httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_auth_digest.c
Date Thu, 13 Feb 2003 02:28:57 GMT
nd          2003/02/12 18:28:57

  Modified:    .        CHANGES
               modules/aaa mod_auth_digest.c
  Log:
  drop the guess_domain function.
  
  Our docs say about AuthDigestDomain:
  This directive should always be specified and contain at least the (set of)
  root URI(s) for this space. Omitting to do so will cause the client to send
  the Authorization header for every request sent to this server.
  
  guessing the parameter is somewhat bogus. guess_domain() also resulted sometimes
  in relative URIs, non-URI strings or empty strings, which caused a lot of
  problems.
  According to the docs, the domain parameter will be omitted now,
  if not specified. This is exactly, what one would expect.
  
  Revision  Changes    Path
  1.1062    +4 -3      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1061
  retrieving revision 1.1062
  diff -u -r1.1061 -r1.1062
  --- CHANGES	12 Feb 2003 18:27:36 -0000	1.1061
  +++ CHANGES	13 Feb 2003 02:28:57 -0000	1.1062
  @@ -2,6 +2,10 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
  +     not specified. Now it assumes "/" as already documented. PR 16937.
  +     [André Malo]
  +
     *) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
        be started on Unix because of such problems as bad permissions,
        bad shebang line, etc.  [Jeff Trawick]
  @@ -9,9 +13,6 @@
     *) Fix suexec compile error under SUNOS4, where strerror() doesn't
        exist. PR 5913, 9977.
        [Jonathan W Miner <Jonathan.W.Miner@lmco.com>]
  -
  -  *) Fix mod_auth_digest not to use local paths for the domain parameter
  -     on non-unix systems. PR 16937.  [André Malo]
   
     *) Let suexec send a message to stderr, if it failed or its policy
        was violated. This message appears in the error log and allows
  
  
  
  1.79      +8 -106    httpd-2.0/modules/aaa/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_digest.c,v
  retrieving revision 1.78
  retrieving revision 1.79
  diff -u -r1.78 -r1.79
  --- mod_auth_digest.c	11 Feb 2003 02:08:01 -0000	1.78
  +++ mod_auth_digest.c	13 Feb 2003 02:28:57 -0000	1.79
  @@ -1244,102 +1244,10 @@
       }
   }
   
  -
   /*
    * Authorization challenge generation code (for WWW-Authenticate)
    */
   
  -static const char *guess_domain(apr_pool_t *p, const char *uri,
  -                                const char *filename, const char *dir)
  -{
  -    apr_size_t u_len = strlen(uri), f_len = strlen(filename), 
  -      d_len = strlen(dir);
  -    const char *u, *f;
  -
  -
  -    /* Because of things like mod_alias and mod_rewrite and the fact that
  -     * protection is often on a directory basis (not a location basis) it
  -     * is hard to determine the uri to put in the domain attribute.
  -     *
  -     * What we do is the following: first we see if the directory is
  -     * a prefix for the uri - if this is the case we assume that therefore
  -     * a <Location> directive was protecting this uri and we can use it
  -     * for the domain.
  -     */
  -    if (u_len >= d_len && !memcmp(uri, dir, d_len)) {
  -        return dir;
  -    }
  -
  -    /* Now we check for <Files ...>, and if we find one we send back a
  -     * dummy uri - this is the only way to specify that the protection
  -     * space only covers a single uri.
  -     */
  -    if (!ap_os_is_path_absolute(p, dir)) {
  -        /* This doesn't work for Amaya (ok, it's of arguable validity in
  -         * the first place), so just return the file name instead
  -        return "http://0.0.0.0/";
  -         */
  -        return dir;
  -    }
  -
  -    /* Next we find the largest common common suffix of the request-uri
  -     * and the final file name, ignoring any extensions; this gives us a
  -     * hint as to where any rewriting could've occured (assuming that some
  -     * prefix of the uri is rewritten, not a suffix).
  -     */
  -    u = uri + u_len - 1;        /* strip any extension */
  -    while (u > uri && *u != '/') {
  -        u--;
  -    }
  -    while (*u && *u != '.') {
  -        u++;
  -    }
  -    if (*u == '.') {
  -        u--;
  -    }
  -    if (*u == '/') {
  -        u--;
  -    }
  -
  -    f = filename + f_len - 1;   /* strip any extension */
  -    while (f > filename && *f != '/') {
  -        f--;
  -    }
  -    while (*f && *f != '.') {
  -        f++;
  -    }
  -    if (*f == '.') {
  -        f--;
  -    }
  -    if (*f == '/') {
  -        f--;
  -    }
  -
  -    while (*f == *u && f > filename && u > uri) {
  -        u--;
  -        f--;
  -    }
  -    f++;
  -    u++;
  -
  -    while (*f && *f != '/') {
  -        f++;
  -        u++;  /* suffix must start with / */
  -    }
  -
  -    /* Now, if the directory reaches into this common suffix then we can
  -     * take the uri with the same reach.
  -     */
  -    if ((unsigned long) (f-filename) < d_len) {
  -        char *tmp = apr_pstrdup(p, uri);
  -        tmp[(u-uri)+(d_len-(f-filename))] = '\0';
  -        return tmp;
  -    }
  -
  -    return "";  /* give up */
  -}
  -
  -
   static const char *ltox(apr_pool_t *p, unsigned long num)
   {
       if (num != 0) {
  @@ -1432,22 +1340,16 @@
        * unneccessarily (it's usually > 200 bytes!).
        */
   
  -    if (r->proxyreq) {
  -        domain = NULL;  /* don't send domain for proxy requests */
  -    }
  -    else if (conf->uri_list) {
  -        domain = conf->uri_list;
  +    
  +    /* don't send domain
  +     * - for proxy requests
  +     * - if it's no specified
  +     */
  +    if (r->proxyreq || !conf->uri_list) {
  +        domain = NULL;  
       }
       else {
  -        /* They didn't specify any domain, so let's guess at it */
  -        domain = guess_domain(r->pool, resp->psd_request_uri->path, r->filename,
  -                              conf->dir_name);
  -        if (domain[0] == '/' && domain[1] == '\0') {
  -            domain = NULL;      /* "/" is the default, so no need to send it */
  -        }
  -        else {
  -            domain = apr_pstrcat(r->pool, ", domain=\"", domain, "\"", NULL);
  -        }
  +        domain = conf->uri_list;
       }
   
       apr_table_mergen(r->err_headers_out,
  
  
  

Mime
View raw message