httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@organic.com>
Subject Re: Suggestion for mod_auth.c
Date Thu, 25 Jul 1996 17:48:43 GMT
On Thu, 25 Jul 1996, Rob Hartill wrote:

> >Considering AuthDBMUserFile is allowed extra information after the
> >password, as long as it is separated from it by a colon, it would be
> >nice if the AuthUserFile had the same possibility.
> >
> >It is certainly easy to fix by hand, but you may want to include this
> >patch in future releases.  

Hmm. This might be useful. It'd let you do:

AuthUserFile /etc/passwd

One might bring up the point of whether or not we want to make that
this easy to do. Since Basic authentication is rather unsecure. But
I'll +1 the patch.

> >nancyd@ana 23% diff -ru mod_auth.c.orig mod_auth.c
> >--- mod_auth.c.orig     Wed Jul 24 22:11:38 1996
> >+++ mod_auth.c  Wed Jul 24 22:15:18 1996
> >@@ -161,7 +161,7 @@
> >     auth_config_rec *sec =
> >       (auth_config_rec *)get_module_config (r->per_dir_config,
> >&auth_module);
> >     conn_rec *c = r->connection;
> >-    char *sent_pw, *real_pw;
> >+    char *sent_pw, *real_pw, *colon_pw;
> >     char errstr[MAX_STRING_LEN];
> >     int res;
> >     
> >@@ -176,6 +176,9 @@
> >        note_basic_auth_failure (r);
> >        return AUTH_REQUIRED;
> >     }
> >+    /* Password is up to first : if exists */
> >+    colon_pw = strchr(real_pw,':');
> >+    if (colon_pw) *colon_pw='\0';   
> >     /* anyone know where the prototype for crypt is? */
> >     if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
> >         sprintf(errstr,"user %s: password mismatch",c->user);

-- Alexei Kosut <akosut@organic.com>            The Apache HTTP Server 
   http://www.nueva.pvt.k12.ca.us/~akosut/      http://www.apache.org/


Mime
View raw message