From: Andre Malo Date: Mon, 6 Jan 2003 08:07:51 +0000 (+0000) Subject: be consistent: X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9a5deb5d3759f642e3af6d13424fd58473b25e3e;p=apache be consistent: evaluate multiple "require group" directives even for DBM files. this was always applicable for plain text group files. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98180 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/aaa/mod_authz_dbm.c b/modules/aaa/mod_authz_dbm.c index b6d727eea2..d0bfa396d1 100644 --- a/modules/aaa/mod_authz_dbm.c +++ b/modules/aaa/mod_authz_dbm.c @@ -189,12 +189,15 @@ static int dbm_check_auth(request_rec *r) { authz_dbm_config_rec *conf = ap_get_module_config(r->per_dir_config, &authz_dbm_module); + char *user = r->user; int m = r->method_number; const apr_array_header_t *reqs_arr = ap_requires(r); require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL; register int x; const char *t; + const char *orig_groups = NULL; char *w; + int required_group = 0; if (!conf->grpfile) { return DECLINED; @@ -214,38 +217,45 @@ static int dbm_check_auth(request_rec *r) w = ap_getword_white(r->pool, &t); if (!strcmp(w, "group")) { - char *user = r->user; const char *realm = ap_auth_name(r); - const char *orig_groups, *groups; + const char *groups; char *v; - apr_status_t status; - - status = get_dbm_grp(r, - apr_pstrcat(r->pool, user, ":", realm, NULL), - user, - conf->grpfile, conf->dbmtype, &groups); - - if (status != APR_SUCCESS) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, - "could not open dbm (type %s) group access file: %s", - conf->dbmtype, conf->grpfile); - return HTTP_INTERNAL_SERVER_ERROR; - } - - if (groups == NULL) { - if (!conf->authoritative) { - return DECLINED; + + /* remember that actually a group is required */ + required_group = 1; + + /* fetch group data from dbm file only once. */ + if (!orig_groups) { + apr_status_t status; + + status = get_dbm_grp(r, apr_pstrcat(r->pool, user, ":", realm, + NULL), + user, + conf->grpfile, conf->dbmtype, &groups); + + if (status != APR_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, + "could not open dbm (type %s) group access " + "file: %s", conf->dbmtype, conf->grpfile); + return HTTP_INTERNAL_SERVER_ERROR; } - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "user %s not in DBM group file %s: %s", - user, conf->grpfile, r->filename); + if (groups == NULL) { + if (!conf->authoritative) { + return DECLINED; + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s not in DBM group file %s: %s", + user, conf->grpfile, r->filename); + + ap_note_auth_failure(r); + return HTTP_UNAUTHORIZED; + } - ap_note_auth_failure(r); - return HTTP_UNAUTHORIZED; + orig_groups = groups; } - orig_groups = groups; while (t[0]) { w = ap_getword_white(r->pool, &t); groups = orig_groups; @@ -256,15 +266,24 @@ static int dbm_check_auth(request_rec *r) } } } - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "user %s not in right group: %s", - user, r->filename); - ap_note_auth_failure(r); - return HTTP_UNAUTHORIZED; } } - return DECLINED; + /* no group requirement seen */ + if (!required_group) { + return DECLINED; + } + + if (!conf->authoritative) { + return DECLINED; + } + + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "user %s not in right group: %s", + user, r->filename); + + ap_note_auth_failure(r); + return HTTP_UNAUTHORIZED; } static void register_hooks(apr_pool_t *p)