You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/02/24 13:09:03 UTC
DO NOT REPLY [Bug 48807] New: Design policy of "aaa module" is
incomplete because of hard coded string.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48807
Summary: Design policy of "aaa module" is incomplete because of
hard coded string.
Product: Apache httpd-2
Version: 2.2.14
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: develop-subscribe@lepidum.co.jp
Created an attachment (id=25050)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25050)
for protocol.c
I'm coding a new authentication module and have some trouble with adding a
proper 'WWW-Authenticate' header.
Apaceh2 separates aaa module to mod_auth_X and mod_authz_Y.
In current implementation, if mod_auth_X authenticates user 'foo' successfully
and
mod_authz_Y does not authorize 'foo', mod_authz_Y calls function
'ap_note_auth_failure()'.
This function gets the authentication scheme by calling 'ap_auth_type(r)' and
adds the associated 'WWW-Authenticate' header.
There are hard-coded invocations of 'ap_note_X_auth_failure' where X is 'basic'
or 'digest', and there are almost same function in mod_auth_X as
'ap_note_X_auth_failure'.
This design also causes problem when making a new authentication module without
editing 'server/protocol.c'.
I think the routine should reside only in mod_auth_X.
The following patch solves only the new scheme problem by setting a
'note-auth-failure' property in mod_auth_X.
'ap_note_X_auth_failure' in 'server/protocol.c' are not touched but can be
removed by the same way.
The reason of the list structure has multiple headers.
(This issue was found during "HTTP Mutual Access Authentication Protocol"
development.
http://tools.ietf.org/html/draft-oiwa-http-mutualauth ,
https://www.rcis.aist.go.jp/special/MutualAuth/index-en.html ,
https://www.rcis.aist.go.jp/special/MutualAuth/software/mod_auth_mutual/index-en.html
)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48807] Design policy of "aaa module" is incomplete
because of hard coded string.
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48807
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--- Comment #1 from Stefan Fritsch <sf...@sfritsch.de> 2010-07-04 17:20:38 EDT ---
In trunk, I have solved this by allowing modules to hook into
ap_note_auth_failure. Commited in r960399
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 48807] Design policy of "aaa module" is incomplete
because of hard coded string.
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=48807
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Stefan Fritsch <sf...@sfritsch.de> 2012-02-26 17:02:41 UTC ---
fixed in 2.4.1
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org