You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by dg...@hyperreal.org on 1998/01/20 01:07:24 UTC
cvs commit: apachen/src/main http_protocol.c
dgaudet 98/01/19 16:07:23
Modified: . STATUS
src CHANGES
src/main http_protocol.c
Log:
basic auth token should be tested case-insensitive
PR: 1666
Submitted by: Ronald.Tschalaer@psi.ch
Reviewed by: Dean Gaudet, Martin Kraemer, Ken Coar
Revision Changes Path
1.98 +1 -0 apachen/STATUS
Index: STATUS
===================================================================
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- STATUS 1998/01/18 10:36:57 1.97
+++ STATUS 1998/01/20 00:07:18 1.98
@@ -87,6 +87,7 @@
* Martin's [PORT] Make apache compile & run on an EBCDIC mainframe
* Martin's [PATCH] mod_speling [300] Multiple Choices bug (Take 2)
* Dean's [PATCH] protect the environment
+ * general/1666: Apache uses a case sensitive match for "Basic" auth scheme
Available Patches:
1.567 +3 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.566
retrieving revision 1.567
diff -u -r1.566 -r1.567
--- CHANGES 1998/01/14 21:01:06 1.566
+++ CHANGES 1998/01/20 00:07:20 1.567
@@ -1,5 +1,8 @@
Changes with Apache 1.3b4
+ *) "basic" auth needs a case-insensitive comparison.
+ [Ronald.Tschalaer@psi.ch] PR#1666
+
*) For maximum portability, the environment passed to CGIs should
only contain variables whose names match the regex
/[a-zA-Z][a-zA-Z0-9_]*/. This is now enforced by stamping
1.175 +1 -1 apachen/src/main/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175
--- http_protocol.c 1998/01/13 23:11:12 1.174
+++ http_protocol.c 1998/01/20 00:07:22 1.175
@@ -943,7 +943,7 @@
return AUTH_REQUIRED;
}
- if (strcmp(getword(r->pool, &auth_line, ' '), "Basic")) {
+ if (strcasecmp(getword(r->pool, &auth_line, ' '), "Basic")) {
/* Client tried to authenticate using wrong auth scheme */
aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
"client used wrong authentication scheme: %s", r->uri);