httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: proxy auth
Date Thu, 17 Jul 1997 05:47:41 GMT

Are there any other browsers or UA's which claim to implement proxy auth?
If another one passes muster, or an HTTP cop can look at the patch, I
certain +1 the concept.

	Brian

At 10:35 PM 7/16/97 -0700, sameer wrote:
>	I had no comments on my proxy auth thing so I wrote up the
>patch. Included here. This enables 407 responses if r->proxyreq is
>set, and squishes the Proxy-Authorization header so it doesn't get
>passed on to the reomte server.
>
>	I've tested this with NS 3.01, and it worked.
>
>
>Index: CHANGES
>===================================================================
>RCS file: /export/home/cvs/apache/src/CHANGES,v
>retrieving revision 1.339
>diff -c -r1.339 CHANGES
>*** CHANGES	1997/07/16 23:14:22	1.339
>--- CHANGES	1997/07/17 05:29:21
>***************
>*** 1,5 ****
>--- 1,8 ----
>  Changes with Apache 1.3
>  
>+   *) Support Proxy Authentication, and don't pass the Proxy-Authorize
>+      header to the remote host in the proxy. [Sameer Parekh]
>+ 
>    *) Extended SSI (mod_include) now handles additional relops for
>       string comparisons (<, >, <=, and >=).  [Bruno Wolff III] PR#41
>  
>Index: http_protocol.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/http_protocol.c,v
>retrieving revision 1.139
>diff -c -r1.139 http_protocol.c
>*** http_protocol.c	1997/07/15 22:36:51	1.139
>--- http_protocol.c	1997/07/17 05:29:47
>***************
>*** 896,902 ****
>      if (strcasecmp(auth_type(r), "Basic"))
>        note_auth_failure(r);
>      else
>!       table_set (r->err_headers_out, "WWW-Authenticate",
>  		 pstrcat(r->pool, "Basic realm=\"", auth_name(r), "\"", NULL));
>  }
>  
>--- 896,903 ----
>      if (strcasecmp(auth_type(r), "Basic"))
>        note_auth_failure(r);
>      else
>!       table_set (r->err_headers_out, r->proxyreq ? "Proxy-Authenticate" : 
>! 		                                   "WWW-Authenticate",
>  		 pstrcat(r->pool, "Basic realm=\"", auth_name(r), "\"", NULL));
>  }
>  
>***************
>*** 905,918 ****
>      char nonce[256];
>  
>      ap_snprintf(nonce, sizeof(nonce), "%lu", r->request_time);
>!     table_set (r->err_headers_out, "WWW-Authenticate",
>                 pstrcat(r->pool, "Digest realm=\"", auth_name(r),
>                         "\", nonce=\"", nonce, "\"", NULL));
>  }
>  
>  API_EXPORT(int) get_basic_auth_pw (request_rec *r, char **pw)
>  {
>!     const char *auth_line = table_get (r->headers_in, "Authorization");
>      char *t;
>      
>      if(!(t = auth_type(r)) || strcasecmp(t, "Basic"))
>--- 906,922 ----
>      char nonce[256];
>  
>      ap_snprintf(nonce, sizeof(nonce), "%lu", r->request_time);
>!     table_set (r->err_headers_out, r->proxyreq ? "Proxy-Authenticate" : 
>! 		                                 "WWW-Authenticate",
>                 pstrcat(r->pool, "Digest realm=\"", auth_name(r),
>                         "\", nonce=\"", nonce, "\"", NULL));
>  }
>  
>  API_EXPORT(int) get_basic_auth_pw (request_rec *r, char **pw)
>  {
>!     const char *auth_line = table_get (r->headers_in, r->proxyreq ? 
>! 				                      "Proxy-Authorization" :
>! 	                                              "Authorization");
>      char *t;
>      
>      if(!(t = auth_type(r)) || strcasecmp(t, "Basic"))
>***************
>*** 925,938 ****
>      
>      if(!auth_line) {
>          note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>  
>      if (strcmp(getword (r->pool, &auth_line, ' '), "Basic")) {
>          /* Client tried to authenticate using wrong auth scheme */
>          log_reason ("client used wrong authentication scheme", r->uri, r);
>          note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>  
>      t = uudecode (r->pool, auth_line);
>--- 929,944 ----
>      
>      if(!auth_line) {
>          note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : 
>! 	                      AUTH_REQUIRED);
>      }
>  
>      if (strcmp(getword (r->pool, &auth_line, ' '), "Basic")) {
>          /* Client tried to authenticate using wrong auth scheme */
>          log_reason ("client used wrong authentication scheme", r->uri, r);
>          note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : 
>! 	                      AUTH_REQUIRED);
>      }
>  
>      t = uudecode (r->pool, auth_line);
>***************
>*** 1692,1697 ****
>--- 1698,1704 ----
>                   "Vary",
>                   "Warning",
>                   "WWW-Authenticate",
>+ 		 "Proxy-Authenticate",
>                   NULL);
>  
>          terminate_header(r->connection->client);
>***************
>*** 1797,1802 ****
>--- 1804,1810 ----
>  		   escape_html(r->pool, location), "<BR>\nYou will need to ",
>                     "configure your client to use that proxy.<P>\n", NULL);
>  	    break;
>+ 	case HTTP_PROXY_AUTHENTICATION_REQUIRED:
>  	case AUTH_REQUIRED:
>  	    bputs("This server could not verify that you\n", fd);
>  	    bputs("are authorized to access the document you\n", fd);
>Index: mod_auth.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/mod_auth.c,v
>retrieving revision 1.18
>diff -c -r1.18 mod_auth.c
>*** mod_auth.c	1997/07/15 22:36:51	1.18
>--- mod_auth.c	1997/07/17 05:29:52
>***************
>*** 203,216 ****
>          ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>      /* anyone know where the prototype for crypt is? */
>      if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
>          ap_snprintf(errstr, sizeof(errstr), "user %s: password
mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>      return OK;
>  }
>--- 203,218 ----
>          ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : 
>! 		              AUTH_REQUIRED);
>      }
>      /* anyone know where the prototype for crypt is? */
>      if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
>          ap_snprintf(errstr, sizeof(errstr), "user %s: password
mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 		              AUTH_REQUIRED);
>      }
>      return OK;
>  }
>***************
>*** 277,283 ****
>        return DECLINED;
>  
>      note_basic_auth_failure (r);
>!     return AUTH_REQUIRED;
>  }
>  
>  module MODULE_VAR_EXPORT auth_module = {
>--- 279,285 ----
>        return DECLINED;
>  
>      note_basic_auth_failure (r);
>!     return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
AUTH_REQUIRED);
>  }
>  
>  module MODULE_VAR_EXPORT auth_module = {
>Index: mod_auth_anon.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/mod_auth_anon.c,v
>retrieving revision 1.16
>diff -c -r1.16 mod_auth_anon.c
>*** mod_auth_anon.c	1997/06/17 00:09:13	1.16
>--- mod_auth_anon.c	1997/07/17 05:29:55
>***************
>*** 251,257 ****
>  		"Anonymous: Authoritative, Passwd <%s> not accepted",
>  		send_pw ? send_pw : "\'none\'");
>  	log_error(errstr,r->server);
>! 	return AUTH_REQUIRED;
>  	}
>  	/* Drop out the bottom to return DECLINED */
>      }
>--- 251,258 ----
>  		"Anonymous: Authoritative, Passwd <%s> not accepted",
>  		send_pw ? send_pw : "\'none\'");
>  	log_error(errstr,r->server);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>  	}
>  	/* Drop out the bottom to return DECLINED */
>      }
>Index: mod_auth_db.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/mod_auth_db.c,v
>retrieving revision 1.12
>diff -c -r1.12 mod_auth_db.c
>*** mod_auth_db.c	1997/04/24 10:16:55	1.12
>--- mod_auth_db.c	1997/07/17 05:30:04
>***************
>*** 204,210 ****
>          ap_snprintf(errstr, sizeof(errstr), "DB user %s not found",
c->user);
>  	log_reason (errstr, r->filename, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }    
>      /* Password is up to first : if exists */
>      colon_pw = strchr(real_pw,':');
>--- 204,211 ----
>          ap_snprintf(errstr, sizeof(errstr), "DB user %s not found",
c->user);
>  	log_reason (errstr, r->filename, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 		              AUTH_REQUIRED);
>      }    
>      /* Password is up to first : if exists */
>      colon_pw = strchr(real_pw,':');
>***************
>*** 215,221 ****
>  		"user %s: password mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>      return OK;
>  }
>--- 216,223 ----
>  		"user %s: password mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>      }
>      return OK;
>  }
>***************
>*** 259,265 ****
>  			user, sec->auth_dbgrpfile);
>  	       log_reason (errstr, r->filename, r);
>  	       note_basic_auth_failure (r);
>! 	       return AUTH_REQUIRED;
>             }
>             orig_groups = groups;
>             while(t[0]) {
>--- 261,268 ----
>  			user, sec->auth_dbgrpfile);
>  	       log_reason (errstr, r->filename, r);
>  	       note_basic_auth_failure (r);
>! 	       return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                                      AUTH_REQUIRED);
>             }
>             orig_groups = groups;
>             while(t[0]) {
>***************
>*** 275,281 ****
>  		"user %s not in right group",user);
>  	   log_reason (errstr, r->filename, r);
>             note_basic_auth_failure(r);
>! 	   return AUTH_REQUIRED;
>         }
>      }
>      
>--- 278,285 ----
>  		"user %s not in right group",user);
>  	   log_reason (errstr, r->filename, r);
>             note_basic_auth_failure(r);
>! 	   return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                                  AUTH_REQUIRED);
>         }
>      }
>      
>Index: mod_auth_dbm.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/mod_auth_dbm.c,v
>retrieving revision 1.16
>diff -c -r1.16 mod_auth_dbm.c
>*** mod_auth_dbm.c	1997/06/30 01:28:29	1.16
>--- mod_auth_dbm.c	1997/07/17 05:30:07
>***************
>*** 197,203 ****
>          ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found",
c->user);
>  	log_reason (errstr, r->filename, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }    
>      /* Password is up to first : if exists */
>      colon_pw = strchr(real_pw,':');
>--- 197,204 ----
>          ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found",
c->user);
>  	log_reason (errstr, r->filename, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>      }    
>      /* Password is up to first : if exists */
>      colon_pw = strchr(real_pw,':');
>***************
>*** 208,214 ****
>  		"user %s: password mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>      return OK;
>  }
>--- 209,216 ----
>  		"user %s: password mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>      }
>      return OK;
>  }
>***************
>*** 252,258 ****
>  			user, sec->auth_dbmgrpfile);
>  	       log_reason (errstr, r->filename, r);
>  	       note_basic_auth_failure (r);
>! 	       return AUTH_REQUIRED;
>             }
>             orig_groups = groups;
>             while(t[0]) {
>--- 254,261 ----
>  			user, sec->auth_dbmgrpfile);
>  	       log_reason (errstr, r->filename, r);
>  	       note_basic_auth_failure (r);
>! 	       return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                                      AUTH_REQUIRED);
>             }
>             orig_groups = groups;
>             while(t[0]) {
>***************
>*** 268,274 ****
>  		"user %s not in right group",user);
>  	   log_reason (errstr, r->filename, r);
>             note_basic_auth_failure(r);
>! 	   return AUTH_REQUIRED;
>         }
>      }
>      
>--- 271,278 ----
>  		"user %s not in right group",user);
>  	   log_reason (errstr, r->filename, r);
>             note_basic_auth_failure(r);
>! 	   return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : 
>!                                  AUTH_REQUIRED);
>         }
>      }
>      
>Index: mod_auth_msql.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
>retrieving revision 1.20
>diff -c -r1.20 mod_auth_msql.c
>*** mod_auth_msql.c	1997/03/07 14:15:38	1.20
>--- mod_auth_msql.c	1997/07/17 05:30:20
>***************
>*** 809,815 ****
>            	   ap_snprintf(msql_errstr, MAX_STRING_LEN,
>  			"mSQL: Password for user %s not found", c->user);
>  		   note_basic_auth_failure (r);
>! 		   res = AUTH_REQUIRED;
>  		   } else {
>  		   /* pass control on to the next authorization module.
>  		    */
>--- 809,816 ----
>            	   ap_snprintf(msql_errstr, MAX_STRING_LEN,
>  			"mSQL: Password for user %s not found", c->user);
>  		   note_basic_auth_failure (r);
>! 		   res = (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 			                AUTH_REQUIRED);
>  		   } else {
>  		   /* pass control on to the next authorization module.
>  		    */
>***************
>*** 841,847 ****
>  		"mSQL: user %s: Empty Password(s) Rejected",c->user);
>  	log_reason (msql_errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>  	};
>  
>      if(sec->auth_msql_encrypted) {
>--- 842,849 ----
>  		"mSQL: user %s: Empty Password(s) Rejected",c->user);
>  	log_reason (msql_errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>  	};
>  
>      if(sec->auth_msql_encrypted) {
>***************
>*** 860,866 ****
>  		"mSQL user %s: password mismatch",c->user);
>  	log_reason (msql_errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>      return OK;
>  }
>--- 862,869 ----
>  		"mSQL user %s: password mismatch",c->user);
>  	log_reason (msql_errstr, r->uri, r);
>  	note_basic_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>      }
>      return OK;
>  }
>***************
>*** 894,900 ****
>  	        ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s denied, no
access rules specified (MSQL-Authoritative) ",user);
>  		log_reason (msql_errstr, r->uri, r);
>  	        note_basic_auth_failure(r);
>! 		return AUTH_REQUIRED;
>  		};
>  	return DECLINED;
>   	};
>--- 897,904 ----
>  	        ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s denied, no
access rules specified (MSQL-Authoritative) ",user);
>  		log_reason (msql_errstr, r->uri, r);
>  	        note_basic_auth_failure(r);
>! 		return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 			              AUTH_REQUIRED);
>  		};
>  	return DECLINED;
>   	};
>***************
>*** 907,913 ****
>          w = getword(r->pool, &t, ' ');
>  
>          if ((user_result != OK) && (!strcmp(w,"user"))) {
>! 	    user_result=AUTH_REQUIRED;
>              while(t[0]) {
>                  w = getword_conf (r->pool, &t);
>                  if (!strcmp(user,w)) {
>--- 911,918 ----
>          w = getword(r->pool, &t, ' ');
>  
>          if ((user_result != OK) && (!strcmp(w,"user"))) {
>! 	    user_result=(r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                                        AUTH_REQUIRED);
>              while(t[0]) {
>                  w = getword_conf (r->pool, &t);
>                  if (!strcmp(user,w)) {
>***************
>*** 919,925 ****
>             	ap_snprintf(msql_errstr, MAX_STRING_LEN, "User %s not found
(MSQL-Auhtorative)",user);
>  		log_reason (msql_errstr, r->uri, r);
>             	note_basic_auth_failure(r);
>! 		return AUTH_REQUIRED;
>  		};
>          }
>  
>--- 924,931 ----
>             	ap_snprintf(msql_errstr, MAX_STRING_LEN, "User %s not found
(MSQL-Auhtorative)",user);
>  		log_reason (msql_errstr, r->uri, r);
>             	note_basic_auth_failure(r);
>! 		return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                                       AUTH_REQUIRED);
>  		};
>          }
>  
>***************
>*** 930,936 ****
>             ) {
>  	   /* look up the membership for each of the groups in the table
>              */
>! 	   group_result=AUTH_REQUIRED;
>             while ( (t[0]) && (group_result != OK) && (!msql_errstr[0])
) {
>                  if (get_msql_grp(r,getword(r->pool, &t, '
'),user,sec,msql_errstr)) {
>  			group_result= OK;
>--- 936,943 ----
>             ) {
>  	   /* look up the membership for each of the groups in the table
>              */
>! 	   group_result=(r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                                        AUTH_REQUIRED);
>             while ( (t[0]) && (group_result != OK) && (!msql_errstr[0])
) {
>                  if (get_msql_grp(r,getword(r->pool, &t, '
'),user,sec,msql_errstr)) {
>  			group_result= OK;
>***************
>*** 947,953 ****
>             	ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s not in
right groups (MSQL-Authoritative) ",user);
>  		log_reason (msql_errstr, r->uri, r);
>             	note_basic_auth_failure(r);
>! 		return AUTH_REQUIRED;
>  		};
>             };
>  
>--- 954,961 ----
>             	ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s not in
right groups (MSQL-Authoritative) ",user);
>  		log_reason (msql_errstr, r->uri, r);
>             	note_basic_auth_failure(r);
>! 		return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 			              AUTH_REQUIRED);
>  		};
>             };
>  
>***************
>*** 960,972 ****
>       * returns are only if msql yielded a correct result. 
>       * This really is not needed.
>       */
>!     if (((group_result == AUTH_REQUIRED) || (user_result ==
AUTH_REQUIRED)) && (sec->auth_msql_authoritative) ) {
>          ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL-Authoritative:
Access denied on %s %s rule(s) ", 
>! 		(group_result == AUTH_REQUIRED) ? "USER" : "", 
>! 		(user_result == AUTH_REQUIRED) ? "GROUP" : ""
>! 		);
>  	log_reason (msql_errstr, r->uri, r);
>! 	return AUTH_REQUIRED;
>  	};
>  
>      if ( (user_result == OK) || (group_result == OK))
>--- 968,988 ----
>       * returns are only if msql yielded a correct result. 
>       * This really is not needed.
>       */
>!     if (((group_result == (r->proxyreq ?
HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                                          AUTH_REQUIRED)) ||
>! 	 (user_result == (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 			                AUTH_REQUIRED))) &&
>! 	(sec->auth_msql_authoritative)) {
>          ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL-Authoritative:
Access denied on %s %s rule(s) ", 
>! 		(group_result ==
>! 		 (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 		                AUTH_REQUIRED)) ? "USER" : "", 
>! 		(user_result ==
>! 		 (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 		                AUTH_REQUIRED)) ? "GROUP" : "");
>  	log_reason (msql_errstr, r->uri, r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>! 		              AUTH_REQUIRED);
>  	};
>  
>      if ( (user_result == OK) || (group_result == OK))
>Index: mod_digest.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/mod_digest.c,v
>retrieving revision 1.14
>diff -c -r1.14 mod_digest.c
>*** mod_digest.c	1997/03/07 14:15:39	1.14
>--- mod_digest.c	1997/07/17 05:30:25
>***************
>*** 142,155 ****
>  
>    if (!auth_line) {
>      note_digest_auth_failure (r);
>!     return AUTH_REQUIRED;
>    }
>  
>    if (strcmp(getword (r->pool, &auth_line, ' '), "Digest")) {
>      /* Client tried to authenticate using wrong auth scheme */
>      log_reason ("client used wrong authentication scheme", r->uri, r);
>      note_digest_auth_failure (r);
>!     return AUTH_REQUIRED;
>    }
>  
>    l = strlen(auth_line);
>--- 142,155 ----
>  
>    if (!auth_line) {
>      note_digest_auth_failure (r);
>!     return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
AUTH_REQUIRED);
>    }
>  
>    if (strcmp(getword (r->pool, &auth_line, ' '), "Digest")) {
>      /* Client tried to authenticate using wrong auth scheme */
>      log_reason ("client used wrong authentication scheme", r->uri, r);
>      note_digest_auth_failure (r);
>!     return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
AUTH_REQUIRED);
>    }
>  
>    l = strlen(auth_line);
>***************
>*** 226,232 ****
>    if (!response->username || !response->realm || !response->nonce ||
>        !response->requested_uri || !response->digest) {
>      note_digest_auth_failure (r);
>!     return AUTH_REQUIRED;
>    }
>  
>    r->connection->user = response->username;
>--- 226,232 ----
>    if (!response->username || !response->realm || !response->nonce ||
>        !response->requested_uri || !response->digest) {
>      note_digest_auth_failure (r);
>!     return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
AUTH_REQUIRED);
>    }
>  
>    r->connection->user = response->username;
>***************
>*** 280,293 ****
>          ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_digest_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>      /* anyone know where the prototype for crypt is? */
>      if(strcmp(response->digest, find_digest(r, response, a1))) {
>          ap_snprintf(errstr, sizeof(errstr), "user %s: password
mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_digest_auth_failure (r);
>! 	return AUTH_REQUIRED;
>      }
>      return OK;
>  }
>--- 280,295 ----
>          ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_digest_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>      }
>      /* anyone know where the prototype for crypt is? */
>      if(strcmp(response->digest, find_digest(r, response, a1))) {
>          ap_snprintf(errstr, sizeof(errstr), "user %s: password
mismatch",c->user);
>  	log_reason (errstr, r->uri, r);
>  	note_digest_auth_failure (r);
>! 	return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
>!                               AUTH_REQUIRED);
>      }
>      return OK;
>  }
>***************
>*** 340,346 ****
>        return OK;
>  
>      note_digest_auth_failure(r);
>!     return AUTH_REQUIRED;
>  }
>  
>  module digest_module = {
>--- 342,348 ----
>        return OK;
>  
>      note_digest_auth_failure(r);
>!     return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
AUTH_REQUIRED);
>  }
>  
>  module digest_module = {
>Index: modules/proxy/proxy_http.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/modules/proxy/proxy_http.c,v
>retrieving revision 1.20
>diff -c -r1.20 proxy_http.c
>*** proxy_http.c	1997/07/12 20:33:04	1.20
>--- proxy_http.c	1997/07/17 05:30:28
>***************
>*** 260,266 ****
>      for (i=0; i < reqhdrs_arr->nelts; i++)
>      {
>  	if (reqhdrs[i].key == NULL || reqhdrs[i].val == NULL
>! 	  || !strcasecmp(reqhdrs[i].key, "Host"))  /* already sent if there */
>  	    continue;
>  	bvputs(f, reqhdrs[i].key, ": ", reqhdrs[i].val, "\015\012", NULL);
>      }
>--- 260,268 ----
>      for (i=0; i < reqhdrs_arr->nelts; i++)
>      {
>  	if (reqhdrs[i].key == NULL || reqhdrs[i].val == NULL
>! 	    /* Clear out headers not to send */
>! 	  || !strcasecmp(reqhdrs[i].key, "Host") /* Already sent */
>! 	  || !strcasecmp(reqhdrs[i].key, "Proxy-Authorization"))
>  	    continue;
>  	bvputs(f, reqhdrs[i].key, ": ", reqhdrs[i].val, "\015\012", NULL);
>      }
>
>
>-- 
>Sameer Parekh					Voice:   510-986-8770
>President					FAX:     510-986-8777
>C2Net
>http://www.c2.net/				sameer@c2.net
>
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL           brian@organic.com - hyperreal.org - apache.org

Mime
View raw message