httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Querna" <c...@cyan.com>
Subject [PATCH] mod_auth_digest.c -- EnableQueryStringHack
Date Sun, 08 Jun 2003 21:43:08 GMT
MSIE breaks Digest authentication whenever there is a GET Query string.  This
is noted in the httpd manual, but provides no work around.  By my reading of
the RFCs we do use the correct implmentation, and most other browsers follow
it.  But because MSIE does not follow it, it prevents the widespread use of
Digest authentication over Basic authentication.

This Patch is setup to use a BrowserMatch directive to allow MSIE clients to
use Digest Authentication.

All I have added to my httpd.conf is:

BrowserMatch MSIE AuthDigestEnableQueryStringHack=on

Example URLs:
http://www.force-elite.com:4080/cgi-bin/printenv

*Digest Authentication w/o extra query string. (always worked in most browsers.)

http://www.force-elite.com:4080/cgi-bin/printenv?&arg1=blah&arg2=afdjkh 

*Digest Authentication w/ extra query string. (broken in MSIE w/o patch)

u/p: test/test
The usernames and passwords that can be used are controled by the
mod_authn_dbi demo page... so anyone can change them: 
http://www.in.force-elite.com:4080/

This patch is against the HEAD of mod_auth_digest.  I can make a patch against
the version in the 2.0 branch if no one else does.

Patch: 
http://open.cyanworlds.com/~chip/mod_auth_digest.c-QueryStringHack.patch

--- mod_auth_digest.c	13 Feb 2003 02:28:57 -0000	1.79
+++ mod_auth_digest.c	8 Jun 2003 21:40:10 -0000
@@ -1634,6 +1634,7 @@
     request_rec       *mainreq;
     const char        *t;
     int                res;
+    int                query_string_hack;
 
     /* do we require Digest auth for this URI? */
 
@@ -1715,6 +1716,12 @@
         if (d_uri.query) {
             ap_unescape_url(d_uri.query);
         }
+        if(apr_table_get(r->subprocess_env, "AuthDigestEnableQueryStringHack")){
+           query_string_hack = 0;
+        } 
+        else {
+           query_string_hack = 1;
+        } 
 
         if (r->method_number == M_CONNECT) {
             if (strcmp(resp->uri, r_uri.hostinfo)) {
@@ -1742,9 +1749,9 @@
                 && !(d_uri.path && !r_uri.path && resp->psd_request_uri->hostname
                     && d_uri.path[0] == '*' && d_uri.path[1] == '\0'))
             /* check that query matches */
-            || (d_uri.query != r_uri.query
+            || ( query_string_hack && (d_uri.query != r_uri.query
                 && (!d_uri.query || !r_uri.query
-                    || strcmp(d_uri.query, r_uri.query)))
+                    || strcmp(d_uri.query, r_uri.query))))
             ) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                           "Digest: uri mismatch - <%s> does not match "


-chip

Mime
View raw message