Return-Path: Delivered-To: apache-cvs-archive@hyperreal.org Received: (qmail 1350 invoked by uid 6000); 2 Jan 1998 23:58:31 -0000 Received: (qmail 1344 invoked by alias); 2 Jan 1998 23:58:30 -0000 Delivered-To: apachen-cvs@hyperreal.org Received: (qmail 1342 invoked by uid 143); 2 Jan 1998 23:58:29 -0000 Date: 2 Jan 1998 23:58:29 -0000 Message-ID: <19980102235829.1341.qmail@hyperreal.org> From: dgaudet@hyperreal.org To: apachen-cvs@hyperreal.org Subject: cvs commit: apachen/src/modules/standard mod_digest.c Sender: apache-cvs-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org dgaudet 98/01/02 15:58:29 Modified: . STATUS src CHANGES src/modules/standard mod_digest.c Log: Using the digest Authentication scheme for proxy authentication, authorization never succeeds because mod_digest always looks at the Authorization header, never at the Proxy-Authorization header. Also, the scheme in the auth header is compared to "Digest" using a case- sensitive comparison, instead of a case-insensitive comparison. PR: 1599 Submitted by: Ronald Tschalaer Reviewed by: Dean Gaudet, Jim Jagielski Revision Changes Path 1.47 +1 -5 apachen/STATUS Index: STATUS =================================================================== RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- STATUS 1998/01/02 23:46:06 1.46 +++ STATUS 1998/01/02 23:58:24 1.47 @@ -65,6 +65,7 @@ * Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments * Dean's [PATCH] mod_info minor cleanups (take 2) * Dean's [PATCH] mod_status cleanups + * [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) Available Patches: @@ -72,11 +73,6 @@ <34AA4B95.36726117@Golux.Com> Status: Ken +1, Jim +1 Gregory Lundberg says it's legally invalid - - * [PATCH] mod_digest/1599: proxy authentication using the digest auth - scheme never succeeds (fwd) - - Status: Dean +1, Jim +1 * Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe <19971217184646.62136@deejai.mch.sni.de> 1.556 +4 -0 apachen/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.555 retrieving revision 1.556 diff -u -r1.555 -r1.556 --- CHANGES 1998/01/02 23:46:07 1.555 +++ CHANGES 1998/01/02 23:58:26 1.556 @@ -1,5 +1,9 @@ Changes with Apache 1.3b4 + *) mod_digest didn't properly deal with proxy authentication. It + also lacked a case-insensitive comparision of the "Digest" + token. [Ronald Tschalaer ] PR#1599 + *) A few cleanups in mod_status for efficiency. [Dean Gaudet] *) A few cleanups in mod_info to make it thread-safe, and remove an 1.28 +4 -2 apachen/src/modules/standard/mod_digest.c Index: mod_digest.c =================================================================== RCS file: /export/home/cvs/apachen/src/modules/standard/mod_digest.c,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- mod_digest.c 1997/12/18 20:39:18 1.27 +++ mod_digest.c 1998/01/02 23:58:28 1.28 @@ -132,7 +132,9 @@ int get_digest_rec(request_rec *r, digest_header_rec * response) { - const char *auth_line = table_get(r->headers_in, "Authorization"); + const char *auth_line = table_get(r->headers_in, + r->proxyreq ? "Proxy-Authorization" + : "Authorization"); int l; int s = 0, vk = 0, vv = 0; char *t, *key, *value; @@ -151,7 +153,7 @@ return AUTH_REQUIRED; } - if (strcmp(getword(r->pool, &auth_line, ' '), "Digest")) { + if (strcasecmp(getword(r->pool, &auth_line, ' '), "Digest")) { /* Client tried to authenticate using wrong auth scheme */ aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "client used wrong authentication scheme: %s", r->uri);