httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ron...@locus.apache.org
Subject cvs commit: apache-1.3/src/modules/experimental mod_auth_digest.c
Date Wed, 22 Mar 2000 05:31:14 GMT
ronald      00/03/21 21:31:14

  Modified:    src/modules/experimental mod_auth_digest.c
  Log:
  Handle non-FQDN's (i.e. simple hostnames) in uri parameter of the
  Authorization header.
  Thanks to Joe Orton <joe@orton.demon.co.uk> for pointing out the problem.
  
  Revision  Changes    Path
  1.16      +33 -8     apache-1.3/src/modules/experimental/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/modules/experimental/mod_auth_digest.c,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- mod_auth_digest.c	2000/03/20 08:46:54	1.15
  +++ mod_auth_digest.c	2000/03/22 05:31:14	1.16
  @@ -1504,7 +1504,8 @@
   
   
   static void copy_uri_components(uri_components *dst, uri_components *src,
  -				request_rec *r) {
  +				request_rec *r)
  +{
       if (src->scheme && src->scheme[0] != '\0')
   	dst->scheme = src->scheme;
       else
  @@ -1537,6 +1538,31 @@
   	dst->query = src->query;
   }
   
  +/* This handles non-FQDN's. If h1 is empty, the comparison succeeds. Else
  + * if h1 is a FQDN (i.e. contains a '.') then normal strcasecmp() is done.
  + * Else only the first part of h2 (up to the first '.') is compared.
  + */
  +static int compare_hostnames(const char *h1, const char *h2)
  +{
  +    const char *dot;
  +
  +    /* if no hostname given, then ok */
  +    if (!h1 || h1[0] == '\0')
  +	return 1;
  +
  +    /* handle FQDN's in h1 */
  +    dot = strchr(h1, '.');
  +    if (dot != NULL)
  +	return !strcasecmp(h1, h2);
  +
  +    /* handle non-FQDN's in h1 */
  +    dot = strchr(h2, '.');
  +    if (dot == NULL)
  +	return !strcasecmp(h1, h2);
  +    else
  +	return (strlen(h1) == (size_t) (dot - h2)) && !strncasecmp(h1, h2, dot-h2);
  +}
  +
   /* These functions return 0 if client is OK, and proper error status
    * if not... either AUTH_REQUIRED, if we made a check, and it failed, or
    * SERVER_ERROR, if things are so totally confused that we couldn't
  @@ -1643,8 +1669,7 @@
   	}
   	else if (
   	    /* check hostname matches, if present */
  -	    (d_uri.hostname && d_uri.hostname[0] != '\0'
  -	      && strcasecmp(d_uri.hostname, r_uri.hostname))
  +	    !compare_hostnames(d_uri.hostname, r_uri.hostname)
   	    /* check port matches, if present */
   	    || (d_uri.port_str && d_uri.port != r_uri.port)
   	    /* check that server-port is default port if no port present */
  @@ -1737,6 +1762,11 @@
   	    return AUTH_REQUIRED;
   	}
   
  +	if (check_nc(r, resp, conf) != OK) {
  +	    note_digest_auth_failure(r, conf, resp, 0);
  +	    return AUTH_REQUIRED;
  +	}
  +
   	exp_digest = new_digest(r, resp, conf);
   	if (!exp_digest) {
   	    /* we failed to allocate a client struct */
  @@ -1749,11 +1779,6 @@
   	    note_digest_auth_failure(r, conf, resp, 0);
   	    return AUTH_REQUIRED;
   	}
  -    }
  -
  -    if (check_nc(r, resp, conf) != OK) {
  -	note_digest_auth_failure(r, conf, resp, 0);
  -	return AUTH_REQUIRED;
       }
   
       /* Note: this check is done last so that a "stale=true" can be
  
  
  

Mime
View raw message