brian 96/07/01 12:04:11
Modified: src mod_auth_msql.c
Log:
Reverse mod_auth_msql.c changes, back to version 1.0.
Revision Changes Path
1.10 +19 -25 apache/src/mod_auth_msql.c
Index: mod_auth_msql.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -C3 -r1.9 -r1.10
*** mod_auth_msql.c 1996/06/30 22:36:57 1.9
--- mod_auth_msql.c 1996/07/01 19:04:08 1.10
***************
*** 284,295 ****
* Replaced some MAX_STRING_LENGTH claims.
* 1.0 removed some error check as they where already done elsehwere
* NumFields -> NumRows (Thanks Vitek). More stack memory.
- * 1.1 no logging of empty password strings.
- * 1.2 Problem with the Backward vitek which cause it to check
- * even if msql_auth was not configured; Also more carefull
- * with the authorative stuff; caught by [EMAIL PROTECTED]
- * 1.3 Even more changes to get it right; that BACKWARD thing was a bad
- * idea.
*/
--- 284,289 ----
***************
*** 398,404 ****
--- 392,400 ----
#include "http_log.h"
#include "http_protocol.h"
#include <msql.h>
+ #ifdef HAVE_CRYPT_H
#include <crypt.h>
+ #endif
typedef struct {
***************
*** 782,791 ****
* We do not check on dbase, group, userid or host name, as it is
* perfectly possible to only do group control with mSQL and leave
* user control to the next (dbm) guy in line.
- * We no longer check on the user field name; to avoid problems
- * with Backward VITEK.
*/
! if (!sec->auth_msql_pwd_table) return DECLINED;
if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
if ( msql_errstr[0] ) {
--- 778,788 ----
* We do not check on dbase, group, userid or host name, as it is
* perfectly possible to only do group control with mSQL and leave
* user control to the next (dbm) guy in line.
*/
! if (
! (!sec->auth_msql_pwd_table) &&
! (!sec->auth_msql_pwd_field)
! ) return DECLINED;
if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
if ( msql_errstr[0] ) {
***************
*** 812,821 ****
*/
if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
- /*
sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password
accepted",c->user);
log_reason (msql_errstr, r->uri, r);
- */
return OK;
};
--- 809,816 ----
***************
*** 867,875 ****
char *t, *w;
msql_errstr[0]='\0';
- /* If we are not configured, ignore */
- if (!sec->auth_msql_pwd_table) return DECLINED;
-
if (!reqs_arr) {
if (sec->auth_msql_authorative) {
sprintf(msql_errstr,"user %s denied, no access rules specified
(MSQL-Authorative) ",user);
--- 862,867 ----
***************
*** 937,959 ****
};
}
! /* Get serious if we are authorative, previous
! * returns are only if msql yielded a correct result.
! * This really is not needed.
*/
! if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED))
&& (sec->auth_msql_authorative) ) {
! sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s %s
rule(s) ",
! (group_result == AUTH_REQUIRED) ? "USER" : "",
! (user_result == AUTH_REQUIRED) ? "GROUP" : ""
! );
log_reason (msql_errstr, r->uri, r);
return AUTH_REQUIRED;
};
- if ( (user_result == OK) || (group_result == OK))
- return OK;
! return DECLINED;
}
--- 929,953 ----
};
}
! /* we do not have to check the valid-ness of the group result as
! * have not (yet) a 'valid-group' token
*/
! if ( (user_result != OK) && (sec->auth_msql_authorative) ) {
! sprintf(msql_errstr,"User %s denied, no access rules applied
(MSQL-Authorative) ",user);
log_reason (msql_errstr, r->uri, r);
+ note_basic_auth_failure(r);
return AUTH_REQUIRED;
};
! /* if the user is DECLINED, it is up to the group_result to tip
! * the balance. But if the group result is AUTH_REQUIRED it should
! * always override. A SERVER_ERROR should not get here.
! */
! if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED))
! return group_result;
!
! return user_result;
}
