Re: [PATCH] Make mod_authz_svn to apply the authz checks against upper/lowercased usernames

From: David Glasser <glasser_at_davidglasser.net>
Date: Thu, 13 Mar 2008 15:42:23 -0700

2008/3/7 Kamesh Jayachandran <kamesh_at_collab.net>:
> Hi All,
>
> People using mod_auth_sspi(windows domain authentication apache module)
> face the 'Authorization Failed' error while
> accessing SVN with mixed case usernames which does not match in *exact
> case* with their authz rules.
>
> http://blog.michaelcheng.idv.hk/ explains it in detail.
>
> mod_auth_sspi has a directive by name 'SSPIUsernameCase' with possible
> values being 'Lower/Upper'.
>
> I am not sure whether it really uses it to compare the
> lowered/uppercased username.
>
> I feel we should have similar directive in mod_authz_svn, to author the
> *sane* authz rules in these mixed
> case username scenarios.
>
> Attached patch accomplishes that.
>
> Want to know what community thinks about it.
>
> With regards
> Kamesh Jayachandran
>
> [[[
> Make mod_authz_svn to apply the authz checks against upper/lowercased
> usernames.
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (): Include 'apr_lib.h' and 'strings.h'.
> (struct authz_svn_config_rec): New member 'usernamecase'.
> (authz_svn_cmds): Populate 'authz_svn_config_rec.usernamecase'
> from configuration directive 'AuthzUsernameCase'.
> (convert_to_uppercase_string,
> convert_to_lowercase_string,
> get_username_to_authorize): New functions.
> (req_check_access, subreq_bypass): Apply authz check against
> upper/lowercased usernames.
> ]]]
>
> Index: subversion/mod_authz_svn/mod_authz_svn.c
> ===================================================================

> +static char* get_username_to_authorize(request_rec *r,
> + authz_svn_config_rec *conf)
> +{
> + char *username_to_authorize = r->user;
> + if (conf->usernamecase) {
> + username_to_authorize = apr_pstrdup(r->pool, r->user);
> + if (strcasecmp(conf->usernamecase, "upper") == 0)
> + convert_to_uppercase_string(username_to_authorize);
> + else
> + convert_to_lowercase_string(username_to_authorize);

Maybe check (perhaps somewhere else) that the given option is really
upper or lower? Silently accepting, say, "uppercase" as "lower" can
be confusing.

--dave

-- 
David Glasser | glasser@davidglasser.net | http://www.davidglasser.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-03-13 23:42:34 CET

This message: [ Message body ]
Next message: Blair Zajac: "Show all options for conflict resolution"
Previous message: D.J. Heap: "Re: Win32 Build nigthmare (was: 1.5.0-beta1 tarballs up for signing/testing)"
In reply to: Kamesh Jayachandran: "[PATCH] Make mod_authz_svn to apply the authz checks against upper/lowercased usernames"
Next in thread: Daniel L. Rall: "Re: [PATCH] Make mod_authz_svn to apply the authz checks against upper/lowercased usernames"
Reply: Daniel L. Rall: "Re: [PATCH] Make mod_authz_svn to apply the authz checks against upper/lowercased usernames"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]