httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <hart...@hyperreal.com>
Subject log 'guest' users patch... (fwd)
Date Tue, 24 Oct 1995 19:12:25 GMT

no ack sent

if anyone finds this interesting, please talk to the submitter.


Forwarded message:
> From ph@outback.ustta.doc.gov  Tue Oct 24 09:50:41 1995
> Date: Tue, 24 Oct 1995 12:50:21 -0400 (EDT)
> From: Peter Hartzler <ph@outback.ustta.doc.gov>
> To: apache-bugs@apache.org
> cc: "Anand K. Bollineni" <anand@outback.ustta.doc.gov>
> Subject: log 'guest' users patch...
> Message-ID: <Pine.LNX.3.91.951024124204.4596A-100000@outback.ustta.doc.gov>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> Howdy!  I have NOT found a bug, in fact, 8.14 appears to totally rock!  
> What I have is this:
> 
> LOGGING 'guest' ACCESS TO SECURED PAGES:
> 
> We have a page with some segments secured, i.e. user/password.  However, 
> we are temporarily allowing 'guest' access, and asking them to supply 
> their email address as the password.  We're then logging these entries. 
> Below is a patch that works to bring our Apache 8.14 httpd this feature.
> 
> I would be interested in any comments regarding this modification...
> 
> --- cut here ---
> diff -c orig/httpd.h src/httpd.h
> *** orig/httpd.h	Tue Oct 24 11:31:03 1995
> --- src/httpd.h	Mon Oct 23 13:00:18 1995
> ***************
> *** 85,90 ****
> --- 85,95 ----
>   /* Default administrator's address */
>   #define DEFAULT_ADMIN "[no address given]"
>   
> + /* ----------------------------- log guest email addresses.  ------------ */
> + #define LOG_GUEST_ADDRESSES 1 /* only logs if defined. */
> + #define GUEST_USER "guest" /* case insensitive keyword to allow access and log purported
email addr. */
> + #define GUEST_PASSWORD_FILE "/usr/local/etc/httpd/logs/guests" /* file to catch entries.
*/
> + 
>   /* 
>    * --------- You shouldn't have to edit anything below this line ----------
>    *
> diff -c orig/mod_auth.c src/mod_auth.c
> *** orig/mod_auth.c	Tue Oct 24 11:31:09 1995
> --- src/mod_auth.c	Tue Oct 24 11:41:36 1995
> ***************
> *** 185,190 ****
> --- 185,211 ----
>   	note_basic_auth_failure (r);
>   	return AUTH_REQUIRED;
>       }
> + /***************** code added to store guest passwd------ Anand ***/
> + #ifdef LOG_GUEST_ADDRESSES
> + 	if(!(strcasecmp(c->user, GUEST_USER))){
> + 	  FILE * fp;
> + 	  if( fp = fopen( GUEST_PASSWORD_FILE , "a+") ) {
> + 		long timz;
> + 		struct tm * t;
> + 		char tstr[MAX_STRING_LEN], sign;
> + 		t= get_gmtoff(&timz);
> + 		sign =(timz <0 ? '-' : '+');
> + 		if(timz < 0)
> + 			timz = -timz;
> + 		strftime(tstr,MAX_STRING_LEN, "[%d/%b/%Y;%H:%M:%S]",t);
> + 	    fprintf(fp, "%s  ",sent_pw);
> + 	    fprintf(fp, " %s\n",tstr);
> + 	    fclose(fp);
> + 	    }
> + 	  }
> + 	else
> + #endif
> + /*********************					***********/
>       /* anyone know where the prototype for crypt is? */
>       if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
>           sprintf(errstr,"user %s: password mismatch",c->user);
> 


Mime
View raw message