>Number: 791
>Category: mod_auth-any
>Synopsis: parsing of password file (username:password:extrafields)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: change-request
>Submitter-Id: apache
>Arrival-Date: Thu Jun 26 07:50:01 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2
>Environment:
any
>Description:
I'ld like to see support for password auth files looking like the unix
password file.
Currently only username:password fields are supported. An additional extrafield
would be good, so you can write scripts to maintain your password database for
your webservers and see additional information (like username, phone-number
etc).
Therefor the apache server needs to check for the password in a different way.
Patch is included ...
>How-To-Repeat:
>Fix:
diff -u mod_auth.c.orig mod_auth.c
--- mod_auth.c.orig Thu Jun 26 16:43:24 1997
+++ mod_auth.c Thu Jun 26 16:22:17 1997
@@ -127,8 +127,11 @@
w = getword(r->pool, &rpw, ':');
if(!strcmp(user,w)) {
- pfclose(r->pool, f);
- return pstrdup (r->pool, rpw);
+ const char *tmp;
+ tmp = rpw;
+ rpw = getword(r->pool, &tmp, ':');
+ pfclose(r->pool, f);
+ return pstrdup (r->pool, rpw);
}
}
pfclose(r->pool, f);
%0
>Audit-Trail:
>Unformatted:
