Re: cvs commit: apache/src mod_auth_msql.c

Mon, 1 Jul 1996 13:29:52 -0700 

I think it is a bad idea to reverse these changes since they
fix real bugs. Without these changes, it will likely break
all existing sites using this module.


> brian       96/07/01 12:04:11
> 
>   Modified:    src       mod_auth_msql.c
>   Log:
>   Reverse mod_auth_msql.c changes, back to version 1.0.
>   
>   Revision  Changes    Path
>   1.10      +19 -25    apache/src/mod_auth_msql.c
>   
>   Index: mod_auth_msql.c
>   ===================================================================
>   RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
>   retrieving revision 1.9
>   retrieving revision 1.10
>   diff -C3 -r1.9 -r1.10
>   *** mod_auth_msql.c 1996/06/30 22:36:57     1.9
>   --- mod_auth_msql.c 1996/07/01 19:04:08     1.10
>   ***************
>   *** 284,295 ****
>      *                Replaced some MAX_STRING_LENGTH claims. 
>      *           1.0  removed some error check as they where already done 
> elsehwere
>      *                NumFields -> NumRows (Thanks Vitek). More stack memory.
>   -  *           1.1  no logging of empty password strings.
>   -  *           1.2  Problem with the Backward vitek which cause it to check
>   -  *                even if msql_auth was not configured; Also more carefull
>   -  *                with the authorative stuff; caught by [EMAIL PROTECTED]
>   -  *           1.3  Even more changes to get it right; that BACKWARD thing 
> was a bad
>   -  *                idea. 
>      */
>     
>     
>   --- 284,289 ----
>   ***************
>   *** 398,404 ****
>   --- 392,400 ----
>     #include "http_log.h"
>     #include "http_protocol.h"
>     #include <msql.h>
>   + #ifdef HAVE_CRYPT_H
>     #include <crypt.h>
>   + #endif
>     
>     typedef struct  {
>     
>   ***************
>   *** 782,791 ****
>          * We do not check on dbase, group, userid or host name, as it is
>          * perfectly possible to only do group control with mSQL and leave
>          * user control to the next (dbm) guy in line.
>   -      * We no longer check on the user field name; to avoid problems
>   -      * with Backward VITEK.
>          */
>   !     if (!sec->auth_msql_pwd_table) return DECLINED;
>     
>         if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
>       if ( msql_errstr[0] ) {
>   --- 778,788 ----
>          * We do not check on dbase, group, userid or host name, as it is
>          * perfectly possible to only do group control with mSQL and leave
>          * user control to the next (dbm) guy in line.
>          */
>   !     if (
>   !           (!sec->auth_msql_pwd_table) &&
>   !           (!sec->auth_msql_pwd_field)
>   !    ) return DECLINED;
>     
>         if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
>       if ( msql_errstr[0] ) {
>   ***************
>   *** 812,821 ****
>          */
>     
>         if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
>   - /*
>             sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password 
> accepted",c->user);
>       log_reason (msql_errstr, r->uri, r);
>   -  */
>       return OK;
>       };
>     
>   --- 809,816 ----
>   ***************
>   *** 867,875 ****
>         char *t, *w;
>         msql_errstr[0]='\0';
>     
>   -     /* If we are not configured, ignore */
>   -     if (!sec->auth_msql_pwd_table) return DECLINED;
>   - 
>         if (!reqs_arr) {
>       if (sec->auth_msql_authorative) {
>               sprintf(msql_errstr,"user %s denied, no access rules specified 
> (MSQL-Authorative) ",user);
>   --- 862,867 ----
>   ***************
>   *** 937,959 ****
>           };
>             }
>     
>   !     /* Get serious if we are authorative, previous
>   !      * returns are only if msql yielded a correct result. 
>   !      * This really is not needed.
>          */
>   !     if (((group_result == AUTH_REQUIRED) || (user_result == 
> AUTH_REQUIRED)) && (sec->auth_msql_authorative) ) {
>   !         sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s %s 
> rule(s) ", 
>   !           (group_result == AUTH_REQUIRED) ? "USER" : "", 
>   !           (user_result == AUTH_REQUIRED) ? "GROUP" : ""
>   !           );
>       log_reason (msql_errstr, r->uri, r);
>       return AUTH_REQUIRED;
>       };
>     
>   -     if ( (user_result == OK) || (group_result == OK))
>   -   return OK;
>     
>   !     return DECLINED;
>     }
>     
>     
>   --- 929,953 ----
>           };
>             }
>     
>   !     /* we do not have to check the valid-ness of the group result as
>   !      * have not (yet) a 'valid-group' token
>          */
>   !     if ( (user_result != OK) && (sec->auth_msql_authorative) ) {
>   !         sprintf(msql_errstr,"User %s denied, no access rules applied 
> (MSQL-Authorative) ",user);
>       log_reason (msql_errstr, r->uri, r);
>   +         note_basic_auth_failure(r);
>       return AUTH_REQUIRED;
>       };
>     
>     
>   !     /* if the user is DECLINED, it is up to the group_result to tip
>   !      * the balance. But if the group result is AUTH_REQUIRED it should
>   !      * always override. A SERVER_ERROR should not get here. 
>   !      */
>   !     if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED))
>   !   return group_result;
>   ! 
>   !     return user_result;
>     }
>     
>     
>   
>   
>

Reply via email to