Branch: Tag:

1997-07-22

1997-07-22 17:05:19 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Fixes to check_security().

Rev: server/base_server/configuration.pike:1.40

1: - string cvs_version = "$Id: configuration.pike,v 1.39 1997/07/16 20:07:54 grubba Exp $"; + string cvs_version = "$Id: configuration.pike,v 1.40 1997/07/22 17:05:19 grubba Exp $";   #include <module.h>   #include <roxen.h>   /* A configuration.. */
700: Inside #if defined(MODULE_LEVEL_SECURITY)
      catch {    foreach(seclevels[0], level) { -  switch(level[0]) -  { +  switch(level[0]) {    case MOD_ALLOW: // allow ip=...    if(level[1](id->remoteaddr)) { -  ip_ok = ~0; // Match. It's ok. +  ip_ok = ~0; // Match. It's ok.    } else { -  ip_ok = ip_ok | 1; // IP may be bad. +  ip_ok |= 1; // IP may be bad.    }    continue;   
727: Inside #if defined(MODULE_LEVEL_SECURITY)
   }    }    }; -  if (ip_ok == 1) { +  if (ip_ok != ~0) {    // IP not in any of the allow patterns -  return http_low_answer(403, "<h2>Access forbidden</h2>"); -  } +     // If auth is needed (access might be allowed if you are the right user),    // request authentification from the user. Otherwise this is a lost case,    // the user will never be allowed access unless the patterns change.    return need_auth ? http_auth_failed(seclevels[2]) : 1;    } -  +  // IP is OK, but there might be other authentication required. +  return need_auth ? http_auth_failed(seclevels[2]) : 0; + }   #endif   // Empty all the caches above.   void unvalidate_cache()