bugzilla at apache
Aug 7, 2013, 4:20 AM
Post #1 of 1
(14 views)
Permalink
|
|
[Bug 55379] New: htdigest -c doesn't behave as described anymore
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=55379
Bug ID: 55379
Summary: htdigest -c doesn't behave as described anymore
Product: Apache httpd-2
Version: 2.4.6
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: support
Assignee: bugs [at] httpd
Reporter: jmv_deb [at] nirgal
Hello
I was helping triaging apache2 bugs reports in Debian and found that one:
http://bugs.debian.org/564722
> Running "htdigest -c <file> <domain> <user>" provides inconsistent
> results, sometimes removing entries for this or another <user> and
> othertimes doubling up entries for <user>. I suggest that invoking the
> command in this way with the -c flag should cause the programme to bail
> out if the file <file> already exists.
First, there really is a bug with -c parameter, which behaviour is
inconsistent.
Man page says:
-c Create the passwdfile. If passwdfile already exists, it is
deleted first.
This is a regression^Wchange introduced 13 years ago:
https://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?r1=85063&r2=85064
file was truncated fopen("w") and now it is no more, since we use
apr_file_open(APR_WRITE | APR_CREATE)
It is missing APR_TRUNCATE
You can reproduce with
$ htdigest -c ~/toto realm nirgal # file created
$ htdigest ~/toto realm nirgal2 # second entry added
$ htdigest -c ~/toto realm nirgal # file should be truncated. It's not.
$ wc -l ~/toto
3 /home/nirgal/toto
Patch is available at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=564722.diff;att=1;bug=564722
However, original bug repport suggest -c should fail if file exists.
It makes sense to forbid file truncation of existing file, but it is opposition
to man description,
to htpasswd -c behavior, and it might break a few scripts.
What is your feeling about that wish?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd
|
