httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_authz_dbm.c
Date Mon, 06 Jan 2003 08:07:51 GMT
nd          2003/01/06 00:07:51

  Modified:    modules/aaa mod_authz_dbm.c
  Log:
  be consistent:
  evaluate multiple "require group" directives even for DBM files.
  this was always applicable for plain text group files.
  
  Revision  Changes    Path
  1.7       +49 -30    httpd-2.0/modules/aaa/mod_authz_dbm.c
  
  Index: mod_authz_dbm.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_authz_dbm.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- mod_authz_dbm.c	6 Jan 2003 03:35:48 -0000	1.6
  +++ mod_authz_dbm.c	6 Jan 2003 08:07:51 -0000	1.7
  @@ -189,12 +189,15 @@
   {
       authz_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config,
                                                         &authz_dbm_module);
  +    char *user = r->user;
       int m = r->method_number;
       const apr_array_header_t *reqs_arr = ap_requires(r);
       require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
       register int x;
       const char *t;
  +    const char *orig_groups = NULL;
       char *w;
  +    int required_group = 0;
   
       if (!conf->grpfile) {
           return DECLINED;
  @@ -214,38 +217,45 @@
           w = ap_getword_white(r->pool, &t);
    
           if (!strcmp(w, "group")) {
  -            char *user = r->user;
               const char *realm = ap_auth_name(r);
  -            const char *orig_groups, *groups;
  +            const char *groups;
               char *v;
  -            apr_status_t status;
   
  -            status = get_dbm_grp(r,
  -                                 apr_pstrcat(r->pool, user, ":", realm, NULL),
  -                                 user,
  -                                 conf->grpfile, conf->dbmtype, &groups);
  -
  -            if (status != APR_SUCCESS) {
  -                ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
  -                      "could not open dbm (type %s) group access file: %s", 
  -                        conf->dbmtype, conf->grpfile);
  -                return HTTP_INTERNAL_SERVER_ERROR;
  -           }
  -
  -           if (groups == NULL) {
  -                if (!conf->authoritative) {
  -                    return DECLINED;
  +            /* remember that actually a group is required */
  +            required_group = 1;
  +
  +            /* fetch group data from dbm file only once. */
  +            if (!orig_groups) {
  +                apr_status_t status;
  +
  +                status = get_dbm_grp(r, apr_pstrcat(r->pool, user, ":", realm,
  +                                                    NULL),
  +                                     user,
  +                                     conf->grpfile, conf->dbmtype, &groups);
  +
  +                if (status != APR_SUCCESS) {
  +                    ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
  +                                  "could not open dbm (type %s) group access "
  +                                  "file: %s", conf->dbmtype, conf->grpfile);
  +                    return HTTP_INTERNAL_SERVER_ERROR;
                   }
   
  -                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -                            "user %s not in DBM group file %s: %s",
  -                            user, conf->grpfile, r->filename);
  +                if (groups == NULL) {
  +                    if (!conf->authoritative) {
  +                        return DECLINED;
  +                    }
  +
  +                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  +                                  "user %s not in DBM group file %s: %s",
  +                                  user, conf->grpfile, r->filename);
   
  -                ap_note_auth_failure(r);
  -                return HTTP_UNAUTHORIZED;
  +                    ap_note_auth_failure(r);
  +                    return HTTP_UNAUTHORIZED;
  +                }
  +
  +                orig_groups = groups;
               }
   
  -            orig_groups = groups;
               while (t[0]) {
                   w = ap_getword_white(r->pool, &t);
                   groups = orig_groups;
  @@ -256,15 +266,24 @@
                       }
                   }
               }
  -            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  -                          "user %s not in right group: %s",
  -                          user, r->filename);
  -            ap_note_auth_failure(r);
  -            return HTTP_UNAUTHORIZED;
           }
       }
   
  -    return DECLINED;
  +    /* no group requirement seen */
  +    if (!required_group) {
  +        return DECLINED;
  +    }
  +
  +    if (!conf->authoritative) {
  +        return DECLINED;
  +    }
  +
  +    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  +                  "user %s not in right group: %s",
  +                  user, r->filename);
  +
  +    ap_note_auth_failure(r);
  +    return HTTP_UNAUTHORIZED;
   }
   
   static void register_hooks(apr_pool_t *p)
  
  
  

Mime
View raw message