You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1997/01/09 18:16:13 UTC

code contribution (fwd)

This doesn't interest me, but someone might want to look at it.


---------- Forwarded message ----------
Date: Wed, 8 Jan 1997 23:04:25 -0800 (PST)
From: Ian Reddy <ia...@sfu.ca>
To: apache-bugs@mail.apache.org
Subject: code contribution

I thought you might be interested in the following code I added to
mod_auth.c (Apache version 1.2b4). It allows for NIS "+" style directives
in the the authentication password file (a la regular NIS conventions for
"+" directives in the /etc/password file in UNIX). This is a *big* win
at our site where we have some virtual servers for internal use by 20,000
or so active UNIX accounts. All of those accounts are in the passwd.byname
NIS map. Now instead of having thousands of users in Apache authentication
files (with passwords that soon don't match up with the NIS accounts) we
simply install, for instance, a "+".

The code does the following:

a) a "+" allows lookups for the user being authenticated to go to the
   passwd.byname NIS map (by default - read on) and pulls out the
   username:password part

b) a "+username" allows a passwd.byname NIS map lookup but only for
   the specified user

c) a "+@netgroup" allows a passwd.byname NIS map lookup if the user
   being authenticated belongs to the specified netgroup

d) a "++mapname" changes the map name that will be used from
   passwd.byname to the mapname given for a successive lines or
   until the next "++mapname" directive


Here goes, I'm not sure how one should submit changes so this is
a simple "diff mod_auth.c mod_auth.c.orig" output. I'll send you
the whole mod_auth.c file if you like:

76,80d75
< #if defined(NIS_AUTH)
< #include <rpcsvc/ypclnt.h>
< #include <netdb.h>
< #endif /* NIS_AUTH */
< 
125,136d119
< #if defined(NIS_AUTH)
<     char map[MAX_STRING_LEN], tmpbuf[MAX_STRING_LEN];
<     char *defdomain, *outval;
<     int outvallen;
< 
<     if(yp_get_default_domain(&defdomain)) {
<         log_reason ("Could not determine default NIS domain", r->uri, r);
<         return NULL;
<     }
<     (void) strcpy(map, "passwd.byname");
< #endif /* NIS_AUTH */
< 
143,174c126
<         rpw = l;
< 
< #if defined(NIS_AUTH)
<         if(l[0] == '+') {
<             if(l[1] == '+') {
<                 (void) strcpy(map, &l[2]);
<                 continue;
<             }
<             else if(l[1] == '@') {
<                 if(!innetgr(&l[2], NULL, user, NULL)) continue;
<             }
<             else if(l[1] != NULL) {
<                 if(strcmp(user, &l[1])) continue;
<             }
< 
<             if(yp_match(defdomain, map, user, strlen(user), &outval, &outvallen)) continue;
< 
<             sprintf(l, "%s:%s", strtok(outval, ":"), strtok(NULL, ":"));
< 
<             (void) strtok(NULL, ":");    /* These lines are very site */
<             (void) strtok(NULL, ":");    /* specific. You probably    */
<             (void) strtok(NULL, ":");    /* want to remove them or at */
<             (void) strtok(NULL, ":");    /* least customise them for  */
<             if(strtok(NULL, ":") == "/bin/csh") {    /* your site's   */
<                 sprintf(tmpbuf,"user %s does not have a valid shell", user);
<                 log_reason (tmpbuf, r->uri, r);      /* requirements. */
<                 return NULL;             /* They are basically a      */
<             }                            /* check for a valid shell.  */
< 
<         }
< #endif /* NIS_AUTH */
< 
---
> 	rpw = l;


The code is yours to do with as you wish, of course I would like to see
it incorporated if possible so I don't have to keep customising every
Apache release.  ;-)

I'm also willing to extend the code, answer any questions you may have,
etc. Hopefully it's not too obvious that I'm not a programmer by trade.

-- 
  Ian Reddy, Senior Systems Consultant  E-mail:    Ian_Reddy@sfu.ca
  Academic Computing Services, AD1021              ian@sfu.ca
  Simon Fraser University               Telephone: (604) 291-3936
  Burnaby, B.C. Canada V5A 1S6          Fax:       (604) 291-4242

Re: code contribution (fwd)

Posted by Brian Behlendorf <br...@organic.com>.

> I thought you might be interested in the following code I added to
> mod_auth.c (Apache version 1.2b4). It allows for NIS "+" style directives
> in the the authentication password file (a la regular NIS conventions for
> "+" directives in the /etc/password file in UNIX). 

It's a common request, so this is most appreciated.  However we're in a feature
freeze now for 1.2 as we roll to beta, so what we'd like to do with this is put
it in our contributed patches directory.  Do you think you could create a "diff
-C3" version of this?  This doesn't mean we'll support it or even necessarily
keep those patches updated; but it'll at least be promoted and available to the
teeming masses.

Usually when other types of databases are used, different authentication
directives are given (i.e. AuthDBMUserFile).  Since NIS is so tightly tied in
with system-level authentication I suppose this is in a grey area... hopefully
we can clean this up a bit for 2.0.

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS