You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Brian Havard <br...@kheldar.apana.org.au> on 1999/05/17 10:30:09 UTC
[PATCH] mod_auth_dbm requires mod_auth (PR#2598)
This patch fixes the problem where mod_auth_dbm generates internal server
errors if mod_auth isn't also loaded.
As this is a critical, security related module and some of you may think it's
better to just document the dependency (and it's not really my area of
expertise), I won't commit without 3 tested +1's.
Index: modules/standard/mod_auth_dbm.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_auth_dbm.c,v
retrieving revision 1.45
diff -u -r1.45 mod_auth_dbm.c
--- mod_auth_dbm.c 1999/02/03 16:22:32 1.45
+++ mod_auth_dbm.c 1999/05/17 06:35:19
@@ -251,6 +251,7 @@
&dbm_auth_module);
char *user = r->connection->user;
int m = r->method_number;
+ int method_restricted = 0;
const array_header *reqs_arr = ap_requires(r);
require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
@@ -259,20 +260,27 @@
const char *t;
char *w;
- if (!sec->auth_dbmgrpfile)
- return DECLINED;
if (!reqs_arr)
- return DECLINED;
+ return OK;
for (x = 0; x < reqs_arr->nelts; x++) {
if (!(reqs[x].method_mask & (1 << m)))
continue;
+ method_restricted = 1;
t = reqs[x].requirement;
w = ap_getword_white(r->pool, &t);
- if (!strcmp(w, "group") && sec->auth_dbmgrpfile) {
+ if (!strcmp(w, "valid-user"))
+ return OK;
+ if (!strcmp(w, "user")) {
+ while (t[0]) {
+ w = ap_getword_conf(r->pool, &t);
+ if (!strcmp(user, w))
+ return OK;
+ }
+ } else if (!strcmp(w, "group") && sec->auth_dbmgrpfile) {
const char *orig_groups, *groups;
char *v;
@@ -300,10 +308,31 @@
user, r->filename);
ap_note_basic_auth_failure(r);
return AUTH_REQUIRED;
+ } else if (sec->auth_dbmauthoritative) {
+ /* if we aren't authoritative, any require directive could be
+ * valid even if we don't grok it. However, if we are
+ * authoritative, we can warn the user they did something wrong.
+ * That something could be a missing "AuthAuthoritative off", but
+ * more likely is a typo in the require directive.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "access to %s failed, reason: unknown require directive:"
+ "\"%s\"", r->uri, reqs[x].requirement);
}
}
+
+ if (!method_restricted)
+ return OK;
+
+ if (!(sec->auth_dbmauthoritative))
+ return DECLINED;
- return DECLINED;
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "access to %s failed, reason: user %s not allowed access",
+ r->uri, user);
+
+ ap_note_basic_auth_failure(r);
+ return AUTH_REQUIRED;
}
--
______________________________________________________________________________
| Brian Havard | "He is not the messiah! |
| brianh@kheldar.apana.org.au | He's a very naughty boy!" - Life of Brian |
------------------------------------------------------------------------------