From 1f8f74d25cc19bf82a14147e5366c9e8f49382dc Mon Sep 17 00:00:00 2001 From: Wilfredo Sanchez Date: Sun, 8 Dec 2002 21:10:37 +0000 Subject: [PATCH] when asking the providers for authentication, the main loop should not only break, if access is granted. It should also break, if access was *denied* by one provider. To be safe, it has to break also, if an error occured. So the patch turns the condition around and continues only, if the user was not found. I find it also weird, that if auth was denied (by password usually), the AuthBasicAuthoritative behaviour can override that by "passing to lower modules". The patch changes that behaviour, too. Justin notes: I'm kind of on the fence about that. I was originally thinking optimistically, but yeah, it might make sense to do it pessimistically. If there's any error, bug out. Submitted by: Andre Malo git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97801 13f79535-47bb-0310-9956-ffa450edef68 --- modules/aaa/mod_auth_basic.c | 6 +++--- modules/aaa/mod_auth_digest.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/aaa/mod_auth_basic.c b/modules/aaa/mod_auth_basic.c index 72fbdc74c8..0ac5cf9b1d 100644 --- a/modules/aaa/mod_auth_basic.c +++ b/modules/aaa/mod_auth_basic.c @@ -264,8 +264,8 @@ static int authenticate_basic_user(request_rec *r) auth_result = provider->check_password(r, sent_user, sent_pw); - /* Access is granted. Stop checking. */ - if (auth_result == AUTH_GRANTED) { + /* Something occured. Stop checking. */ + if (auth_result != AUTH_USER_NOT_FOUND) { break; } @@ -281,7 +281,7 @@ static int authenticate_basic_user(request_rec *r) int return_code; /* If we're not authoritative, then any error is ignored. */ - if (!(conf->authoritative)) { + if (!(conf->authoritative) && auth_result != AUTH_DENIED) { return DECLINED; } diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c index 3da42a972a..2669fafa1b 100644 --- a/modules/aaa/mod_auth_digest.c +++ b/modules/aaa/mod_auth_digest.c @@ -1486,8 +1486,8 @@ static const char *get_hash(request_rec *r, const char *user, auth_result = provider->get_realm_hash(r, user, conf->realm, &password); - /* User is found. Stop checking. */ - if (auth_result == AUTH_USER_FOUND) { + /* Something occured. Stop checking. */ + if (auth_result != AUTH_USER_NOT_FOUND) { break; } -- 2.40.0