You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ant.apache.org by Andre Wanderley de Souza <ie...@gmail.com> on 2005/01/24 17:50:25 UTC
user:pass explorer work around
helo there,
my name is andre and i am a web-developer.
recentily i found that the explorer can't
follow user:pass@domain anymore.
i can't find in the net any solution to this.
i tried to make some changes in mod_auth_mysql
to use thee first GET vars as username and password
for http authentification. ex. domain/?user:pass&
but i cant. i am not a programmer and have no idea
howto implement it.
i try putting this in db_authenticate_basic_user but i can't
even see the prints for debbuging...
const char delimiters[] = ":&";
char *user = r->user;
char *pass, *args;
if(sent_pw == NULL){
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"password not send.");
args = strdupa(r->args);
if(user == NULL){
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"user not send.");
user = strtok(args, delimiters);
} else {
sent_pw = strtok(args, delimiters);
}
sent_pw = strtok(NULL, delimiters);
} else {
printf(2,"user: %x / password: %x", user, sent_pw);
}
can you look at it, please? if do not take you much time....
thank you a lot.
andre souza
//
static int db_authenticate_basic_user(request_rec *r)
{
auth_mysql_config_rec *conf = ap_get_module_config(r->per_dir_config,
&auth_mysql_module);
const char *sent_pw;
char *real_pw, *colon_pw;
apr_status_t invalid_pw;
int res;
const char delimiters[] = ":&";
char *user = r->user;
char *pass, *args;
if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
return res;
printf(2,"user: %d / password: %d", user, sent_pw);
if(sent_pw == NULL){
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"password not send.");
args = strdupa(r->args);
if(user == NULL){
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"user not send.");
user = strtok(args, delimiters);
} else {
sent_pw = strtok(args, delimiters);
}
sent_pw = strtok(NULL, delimiters);
} else {
printf(2,"user: %x / password: %x", user, sent_pw);
}
if ( is_virtual_in_db(r,conf) == NULL ) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"host (%s) not found in db",
conf->auth_virtualhost ? r->hostname : r->server->server_hostname);
return DECLINED;
}
if (!(real_pw = get_db_pw(r, user, conf))) {
if (!(conf->auth_dbauthoritative))
return DECLINED;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"user not found on %s: http://%s:%s@%s%s",
conf->auth_virtualhost ? r->hostname : r->server->server_hostname,
user, sent_pw, r->hostname, r->uri);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
/* Password is up to first : if exists */
colon_pw = strchr(real_pw, ':');
if (colon_pw) {
*colon_pw = '\0';
}
invalid_pw = apr_password_validate(sent_pw, real_pw);
if (invalid_pw != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"password mismatch on %s: http://%s:%s@%s%s %d%d",
conf->auth_virtualhost ? r->hostname : r->server->server_hostname,
user, sent_pw, r->hostname, r->uri, user, sent_pw);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
return OK;
}