Received: (from majordom@localhost) by hyperreal.org (8.8.5/8.8.5) id BAA27498; Sat, 19 Jul 1997 01:02:14 -0700 (PDT) Received: (from dgaudet@localhost) by hyperreal.org (8.8.5/8.8.5) id BAA27486 for apache-cvs; Sat, 19 Jul 1997 01:02:10 -0700 (PDT) Date: Sat, 19 Jul 1997 01:02:10 -0700 (PDT) From: Dean Gaudet Message-Id: <199707190802.BAA27486@hyperreal.org> To: apache-cvs@hyperreal.org Subject: cvs commit: apache/src http_protocol.c http_request.c mod_auth.c mod_auth_anon.c mod_auth_db.c mod_auth_dbm.c mod_auth_msql.c mod_digest.c Sender: apache-cvs-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org dgaudet 97/07/19 01:02:09 Modified: src http_protocol.c http_request.c mod_auth.c mod_auth_anon.c mod_auth_db.c mod_auth_dbm.c mod_auth_msql.c mod_digest.c Log: Move the proxy auth status test into die() so that nothing else really has to know about it. Revision Changes Path 1.141 +2 -4 apache/src/http_protocol.c Index: http_protocol.c =================================================================== RCS file: /export/home/cvs/apache/src/http_protocol.c,v retrieving revision 1.140 retrieving revision 1.141 diff -C3 -r1.140 -r1.141 *** http_protocol.c 1997/07/19 06:20:42 1.140 --- http_protocol.c 1997/07/19 08:02:04 1.141 *************** *** 929,944 **** if(!auth_line) { note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } if (strcmp(getword (r->pool, &auth_line, ' '), "Basic")) { /* Client tried to authenticate using wrong auth scheme */ log_reason ("client used wrong authentication scheme", r->uri, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } t = uudecode (r->pool, auth_line); --- 929,942 ---- if(!auth_line) { note_basic_auth_failure (r); ! return AUTH_REQUIRED; } if (strcmp(getword (r->pool, &auth_line, ' '), "Basic")) { /* Client tried to authenticate using wrong auth scheme */ log_reason ("client used wrong authentication scheme", r->uri, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } t = uudecode (r->pool, auth_line); 1.63 +4 -0 apache/src/http_request.c Index: http_request.c =================================================================== RCS file: /export/home/cvs/apache/src/http_request.c,v retrieving revision 1.62 retrieving revision 1.63 diff -C3 -r1.62 -r1.63 *** http_request.c 1997/07/15 21:39:57 1.62 --- http_request.c 1997/07/19 08:02:04 1.63 *************** *** 790,795 **** --- 790,799 ---- char *custom_response = response_code_string(r, error_index); int recursive_error = 0; + if (r->status == AUTH_REQUIRED && r->proxyreq) { + r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED; + } + if (type == DONE) { finalize_request_protocol(r); return; 1.21 +3 -5 apache/src/mod_auth.c Index: mod_auth.c =================================================================== RCS file: /export/home/cvs/apache/src/mod_auth.c,v retrieving revision 1.20 retrieving revision 1.21 diff -C3 -r1.20 -r1.21 *** mod_auth.c 1997/07/19 06:20:43 1.20 --- mod_auth.c 1997/07/19 08:02:04 1.21 *************** *** 203,218 **** ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } /* anyone know where the prototype for crypt is? */ if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) { ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } return OK; } --- 203,216 ---- ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } /* anyone know where the prototype for crypt is? */ if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) { ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } return OK; } *************** *** 279,285 **** return DECLINED; note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED); } module MODULE_VAR_EXPORT auth_module = { --- 277,283 ---- return DECLINED; note_basic_auth_failure (r); ! return AUTH_REQUIRED; } module MODULE_VAR_EXPORT auth_module = { 1.21 +1 -2 apache/src/mod_auth_anon.c Index: mod_auth_anon.c =================================================================== RCS file: /export/home/cvs/apache/src/mod_auth_anon.c,v retrieving revision 1.20 retrieving revision 1.21 diff -C3 -r1.20 -r1.21 *** mod_auth_anon.c 1997/07/19 06:20:44 1.20 --- mod_auth_anon.c 1997/07/19 08:02:05 1.21 *************** *** 251,258 **** "Anonymous: Authoritative, Passwd <%s> not accepted", send_pw ? send_pw : "\'none\'"); log_error(errstr,r->server); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } /* Drop out the bottom to return DECLINED */ } --- 251,257 ---- "Anonymous: Authoritative, Passwd <%s> not accepted", send_pw ? send_pw : "\'none\'"); log_error(errstr,r->server); ! return AUTH_REQUIRED; } /* Drop out the bottom to return DECLINED */ } 1.15 +4 -8 apache/src/mod_auth_db.c Index: mod_auth_db.c =================================================================== RCS file: /export/home/cvs/apache/src/mod_auth_db.c,v retrieving revision 1.14 retrieving revision 1.15 diff -C3 -r1.14 -r1.15 *** mod_auth_db.c 1997/07/19 06:20:44 1.14 --- mod_auth_db.c 1997/07/19 08:02:05 1.15 *************** *** 204,211 **** ap_snprintf(errstr, sizeof(errstr), "DB user %s not found", c->user); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } /* Password is up to first : if exists */ colon_pw = strchr(real_pw,':'); --- 204,210 ---- ap_snprintf(errstr, sizeof(errstr), "DB user %s not found", c->user); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } /* Password is up to first : if exists */ colon_pw = strchr(real_pw,':'); *************** *** 216,223 **** "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } return OK; } --- 215,221 ---- "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } return OK; } *************** *** 261,268 **** user, sec->auth_dbgrpfile); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } orig_groups = groups; while(t[0]) { --- 259,265 ---- user, sec->auth_dbgrpfile); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } orig_groups = groups; while(t[0]) { *************** *** 278,285 **** "user %s not in right group",user); log_reason (errstr, r->filename, r); note_basic_auth_failure(r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } } --- 275,281 ---- "user %s not in right group",user); log_reason (errstr, r->filename, r); note_basic_auth_failure(r); ! return AUTH_REQUIRED; } } 1.19 +4 -8 apache/src/mod_auth_dbm.c Index: mod_auth_dbm.c =================================================================== RCS file: /export/home/cvs/apache/src/mod_auth_dbm.c,v retrieving revision 1.18 retrieving revision 1.19 diff -C3 -r1.18 -r1.19 *** mod_auth_dbm.c 1997/07/19 06:20:44 1.18 --- mod_auth_dbm.c 1997/07/19 08:02:05 1.19 *************** *** 197,204 **** ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found", c->user); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } /* Password is up to first : if exists */ colon_pw = strchr(real_pw,':'); --- 197,203 ---- ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found", c->user); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } /* Password is up to first : if exists */ colon_pw = strchr(real_pw,':'); *************** *** 209,216 **** "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } return OK; } --- 208,214 ---- "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } return OK; } *************** *** 254,261 **** user, sec->auth_dbmgrpfile); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } orig_groups = groups; while(t[0]) { --- 252,258 ---- user, sec->auth_dbmgrpfile); log_reason (errstr, r->filename, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } orig_groups = groups; while(t[0]) { *************** *** 271,278 **** "user %s not in right group",user); log_reason (errstr, r->filename, r); note_basic_auth_failure(r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } } --- 268,274 ---- "user %s not in right group",user); log_reason (errstr, r->filename, r); note_basic_auth_failure(r); ! return AUTH_REQUIRED; } } 1.23 +13 -29 apache/src/mod_auth_msql.c Index: mod_auth_msql.c =================================================================== RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v retrieving revision 1.22 retrieving revision 1.23 diff -C3 -r1.22 -r1.23 *** mod_auth_msql.c 1997/07/19 06:20:45 1.22 --- mod_auth_msql.c 1997/07/19 08:02:06 1.23 *************** *** 809,816 **** ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL: Password for user %s not found", c->user); note_basic_auth_failure (r); ! res = (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } else { /* pass control on to the next authorization module. */ --- 809,815 ---- ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL: Password for user %s not found", c->user); note_basic_auth_failure (r); ! res = AUTH_REQUIRED; } else { /* pass control on to the next authorization module. */ *************** *** 842,849 **** "mSQL: user %s: Empty Password(s) Rejected",c->user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); }; if(sec->auth_msql_encrypted) { --- 841,847 ---- "mSQL: user %s: Empty Password(s) Rejected",c->user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; }; if(sec->auth_msql_encrypted) { *************** *** 862,869 **** "mSQL user %s: password mismatch",c->user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } return OK; } --- 860,866 ---- "mSQL user %s: password mismatch",c->user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure (r); ! return AUTH_REQUIRED; } return OK; } *************** *** 897,904 **** ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s denied, no access rules specified (MSQL-Authoritative) ",user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure(r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); }; return DECLINED; }; --- 894,900 ---- ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s denied, no access rules specified (MSQL-Authoritative) ",user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure(r); ! return AUTH_REQUIRED; }; return DECLINED; }; *************** *** 911,918 **** w = getword(r->pool, &t, ' '); if ((user_result != OK) && (!strcmp(w,"user"))) { ! user_result=(r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); while(t[0]) { w = getword_conf (r->pool, &t); if (!strcmp(user,w)) { --- 907,913 ---- w = getword(r->pool, &t, ' '); if ((user_result != OK) && (!strcmp(w,"user"))) { ! user_result=AUTH_REQUIRED; while(t[0]) { w = getword_conf (r->pool, &t); if (!strcmp(user,w)) { *************** *** 924,931 **** ap_snprintf(msql_errstr, MAX_STRING_LEN, "User %s not found (MSQL-Auhtorative)",user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure(r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); }; } --- 919,925 ---- ap_snprintf(msql_errstr, MAX_STRING_LEN, "User %s not found (MSQL-Auhtorative)",user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure(r); ! return AUTH_REQUIRED; }; } *************** *** 936,943 **** ) { /* look up the membership for each of the groups in the table */ ! group_result=(r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); while ( (t[0]) && (group_result != OK) && (!msql_errstr[0]) ) { if (get_msql_grp(r,getword(r->pool, &t, ' '),user,sec,msql_errstr)) { group_result= OK; --- 930,936 ---- ) { /* look up the membership for each of the groups in the table */ ! group_result=AUTH_REQUIRED; while ( (t[0]) && (group_result != OK) && (!msql_errstr[0]) ) { if (get_msql_grp(r,getword(r->pool, &t, ' '),user,sec,msql_errstr)) { group_result= OK; *************** *** 954,961 **** ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s not in right groups (MSQL-Authoritative) ",user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure(r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); }; }; --- 947,953 ---- ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s not in right groups (MSQL-Authoritative) ",user); log_reason (msql_errstr, r->uri, r); note_basic_auth_failure(r); ! return AUTH_REQUIRED; }; }; *************** *** 968,988 **** * returns are only if msql yielded a correct result. * This really is not needed. */ ! if (((group_result == (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED)) || ! (user_result == (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED))) && ! (sec->auth_msql_authoritative)) { ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL-Authoritative: Access denied on %s %s rule(s) ", ! (group_result == ! (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED)) ? "USER" : "", ! (user_result == ! (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED)) ? "GROUP" : ""); log_reason (msql_errstr, r->uri, r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); }; if ( (user_result == OK) || (group_result == OK)) --- 960,972 ---- * returns are only if msql yielded a correct result. * This really is not needed. */ ! if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) && (sec->auth_msql_authoritative) ) { ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL-Authoritative: Access denied on %s %s rule(s) ", ! (group_result == AUTH_REQUIRED) ? "USER" : "", ! (user_result == AUTH_REQUIRED) ? "GROUP" : "" ! ); log_reason (msql_errstr, r->uri, r); ! return AUTH_REQUIRED; }; if ( (user_result == OK) || (group_result == OK)) 1.18 +6 -8 apache/src/mod_digest.c Index: mod_digest.c =================================================================== RCS file: /export/home/cvs/apache/src/mod_digest.c,v retrieving revision 1.17 retrieving revision 1.18 diff -C3 -r1.17 -r1.18 *** mod_digest.c 1997/07/19 06:20:45 1.17 --- mod_digest.c 1997/07/19 08:02:06 1.18 *************** *** 142,155 **** if (!auth_line) { note_digest_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED); } if (strcmp(getword (r->pool, &auth_line, ' '), "Digest")) { /* Client tried to authenticate using wrong auth scheme */ log_reason ("client used wrong authentication scheme", r->uri, r); note_digest_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED); } l = strlen(auth_line); --- 142,155 ---- if (!auth_line) { note_digest_auth_failure (r); ! return AUTH_REQUIRED; } if (strcmp(getword (r->pool, &auth_line, ' '), "Digest")) { /* Client tried to authenticate using wrong auth scheme */ log_reason ("client used wrong authentication scheme", r->uri, r); note_digest_auth_failure (r); ! return AUTH_REQUIRED; } l = strlen(auth_line); *************** *** 226,232 **** if (!response->username || !response->realm || !response->nonce || !response->requested_uri || !response->digest) { note_digest_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED); } r->connection->user = response->username; --- 226,232 ---- if (!response->username || !response->realm || !response->nonce || !response->requested_uri || !response->digest) { note_digest_auth_failure (r); ! return AUTH_REQUIRED; } r->connection->user = response->username; *************** *** 280,295 **** ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user); log_reason (errstr, r->uri, r); note_digest_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } /* anyone know where the prototype for crypt is? */ if(strcmp(response->digest, find_digest(r, response, a1))) { ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_digest_auth_failure (r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : ! AUTH_REQUIRED); } return OK; } --- 280,293 ---- ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user); log_reason (errstr, r->uri, r); note_digest_auth_failure (r); ! return AUTH_REQUIRED; } /* anyone know where the prototype for crypt is? */ if(strcmp(response->digest, find_digest(r, response, a1))) { ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user); log_reason (errstr, r->uri, r); note_digest_auth_failure (r); ! return AUTH_REQUIRED; } return OK; } *************** *** 342,348 **** return OK; note_digest_auth_failure(r); ! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED); } module MODULE_VAR_EXPORT digest_module = { --- 340,346 ---- return OK; note_digest_auth_failure(r); ! return AUTH_REQUIRED; } module MODULE_VAR_EXPORT digest_module = {