Message-ID: <36F42B45.3D997BBB@lyra.org>
Date: Sat, 20 Mar 1999 15:12:05 -0800
From: Greg Stein <gstein@lyra.org>
MIME-Version: 1.0
To: Cliff Skolnick <cliff@steam.com>, new-httpd@apache.org
CC: Lars Eilebrecht <lars@hyperreal.org>
Subject: Re: [patch] mod_access/3821
References: <Pine.BSF.4.10.9903201433050.3331-100000@lazlo.internal.steam.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

Will this still allow somebody to use Limit and LimitExcept to allow an
M_INVALID operation against that directory or its contents? For example,
there are some additional DAV operations that Apache classifies as
M_INVALID, but I still need to interpret. There would be no way to do
that if mod_access unconditionally punted all M_INVALID operations.

thx
-g

Cliff Skolnick wrote:
> 
> Here's a quick patch that will tag all M_INVALID check_dir_access calls
> as FORBIDDEN.
> 
> Cliff
> 
> Index: apache-1.3/src/modules/standard/mod_access.c
> ===================================================================
> RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_access.c,v
> retrieving revision 1.38
> diff -u -r1.38 mod_access.c
> --- mod_access.c        1999/01/01 19:05:06     1.38
> +++ mod_access.c        1999/03/20 22:28:00
> @@ -353,7 +353,10 @@
>      ap_get_module_config(r->per_dir_config, &access_module);
>      int ret = OK;
> 
> -    if (a->order[method] == ALLOW_THEN_DENY) {
> +    if (method >= METHODS) {
> +       ret = FORBIDDEN;
> +    }
> +    else if (a->order[method] == ALLOW_THEN_DENY) {
>         ret = FORBIDDEN;
>         if (find_allowdeny(r, a->allows, method))
>             ret = OK;
> 
> --
> Cliff Skolnick
> Steam Tunnel Operations
> cliff@steam.com
> http://www.steam.com/

--
Greg Stein, http://www.lyra.org/