You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/01/22 07:47:14 UTC
[Bug 54463] New: Case sensitive option in mod_auth
https://issues.apache.org/bugzilla/show_bug.cgi?id=54463
Bug ID: 54463
Summary: Case sensitive option in mod_auth
Product: Apache httpd-2
Version: 2.4.3
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_auth
Assignee: bugs@httpd.apache.org
Reporter: tixu@cs.ucsd.edu
Classification: Unclassified
Created attachment 29878
--> https://issues.apache.org/bugzilla/attachment.cgi?id=29878&action=edit
Case insensitive for mod_auth
The "AuthGroupFile" and "AuthUserFile" in mod_auth use case sensitive string
comparison function, i.e., strcmp, which conflicts with the case insensitivity
of Apache's configuration design. According to my understanding, httpd
champions case insensitivity for both configuration directive and configuration
options, e.g., all boolean options and the options in the core module.
The fix is straightforward as follows:
--- modules/aaa/mod_authn_file.c 2011-12-04 16:08:01.000000000 -0800
+++ modules/aaa/mod_authn_file.c 2013-01-21 22:29:01.536197988 -0800
@@ -48,7 +48,7 @@
static const char *set_authn_file_slot(cmd_parms *cmd, void *offset,
const char *f, const char *t)
{
- if (t && strcmp(t, "standard")) {
+ if (t && strcasecmp(t, "standard")) {
return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
}
--- modules/aaa/mod_authz_groupfile.c 2011-12-04 16:08:01.000000000 -0800
+++ modules/aaa/mod_authz_groupfile.c 2013-01-21 22:29:25.056198548 -0800
@@ -73,7 +73,7 @@
static const char *set_authz_groupfile_slot(cmd_parms *cmd, void *offset,
const char *f,
const char *t)
{
- if (t && strcmp(t, "standard")) {
+ if (t && strcasecmp(t, "standard")) {
return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54463] Case sensitive option in mod_auth
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54463
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #3 from Christophe JAILLET <ch...@wanadoo.fr> ---
Backported in 2.4.x: r1485737
Will be available in 2.4.5
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54463] Case sensitive option in mod_auth
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54463
Tianyin Xu <ti...@cs.ucsd.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
CC| |tixu@cs.ucsd.edu
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54463] Case sensitive option in mod_auth
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54463
--- Comment #2 from Christophe JAILLET <ch...@wanadoo.fr> ---
"standard" option removed in trunk in r1484398
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54463] Case sensitive option in mod_auth
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54463
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 54463] Case sensitive option in mod_auth
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54463
--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
Well, not sure this is the correct fix.
I really don't see the use of the 2nd optional parameter for these options.
They are not documented and the code seems to be useless.
This has been this way for more than 10 years.
Should these parameters be defined with AP_INIT_TAKE1 (instead of
AP_INIT_TAKE12) and/or the test against "standard" removed ?
This could break conf file compatibility, but I see no reason for someone to
use this 2nd parameter anyway.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org