mjc 96/04/10 00:47:47
Modified: src mod_auth_dbm.c
Log:
This should remove all the recent mess-ups to mod_auth_dbm.c and
return it to what it was in revision 1.2
Revision Changes Path
1.5 +65 -59 apache/src/mod_auth_dbm.c
Index: mod_auth_dbm.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth_dbm.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -C3 -r1.4 -r1.5
*** mod_auth_dbm.c 1996/04/09 08:20:40 1.4
--- mod_auth_dbm.c 1996/04/10 07:47:45 1.5
***************
*** 1,64 ****
! /*-
! * Copyright (c) 1995 The Apache Group. All rights reserved.
! *
*
! * Apache httpd license
! * ====================
! *
*
! * This is the license for the Apache Server. It covers all the
! * files which come in this distribution, and should never be removed.
! *
! * The "Apache Group" has based this server, called "Apache", on
! * public domain code distributed under the name "NCSA httpd 1.3".
! *
! * NCSA httpd 1.3 was placed in the public domain by the National Center
! * for Supercomputing Applications at the University of Illinois
! * at Urbana-Champaign.
! *
! * As requested by NCSA we acknowledge,
! *
! * "Portions developed at the National Center for Supercomputing
! * Applications at the University of Illinois at Urbana-Champaign."
*
! * Copyright on the sections of code added by the "Apache Group" belong
! * to the "Apache Group" and/or the original authors. The "Apache Group" and
! * authors hereby grant permission for their code, along with the
! * public domain NCSA code, to be distributed under the "Apache" name.
! *
! * Reuse of "Apache Group" code outside of the Apache distribution should
! * be acknowledged with the following quoted text, to be included with any
new
! * work;
! *
! * "Portions developed by the "Apache Group", taken with permission
! * from the Apache Server http://www.apache.org/apache/ "
*
*
- * Permission is hereby granted to anyone to redistribute Apache under
- * the "Apache" name. We do not grant permission for the resale of Apache,
but
- * we do grant permission for vendors to bundle Apache free with other
software,
- * or to charge a reasonable price for redistribution, provided it is made
- * clear that Apache is free. Permission is also granted for vendors to
- * sell support for Apache. We explicitly forbid the redistribution of
- * Apache under any other name.
- *
- * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
*/
-
/*
* http_auth: authentication
*
--- 1,57 ----
! /* ====================================================================
! * Copyright (c) 1995 The Apache Group. All rights reserved.
*
! * Redistribution and use in source and binary forms, with or without
! * modification, are permitted provided that the following conditions
! * are met:
*
! * 1. Redistributions of source code must retain the above copyright
! * notice, this list of conditions and the following disclaimer.
*
! * 2. Redistributions in binary form must reproduce the above copyright
! * notice, this list of conditions and the following disclaimer in
! * the documentation and/or other materials provided with the
! * distribution.
*
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the Apache Group
+ * for use in the Apache HTTP server project (http://www.apache.org/)."
+ *
+ * 4. The names "Apache Server" and "Apache Group" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 5. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the Apache Group
+ * for use in the Apache HTTP server project (http://www.apache.org/)."
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Group and was originally based
+ * on public domain software written at the National Center for
+ * Supercomputing Applications, University of Illinois, Urbana-Champaign.
+ * For more information on the Apache Group and the Apache HTTP server
+ * project, please see <http://www.apache.org/>.
*
*/
/*
* http_auth: authentication
*
***************
*** 123,138 ****
return pw;
}
char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile) {
char *grp_data = get_dbm_pw (r, user, auth_dbmgrpfile);
! char *grp_colon;
if (grp_data == NULL) return NULL;
! grp_data = strchr(grp_data, ':');
! if (grp_data) ++grp_data;
! grp_colon = strchr(grp_data, ':');
! if (grp_colon) *grp_colon='\0';
return grp_data;
}
--- 116,143 ----
return pw;
}
+ /* We do something strange with the group file. If the group file
+ * contains any : we assume the format is
+ * key=username value=":"groupname [":"anything here is ignored]
+ * otherwise we now (0.8.14+) assume that the format is
+ * key=username value=groupname
+ * The first allows the password and group files to be the same
+ * physical DBM file; key=username value=password":"groupname[":"anything]
+ *
+ * [EMAIL PROTECTED], 22Sep95
+ */
+
char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile) {
char *grp_data = get_dbm_pw (r, user, auth_dbmgrpfile);
! char *grp_colon; char *grp_colon2;
if (grp_data == NULL) return NULL;
! if ((grp_colon = strchr(grp_data, ':'))!=NULL) {
! grp_colon2 = strchr(++grp_colon, ':');
! if (grp_colon2) *grp_colon2='\0';
! return grp_colon;
! }
return grp_data;
}
***************
*** 161,167 ****
/* Password is up to first : if exists */
colon_pw = strchr(real_pw,':');
if (colon_pw) *colon_pw='\0';
- /* MJC */
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
sprintf(errstr,"user %s: password mismatch",c->user);
--- 166,171 ----
***************
*** 199,205 ****
w = getword(r->pool, &t, ' ');
if(!strcmp(w,"group") && sec->auth_dbmgrpfile) {
! char *groups,*v;
if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
sprintf(errstr,"user %s not in DBM group file %s",
--- 203,209 ----
w = getword(r->pool, &t, ' ');
if(!strcmp(w,"group") && sec->auth_dbmgrpfile) {
! char *orig_groups,*groups,*v;
if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
sprintf(errstr,"user %s not in DBM group file %s",
***************
*** 208,215 ****
--- 212,221 ----
note_basic_auth_failure (r);
return AUTH_REQUIRED;
}
+ orig_groups = groups;
while(t[0]) {
w = getword(r->pool, &t, ' ');
+ groups = orig_groups;
while(groups[0]) {
v = getword(r->pool, &groups,',');
if(!strcmp(v,w))
