Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Dev

htdigest -c

 

 

Apache dev RSS feed   Index | Next | Previous | View Threaded


jmv_deb at nirgal

Feb 5, 2012, 5:52 AM

Post #1 of 1 (225 views)
Permalink
htdigest -c

Hello

I was helping triaging apache2 bugs reports in Debian and found that one:
http://bugs.debian.org/564722

> Running "htdigest -c <file> <domain> <user>" provides inconsistent
> results, sometimes removing entries for this or another <user> and
> othertimes doubling up entries for <user>. I suggest that invoking the
> command in this way with the -c flag should cause the programme to bail
> out if the file <file> already exists.

First, there really is a bug with -c parameter, which behaviour is inconsistent.

Man page says:
-c Create the passwdfile. If passwdfile already exists, it is
deleted first.

This is a regression introduced 11 years ago:
https://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?r1=85063&r2=85064

file was truncated fopen("w") and now it is no more, since we use
apr_file_open(APR_WRITE | APR_CREATE)

It is missing APR_TRUNCATE

You can reproduce with
$ htdigest -c ~/toto realm nirgal # file created
$ htdigest ~/toto realm nirgal2 # second entry added
$ htdigest -c ~/toto realm nirgal # file should be truncated. It's not.
$ wc -l ~/toto
3 /home/nirgal/toto

Patch is available at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=564722.diff;att=1;bug=564722

However, bug repported suggest -c should fail if file exists.

It makes sense to forbid file truncation of existing file, but it is opposition to man description, to htpasswd -c behavior, and it might break a few scripts.

What is your feeling about that wish?
Attachments: signature.asc (0.82 KB)

Apache dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.