brian 96/06/30 15:36:59
Modified: src mod_auth_msql.c
Log:
Submitted by: "Dirk.vanGulik" <[EMAIL PROTECTED]>
Updated module from Dirk - more backwards-Vitek-compatibility issues
addressed.
Revision Changes Path
1.9 +25 -19 apache/src/mod_auth_msql.c
Index: mod_auth_msql.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -C3 -r1.8 -r1.9
*** mod_auth_msql.c 1996/06/17 20:52:05 1.8
--- mod_auth_msql.c 1996/06/30 22:36:57 1.9
***************
*** 284,289 ****
--- 284,295 ----
* Replaced some MAX_STRING_LENGTH claims.
* 1.0 removed some error check as they where already done elsehwere
* NumFields -> NumRows (Thanks Vitek). More stack memory.
+ * 1.1 no logging of empty password strings.
+ * 1.2 Problem with the Backward vitek which cause it to check
+ * even if msql_auth was not configured; Also more carefull
+ * with the authorative stuff; caught by [EMAIL PROTECTED]
+ * 1.3 Even more changes to get it right; that BACKWARD thing was a bad
+ * idea.
*/
***************
*** 392,400 ****
#include "http_log.h"
#include "http_protocol.h"
#include <msql.h>
- #ifdef HAVE_CRYPT_H
#include <crypt.h>
- #endif
typedef struct {
--- 398,404 ----
***************
*** 778,788 ****
* We do not check on dbase, group, userid or host name, as it is
* perfectly possible to only do group control with mSQL and leave
* user control to the next (dbm) guy in line.
*/
! if (
! (!sec->auth_msql_pwd_table) &&
! (!sec->auth_msql_pwd_field)
! ) return DECLINED;
if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
if ( msql_errstr[0] ) {
--- 782,791 ----
* We do not check on dbase, group, userid or host name, as it is
* perfectly possible to only do group control with mSQL and leave
* user control to the next (dbm) guy in line.
+ * We no longer check on the user field name; to avoid problems
+ * with Backward VITEK.
*/
! if (!sec->auth_msql_pwd_table) return DECLINED;
if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
if ( msql_errstr[0] ) {
***************
*** 809,816 ****
--- 812,821 ----
*/
if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
+ /*
sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password
accepted",c->user);
log_reason (msql_errstr, r->uri, r);
+ */
return OK;
};
***************
*** 862,867 ****
--- 867,875 ----
char *t, *w;
msql_errstr[0]='\0';
+ /* If we are not configured, ignore */
+ if (!sec->auth_msql_pwd_table) return DECLINED;
+
if (!reqs_arr) {
if (sec->auth_msql_authorative) {
sprintf(msql_errstr,"user %s denied, no access rules specified
(MSQL-Authorative) ",user);
***************
*** 929,953 ****
};
}
! /* we do not have to check the valid-ness of the group result as
! * have not (yet) a 'valid-group' token
*/
! if ( (user_result != OK) && (sec->auth_msql_authorative) ) {
! sprintf(msql_errstr,"User %s denied, no access rules applied
(MSQL-Authorative) ",user);
log_reason (msql_errstr, r->uri, r);
- note_basic_auth_failure(r);
return AUTH_REQUIRED;
};
! /* if the user is DECLINED, it is up to the group_result to tip
! * the balance. But if the group result is AUTH_REQUIRED it should
! * always override. A SERVER_ERROR should not get here.
! */
! if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED))
! return group_result;
!
! return user_result;
}
--- 937,959 ----
};
}
! /* Get serious if we are authorative, previous
! * returns are only if msql yielded a correct result.
! * This really is not needed.
*/
! if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED))
&& (sec->auth_msql_authorative) ) {
! sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s %s
rule(s) ",
! (group_result == AUTH_REQUIRED) ? "USER" : "",
! (user_result == AUTH_REQUIRED) ? "GROUP" : ""
! );
log_reason (msql_errstr, r->uri, r);
return AUTH_REQUIRED;
};
+ if ( (user_result == OK) || (group_result == OK))
+ return OK;
! return DECLINED;
}
