httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk.vanGulik" <Dirk.vanGu...@jrc.it>
Subject Re: Apache module for system database-based authentication
Date Fri, 12 Jul 1996 08:47:25 GMT

> On Thu, 11 Jul 1996, Tony Sanders wrote:
> 
> > That is, it uses /etc/passwd and /etc/group.  This is useful for
> > building private webs.
> 
> But potentially dangerous. I'd stick big warning labels all over it. HTTP
> Basic authentication sends passwords basically in the clear. If you're
> using the passwords from /etc/passwd, this means anyone with a packet
> sniffer can read your username and password, and break right into your
> system.
> 
> > To enable it you add:
> >         AuthSYSPWEnable enable
> > to the appropriate config file (usually access.conf).
> > [suggestions in this area are welcome, I wasn't sure how to do a boolean
> > without having to write more code than it warrented]
> 
> Use a dispatch type of "FLAG". It will call your command function with an
> int argument, either 0 or 1.
> 

On that very same subject, could soneone with CVS access add this function
to http_config.c (and http_config.h). Cause now every module seem to duplicate
this in one way or another :-)

#define OFF 0
#define ON  1

char *set_flag_slot (cmd_parms *cmd, char *struct_ptr, int arg)
{
    /* This one's pretty generic too... */
  
    int offset = (int)cmd->info; 
    *(char **)(struct_ptr + offset) = arg ? ON : OFF;
    return NULL;
}

And in the same area; it does worry me greatly that we do
not trap *allocs (palloc, pstrdup, etc); or that is the
way it seems to me. I am not sure if it is safe to call
any of the log_ routines here; but I added this to
my code and have seen several nice barfs handled better
than some spurious sigfaults I had before. (There was one
*ss hole who was trying to see what would happen if he
send a URL with loads of backspace chars... and I mean
loads of them :-)

diff -c3 alloc.c.org alloc.c     
*** alloc.c.org Fri Jul 12 10:40:34 1996
--- alloc.c     Fri Jul 12 10:42:06 1996
***************
*** 108,114 ****
      (union block_hdr *)malloc(size + sizeof(union block_hdr));
  
    if (blok == NULL) return NULL;
!   
    blok->h.next = NULL;
    blok->h.first_avail = (char *)(blok + 1);
    blok->h.endp = size + blok->h.first_avail;
--- 108,120 ----
      (union block_hdr *)malloc(size + sizeof(union block_hdr));
  
!   if (blok == NULL)
!
! /* Just a wee bit of code to make apache
!  * barf whenever it cannot claim memory.
!  * I do not quite dare to call log_reason() or
!  * any of the cleaning routines as they might
!  * need memory too. Will sort this out in due
!  * time. (What really would be good would be
!  * too have an additional TRAP module vector;
!  * which is called in these and other disastrous
!  * cases so that the module can clean up. And
!  * that way my SNMP trap would not need so mutch
!  * patching too :-). dirkx
!  */
! #ifdef BARF_ON_FAILED_MALLOC
! 	{
!       fprintf(stderr,"Apache: Failed to malloc(%d)\n",size);
!       exit(1);
!	};
! #else
!       return NULL;
! #endif
!  
    blok->h.next = NULL;
    blok->h.first_avail = (char *)(blok + 1);
    blok->h.endp = size + blok->h.first_avail;

Dw.
 

Mime
View raw message