Bug 52313

Summary: htdbm enhancement: options for colon-in-username, no-overwrite, extract-entry
Product: Apache httpd-2 Reporter: Rainer Perske <perske>
Component: supportAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: REOPENED ---    
Severity: enhancement CC: perske
Priority: P1 Keywords: MassUpdate, PatchAvailable
Version: 2.4.6   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: htdbm enhancement: options for colon-in-username, no-overwrite, extract-entry
htdbm enhancement: options for colon-in-username, no-overwrite, extract-entry
Patch rebased against HEAD

Description Rainer Perske 2011-12-09 16:26:36 UTC
Created attachment 28059 [details]
htdbm enhancement: options for colon-in-username, no-overwrite, extract-entry

I implemented three enhancements for htdbm that I needed:

* htdbm unconditionally disallows colons in user names. This is OK as far as you want to use DBM files for AuthType Basic. But with AuthType Digest, a colon is needed to separate user name and realm.

* Though the underlying DBM routines allow to do so, htdbm does not offer a way
to add an entry only if the entry does not exist. This causes race conditions if multiple applications want to add only new entries using htdbm.

* htdbm does not offer a way to extract a value.

The appending patch solves all three problems for me, by adding options:

-a allows colons in the username.

-k keeps existing entries when you try to add an entry.

-w can be used together with -v to write the database entry to stdout. (The entry is always written even if verification fails, thus you can say "htdbm -vwb dbmfile user dummy" to get the DBM entry and disregard the exit code.)
Comment 1 William A. Rowe Jr. 2018-11-07 21:09:10 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.
Comment 2 Rainer Perske 2018-11-07 22:25:08 UTC
The situation is unchanged as of version 2.4.6.
Comment 3 William A. Rowe Jr. 2018-11-08 16:27:40 UTC
Thank you for confirmation.
Comment 4 William A. Rowe Jr. 2018-11-08 16:44:42 UTC
Just a footnote that the patch will not apply cleanly to branches/2.4.x or trunk. I have no free cycles to modify this myself this week.

You might want to remove the extra decoration of #if 11 blocks... the patch file itself makes clear what sections are added or modified, and that all obviously would be removed by 'someone' in any accepted patch commit.
Comment 5 Rainer Perske 2018-11-09 10:00:17 UTC
Created attachment 36256 [details]
htdbm enhancement: options for colon-in-username, no-overwrite, extract-entry

This patch is created against 2.4.6 (that is the version delivered with CentOS 7).
I hope this patch works cleanly against the current version, too. (If not, please tell me.)
Comment 6 Giovanni Bechis 2019-12-28 15:32:59 UTC
Created attachment 36936 [details]
Patch rebased against HEAD