Index: modules/aaa/mod_auth_dbm.c =================================================================== --- modules/aaa/mod_auth_dbm.c (revision 170790) +++ modules/aaa/mod_auth_dbm.c (working copy) @@ -226,10 +226,10 @@ const char *t; char *w; - if (!conf->auth_dbmgrpfile) - return DECLINED; - if (!reqs_arr) - return DECLINED; + if (!reqs_arr) { + /* no "requires" directive; any user will do */ + return OK; + } for (x = 0; x < reqs_arr->nelts; x++) { @@ -238,11 +238,25 @@ t = reqs[x].requirement; w = ap_getword_white(r->pool, &t); - - if (!strcmp(w, "group") && conf->auth_dbmgrpfile) { + if (!strcmp(w, "valid-user")) { + return OK; + } + if (!strcmp(w, "user")) { + while (t[0]) { + w = ap_getword_conf(r->pool, &t); + if (!strcmp(user, w)) { + return OK; + } + } + } + else if (!strcmp(w, "group")) { const char *orig_groups, *groups; char *v; + if (!conf->auth_dbmgrpfile) { + return DECLINED; /* some other module's group? */ + } + if (!(groups = get_dbm_grp(r, user, conf->auth_dbmgrpfile, conf->auth_dbmtype))) { if (!(conf->auth_dbmauthoritative)) @@ -269,6 +283,17 @@ ap_note_basic_auth_failure(r); return HTTP_UNAUTHORIZED; } + else if (conf->auth_dbmauthoritative) { + /* if we aren't authoritative, any require directive could be + * valid even if we don't grok it. However, if we are + * authoritative, we can warn the user they did something wrong. + * That something could be a missing "AuthAuthoritative off", but + * more likely is a typo in the require directive. + */ + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "access to %s failed, reason: unknown require " + "directive:\"%s\"", r->uri, reqs[x].requirement); + } } return DECLINED;