httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: cvs commit: apache/src mod_auth_msql.c
Date Mon, 01 Jul 1996 22:06:46 GMT
Randy Terbush wrote:
> 
> 
> Can someone please make an argument for _why_ we do a general release
> with known bugs? Let alone bugs in authorization code?

As far as I understand it, these patches are (almost) all to do with
compatibility with a different module with the same name. I'm not convinced
this is an issue we need concern ourselves with. Actually, I'm not convinced we
should even include msql support in the main release. After all, it is
commercial software which most members don't have access to.

Cheers,

Ben.

> 
> 
> > You can't win.  Either you decide to release something this decade, or you
> > ship something with known bugs.  We can always point people to the newer,
> > though less thoroughly tested, versions of mod_auth_msql and
> > mod_cern_meta.  
> > 
> > 	Brian, whose head cold is making him irascible
> > 
> > On Mon, 1 Jul 1996, Randy Terbush wrote:
> > > I think it is a bad idea to reverse these changes since they
> > > fix real bugs. Without these changes, it will likely break
> > > all existing sites using this module.
> > > 
> > > 
> > > > brian       96/07/01 12:04:11
> > > > 
> > > >   Modified:    src       mod_auth_msql.c
> > > >   Log:
> > > >   Reverse mod_auth_msql.c changes, back to version 1.0.
> > > >   
> > > >   Revision  Changes    Path
> > > >   1.10      +19 -25    apache/src/mod_auth_msql.c
> > > >   
> > > >   Index: mod_auth_msql.c
> > > >   ===================================================================
> > > >   RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
> > > >   retrieving revision 1.9
> > > >   retrieving revision 1.10
> > > >   diff -C3 -r1.9 -r1.10
> > > >   *** mod_auth_msql.c	1996/06/30 22:36:57	1.9
> > > >   --- mod_auth_msql.c	1996/07/01 19:04:08	1.10
> > > >   ***************
> > > >   *** 284,295 ****
> > > >      *		Replaced some MAX_STRING_LENGTH claims. 
> > > >      *	   1.0  removed some error check as they where already done elsehwere
> > > >      *	        NumFields -> NumRows (Thanks Vitek). More stack memory.
> > > >   -  *	   1.1	no logging of empty password strings.
> > > >   -  * 	   1.2  Problem with the Backward vitek which cause it to check
> > > >   -  *		even if msql_auth was not configured; Also more carefull
> > > >   -  *		with the authorative stuff; caught by thomas@marvin.calvacom.fr.
> > > >   -  *	   1.3  Even more changes to get it right; that BACKWARD thing
was a bad
> > > >   -  *		idea. 
> > > >      */
> > > >     
> > > >     
> > > >   --- 284,289 ----
> > > >   ***************
> > > >   *** 398,404 ****
> > > >   --- 392,400 ----
> > > >     #include "http_log.h"
> > > >     #include "http_protocol.h"
> > > >     #include <msql.h>
> > > >   + #ifdef HAVE_CRYPT_H
> > > >     #include <crypt.h>
> > > >   + #endif
> > > >     
> > > >     typedef struct  {
> > > >     
> > > >   ***************
> > > >   *** 782,791 ****
> > > >          * We do not check on dbase, group, userid or host name, as it
is
> > > >          * perfectly possible to only do group control with mSQL and leave
> > > >          * user control to the next (dbm) guy in line.
> > > >   -      * We no longer check on the user field name; to avoid problems
> > > >   -      * with Backward VITEK.
> > > >          */
> > > >   !     if (!sec->auth_msql_pwd_table) return DECLINED;
> > > >     
> > > >         if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr )))
{
> > > >     	if ( msql_errstr[0] ) {
> > > >   --- 778,788 ----
> > > >          * We do not check on dbase, group, userid or host name, as it
is
> > > >          * perfectly possible to only do group control with mSQL and leave
> > > >          * user control to the next (dbm) guy in line.
> > > >          */
> > > >   !     if (
> > > >   !     	(!sec->auth_msql_pwd_table) &&
> > > >   !     	(!sec->auth_msql_pwd_field)
> > > >   ! 	 ) return DECLINED;
> > > >     
> > > >         if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr )))
{
> > > >     	if ( msql_errstr[0] ) {
> > > >   ***************
> > > >   *** 812,821 ****
> > > >          */
> > > >     
> > > >         if ((sec->auth_msql_nopasswd) && (!strlen(real_pw)))
{
> > > >   - /*
> > > >             sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password accepted",c->user);
> > > >     	log_reason (msql_errstr, r->uri, r);
> > > >   -  */
> > > >     	return OK;
> > > >     	};
> > > >     
> > > >   --- 809,816 ----
> > > >   ***************
> > > >   *** 867,875 ****
> > > >         char *t, *w;
> > > >         msql_errstr[0]='\0';
> > > >     
> > > >   -     /* If we are not configured, ignore */
> > > >   -     if (!sec->auth_msql_pwd_table) return DECLINED;
> > > >   - 
> > > >         if (!reqs_arr) {
> > > >     	if (sec->auth_msql_authorative) {
> > > >     	        sprintf(msql_errstr,"user %s denied, no access rules specified
(MSQL-Authorative) ",user);
> > > >   --- 862,867 ----
> > > >   ***************
> > > >   *** 937,959 ****
> > > >     	    };
> > > >             }
> > > >     
> > > >   !     /* Get serious if we are authorative, previous
> > > >   !      * returns are only if msql yielded a correct result. 
> > > >   !      * This really is not needed.
> > > >          */
> > > >   !     if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED))
&& (sec->auth_msql_authorative) ) {
> > > >   !         sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s
%s rule(s) ", 
> > > >   ! 		(group_result == AUTH_REQUIRED) ? "USER" : "", 
> > > >   ! 		(user_result == AUTH_REQUIRED) ? "GROUP" : ""
> > > >   ! 		);
> > > >     	log_reason (msql_errstr, r->uri, r);
> > > >     	return AUTH_REQUIRED;
> > > >     	};
> > > >     
> > > >   -     if ( (user_result == OK) || (group_result == OK))
> > > >   - 	return OK;
> > > >     
> > > >   !     return DECLINED;
> > > >     }
> > > >     
> > > >     
> > > >   --- 929,953 ----
> > > >     	    };
> > > >             }
> > > >     
> > > >   !     /* we do not have to check the valid-ness of the group result
as
> > > >   !      * have not (yet) a 'valid-group' token
> > > >          */
> > > >   !     if ( (user_result != OK) && (sec->auth_msql_authorative)
) {
> > > >   !         sprintf(msql_errstr,"User %s denied, no access rules applied
(MSQL-Authorative) ",user);
> > > >     	log_reason (msql_errstr, r->uri, r);
> > > >   +         note_basic_auth_failure(r);
> > > >     	return AUTH_REQUIRED;
> > > >     	};
> > > >     
> > > >     
> > > >   !     /* if the user is DECLINED, it is up to the group_result to tip
> > > >   !      * the balance. But if the group result is AUTH_REQUIRED it should
> > > >   !      * always override. A SERVER_ERROR should not get here. 
> > > >   !      */
> > > >   !     if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED))
> > > >   ! 	return group_result;
> > > >   ! 
> > > >   !     return user_result;
> > > >     }
> > > >     
> > > >     
> > > >   
> > > >   
> > > >   
> > > 
> > > 
> > > 
> > > 
> 
> 
> 

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Mime
View raw message