httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From di...@apache.org
Subject cvs commit: apache-1.3/src/modules/standard mod_digest.c
Date Tue, 10 Sep 2002 13:56:06 GMT
dirkx       2002/09/10 06:56:06

  Modified:    src      CHANGES
               src/modules/standard mod_digest.c
  Log:
  Make apache work with the iCal webdav client when using
  DigestAuth. We propably should revisit mod_digest its parsing
  at some point.
  
  NOTE: - not yet done for EBCDIC !
  
  Revision  Changes    Path
  1.1850    +7 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1849
  retrieving revision 1.1850
  diff -u -r1.1849 -r1.1850
  --- CHANGES	7 Sep 2002 22:57:04 -0000	1.1849
  +++ CHANGES	10 Sep 2002 13:56:05 -0000	1.1850
  @@ -1,5 +1,12 @@
   Changes with Apache 1.3.27
   
  +  *) Relaxed mod_digest its parsing in order to make it work
  +     with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)"
  +     User-Agent. Apache (incorrectly) insisted on a quoted URI's
  +     in the uri field of the Authorization client header. Not
  +     yet done for EBCDIC plaforms. 
  +     [Dirk-Willem van Gulik]
  +
     *) Back out an older patch for PR 9932, which had some incorrect
        behavior. Instead, use a backport of the APR fix. This has
        the nice effect that ap_snprintf() can now distinguish between
  
  
  
  1.49      +56 -3     apache-1.3/src/modules/standard/mod_digest.c
  
  Index: mod_digest.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_digest.c,v
  retrieving revision 1.48
  retrieving revision 1.49
  diff -u -r1.48 -r1.49
  --- mod_digest.c	13 Mar 2002 21:05:33 -0000	1.48
  +++ mod_digest.c	10 Sep 2002 13:56:06 -0000	1.49
  @@ -179,7 +179,47 @@
       key = ap_palloc(r->pool, l);
       value = ap_palloc(r->pool, l);
   
  -    /* There's probably a better way to do this, but for the time being... */
  +    /* There's probably a better way to do this, but for the time being... 
  +     *
  +     * Right now the parsing is very 'slack'. Actual rules from RFC 2069 are:
  +     *
  +     * Authorization     = "Authorization" ":" "Digest" digest-response
  +     * digest-response   = 1#( username | realm | nonce | digest-uri |
  +     * 				response | [ digest ] | [ algorithm ] |
  +     *                    	opaque )
  +     * username           = "username" "=" username-value
  +     *   username-value   = quoted-string
  +     * digest-uri         = "uri" "=" digest-uri-value
  +     *   digest-uri-value = request-uri         ; As specified by HTTP/1.1
  +     * response           = "response" "=" response-digest
  +     * digest             = "digest" "=" entity-digest
  +     *   response-digest  = <"> *LHEX <">
  +     *   entity-digest    = <"> *LHEX <">
  +     *     LHEX           = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
  +     *                      "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f"
  +     * 
  +     * Current Discrepancies:
  +     *   quoted-string	 	section 2.2 of RFC 2068
  +     *   --> We also acccept unquoted strings or strings
  +     *       like foo" bar". And take a space, comma or EOL as
  +     *       the terminator in that case.
  +     *
  +     *   request-uri		section 5.1 of RFC 2068
  +     *   --> We currently also accept any quoted string - and
  +     *       ignore those quotes.
  +     *
  +     *   response/entity-digest
  +     *   --> We ignore the presense of the " if any.
  +     *
  +     * Note: * - not yet for  CHARSET_EBCDIC XXXX
  +     *
  +     * Note: There is an inherent problem with the request URI; as it should
  +     *       be used unquoted - yet may contain a ',' - which is used as
  +     *       a terminator:       
  +     *       Authorization: Digest username="dirkx", realm="DAV", nonce="1031662894",
  +     *       uri=/mary,+dirkx,+peter+and+mary.ics, response="99a6275793be28c31a5b6e4467fa4c79",
  +     *       algorithm=MD5
  +     */
   
   #define D_KEY 0
   #define D_VALUE 1
  @@ -201,13 +241,26 @@
   	    break;
   
   	case D_VALUE:
  +#ifdef CHARSET_EBCDIC
  +	    /* This is *wrong* - a request URI may be unquoted and yet
  +             * contain non alpha/num chars. (Though gets terminated by 
  +             * a ',' - which in fact may be in the URI - so I guess 
  +             * 2069 should be updated to suggest strongly to quote).
  +             */
   	    if (ap_isalnum(auth_line[0])) {
   		value[vv] = auth_line[0];
   		vv++;
  -	    }
  -	    else if (auth_line[0] == '\"') {
  +	    } else
  +#endif
  +	    if (auth_line[0] == '\"') {
   		s = D_STRING;
   	    }
  +#ifndef CHARSET_EBCDIC
  +	    else if ((auth_line[0] != ',') && (auth_line[0] != ' ') && (auth_line[0]
!= '\0')) {
  +		value[vv] = auth_line[0];
  +		vv++;
  +	    }
  +#endif
   	    else {
   		value[vv] = '\0';
   
  
  
  

Mime
View raw message