httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Prud'hommeaux" <e...@w3.org>
Subject Re: fwd: mods for practical negotiation with file level access control
Date Tue, 10 Nov 1998 16:35:42 GMT
On Tue, 10 Nov 1998, Greg Stein wrote:

> I'm not sure that I have a particular scenario, but this may become
> important for the mod_dav work that I'm doing. An example is the
> PROPFIND method that can return info on each file in a directory; in
> theory, an auth step needs to be performed on each file.
> 
> -g
> 
> Roy T. Fielding wrote:
> > 
> > Is there a way to do the same thing without requiring that third-party
> > modules be rewritten (necessitating a 1.4 release or waiting for 2.0)?
> > 
> > ....Roy

Perhaps someone would like to help me geek through scenarios. The
functionality change to http_core amounts to a permitting
ap_sub_req_lookup_file to call ap_find_types and
ap_run_fixups when it
gets back an AUTH_REQUIRED. I don't know if the fixups should only be run
on a document you are going to serve.

The only module I patched was mod_negotiation as it was the most
important. If I didn't modify it, it simply would not interpret resources
that require auth as valid targets for negotiation. Because
ap_sub_req_lookup_file still returns AUTH_REQUIRED, I think that any 3rd
party modules will simply not support file level access control rather
than failing in some new way.

Re patches: I've included them in the post. I hacked them together but
would like to talk to someone up on mod_negotiation. I suspect I have
addressed only the common path but there were several returns from
read_types_multi that I didn't understand.

-eric

> > ------- Forwarded Message
> > 
> > Date: Fri, 30 Oct 1998 03:35:53 -0500 (EST)
> > From: Eric Prud'hommeaux <eric@w3.org>
> > To: "Roy T. Fielding" <fielding@kiwi.ics.uci.edu>
> > Subject: mods for practical negotiation with file level access control
> > 
> > Hi,
> > 
> > I met you at apachecon. I'm the guy with the stupid hair cut and the
> > notions of modifying ap_sub_req_lookup_file to permit checks on files
> > that require some auth. As it stands, ap_sub_req_lookup_file abandons
> > all processing when a mod_auth_* says that auth is required. Actually,
> > it fails to perform ap_find_types and ap_run_fixups if ap_check_auth
> > returns a non-OK.
> > 
> > This effectively disables negotiating into authenticated resoruces. I
> > suspect this has not been a real issue because there is not a lot of
> > file-level access control. Usually, once you get into a directory,
> > any fixup handlers can act with comparitive impudence as the auth
> > challenge already been performed.
> > 
> > My mods were to tweak the return checks to ap_check_auth to allow an
> > AUTH_REQUIRED return to continue through ap_find_types and ap_run_fixups:
> > 
> >                        || (((res = ap_check_auth(rnew)) &&
> > +                          (rnew->status = res) != AUTH_REQUIRED)))))
> > 
> > The bummer of all of this is that it implies that every module that calls
> > ap_sub_req_lookup_file be sensitive to the fact that it may return a
> > perfetly valid AUTH_REQUIRED. I hacked mod_negotiation so that it was more
> > tollerant of this return status:
> > 
> >        if (sub_req->status == AUTH_REQUIRED) {
> >            auth_disposition = AUTH_REQUIRED;
> >            sub_req->status = HTTP_OK;
> >        }
> > 
> > but I am by no means confident that this solves al cases. I make sure to
> > return auth_disposition in at least the most common case, but this is
> > hardly a rigorous test. On the bright side, any ignroant modules will
> > simply process the !HTTP_OK return code as a failure and won't copromise
> > secure documents.
> > 
> > When we spoke, you asked that I provide a way to duplicate the scenario
> > and a breakpoint to set to investigate the stack. How about if I give you
> > an account on a machine where this scenario is easily duplicated (ie. is
> > running file-level access control) and a breakpoint. Let me know what you
> > want me to do about this.
> > 
> > thanks for your time,
> > -eric
> > 
> > ------- End of Forwarded Message
> 
> --
> Greg Stein, http://www.lyra.org/
> 

Mime
View raw message