I think it is a bad idea to reverse these changes since they fix real bugs. Without these changes, it will likely break all existing sites using this module.
> brian 96/07/01 12:04:11 > > Modified: src mod_auth_msql.c > Log: > Reverse mod_auth_msql.c changes, back to version 1.0. > > Revision Changes Path > 1.10 +19 -25 apache/src/mod_auth_msql.c > > Index: mod_auth_msql.c > =================================================================== > RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v > retrieving revision 1.9 > retrieving revision 1.10 > diff -C3 -r1.9 -r1.10 > *** mod_auth_msql.c 1996/06/30 22:36:57 1.9 > --- mod_auth_msql.c 1996/07/01 19:04:08 1.10 > *************** > *** 284,295 **** > * Replaced some MAX_STRING_LENGTH claims. > * 1.0 removed some error check as they where already done > elsehwere > * NumFields -> NumRows (Thanks Vitek). More stack memory. > - * 1.1 no logging of empty password strings. > - * 1.2 Problem with the Backward vitek which cause it to check > - * even if msql_auth was not configured; Also more carefull > - * with the authorative stuff; caught by [EMAIL PROTECTED] > - * 1.3 Even more changes to get it right; that BACKWARD thing > was a bad > - * idea. > */ > > > --- 284,289 ---- > *************** > *** 398,404 **** > --- 392,400 ---- > #include "http_log.h" > #include "http_protocol.h" > #include <msql.h> > + #ifdef HAVE_CRYPT_H > #include <crypt.h> > + #endif > > typedef struct { > > *************** > *** 782,791 **** > * We do not check on dbase, group, userid or host name, as it is > * perfectly possible to only do group control with mSQL and leave > * user control to the next (dbm) guy in line. > - * We no longer check on the user field name; to avoid problems > - * with Backward VITEK. > */ > ! if (!sec->auth_msql_pwd_table) return DECLINED; > > if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) { > if ( msql_errstr[0] ) { > --- 778,788 ---- > * We do not check on dbase, group, userid or host name, as it is > * perfectly possible to only do group control with mSQL and leave > * user control to the next (dbm) guy in line. > */ > ! if ( > ! (!sec->auth_msql_pwd_table) && > ! (!sec->auth_msql_pwd_field) > ! ) return DECLINED; > > if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) { > if ( msql_errstr[0] ) { > *************** > *** 812,821 **** > */ > > if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) { > - /* > sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password > accepted",c->user); > log_reason (msql_errstr, r->uri, r); > - */ > return OK; > }; > > --- 809,816 ---- > *************** > *** 867,875 **** > char *t, *w; > msql_errstr[0]='\0'; > > - /* If we are not configured, ignore */ > - if (!sec->auth_msql_pwd_table) return DECLINED; > - > if (!reqs_arr) { > if (sec->auth_msql_authorative) { > sprintf(msql_errstr,"user %s denied, no access rules specified > (MSQL-Authorative) ",user); > --- 862,867 ---- > *************** > *** 937,959 **** > }; > } > > ! /* Get serious if we are authorative, previous > ! * returns are only if msql yielded a correct result. > ! * This really is not needed. > */ > ! if (((group_result == AUTH_REQUIRED) || (user_result == > AUTH_REQUIRED)) && (sec->auth_msql_authorative) ) { > ! sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s %s > rule(s) ", > ! (group_result == AUTH_REQUIRED) ? "USER" : "", > ! (user_result == AUTH_REQUIRED) ? "GROUP" : "" > ! ); > log_reason (msql_errstr, r->uri, r); > return AUTH_REQUIRED; > }; > > - if ( (user_result == OK) || (group_result == OK)) > - return OK; > > ! return DECLINED; > } > > > --- 929,953 ---- > }; > } > > ! /* we do not have to check the valid-ness of the group result as > ! * have not (yet) a 'valid-group' token > */ > ! if ( (user_result != OK) && (sec->auth_msql_authorative) ) { > ! sprintf(msql_errstr,"User %s denied, no access rules applied > (MSQL-Authorative) ",user); > log_reason (msql_errstr, r->uri, r); > + note_basic_auth_failure(r); > return AUTH_REQUIRED; > }; > > > ! /* if the user is DECLINED, it is up to the group_result to tip > ! * the balance. But if the group result is AUTH_REQUIRED it should > ! * always override. A SERVER_ERROR should not get here. > ! */ > ! if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED)) > ! return group_result; > ! > ! return user_result; > } > > > > >