You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Dirk.vanGulik" <Di...@jrc.it> on 1997/06/03 10:35:18 UTC
Re: documentation/658:
> Synopsis: One doc error and one clarification for mod_auth_anon
>
> State-Changed-From->To: open->feedback
> State-Changed-By: coar
> State-Changed-When: Mon Jun 2 12:22:10 PDT 1997
> State-Changed-Why:
> The first item (Anonymous_NoUserID) will be corrected
> shortly. As for the second.. AuthUserFile isn't a
> directive supplied by mod_auth_anon. Do you mean that
> mod_auth_anon's documentation needs to mention that an
> AuthUserFile must exist for the location in order for
> mod_auth_anon to work?
Nay, I think the trouble is this; as we now have the option
to make authorization modules pass the buck(et) around, by
making them non-authoritative, it is easily possible to
configure a server to pass down all the way to
http_request.c: decl_die (access_status, "check user. No user file?", r);
Judging from the number of reports I get on mod_anon and mod_msql, I
guess that about equal number of people uses these modules with fall-trhough
and without. The latter onces usually get confused by the error message.
I guess one could do a few things about it.
1. Mention it in the doc(s) that at least one
correctly configured auth module needs to be authoritative
2. Make teh fall through error msg in http_request a bit more
elaborate, see below.
3. Consider how we could change some of this into a 500/server error
4. Modify the config-checks to check that they have an auth configuration
which always leads to at least one configured authoritative module.
(But that implies adding a function to the API).
Just my early morning ramble.
Dw.
$diff -c3 http_request.c http_request.c.org
*** http_request.c Tue Jun 3 10:30:14 1997
--- http_request.c.org Tue Jun 3 10:25:22 1997
***************
*** 871,886 ****
switch (satisfies(r)) {
case SATISFY_ALL:
if ((access_status = check_access (r)) != 0) {
! decl_die (access_status, "Check configured Access Permissions. Credential specification might be missing.", r);
return;
}
if (some_auth_required (r)) {
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "Check Configured User Access. No authoritative auth module or file? Credential specification for the UserID might be missing.", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "Check Configured Group Access. No authoritative auth module or file? Credential specification for the Group(s) might be missing.", r);
return;
}
}
--- 871,886 ----
switch (satisfies(r)) {
case SATISFY_ALL:
if ((access_status = check_access (r)) != 0) {
! decl_die (access_status, "check access", r);
return;
}
if (some_auth_required (r)) {
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "check user. No user file?", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "check access. No groups file?", r);
return;
}
}
***************
*** 888,902 ****
case SATISFY_ANY:
if ((access_status = check_access (r)) != 0) {
if (!some_auth_required (r)) {
! decl_die (access_status, "Check Configured Access Permissions, Credential specification might be missing.", r);
return;
}
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "Check Configured User Access. No authoritative auth module or file? Credential specification for the UserID might be missing.", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "Check Configured Group Access. No authoritative auth module or file? Credential specification for the Group(s) might be missing.", r);
return;
}
}
--- 888,902 ----
case SATISFY_ANY:
if ((access_status = check_access (r)) != 0) {
if (!some_auth_required (r)) {
! decl_die (access_status, "check access", r);
return;
}
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "check user. No user file?", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "check access. No groups file?", r);
return;
}
}
dirkx.elect6:src $diff -c3 http_request.c http_request.c.org
*** http_request.c Tue Jun 3 10:30:14 1997
--- http_request.c.org Tue Jun 3 10:25:22 1997
***************
*** 871,886 ****
switch (satisfies(r)) {
case SATISFY_ALL:
if ((access_status = check_access (r)) != 0) {
! decl_die (access_status, "Check configured Access Permissions. Credential specification might be missing.", r);
return;
}
if (some_auth_required (r)) {
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "Check Configured User Access. No authoritative auth module or file? Credential specification for the UserID might be missing.", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "Check Configured Group Access. No authoritative auth module or file? Credential specification for the Group(s) might be missing.", r);
return;
}
}
--- 871,886 ----
switch (satisfies(r)) {
case SATISFY_ALL:
if ((access_status = check_access (r)) != 0) {
! decl_die (access_status, "check access", r);
return;
}
if (some_auth_required (r)) {
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "check user. No user file?", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "check access. No groups file?", r);
return;
}
}
***************
*** 888,902 ****
case SATISFY_ANY:
if ((access_status = check_access (r)) != 0) {
if (!some_auth_required (r)) {
! decl_die (access_status, "Check Configured Access Permissions, Credential specification might be missing.", r);
return;
}
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "Check Configured User Access. No authoritative auth module or file? Credential specification for the UserID might be missing.", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "Check Configured Group Access. No authoritative auth module or file? Credential specification for the Group(s) might be missing.", r);
return;
}
}
--- 888,902 ----
case SATISFY_ANY:
if ((access_status = check_access (r)) != 0) {
if (!some_auth_required (r)) {
! decl_die (access_status, "check access", r);
return;
}
if ((access_status = check_user_id (r)) != 0) {
! decl_die (access_status, "check user. No user file?", r);
return;
}
if ((access_status = check_auth (r)) != 0) {
! decl_die (access_status, "check access. No groups file?", r);
return;
}
}