brian 96/07/01 12:04:11
Modified: src mod_auth_msql.c Log: Reverse mod_auth_msql.c changes, back to version 1.0. Revision Changes Path 1.10 +19 -25 apache/src/mod_auth_msql.c Index: mod_auth_msql.c =================================================================== RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v retrieving revision 1.9 retrieving revision 1.10 diff -C3 -r1.9 -r1.10 *** mod_auth_msql.c 1996/06/30 22:36:57 1.9 --- mod_auth_msql.c 1996/07/01 19:04:08 1.10 *************** *** 284,295 **** * Replaced some MAX_STRING_LENGTH claims. * 1.0 removed some error check as they where already done elsehwere * NumFields -> NumRows (Thanks Vitek). More stack memory. - * 1.1 no logging of empty password strings. - * 1.2 Problem with the Backward vitek which cause it to check - * even if msql_auth was not configured; Also more carefull - * with the authorative stuff; caught by [EMAIL PROTECTED] - * 1.3 Even more changes to get it right; that BACKWARD thing was a bad - * idea. */ --- 284,289 ---- *************** *** 398,404 **** --- 392,400 ---- #include "http_log.h" #include "http_protocol.h" #include <msql.h> + #ifdef HAVE_CRYPT_H #include <crypt.h> + #endif typedef struct { *************** *** 782,791 **** * We do not check on dbase, group, userid or host name, as it is * perfectly possible to only do group control with mSQL and leave * user control to the next (dbm) guy in line. - * We no longer check on the user field name; to avoid problems - * with Backward VITEK. */ ! if (!sec->auth_msql_pwd_table) return DECLINED; if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) { if ( msql_errstr[0] ) { --- 778,788 ---- * We do not check on dbase, group, userid or host name, as it is * perfectly possible to only do group control with mSQL and leave * user control to the next (dbm) guy in line. */ ! if ( ! (!sec->auth_msql_pwd_table) && ! (!sec->auth_msql_pwd_field) ! ) return DECLINED; if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) { if ( msql_errstr[0] ) { *************** *** 812,821 **** */ if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) { - /* sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password accepted",c->user); log_reason (msql_errstr, r->uri, r); - */ return OK; }; --- 809,816 ---- *************** *** 867,875 **** char *t, *w; msql_errstr[0]='\0'; - /* If we are not configured, ignore */ - if (!sec->auth_msql_pwd_table) return DECLINED; - if (!reqs_arr) { if (sec->auth_msql_authorative) { sprintf(msql_errstr,"user %s denied, no access rules specified (MSQL-Authorative) ",user); --- 862,867 ---- *************** *** 937,959 **** }; } ! /* Get serious if we are authorative, previous ! * returns are only if msql yielded a correct result. ! * This really is not needed. */ ! if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) && (sec->auth_msql_authorative) ) { ! sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s %s rule(s) ", ! (group_result == AUTH_REQUIRED) ? "USER" : "", ! (user_result == AUTH_REQUIRED) ? "GROUP" : "" ! ); log_reason (msql_errstr, r->uri, r); return AUTH_REQUIRED; }; - if ( (user_result == OK) || (group_result == OK)) - return OK; ! return DECLINED; } --- 929,953 ---- }; } ! /* we do not have to check the valid-ness of the group result as ! * have not (yet) a 'valid-group' token */ ! if ( (user_result != OK) && (sec->auth_msql_authorative) ) { ! sprintf(msql_errstr,"User %s denied, no access rules applied (MSQL-Authorative) ",user); log_reason (msql_errstr, r->uri, r); + note_basic_auth_failure(r); return AUTH_REQUIRED; }; ! /* if the user is DECLINED, it is up to the group_result to tip ! * the balance. But if the group result is AUTH_REQUIRED it should ! * always override. A SERVER_ERROR should not get here. ! */ ! if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED)) ! return group_result; ! ! return user_result; }