[INN-COMMITTERS] inn/nnrpd (group.c)

Russ Allbery Russ_Allbery at isc.org
Fri Oct 1 20:49:19 UTC 2004


    Date: Friday, October 1, 2004 @ 20:49:19
  Author: rra
    Path: /proj/cvs/isc/inn/inn/nnrpd

Modified: group.c

We had previously returned 411 (group doesn't exist) if the user didn't
have permission to read the group for all cases other than Python dynamic
authentication (where we returned 502 for permission denied).  I can sort
of understand the dubious security mindset behind this choice, but at least
when the user isn't already authenticated, this breaks reactive
authentication.

Instead, if the user is not authenticated, return 480, and if the user is
authenticated, return 502.  This means that a user can determine that a
group exists by probing for it and seeing if they get 411 or 502, but the
protocol is cleaner.


---------+
 group.c |   16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)


More information about the inn-committers mailing list