You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by Andre Wanderley de Souza <ie...@gmail.com> on 2005/01/24 17:50:25 UTC

user:pass explorer work around

helo there,
my name is andre and i am a web-developer.
recentily i found that the explorer can't
follow user:pass@domain anymore.
i can't find in the net any solution to this.
i tried to make some changes in mod_auth_mysql
to use thee first GET vars as username and password
for http authentification. ex. domain/?user:pass&
but i cant. i am not a programmer and have no idea
howto implement it.

i try putting this in db_authenticate_basic_user but i can't
even see the prints for debbuging...

 const char delimiters[] = ":&";
 char *user = r->user;
 char *pass, *args;

 if(sent_pw == NULL){
  ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
   "password not send.");
  args = strdupa(r->args);
  if(user == NULL){
   ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
    "user not send.");
   user = strtok(args, delimiters);
  } else {
   sent_pw = strtok(args, delimiters);
  }
  sent_pw = strtok(NULL, delimiters);
 } else {
  printf(2,"user: %x / password: %x", user, sent_pw);
 }

can you look at it, please? if do not take you much time....
thank you a lot.
andre souza


//

static int db_authenticate_basic_user(request_rec *r)
{
 auth_mysql_config_rec *conf = ap_get_module_config(r->per_dir_config, 
&auth_mysql_module);
 const char *sent_pw;
 char *real_pw, *colon_pw;
 apr_status_t invalid_pw;
 int res;

 const char delimiters[] = ":&";
 char *user = r->user;
 char *pass, *args;
 
 if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
  return res;
 
 printf(2,"user: %d / password: %d", user, sent_pw);
 
 if(sent_pw == NULL){
  ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
   "password not send.");
  args = strdupa(r->args);
  if(user == NULL){
   ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
    "user not send.");
   user = strtok(args, delimiters);
  } else {
   sent_pw = strtok(args, delimiters);
  }
  sent_pw = strtok(NULL, delimiters);
 } else {
  printf(2,"user: %x / password: %x", user, sent_pw);
 }
 
 if ( is_virtual_in_db(r,conf) == NULL ) {
  ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
    "host (%s) not found in db",
    conf->auth_virtualhost ? r->hostname : r->server->server_hostname);
  return DECLINED;
 }
 
 if (!(real_pw = get_db_pw(r, user, conf))) {
  if (!(conf->auth_dbauthoritative))
   return DECLINED;
  ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
   "user not found on %s: http://%s:%s@%s%s",
   conf->auth_virtualhost ? r->hostname : r->server->server_hostname,
   user, sent_pw, r->hostname, r->uri);
  ap_note_basic_auth_failure(r);
  return HTTP_UNAUTHORIZED;
 }
 /* Password is up to first : if exists */
 colon_pw = strchr(real_pw, ':');
 if (colon_pw) {
   *colon_pw = '\0';
 }
 invalid_pw = apr_password_validate(sent_pw, real_pw);
 if (invalid_pw != APR_SUCCESS) {
  ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
   "password mismatch on %s: http://%s:%s@%s%s %d%d",
   conf->auth_virtualhost ? r->hostname : r->server->server_hostname,
   user, sent_pw, r->hostname, r->uri, user, sent_pw);
  ap_note_basic_auth_failure(r);
  return HTTP_UNAUTHORIZED;
 }
 return OK;
}