]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6c3569b) | patch
when asking the providers for authentication, the main loop should
authorWilfredo Sanchez <wsanchez@apache.org>
Sun, 8 Dec 2002 21:10:37 +0000 (21:10 +0000)
committerWilfredo Sanchez <wsanchez@apache.org>
Sun, 8 Dec 2002 21:10:37 +0000 (21:10 +0000)
commit1f8f74d25cc19bf82a14147e5366c9e8f49382dc
tree512ec2e0725e418d4e69035a8bd9df6a6719ee8dtree | snapshot
parent6c3569b1933f330e9478c0c87b1a6d37b79a3cd1commit | diff
when asking the providers for authentication, the main loop should
not only  break, if access is granted. It should also break, if
access was *denied*  by one provider. To be safe, it has to break
also, if an error occured. So  the patch turns the condition around
and continues only, if the user was  not found.
I find it also weird, that if auth was denied (by password
usually), the  AuthBasicAuthoritative behaviour can override that
by "passing to lower  modules". The patch changes that behaviour,
too.

Justin notes:
I'm kind of on the fence about that.  I was originally thinking
optimistically, but yeah, it might make sense to do it
pessimistically.  If there's any error, bug out.

Submitted by: Andre Malo <nd@perlig.de>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97801 13f79535-47bb-0310-9956-ffa450edef68
modules/aaa/mod_auth_basic.c diff | blob | history
modules/aaa/mod_auth_digest.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.