httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <>
Subject Re: fwd: mods for practical negotiation with file level access control
Date Tue, 10 Nov 1998 08:28:26 GMT
I'm not sure that I have a particular scenario, but this may become
important for the mod_dav work that I'm doing. An example is the
PROPFIND method that can return info on each file in a directory; in
theory, an auth step needs to be performed on each file.


Roy T. Fielding wrote:
> Is there a way to do the same thing without requiring that third-party
> modules be rewritten (necessitating a 1.4 release or waiting for 2.0)?
> ....Roy
> ------- Forwarded Message
> Date: Fri, 30 Oct 1998 03:35:53 -0500 (EST)
> From: Eric Prud'hommeaux <>
> To: "Roy T. Fielding" <>
> Subject: mods for practical negotiation with file level access control
> Hi,
> I met you at apachecon. I'm the guy with the stupid hair cut and the
> notions of modifying ap_sub_req_lookup_file to permit checks on files
> that require some auth. As it stands, ap_sub_req_lookup_file abandons
> all processing when a mod_auth_* says that auth is required. Actually,
> it fails to perform ap_find_types and ap_run_fixups if ap_check_auth
> returns a non-OK.
> This effectively disables negotiating into authenticated resoruces. I
> suspect this has not been a real issue because there is not a lot of
> file-level access control. Usually, once you get into a directory,
> any fixup handlers can act with comparitive impudence as the auth
> challenge already been performed.
> My mods were to tweak the return checks to ap_check_auth to allow an
> AUTH_REQUIRED return to continue through ap_find_types and ap_run_fixups:
>                        || (((res = ap_check_auth(rnew)) &&
> +                          (rnew->status = res) != AUTH_REQUIRED)))))
> The bummer of all of this is that it implies that every module that calls
> ap_sub_req_lookup_file be sensitive to the fact that it may return a
> perfetly valid AUTH_REQUIRED. I hacked mod_negotiation so that it was more
> tollerant of this return status:
>        if (sub_req->status == AUTH_REQUIRED) {
>            auth_disposition = AUTH_REQUIRED;
>            sub_req->status = HTTP_OK;
>        }
> but I am by no means confident that this solves al cases. I make sure to
> return auth_disposition in at least the most common case, but this is
> hardly a rigorous test. On the bright side, any ignroant modules will
> simply process the !HTTP_OK return code as a failure and won't copromise
> secure documents.
> When we spoke, you asked that I provide a way to duplicate the scenario
> and a breakpoint to set to investigate the stack. How about if I give you
> an account on a machine where this scenario is easily duplicated (ie. is
> running file-level access control) and a breakpoint. Let me know what you
> want me to do about this.
> thanks for your time,
> -eric
> ------- End of Forwarded Message

Greg Stein,

View raw message