www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk.vanGulik" <Dirk.vanGu...@jrc.it>
Subject Re: documentation/658:
Date Tue, 03 Jun 1997 08:40:03 GMT
The following reply was made to PR documentation/658; it has been noted by GNATS.

From: "Dirk.vanGulik" <Dirk.vanGulik@jrc.it>
To: APBugs@apache.org, new-httpd@qmail.hyperreal.com
Subject: Re: documentation/658:
Date: Tue, 3 Jun 1997 10:35:18 +0200

 
 
 > Synopsis: One doc error and one clarification for mod_auth_anon
 > 
 > State-Changed-From->To: open->feedback
 > State-Changed-By: coar
 > State-Changed-When: Mon Jun  2 12:22:10 PDT 1997
 > State-Changed-Why:
 > The first item (Anonymous_NoUserID) will be corrected
 > shortly.  As for the second.. AuthUserFile isn't a
 > directive supplied by mod_auth_anon.  Do you mean that
 > mod_auth_anon's documentation needs to mention that an
 > AuthUserFile must exist for the location in order for
 > mod_auth_anon to work?
 
 Nay, I think the trouble is this; as we now have the option
 to make authorization modules pass the buck(et) around, by
 making them non-authoritative, it is easily possible to
 configure a server to pass down all the way to 
 
 http_request.c:         decl_die (access_status, "check user.  No user file?", r);
 
 Judging from the number of reports I get on mod_anon and mod_msql, I 
 guess that about equal number of people uses these modules with fall-trhough
 and without. The latter onces usually get confused by the error message.
 
 I guess one could do a few things about it.
 
 	1. Mention it in the doc(s) that at least one
 	   correctly configured auth module needs to be authoritative
 	2. Make teh fall through error msg in http_request a bit more
 	   elaborate, see below.
 	3. Consider how we could change some of this into a 500/server error
 	4. Modify the config-checks to check that they have an auth configuration
 	   which always leads to at least one configured authoritative module.
 	   (But that implies adding a function to the API).
 
 Just my early morning ramble.
 
 Dw.
 
 
 $diff -c3 http_request.c http_request.c.org
 *** http_request.c      Tue Jun  3 10:30:14 1997
 --- http_request.c.org  Tue Jun  3 10:25:22 1997
 ***************
 *** 871,886 ****
       switch (satisfies(r)) {
       case SATISFY_ALL:
         if ((access_status = check_access (r)) != 0) {
 !           decl_die (access_status, "Check configured Access Permissions. Credential specification
might be missing.", r);
             return;
         }
         if (some_auth_required (r)) {
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "Check Configured User Access.  No authoritative
auth module or file? Credential specification for the UserID might be missing.", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "Check Configured Group Access.  No authoritative
auth module or file? Credential specification for the Group(s) might be missing.", r);
                 return;
             }
         }
 --- 871,886 ----
       switch (satisfies(r)) {
       case SATISFY_ALL:
         if ((access_status = check_access (r)) != 0) {
 !           decl_die (access_status, "check access", r);
             return;
         }
         if (some_auth_required (r)) {
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "check user.  No user file?", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "check access.  No groups file?", r);
                 return;
             }
         }
 ***************
 *** 888,902 ****
       case SATISFY_ANY:
         if ((access_status = check_access (r)) != 0) {
             if (!some_auth_required (r)) {
 !               decl_die (access_status, "Check Configured Access Permissions, Credential
specification might be missing.", r);
                 return;
             }
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "Check Configured User Access.  No authoritative
auth module or file? Credential specification for the UserID might be missing.", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "Check Configured Group Access.  No authoritative
auth module or file? Credential specification for the Group(s) might be missing.", r);
                 return;
             }
         }
 --- 888,902 ----
       case SATISFY_ANY:
         if ((access_status = check_access (r)) != 0) {
             if (!some_auth_required (r)) {
 !               decl_die (access_status, "check access", r);
                 return;
             }
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "check user.  No user file?", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "check access.  No groups file?", r);
                 return;
             }
         }
 dirkx.elect6:src $diff -c3 http_request.c http_request.c.org
 *** http_request.c      Tue Jun  3 10:30:14 1997
 --- http_request.c.org  Tue Jun  3 10:25:22 1997
 ***************
 *** 871,886 ****
       switch (satisfies(r)) {
       case SATISFY_ALL:
         if ((access_status = check_access (r)) != 0) {
 !           decl_die (access_status, "Check configured Access Permissions. Credential specification
might be missing.", r);
             return;
         }
         if (some_auth_required (r)) {
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "Check Configured User Access.  No authoritative
auth module or file? Credential specification for the UserID might be missing.", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "Check Configured Group Access.  No authoritative
auth module or file? Credential specification for the Group(s) might be missing.", r);
                 return;
             }
         }
 --- 871,886 ----
       switch (satisfies(r)) {
       case SATISFY_ALL:
         if ((access_status = check_access (r)) != 0) {
 !           decl_die (access_status, "check access", r);
             return;
         }
         if (some_auth_required (r)) {
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "check user.  No user file?", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "check access.  No groups file?", r);
                 return;
             }
         }
 ***************
 *** 888,902 ****
       case SATISFY_ANY:
         if ((access_status = check_access (r)) != 0) {
             if (!some_auth_required (r)) {
 !               decl_die (access_status, "Check Configured Access Permissions, Credential
specification might be missing.", r);
                 return;
             }
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "Check Configured User Access.  No authoritative
auth module or file? Credential specification for the UserID might be missing.", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "Check Configured Group Access.  No authoritative
auth module or file? Credential specification for the Group(s) might be missing.", r);
                 return;
             }
         }
 --- 888,902 ----
       case SATISFY_ANY:
         if ((access_status = check_access (r)) != 0) {
             if (!some_auth_required (r)) {
 !               decl_die (access_status, "check access", r);
                 return;
             }
             if ((access_status = check_user_id (r)) != 0) {
 !               decl_die (access_status, "check user.  No user file?", r);
                 return;
             }
             if ((access_status = check_auth (r)) != 0) {
 !               decl_die (access_status, "check access.  No groups file?", r);
                 return;
             }
         }

Mime
View raw message