httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pque...@apache.org
Subject cvs commit: httpd-2.0/modules/aaa mod_auth_digest.c
Date Sat, 10 Jul 2004 07:47:23 GMT
pquerna     2004/07/10 00:47:23

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/aaa Tag: APACHE_2_0_BRANCH mod_auth_digest.c
  Log:
  Backport of AuthDigestEnableQueryStringHack
  Needs a doc update to explain what it does.
  
  PR: 27785
  Reviewed by: André Malo, Geoffrey Young, Paul Querna
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.313 +7 -2      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.312
  retrieving revision 1.988.2.313
  diff -u -r1.988.2.312 -r1.988.2.313
  --- CHANGES	10 Jul 2004 04:45:21 -0000	1.988.2.312
  +++ CHANGES	10 Jul 2004 07:47:21 -0000	1.988.2.313
  @@ -1,7 +1,12 @@
   Changes with Apache 2.0.51
   
  -  *) Allow URLs for ServerAdmin. PR 28174. 
  -     [Paul Querna]
  +  *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
  +     is set in r->subprocess_env allow mismatched query strings to pass.
  +     PR 27758.  [Paul Querna, Geoffrey Young]
  +
  +  *) Accept URLs for the ServerAdmin directive. If the supplied
  +     argument is not recognized as an URL, assume it's a mail address.
  +     PR 28174.  [André Malo, Paul Querna]
   
     *) initialize server arrays prior to calling ap_setup_prelinked_modules
        so that static modules can push Defines values when registering
  
  
  
  1.751.2.952 +1 -7      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.951
  retrieving revision 1.751.2.952
  diff -u -r1.751.2.951 -r1.751.2.952
  --- STATUS	10 Jul 2004 05:01:31 -0000	1.751.2.951
  +++ STATUS	10 Jul 2004 07:47:22 -0000	1.751.2.952
  @@ -206,12 +206,6 @@
              support/ab.c: r1.143
          +1: jjclar, nd
   
  -    *) work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack
  -       is set in r->subprocess_env allow mismatched query strings to pass.
  -       PR: 27758
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/aaa/mod_auth_digest.c?r1=1.86&r2=1.87
  -       +1: geoff, nd, pquerna
  -
       *) mod_dav: Send an EOS at the end of the multistatus brigade.
          http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/main/mod_dav.c?r1=1.105&r2=1.106
          +1: jorton
  
  
  
  No                   revision
  No                   revision
  1.72.2.8  +21 -0     httpd-2.0/modules/aaa/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_digest.c,v
  retrieving revision 1.72.2.7
  retrieving revision 1.72.2.8
  diff -u -r1.72.2.7 -r1.72.2.8
  --- mod_auth_digest.c	24 Feb 2004 09:17:00 -0000	1.72.2.7
  +++ mod_auth_digest.c	10 Jul 2004 07:47:22 -0000	1.72.2.8
  @@ -1607,6 +1607,27 @@
           if (d_uri.query) {
               ap_unescape_url(d_uri.query);
           }
  +        else if (r_uri.query) {
  +            /* MSIE compatibility hack.  MSIE has some RFC issues - doesn't 
  +             * include the query string in the uri Authorization component
  +             * or when computing the response component.  the second part
  +             * works out ok, since we can hash the header and get the same
  +             * result.  however, the uri from the request line won't match
  +             * the uri Authorization component since the header lacks the 
  +             * query string, leaving us incompatable with a (broken) MSIE.
  +             * 
  +             * the workaround is to fake a query string match if in the proper
  +             * environment - BrowserMatch MSIE, for example.  the cool thing
  +             * is that if MSIE ever fixes itself the simple match ought to 
  +             * work and this code won't be reached anyway, even if the
  +             * environment is set.
  +             */
  +            
  +            if (apr_table_get(r->subprocess_env, 
  +                              "AuthDigestEnableQueryStringHack")) {
  +                d_uri.query = r_uri.query;
  +            }
  +        }
   
           if (r->method_number == M_CONNECT) {
               if (strcmp(resp->uri, r_uri.hostinfo)) {
  
  
  

Mime
View raw message