httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Fixed htpasswd?
Date Sat, 14 Sep 2002 16:47:48 GMT
At 04:00 AM 9/14/2002, Brian Pane wrote:
>On Fri, 2002-09-13 at 20:55, William A. Rowe, Jr. wrote:
> > That wasn't all that was borked here.  This file is a total mess, and
> > needs to be entirely refactored.  We are trapping on situations that
> > are not errors and shouldn't be expected to work (fail to open a non
> > existant file for append?  Duh.)  And we entirely fail to look for errors
> > and report them when we should.  The Apache project put its name
> > behind this code?  Bleck.
> >
> > I've gone ahead and committed the fixes I proposed earlier, including
> > undoing all the bogus perror()'s.  With luck I will attack again tomorrow
> > morning.  Until this code is modestly respectable, -1 on 2.0.41.
>
>I just committed a few fixes.  The logic is functionally correct
>now, and somewhat cleaner.  It could use some testing under Windows,
>to make sure my changes to the file calls are portable.
>
>There's one remaining major problem that I see:  We really should
>be doing a rename(2) (and whatever its equivalent is on win32) to
>atomically replace the old file with the temp file.  Otherwise,
>there's a race condition if the old file is being read by an httpd
>at the same time.  But htpasswd has always had this race condition,
>including the 1.3 version, so I'm -1 on putting the atomic-rename
>change in the critical path of the 2.0.41 release.  (The atomic
>rename would require that we put the temp file in the same filesystem
>as the target file, which would require some new logic and would
>introduce some new error modes.)

+1 to everything you stated above.

An error remains... if I ...

   htpasswd -c foo joe
   htpasswd -c foo sam

we end up with
joe:$apr1$rK4.....$x2we......
sam:$apr1$SL4.....$ul4dQ......

Shouldn't we overwrite on the second -c instance?  Seems out-of-wack
with every other utility that supports -c [which creates and overwrites, no?]

Bill


Mime
View raw message