httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <Dirk.vanGu...@jrc.it>
Subject Re: [PATCH] PR#1195 (" in auth realms)
Date Sun, 28 Dec 1997 20:10:59 GMT
+1, cursory test.

DW.
On Wed, 24 Dec 1997, Rodent of Unusual Size wrote:

> Okey, here's a patch to close this PR and put our handling
> of realm-names [back] into compliance with RFC2068.  A change
> to http_core.c and a new routine/file in src/ap.
> 
> The conceptual fix was approved, but no patch submitted for
> it til now..
> 
> #ken	P-)}
> 
> Index: ap/Makefile.tmpl
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/ap/Makefile.tmpl,v
> retrieving revision 1.4
> diff -u -r1.4 Makefile.tmpl
> --- Makefile.tmpl	1997/12/24 04:36:15	1.4
> +++ Makefile.tmpl	1997/12/24 16:18:03
> @@ -6,7 +6,7 @@
>  
>  LIB=libap.a
>  
> -OBJS=ap_signal.o ap_slack.o ap_snprintf.o
> +OBJS=ap_signal.o ap_slack.o ap_snprintf.o ap_strings.o
>  
>  .c.o:
>  	$(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $<
> @@ -27,3 +27,4 @@
>  ap_signal.o: $(INCDIR)/httpd.h
>  ap_slack.o: $(INCDIR)/httpd.h $(INCDIR)/http_log.h
>  ap_snprintf.o: $(INCDIR)/conf.h
> +ap_strings.o: $(INCDIR)/httpd.h
> Index: main/http_core.c
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/main/http_core.c,v
> retrieving revision 1.142
> diff -u -r1.142 http_core.c
> --- http_core.c	1997/11/30 19:18:46	1.142
> +++ http_core.c	1997/12/24 16:18:33
> @@ -1618,6 +1618,18 @@
>     return NULL;
>  }
>  
> +/*
> + * Load an authorisation realm into our location configuration, applying the
> + * usual rules that apply to realms.
> + */
> +static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
> +{
> +    core_dir_config *aconfig = (core_dir_config *)mconfig;
> +
> +    aconfig->auth_name = ap_escape_quotes(cmd->pool, word1);
> +    return NULL;
> +}
> +
>  /* Note --- ErrorDocument will now work from .htaccess files.  
>   * The AllowOverride of Fileinfo allows webmasters to turn it off
>   */
> @@ -1646,8 +1658,8 @@
>  { "</FilesMatch>", end_filesection, NULL, OR_ALL, NO_ARGS, "Marks end of
> <FilesMatch>" },
>  { "AuthType", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_type),
>      OR_AUTHCFG, TAKE1, "An HTTP authorization type (e.g., \"Basic\")" },
> -{ "AuthName", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_name),
> -    OR_AUTHCFG, RAW_ARGS, "The authentication realm (e.g. \"Members Only\")"
> },
> +{ "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
> +    "The authentication realm (e.g. \"Members Only\")" },
>  { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which
> authenticated users or groups may access a protected space" },
>  { "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
>      "access policy if both allow and require used ('all' or 'any')" },    
> 
> ---ap_strings.c---
> /* ====================================================================
>  * Copyright (c) 1995-1997 The Apache Group.  All rights reserved.
>  *
>  * Redistribution and use in source and binary forms, with or without
>  * modification, are permitted provided that the following conditions
>  * are met:
>  *
>  * 1. Redistributions of source code must retain the above copyright
>  *    notice, this list of conditions and the following disclaimer. 
>  *
>  * 2. Redistributions in binary form must reproduce the above copyright
>  *    notice, this list of conditions and the following disclaimer in
>  *    the documentation and/or other materials provided with the
>  *    distribution.
>  *
>  * 3. All advertising materials mentioning features or use of this
>  *    software must display the following acknowledgment:
>  *    "This product includes software developed by the Apache Group
>  *    for use in the Apache HTTP server project (http://www.apache.org/)."
>  *
>  * 4. The names "Apache Server" and "Apache Group" must not be used to
>  *    endorse or promote products derived from this software without
>  *    prior written permission. For written permission, please contact
>  *    apache@apache.org.
>  *
>  * 5. Redistributions of any form whatsoever must retain the following
>  *    acknowledgment:
>  *    "This product includes software developed by the Apache Group
>  *    for use in the Apache HTTP server project (http://www.apache.org/)."
>  *
>  * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
>  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
>  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
>  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
>  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
>  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
>  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
>  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
>  * OF THE POSSIBILITY OF SUCH DAMAGE.
>  * ====================================================================
>  *
>  * This software consists of voluntary contributions made by many
>  * individuals on behalf of the Apache Group and was originally based
>  * on public domain software written at the National Center for
>  * Supercomputing Applications, University of Illinois, Urbana-Champaign.
>  * For more information on the Apache Group and the Apache HTTP server
>  * project, please see <http://www.apache.org/>.
>  *
>  */
> 
> #include "httpd.h"
> 
> /*
>  * Given a string, replace any bare " with \" .
>  */
> char *ap_escape_quotes (pool *p, char *instring)
> {
>     int newlen = 0;
>     char *inchr = instring;
>     char *outchr, *outstring;
> 
>     /*
>      * Look through the input string, jogging the length of the output
>      * string up by an extra byte each time we find an unescaped ".
>      */
>     while (*inchr != '\0') {
> 	newlen++;
>         if (*inchr == '"') {
> 	    newlen++;
> 	}
> 	/*
> 	 * If we find a slosh, and it's not the last byte in the string,
> 	 * it's escaping something - advance past both bytes.
> 	 */
> 	if ((*inchr == '\\') && (inchr[1] != '\0')) {
> 	    inchr++;
> 	}
> 	inchr++;
>     }
>     outstring = palloc(p, newlen + 1);
>     inchr = instring;
>     outchr = outstring;
>     /*
>      * Now copy the input string to the output string, inserting a slosh
>      * in front of every " that doesn't already have one.
>      */
>     while (*inchr != '\0') {
> 	if ((*inchr == '\\') && (inchr[1] != '\0')) {
> 	    *outchr++ = *inchr++;
> 	    *outchr++ = *inchr++;
> 	}
> 	if (*inchr == '"') {
> 	    *outchr++ = '\\';
> 	}
> 	if (*inchr != '\0') {
> 	    *outchr++ = *inchr++;
> 	}
>     }
>     *outchr = '\0';
>     return outstring;
> }
> 

http://cils.ceo.org                         http://enrm.ceo.org
dirkx@technologist.com                     Dirk.vanGulik@jrc.it
+39 332 78 0014       +39 332 78 9549       fax +39 332 78 9185
ISEI/ESBA;                     The Center For Earth Observation
Joint Research Centre of the European Communities, Ispra, Italy


Mime
View raw message