You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Alexei Kosut <ak...@hyperreal.com> on 1996/06/17 22:28:21 UTC

cvs commit: apache/src CHANGES http_request.c

akosut      96/06/17 13:28:20

  Modified:    src       CHANGES http_request.c
  Log:
  Broken authentication behavior regarding multiple methods fixed.
  
  Submitted by: Robert S. Thau
  
  Revision  Changes    Path
  1.32      +2 -0      apache/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache/src/CHANGES,v
  retrieving revision 1.31
  retrieving revision 1.32
  diff -C3 -r1.31 -r1.32
  *** CHANGES	1996/06/17 20:25:12	1.31
  --- CHANGES	1996/06/17 20:28:18	1.32
  ***************
  *** 2,7 ****
  --- 2,9 ----
    
      *) r->bytes_sent variable restored
    
  +   *) Previously broken multi-method <Limit> parsing fixed.
  + 
      *) More possibly unsecure programs removed from the support directory.
    
      *) More mod_auth_msql authentication improvements.
  
  
  
  1.10      +20 -1     apache/src/http_request.c
  
  Index: http_request.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_request.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -C3 -r1.9 -r1.10
  *** http_request.c	1996/06/13 03:09:22	1.9
  --- http_request.c	1996/06/17 20:28:19	1.10
  ***************
  *** 659,664 ****
  --- 659,683 ----
        else die (status, r);
    }
    
  + static int some_auth_required (request_rec *r)
  + {
  +     /* Is there a require line configured for the type of *this* req? */
  +     
  +     array_header *reqs_arr = requires (r);
  +     require_line *reqs;
  +     int i;
  +     
  +     if (!reqs_arr) return 0;
  +     
  +     reqs = (require_line *)reqs_arr->elts;
  + 
  +     for (i = 0; i < reqs_arr->nelts; ++i)
  + 	if (reqs[i].method_mask & (1 << r->method_number))
  + 	    return 1;
  + 
  +     return 0;
  + }
  + 
    void process_request_internal (request_rec *r)
    {
        int access_status;
  ***************
  *** 721,727 ****
    	return;
        }
        
  !     if (auth_type (r)) {
            if ((access_status = check_user_id (r)) != 0) {
    	    decl_die (access_status, "check user.  No user file?", r);
    	    return;
  --- 740,746 ----
    	return;
        }
        
  !     if (some_auth_required (r)) {
            if ((access_status = check_user_id (r)) != 0) {
    	    decl_die (access_status, "check user.  No user file?", r);
    	    return;