reviewed by: jim, humbedooh


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1523267 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                           | 4 ++++
 STATUS                            | 7 -------
 modules/aaa/mod_authz_groupfile.c | 2 +-
 modules/aaa/mod_authz_user.c      | 2 +-
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index 137d9656ac..04b2067ffb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.7
 
+  *) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
+     from ERROR to DEBUG, since these modules do not know what mod_authz_core
+     is doing with their AUTHZ_DENIED return value. [Eric Covener]
+
   *) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]
 
   *) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]
diff --git a/STATUS b/STATUS
index 5bc7c02cfb..a7138c0f31 100644
--- a/STATUS
+++ b/STATUS
@@ -126,13 +126,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
     +1: rjung, jim, humbedooh
 
 
-  * authz_groupfile/authz_user: don't log at ERROR for AUTHZ_DENIED, since 
-    authz_core is collecting providers results. Subsequently reported in PR55523?
-    trunk patch: http://svn.apache.org/r1517366
-    2.4.x: trunk works
-    +1: covener, jim, humbedooh
-
-  
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
diff --git a/modules/aaa/mod_authz_groupfile.c b/modules/aaa/mod_authz_groupfile.c
index 934a7d2f14..c7fd13b6c4 100644
--- a/modules/aaa/mod_authz_groupfile.c
+++ b/modules/aaa/mod_authz_groupfile.c
@@ -249,7 +249,7 @@ static authz_status filegroup_check_authorization(request_rec *r,
         return AUTHZ_DENIED;
     }
 
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01671)
+    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01671)
                   "Authorization of user %s to access %s failed, reason: "
                   "user is not part of the 'require'ed file group.",
                   r->user, r->uri);
diff --git a/modules/aaa/mod_authz_user.c b/modules/aaa/mod_authz_user.c
index 7c9462c8e3..e4af7946a4 100644
--- a/modules/aaa/mod_authz_user.c
+++ b/modules/aaa/mod_authz_user.c
@@ -62,7 +62,7 @@ static authz_status user_check_authorization(request_rec *r,
         }
     }
 
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01663)
+    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(01663)
                   "access to %s failed, reason: user '%s' does not meet "
                   "'require'ments for user to be allowed access",
                   r->uri, r->user);
-- 
2.40.0