no ack sent
if anyone finds this interesting, please talk to the submitter.
Forwarded message:
> From ph@outback.ustta.doc.gov Tue Oct 24 09:50:41 1995
> Date: Tue, 24 Oct 1995 12:50:21 -0400 (EDT)
> From: Peter Hartzler <ph@outback.ustta.doc.gov>
> To: apache-bugs@apache.org
> cc: "Anand K. Bollineni" <anand@outback.ustta.doc.gov>
> Subject: log 'guest' users patch...
> Message-ID: <Pine.LNX.3.91.951024124204.4596A-100000@outback.ustta.doc.gov>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> Howdy! I have NOT found a bug, in fact, 8.14 appears to totally rock!
> What I have is this:
>
> LOGGING 'guest' ACCESS TO SECURED PAGES:
>
> We have a page with some segments secured, i.e. user/password. However,
> we are temporarily allowing 'guest' access, and asking them to supply
> their email address as the password. We're then logging these entries.
> Below is a patch that works to bring our Apache 8.14 httpd this feature.
>
> I would be interested in any comments regarding this modification...
>
> --- cut here ---
> diff -c orig/httpd.h src/httpd.h
> *** orig/httpd.h Tue Oct 24 11:31:03 1995
> --- src/httpd.h Mon Oct 23 13:00:18 1995
> ***************
> *** 85,90 ****
> --- 85,95 ----
> /* Default administrator's address */
> #define DEFAULT_ADMIN "[no address given]"
>
> + /* ----------------------------- log guest email addresses. ------------ */
> + #define LOG_GUEST_ADDRESSES 1 /* only logs if defined. */
> + #define GUEST_USER "guest" /* case insensitive keyword to allow access and log purported email addr. */
> + #define GUEST_PASSWORD_FILE "/usr/local/etc/httpd/logs/guests" /* file to catch entries. */
> +
> /*
> * --------- You shouldn't have to edit anything below this line ----------
> *
> diff -c orig/mod_auth.c src/mod_auth.c
> *** orig/mod_auth.c Tue Oct 24 11:31:09 1995
> --- src/mod_auth.c Tue Oct 24 11:41:36 1995
> ***************
> *** 185,190 ****
> --- 185,211 ----
> note_basic_auth_failure (r);
> return AUTH_REQUIRED;
> }
> + /***************** code added to store guest passwd------ Anand ***/
> + #ifdef LOG_GUEST_ADDRESSES
> + if(!(strcasecmp(c->user, GUEST_USER))){
> + FILE * fp;
> + if( fp = fopen( GUEST_PASSWORD_FILE , "a+") ) {
> + long timz;
> + struct tm * t;
> + char tstr[MAX_STRING_LEN], sign;
> + t= get_gmtoff(&timz);
> + sign =(timz <0 ? '-' : '+');
> + if(timz < 0)
> + timz = -timz;
> + strftime(tstr,MAX_STRING_LEN, "[%d/%b/%Y;%H:%M:%S]",t);
> + fprintf(fp, "%s ",sent_pw);
> + fprintf(fp, " %s\n",tstr);
> + fclose(fp);
> + }
> + }
> + else
> + #endif
> + /********************* ***********/
> /* anyone know where the prototype for crypt is? */
> if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
> sprintf(errstr,"user %s: password mismatch",c->user);
>
if anyone finds this interesting, please talk to the submitter.
Forwarded message:
> From ph@outback.ustta.doc.gov Tue Oct 24 09:50:41 1995
> Date: Tue, 24 Oct 1995 12:50:21 -0400 (EDT)
> From: Peter Hartzler <ph@outback.ustta.doc.gov>
> To: apache-bugs@apache.org
> cc: "Anand K. Bollineni" <anand@outback.ustta.doc.gov>
> Subject: log 'guest' users patch...
> Message-ID: <Pine.LNX.3.91.951024124204.4596A-100000@outback.ustta.doc.gov>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> Howdy! I have NOT found a bug, in fact, 8.14 appears to totally rock!
> What I have is this:
>
> LOGGING 'guest' ACCESS TO SECURED PAGES:
>
> We have a page with some segments secured, i.e. user/password. However,
> we are temporarily allowing 'guest' access, and asking them to supply
> their email address as the password. We're then logging these entries.
> Below is a patch that works to bring our Apache 8.14 httpd this feature.
>
> I would be interested in any comments regarding this modification...
>
> --- cut here ---
> diff -c orig/httpd.h src/httpd.h
> *** orig/httpd.h Tue Oct 24 11:31:03 1995
> --- src/httpd.h Mon Oct 23 13:00:18 1995
> ***************
> *** 85,90 ****
> --- 85,95 ----
> /* Default administrator's address */
> #define DEFAULT_ADMIN "[no address given]"
>
> + /* ----------------------------- log guest email addresses. ------------ */
> + #define LOG_GUEST_ADDRESSES 1 /* only logs if defined. */
> + #define GUEST_USER "guest" /* case insensitive keyword to allow access and log purported email addr. */
> + #define GUEST_PASSWORD_FILE "/usr/local/etc/httpd/logs/guests" /* file to catch entries. */
> +
> /*
> * --------- You shouldn't have to edit anything below this line ----------
> *
> diff -c orig/mod_auth.c src/mod_auth.c
> *** orig/mod_auth.c Tue Oct 24 11:31:09 1995
> --- src/mod_auth.c Tue Oct 24 11:41:36 1995
> ***************
> *** 185,190 ****
> --- 185,211 ----
> note_basic_auth_failure (r);
> return AUTH_REQUIRED;
> }
> + /***************** code added to store guest passwd------ Anand ***/
> + #ifdef LOG_GUEST_ADDRESSES
> + if(!(strcasecmp(c->user, GUEST_USER))){
> + FILE * fp;
> + if( fp = fopen( GUEST_PASSWORD_FILE , "a+") ) {
> + long timz;
> + struct tm * t;
> + char tstr[MAX_STRING_LEN], sign;
> + t= get_gmtoff(&timz);
> + sign =(timz <0 ? '-' : '+');
> + if(timz < 0)
> + timz = -timz;
> + strftime(tstr,MAX_STRING_LEN, "[%d/%b/%Y;%H:%M:%S]",t);
> + fprintf(fp, "%s ",sent_pw);
> + fprintf(fp, " %s\n",tstr);
> + fclose(fp);
> + }
> + }
> + else
> + #endif
> + /********************* ***********/
> /* anyone know where the prototype for crypt is? */
> if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
> sprintf(errstr,"user %s: password mismatch",c->user);
>