You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rob Hartill <ro...@imdb.com> on 1997/01/09 18:16:13 UTC
code contribution (fwd)
This doesn't interest me, but someone might want to look at it.
---------- Forwarded message ----------
Date: Wed, 8 Jan 1997 23:04:25 -0800 (PST)
From: Ian Reddy <ia...@sfu.ca>
To: apache-bugs@mail.apache.org
Subject: code contribution
I thought you might be interested in the following code I added to
mod_auth.c (Apache version 1.2b4). It allows for NIS "+" style directives
in the the authentication password file (a la regular NIS conventions for
"+" directives in the /etc/password file in UNIX). This is a *big* win
at our site where we have some virtual servers for internal use by 20,000
or so active UNIX accounts. All of those accounts are in the passwd.byname
NIS map. Now instead of having thousands of users in Apache authentication
files (with passwords that soon don't match up with the NIS accounts) we
simply install, for instance, a "+".
The code does the following:
a) a "+" allows lookups for the user being authenticated to go to the
passwd.byname NIS map (by default - read on) and pulls out the
username:password part
b) a "+username" allows a passwd.byname NIS map lookup but only for
the specified user
c) a "+@netgroup" allows a passwd.byname NIS map lookup if the user
being authenticated belongs to the specified netgroup
d) a "++mapname" changes the map name that will be used from
passwd.byname to the mapname given for a successive lines or
until the next "++mapname" directive
Here goes, I'm not sure how one should submit changes so this is
a simple "diff mod_auth.c mod_auth.c.orig" output. I'll send you
the whole mod_auth.c file if you like:
76,80d75
< #if defined(NIS_AUTH)
< #include <rpcsvc/ypclnt.h>
< #include <netdb.h>
< #endif /* NIS_AUTH */
<
125,136d119
< #if defined(NIS_AUTH)
< char map[MAX_STRING_LEN], tmpbuf[MAX_STRING_LEN];
< char *defdomain, *outval;
< int outvallen;
<
< if(yp_get_default_domain(&defdomain)) {
< log_reason ("Could not determine default NIS domain", r->uri, r);
< return NULL;
< }
< (void) strcpy(map, "passwd.byname");
< #endif /* NIS_AUTH */
<
143,174c126
< rpw = l;
<
< #if defined(NIS_AUTH)
< if(l[0] == '+') {
< if(l[1] == '+') {
< (void) strcpy(map, &l[2]);
< continue;
< }
< else if(l[1] == '@') {
< if(!innetgr(&l[2], NULL, user, NULL)) continue;
< }
< else if(l[1] != NULL) {
< if(strcmp(user, &l[1])) continue;
< }
<
< if(yp_match(defdomain, map, user, strlen(user), &outval, &outvallen)) continue;
<
< sprintf(l, "%s:%s", strtok(outval, ":"), strtok(NULL, ":"));
<
< (void) strtok(NULL, ":"); /* These lines are very site */
< (void) strtok(NULL, ":"); /* specific. You probably */
< (void) strtok(NULL, ":"); /* want to remove them or at */
< (void) strtok(NULL, ":"); /* least customise them for */
< if(strtok(NULL, ":") == "/bin/csh") { /* your site's */
< sprintf(tmpbuf,"user %s does not have a valid shell", user);
< log_reason (tmpbuf, r->uri, r); /* requirements. */
< return NULL; /* They are basically a */
< } /* check for a valid shell. */
<
< }
< #endif /* NIS_AUTH */
<
---
> rpw = l;
The code is yours to do with as you wish, of course I would like to see
it incorporated if possible so I don't have to keep customising every
Apache release. ;-)
I'm also willing to extend the code, answer any questions you may have,
etc. Hopefully it's not too obvious that I'm not a programmer by trade.
--
Ian Reddy, Senior Systems Consultant E-mail: Ian_Reddy@sfu.ca
Academic Computing Services, AD1021 ian@sfu.ca
Simon Fraser University Telephone: (604) 291-3936
Burnaby, B.C. Canada V5A 1S6 Fax: (604) 291-4242
Re: code contribution (fwd)
Posted by Brian Behlendorf <br...@organic.com>.
> I thought you might be interested in the following code I added to
> mod_auth.c (Apache version 1.2b4). It allows for NIS "+" style directives
> in the the authentication password file (a la regular NIS conventions for
> "+" directives in the /etc/password file in UNIX).
It's a common request, so this is most appreciated. However we're in a feature
freeze now for 1.2 as we roll to beta, so what we'd like to do with this is put
it in our contributed patches directory. Do you think you could create a "diff
-C3" version of this? This doesn't mean we'll support it or even necessarily
keep those patches updated; but it'll at least be promoted and available to the
teeming masses.
Usually when other types of databases are used, different authentication
directives are given (i.e. AuthDBMUserFile). Since NIS is so tightly tied in
with system-level authentication I suppose this is in a grey area... hopefully
we can clean this up a bit for 2.0.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS