httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. Cloos Jr." <cl...@jhcloos.com>
Subject Re: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)
Date Tue, 05 Dec 1995 07:14:18 GMT
>> CGI scripts are not passed the authentication information when in a
>> secure area.
>> 
>> Note this is in both 0.8.14 and 1.0.0
>> 
>> I fixed it myself in mod_auth.c by adding the line
>> c->auth_type=auth_type(r); on line 195 (0.8.14) before return OK;
>> In 1.0.0 it is line 185
>> 

Rob> This doesn't sound right.  Lots of people are using
Rob> authentication on scripts.

Rob> Did you forget to add "POST" to the <Limit ... > ?

Rob> e.g.

Rob> <Limit GET POST> require valid-user </Limit>

I just tested this, and the Environment I get looks like:

    DOCUMENT_ROOT=/home/www
    GATEWAY_INTERFACE=CGI/1.1
    HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
    HTTP_CONNECTION=Keep-Alive
    HTTP_COOKIE=s=caffeine6364818144005190
    HTTP_HOST=www.io.com
    HTTP_PRAGMA=no-cache
    HTTP_REFERER=http://www.io.com/auth/
    HTTP_USER_AGENT=Mozilla/2.0b3 (X11; I; BSD/OS 2.0 i386)
    PATH=/usr/local/bin:/usr/bin:/bin
    QUERY_STRING=
    REMOTE_ADDR=199.170.88.30
    REMOTE_HOST=caffeine.io.com
    REMOTE_USER=cloos
    REQUEST_METHOD=GET
    SCRIPT_FILENAME=/home/www/auth/env.cgi
    SCRIPT_NAME=/auth/env.cgi
    SERVER_ADMIN=webmaster@io.com
    SERVER_NAME=www.io.com
    SERVER_PORT=80
    SERVER_PROTOCOL=HTTP/1.0
    SERVER_SOFTWARE=Apache/1.0.0

Note that the username entered at authentication never made it to the
environment.  I think this is what the original complaint was about.

-JimC
-- 
James H. Cloos, Jr.	<URL:http://www.jhcloos.com/~cloos/>
cloos@jhcloos.com	Work: cloos@io.com
LPF,Usenix,SAGE,ISOC

Mime
View raw message