mod_lua, authz and merging of directives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I have a question concernings authz providers, mod_lua and the merging
of Require directives.

I have a lua authz Provider which is configured like that:

---------------------------------------------
LuaRoot /PATH/conf/lua
LuaScope thread

LuaAuthzProvider authzassets authnz.lua check_authz_ok
LuaAuthzProvider authz       authnz.lua check_authz
LuaHookCheckUserID           authnz.lua check_user_id early

<LocationMatch "/admin">
  AuthName foo
  AuthType Basic
  Require authz Redaktion
</LocationMatch>

<LocationMatch "/admin/(css|img|js)">
  AuthName foo
  AuthType Basic
  Require authzassets
</LocationMatch>

<LocationMatch "/sapdoku/admin">
  AuthName foo
  AuthType Basic
  Require authz Sapdoku
</LocationMatch>
---------------------------------------------


If I write it like that it doesn't work. The last Require directive per
authz provider wins. So all users in the group Sapdoku can also access
other /admin areas.

If instead I write:

---------------------------------------------
LuaRoot /PATH/conf/lua
LuaScope thread

LuaAuthzProvider authzassets authnz.lua check_authz_ok
LuaAuthzProvider authz       authnz.lua check_authz
LuaAuthzProvider authz2      authnz.lua check_authz
LuaHookCheckUserID           authnz.lua check_user_id early

<LocationMatch "/admin">
  AuthName foo
  AuthType Basic
  Require authz Redaktion
</LocationMatch>

<LocationMatch "/admin/(css|img|js)">
  AuthName foo
  AuthType Basic
  Require authzassets
</LocationMatch>

<LocationMatch "/sapdoku/admin">
  AuthName foo
  AuthType Basic
  Require authz2 Sapdoku
</LocationMatch>
---------------------------------------------

everything works as expected.

If I read the code in mod_lua.c right (function lua_authz_parse) then
the last Require directive per authz provider will win.

I had expected that I would see the same merging as if I had used e.g
the file authz provider.

Is the configuration with multiple authz providers the only way?

 KP


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux