httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: [Fwd: "Satisfy" directory protection]
Date Thu, 07 Mar 1996 19:30:52 GMT
  Mmm, I think it can.  However it'd require two modules to share
  information on the success/failure of phases of the request.

I'm not sure why you say this; perhaps we understand "Satisfy" 
differently.  At any rate, I *think* its effect could be achieved
by replacing the code from process_request_internal that looks like:

    if ((access_status = check_access (r)) != 0) {
        decl_die (access_status, "check access", r);
	return;
    }
    
    if (auth_type (r)) {
        if ((access_status = check_user_id (r)) != 0) {
	    decl_die (access_status, "check user.  No user file?", r);
	    return;
	}

	if ((access_status = check_auth (r)) != 0) {
	    decl_die (access_status, "check access.  No groups file?", r);
	    return;
	}
    }

with something like [Beware!  Untested code!]

    if (!auth_type (r)) {
        if ((access_status = check_access (r)) != 0) {
            decl_die (access_status, "check access", r);
	    return;
        }
    }
    else {

        /* Auth applies; access control may apply also */

	int access_phase_status = check_access (r);

        if (satisfy_and (r) && access_phase_status != 0) {
            /* Fails required access checks; bounce */
            decl_die (access_status, "check access", r);
        }
	else if (satisfy_and (r) || access_phase_status != 0) {
            /* Either access checks fail, or successful auth checks
             * are required here as well.  Either way, must check auth.
             */
            if ((access_status = check_user_id (r)) != 0) {
	        decl_die (access_status, "check user.  No user file?", r);
	        return;
	    }

	    if ((access_status = check_auth (r)) != 0) {
	        decl_die (access_status, "check access.  No groups file?", r);
	        return;
	    }
        }
    }

and making a similar change to the sub_request stuff.  (Note that
maintaining the distinction between access and auth phases actually
makes this easier; note also the obvious intention that satisfy_and
consult a new core per-directory field, and that it must default
on for back-compatibility, as it does in NCSA 1.5).

In any case, given the number of third-party modules that add some
new form of authentication control, trying to take authentication
out of the scope of the module scheme would, IMHO, be a big mistake.

rst


Mime
View raw message