Mailing List Archive

The patch below fixes a bug in mod_auth_dbm.c

The code was allowing multiple groups in .htaccess lines e.g.

require group A,B,C

and allowing users to be in groups B,C,D

the algorithm was;

A == B ?
A == C ?
A == D ?
<next group on requires line>
B == nothing left to match, so fail


The pointer to "B,C,D" wasn't being reset while stepping through the
require group list.








*** mod_auth_dbm.c.orig Tue Oct 10 16:00:29 1995
--- mod_auth_dbm.c Mon Nov 6 15:15:02 1995
***************
*** 203,209 ****
w = getword(r->pool, &t, ' ');

if(!strcmp(w,"group") && sec->auth_dbmgrpfile) {
! char *groups,*v;

if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
sprintf(errstr,"user %s not in DBM group file %s",
--- 203,209 ----
w = getword(r->pool, &t, ' ');

if(!strcmp(w,"group") && sec->auth_dbmgrpfile) {
! char *orig_groups,*groups,*v;

if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
sprintf(errstr,"user %s not in DBM group file %s",
***************
*** 212,219 ****
--- 212,221 ----
note_basic_auth_failure (r);
return AUTH_REQUIRED;
}
+ orig_groups = groups;
while(t[0]) {
w = getword(r->pool, &t, ' ');
+ groups = orig_groups;
while(groups[0]) {
v = getword(r->pool, &groups,',');
if(!strcmp(v,w))