httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject fwd: mods for practical negotiation with file level access control
Date Tue, 10 Nov 1998 08:09:17 GMT
Is there a way to do the same thing without requiring that third-party
modules be rewritten (necessitating a 1.4 release or waiting for 2.0)?


------- Forwarded Message

Date: Fri, 30 Oct 1998 03:35:53 -0500 (EST)
From: Eric Prud'hommeaux <>
To: "Roy T. Fielding" <>
Subject: mods for practical negotiation with file level access control


I met you at apachecon. I'm the guy with the stupid hair cut and the
notions of modifying ap_sub_req_lookup_file to permit checks on files
that require some auth. As it stands, ap_sub_req_lookup_file abandons
all processing when a mod_auth_* says that auth is required. Actually,
it fails to perform ap_find_types and ap_run_fixups if ap_check_auth
returns a non-OK.

This effectively disables negotiating into authenticated resoruces. I
suspect this has not been a real issue because there is not a lot of
file-level access control. Usually, once you get into a directory,
any fixup handlers can act with comparitive impudence as the auth
challenge already been performed.

My mods were to tweak the return checks to ap_check_auth to allow an
AUTH_REQUIRED return to continue through ap_find_types and ap_run_fixups:

                       || (((res = ap_check_auth(rnew)) &&
+                          (rnew->status = res) != AUTH_REQUIRED)))))

The bummer of all of this is that it implies that every module that calls
ap_sub_req_lookup_file be sensitive to the fact that it may return a
perfetly valid AUTH_REQUIRED. I hacked mod_negotiation so that it was more
tollerant of this return status:

       if (sub_req->status == AUTH_REQUIRED) {
           auth_disposition = AUTH_REQUIRED;
           sub_req->status = HTTP_OK;

but I am by no means confident that this solves al cases. I make sure to
return auth_disposition in at least the most common case, but this is
hardly a rigorous test. On the bright side, any ignroant modules will
simply process the !HTTP_OK return code as a failure and won't copromise
secure documents.

When we spoke, you asked that I provide a way to duplicate the scenario
and a breakpoint to set to investigate the stack. How about if I give you
an account on a machine where this scenario is easily duplicated (ie. is
running file-level access control) and a breakpoint. Let me know what you
want me to do about this.

thanks for your time,

------- End of Forwarded Message

View raw message