httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: cvs commit: apache/src mod_auth_msql.c
Date Mon, 01 Jul 1996 20:29:43 GMT
I think it is a bad idea to reverse these changes since they
fix real bugs. Without these changes, it will likely break
all existing sites using this module.


> brian       96/07/01 12:04:11
> 
>   Modified:    src       mod_auth_msql.c
>   Log:
>   Reverse mod_auth_msql.c changes, back to version 1.0.
>   
>   Revision  Changes    Path
>   1.10      +19 -25    apache/src/mod_auth_msql.c
>   
>   Index: mod_auth_msql.c
>   ===================================================================
>   RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
>   retrieving revision 1.9
>   retrieving revision 1.10
>   diff -C3 -r1.9 -r1.10
>   *** mod_auth_msql.c	1996/06/30 22:36:57	1.9
>   --- mod_auth_msql.c	1996/07/01 19:04:08	1.10
>   ***************
>   *** 284,295 ****
>      *		Replaced some MAX_STRING_LENGTH claims. 
>      *	   1.0  removed some error check as they where already done elsehwere
>      *	        NumFields -> NumRows (Thanks Vitek). More stack memory.
>   -  *	   1.1	no logging of empty password strings.
>   -  * 	   1.2  Problem with the Backward vitek which cause it to check
>   -  *		even if msql_auth was not configured; Also more carefull
>   -  *		with the authorative stuff; caught by thomas@marvin.calvacom.fr.
>   -  *	   1.3  Even more changes to get it right; that BACKWARD thing was a bad
>   -  *		idea. 
>      */
>     
>     
>   --- 284,289 ----
>   ***************
>   *** 398,404 ****
>   --- 392,400 ----
>     #include "http_log.h"
>     #include "http_protocol.h"
>     #include <msql.h>
>   + #ifdef HAVE_CRYPT_H
>     #include <crypt.h>
>   + #endif
>     
>     typedef struct  {
>     
>   ***************
>   *** 782,791 ****
>          * We do not check on dbase, group, userid or host name, as it is
>          * perfectly possible to only do group control with mSQL and leave
>          * user control to the next (dbm) guy in line.
>   -      * We no longer check on the user field name; to avoid problems
>   -      * with Backward VITEK.
>          */
>   !     if (!sec->auth_msql_pwd_table) return DECLINED;
>     
>         if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
>     	if ( msql_errstr[0] ) {
>   --- 778,788 ----
>          * We do not check on dbase, group, userid or host name, as it is
>          * perfectly possible to only do group control with mSQL and leave
>          * user control to the next (dbm) guy in line.
>          */
>   !     if (
>   !     	(!sec->auth_msql_pwd_table) &&
>   !     	(!sec->auth_msql_pwd_field)
>   ! 	 ) return DECLINED;
>     
>         if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
>     	if ( msql_errstr[0] ) {
>   ***************
>   *** 812,821 ****
>          */
>     
>         if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
>   - /*
>             sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password accepted",c->user);
>     	log_reason (msql_errstr, r->uri, r);
>   -  */
>     	return OK;
>     	};
>     
>   --- 809,816 ----
>   ***************
>   *** 867,875 ****
>         char *t, *w;
>         msql_errstr[0]='\0';
>     
>   -     /* If we are not configured, ignore */
>   -     if (!sec->auth_msql_pwd_table) return DECLINED;
>   - 
>         if (!reqs_arr) {
>     	if (sec->auth_msql_authorative) {
>     	        sprintf(msql_errstr,"user %s denied, no access rules specified (MSQL-Authorative)
",user);
>   --- 862,867 ----
>   ***************
>   *** 937,959 ****
>     	    };
>             }
>     
>   !     /* Get serious if we are authorative, previous
>   !      * returns are only if msql yielded a correct result. 
>   !      * This really is not needed.
>          */
>   !     if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) &&
(sec->auth_msql_authorative) ) {
>   !         sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s %s rule(s) ",

>   ! 		(group_result == AUTH_REQUIRED) ? "USER" : "", 
>   ! 		(user_result == AUTH_REQUIRED) ? "GROUP" : ""
>   ! 		);
>     	log_reason (msql_errstr, r->uri, r);
>     	return AUTH_REQUIRED;
>     	};
>     
>   -     if ( (user_result == OK) || (group_result == OK))
>   - 	return OK;
>     
>   !     return DECLINED;
>     }
>     
>     
>   --- 929,953 ----
>     	    };
>             }
>     
>   !     /* we do not have to check the valid-ness of the group result as
>   !      * have not (yet) a 'valid-group' token
>          */
>   !     if ( (user_result != OK) && (sec->auth_msql_authorative) ) {
>   !         sprintf(msql_errstr,"User %s denied, no access rules applied (MSQL-Authorative)
",user);
>     	log_reason (msql_errstr, r->uri, r);
>   +         note_basic_auth_failure(r);
>     	return AUTH_REQUIRED;
>     	};
>     
>     
>   !     /* if the user is DECLINED, it is up to the group_result to tip
>   !      * the balance. But if the group result is AUTH_REQUIRED it should
>   !      * always override. A SERVER_ERROR should not get here. 
>   !      */
>   !     if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED))
>   ! 	return group_result;
>   ! 
>   !     return user_result;
>     }
>     
>     
>   
>   
>   




Mime
View raw message