1997-07-22
1997-07-22 17:05:19 by Henrik Grubbström (Grubba) <grubba@grubba.org>
-
cc6d7c5dbdc37cc0f91e4adfe419ad27e04ee917
(32 lines)
(+17/-15)
[
Show
| Annotate
]
Branch: 5.2
Fixes to check_security().
Rev: server/base_server/configuration.pike:1.40
1:
- string cvs_version = "$Id: configuration.pike,v 1.39 1997/07/16 20:07:54 grubba Exp $";
+ string cvs_version = "$Id: configuration.pike,v 1.40 1997/07/22 17:05:19 grubba Exp $";
#include <module.h>
#include <roxen.h>
/* A configuration.. */
700: Inside #if defined(MODULE_LEVEL_SECURITY)
catch {
foreach(seclevels[0], level) {
- switch(level[0])
- {
+ switch(level[0]) {
case MOD_ALLOW: // allow ip=...
if(level[1](id->remoteaddr)) {
- ip_ok = ~0; // Match. It's ok.
+ ip_ok = ~0; // Match. It's ok.
} else {
- ip_ok = ip_ok | 1; // IP may be bad.
+ ip_ok |= 1; // IP may be bad.
}
continue;
727: Inside #if defined(MODULE_LEVEL_SECURITY)
}
}
};
- if (ip_ok == 1) {
+ if (ip_ok != ~0) {
// IP not in any of the allow patterns
- return http_low_answer(403, "<h2>Access forbidden</h2>");
- }
+
// If auth is needed (access might be allowed if you are the right user),
// request authentification from the user. Otherwise this is a lost case,
// the user will never be allowed access unless the patterns change.
return need_auth ? http_auth_failed(seclevels[2]) : 1;
}
-
+ // IP is OK, but there might be other authentication required.
+ return need_auth ? http_auth_failed(seclevels[2]) : 0;
+ }
#endif
// Empty all the caches above.
void unvalidate_cache()