httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wsanc...@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_auth_basic.c mod_auth_digest.c
Date Sun, 08 Dec 2002 21:10:38 GMT
wsanchez    2002/12/08 13:10:38

  Modified:    modules/aaa mod_auth_basic.c mod_auth_digest.c
  Log:
  when asking the providers for authentication, the main loop should
  not only  break, if access is granted. It should also break, if
  access was *denied*  by one provider. To be safe, it has to break
  also, if an error occured. So  the patch turns the condition around
  and continues only, if the user was  not found.
  I find it also weird, that if auth was denied (by password
  usually), the  AuthBasicAuthoritative behaviour can override that
  by "passing to lower  modules". The patch changes that behaviour,
  too.
  
  Justin notes:
  I'm kind of on the fence about that.  I was originally thinking
  optimistically, but yeah, it might make sense to do it
  pessimistically.  If there's any error, bug out.
  
  Submitted by:	Andre Malo <nd@perlig.de>
  
  Revision  Changes    Path
  1.8       +3 -3      httpd-2.0/modules/aaa/mod_auth_basic.c
  
  Index: mod_auth_basic.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_basic.c,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- mod_auth_basic.c	30 Nov 2002 18:48:40 -0000	1.7
  +++ mod_auth_basic.c	8 Dec 2002 21:10:37 -0000	1.8
  @@ -264,8 +264,8 @@
   
           auth_result = provider->check_password(r, sent_user, sent_pw);
   
  -        /* Access is granted.  Stop checking. */
  -        if (auth_result == AUTH_GRANTED) {
  +        /* Something occured. Stop checking. */
  +        if (auth_result != AUTH_USER_NOT_FOUND) {
               break;
           }
   
  @@ -281,7 +281,7 @@
           int return_code;
   
           /* If we're not authoritative, then any error is ignored. */
  -        if (!(conf->authoritative)) {
  +        if (!(conf->authoritative) && auth_result != AUTH_DENIED) {
               return DECLINED;
           }
   
  
  
  
  1.74      +2 -2      httpd-2.0/modules/aaa/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_digest.c,v
  retrieving revision 1.73
  retrieving revision 1.74
  diff -u -r1.73 -r1.74
  --- mod_auth_digest.c	30 Nov 2002 18:48:41 -0000	1.73
  +++ mod_auth_digest.c	8 Dec 2002 21:10:37 -0000	1.74
  @@ -1486,8 +1486,8 @@
           auth_result = provider->get_realm_hash(r, user, conf->realm,
                                                  &password);
   
  -        /* User is found.  Stop checking. */
  -        if (auth_result == AUTH_USER_FOUND) {
  +        /* Something occured.  Stop checking. */
  +        if (auth_result != AUTH_USER_NOT_FOUND) {
               break;
           }
   
  
  
  

Mime
View raw message