You can't win. Either you decide to release something this decade, or you
ship something with known bugs. We can always point people to the newer,
though less thoroughly tested, versions of mod_auth_msql and
mod_cern_meta.
Brian, whose head cold is making him irascible
On Mon, 1 Jul 1996, Randy Terbush wrote:
> I think it is a bad idea to reverse these changes since they
> fix real bugs. Without these changes, it will likely break
> all existing sites using this module.
>
>
> > brian 96/07/01 12:04:11
> >
> > Modified: src mod_auth_msql.c
> > Log:
> > Reverse mod_auth_msql.c changes, back to version 1.0.
> >
> > Revision Changes Path
> > 1.10 +19 -25 apache/src/mod_auth_msql.c
> >
> > Index: mod_auth_msql.c
> > ===================================================================
> > RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
> > retrieving revision 1.9
> > retrieving revision 1.10
> > diff -C3 -r1.9 -r1.10
> > *** mod_auth_msql.c 1996/06/30 22:36:57 1.9
> > --- mod_auth_msql.c 1996/07/01 19:04:08 1.10
> > ***************
> > *** 284,295 ****
> > * Replaced some MAX_STRING_LENGTH claims.
> > * 1.0 removed some error check as they where already done
> > elsehwere
> > * NumFields -> NumRows (Thanks Vitek). More stack memory.
> > - * 1.1 no logging of empty password strings.
> > - * 1.2 Problem with the Backward vitek which cause it to check
> > - * even if msql_auth was not configured; Also more carefull
> > - * with the authorative stuff; caught by [EMAIL PROTECTED]
> > - * 1.3 Even more changes to get it right; that BACKWARD thing
> > was a bad
> > - * idea.
> > */
> >
> >
> > --- 284,289 ----
> > ***************
> > *** 398,404 ****
> > --- 392,400 ----
> > #include "http_log.h"
> > #include "http_protocol.h"
> > #include <msql.h>
> > + #ifdef HAVE_CRYPT_H
> > #include <crypt.h>
> > + #endif
> >
> > typedef struct {
> >
> > ***************
> > *** 782,791 ****
> > * We do not check on dbase, group, userid or host name, as it is
> > * perfectly possible to only do group control with mSQL and leave
> > * user control to the next (dbm) guy in line.
> > - * We no longer check on the user field name; to avoid problems
> > - * with Backward VITEK.
> > */
> > ! if (!sec->auth_msql_pwd_table) return DECLINED;
> >
> > if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
> > if ( msql_errstr[0] ) {
> > --- 778,788 ----
> > * We do not check on dbase, group, userid or host name, as it is
> > * perfectly possible to only do group control with mSQL and leave
> > * user control to the next (dbm) guy in line.
> > */
> > ! if (
> > ! (!sec->auth_msql_pwd_table) &&
> > ! (!sec->auth_msql_pwd_field)
> > ! ) return DECLINED;
> >
> > if(!(real_pw = get_msql_pw(r, c->user, sec,msql_errstr ))) {
> > if ( msql_errstr[0] ) {
> > ***************
> > *** 812,821 ****
> > */
> >
> > if ((sec->auth_msql_nopasswd) && (!strlen(real_pw))) {
> > - /*
> > sprintf(msql_errstr,"mSQL: user %s: Empty/'any' password
> > accepted",c->user);
> > log_reason (msql_errstr, r->uri, r);
> > - */
> > return OK;
> > };
> >
> > --- 809,816 ----
> > ***************
> > *** 867,875 ****
> > char *t, *w;
> > msql_errstr[0]='\0';
> >
> > - /* If we are not configured, ignore */
> > - if (!sec->auth_msql_pwd_table) return DECLINED;
> > -
> > if (!reqs_arr) {
> > if (sec->auth_msql_authorative) {
> > sprintf(msql_errstr,"user %s denied, no access rules
> > specified (MSQL-Authorative) ",user);
> > --- 862,867 ----
> > ***************
> > *** 937,959 ****
> > };
> > }
> >
> > ! /* Get serious if we are authorative, previous
> > ! * returns are only if msql yielded a correct result.
> > ! * This really is not needed.
> > */
> > ! if (((group_result == AUTH_REQUIRED) || (user_result ==
> > AUTH_REQUIRED)) && (sec->auth_msql_authorative) ) {
> > ! sprintf(msql_errstr,"mSQL-Authorative: Access denied on %s %s
> > rule(s) ",
> > ! (group_result == AUTH_REQUIRED) ? "USER" : "",
> > ! (user_result == AUTH_REQUIRED) ? "GROUP" : ""
> > ! );
> > log_reason (msql_errstr, r->uri, r);
> > return AUTH_REQUIRED;
> > };
> >
> > - if ( (user_result == OK) || (group_result == OK))
> > - return OK;
> >
> > ! return DECLINED;
> > }
> >
> >
> > --- 929,953 ----
> > };
> > }
> >
> > ! /* we do not have to check the valid-ness of the group result as
> > ! * have not (yet) a 'valid-group' token
> > */
> > ! if ( (user_result != OK) && (sec->auth_msql_authorative) ) {
> > ! sprintf(msql_errstr,"User %s denied, no access rules applied
> > (MSQL-Authorative) ",user);
> > log_reason (msql_errstr, r->uri, r);
> > + note_basic_auth_failure(r);
> > return AUTH_REQUIRED;
> > };
> >
> >
> > ! /* if the user is DECLINED, it is up to the group_result to tip
> > ! * the balance. But if the group result is AUTH_REQUIRED it should
> > ! * always override. A SERVER_ERROR should not get here.
> > ! */
> > ! if ( (user_result == DECLINED) || (group_result == AUTH_REQUIRED))
> > ! return group_result;
> > !
> > ! return user_result;
> > }
> >
> >
> >
> >
> >
>
>
>
>
