httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ge...@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_auth_basic.c mod_auth_digest.c
Date Sat, 21 Feb 2004 00:53:18 GMT
geoff       2004/02/20 16:53:18

  Modified:    .        CHANGES
               modules/aaa mod_auth_basic.c mod_auth_digest.c
  Log:
  minor mod_auth_basic and mod_auth_digest sync.  mod_auth_basic
  now populates r->user with the (possibly unauthenticated) user,
  and mod_auth_digest returns 500 when a provider returns
  AUTH_GENERAL_ERROR
  Reviewed by:	justin
  
  Revision  Changes    Path
  1.1407    +6 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1406
  retrieving revision 1.1407
  diff -u -r1.1406 -r1.1407
  --- CHANGES	19 Feb 2004 11:19:43 -0000	1.1406
  +++ CHANGES	21 Feb 2004 00:53:18 -0000	1.1407
  @@ -2,6 +2,12 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) minor mod_auth_basic and mod_auth_digest sync.  mod_auth_basic
  +     now populates r->user with the (possibly unauthenticated) user,
  +     and mod_auth_digest returns 500 when a provider returns
  +     AUTH_GENERAL_ERROR.
  +     [Geoffrey Young]
  +
     *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
        argumentless containers.
        ["Philippe M. Chiasson" <gozer cpan.org>]
  
  
  
  1.17      +3 -0      httpd-2.0/modules/aaa/mod_auth_basic.c
  
  Index: mod_auth_basic.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_basic.c,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- mod_auth_basic.c	9 Feb 2004 20:29:17 -0000	1.16
  +++ mod_auth_basic.c	21 Feb 2004 00:53:18 -0000	1.17
  @@ -176,6 +176,9 @@
       *user = ap_getword_nulls(r->pool, (const char**)&decoded_line, ':');
       *pw = decoded_line;
   
  +    /* set the user, even though the user is unauthenticated at this point */
  +    r->user = (char *) *user;
  +
       return OK;
   }
   
  
  
  
  1.86      +20 -9     httpd-2.0/modules/aaa/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_digest.c,v
  retrieving revision 1.85
  retrieving revision 1.86
  diff -u -r1.85 -r1.86
  --- mod_auth_digest.c	9 Feb 2004 20:29:17 -0000	1.85
  +++ mod_auth_digest.c	21 Feb 2004 00:53:18 -0000	1.86
  @@ -1328,8 +1328,8 @@
    * Authorization header verification code
    */
   
  -static const char *get_hash(request_rec *r, const char *user,
  -                            digest_config_rec *conf)
  +static authn_status get_hash(request_rec *r, const char *user,
  +                             digest_config_rec *conf)
   {
       authn_status auth_result;
       char *password;
  @@ -1374,12 +1374,11 @@
           current_provider = current_provider->next;
       } while (current_provider);
   
  -    if (auth_result != AUTH_USER_FOUND) {
  -        return NULL;
  -    }
  -    else {
  -        return password;
  +    if (auth_result == AUTH_USER_FOUND) {
  +        conf->ha1 = password;
       }
  +
  +    return auth_result;
   }
   
   static int check_nc(const request_rec *r, const digest_header_rec *resp,
  @@ -1593,6 +1592,7 @@
       request_rec       *mainreq;
       const char        *t;
       int                res;
  +    authn_status       return_code;
   
       /* do we require Digest auth for this URI? */
   
  @@ -1738,14 +1738,25 @@
           return HTTP_UNAUTHORIZED;
       }
   
  -    if (!(conf->ha1 = get_hash(r, r->user, conf))) {
  +    return_code = get_hash(r, r->user, conf);
  +
  +    if (return_code == AUTH_USER_NOT_FOUND) {
           ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                         "Digest: user `%s' in realm `%s' not found: %s",
                         r->user, conf->realm, r->uri);
           note_digest_auth_failure(r, conf, resp, 0);
           return HTTP_UNAUTHORIZED;
       }
  -
  +    else if (return_code == AUTH_USER_FOUND) {
  +        /* we have a password, so continue */
  +    }
  +    else {
  +        /* AUTH_GENERAL_ERROR (or worse)
  +         * We'll assume that the module has already said what its error
  +         * was in the logs.
  +         */
  +        return HTTP_INTERNAL_SERVER_ERROR;
  +    }
       
       if (resp->message_qop == NULL) {
           /* old (rfc-2069) style digest */
  
  
  

Mime
View raw message