You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Dean Gaudet <dg...@hyperreal.org> on 1997/07/19 10:02:10 UTC
cvs commit: apache/src http_protocol.c http_request.c mod_auth.c mod_auth_anon.c mod_auth_db.c mod_auth_dbm.c mod_auth_msql.c mod_digest.c
dgaudet 97/07/19 01:02:09
Modified: src http_protocol.c http_request.c mod_auth.c
mod_auth_anon.c mod_auth_db.c mod_auth_dbm.c
mod_auth_msql.c mod_digest.c
Log:
Move the proxy auth status test into die() so that nothing else really
has to know about it.
Revision Changes Path
1.141 +2 -4 apache/src/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_protocol.c,v
retrieving revision 1.140
retrieving revision 1.141
diff -C3 -r1.140 -r1.141
*** http_protocol.c 1997/07/19 06:20:42 1.140
--- http_protocol.c 1997/07/19 08:02:04 1.141
***************
*** 929,944 ****
if(!auth_line) {
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
if (strcmp(getword (r->pool, &auth_line, ' '), "Basic")) {
/* Client tried to authenticate using wrong auth scheme */
log_reason ("client used wrong authentication scheme", r->uri, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
t = uudecode (r->pool, auth_line);
--- 929,942 ----
if(!auth_line) {
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
if (strcmp(getword (r->pool, &auth_line, ' '), "Basic")) {
/* Client tried to authenticate using wrong auth scheme */
log_reason ("client used wrong authentication scheme", r->uri, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
t = uudecode (r->pool, auth_line);
1.63 +4 -0 apache/src/http_request.c
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -C3 -r1.62 -r1.63
*** http_request.c 1997/07/15 21:39:57 1.62
--- http_request.c 1997/07/19 08:02:04 1.63
***************
*** 790,795 ****
--- 790,799 ----
char *custom_response = response_code_string(r, error_index);
int recursive_error = 0;
+ if (r->status == AUTH_REQUIRED && r->proxyreq) {
+ r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
+ }
+
if (type == DONE) {
finalize_request_protocol(r);
return;
1.21 +3 -5 apache/src/mod_auth.c
Index: mod_auth.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -C3 -r1.20 -r1.21
*** mod_auth.c 1997/07/19 06:20:43 1.20
--- mod_auth.c 1997/07/19 08:02:04 1.21
***************
*** 203,218 ****
ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
return OK;
}
--- 203,216 ----
ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
/* anyone know where the prototype for crypt is? */
if(strcmp(real_pw,(char *)crypt(sent_pw,real_pw))) {
ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
return OK;
}
***************
*** 279,285 ****
return DECLINED;
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED);
}
module MODULE_VAR_EXPORT auth_module = {
--- 277,283 ----
return DECLINED;
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
module MODULE_VAR_EXPORT auth_module = {
1.21 +1 -2 apache/src/mod_auth_anon.c
Index: mod_auth_anon.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth_anon.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -C3 -r1.20 -r1.21
*** mod_auth_anon.c 1997/07/19 06:20:44 1.20
--- mod_auth_anon.c 1997/07/19 08:02:05 1.21
***************
*** 251,258 ****
"Anonymous: Authoritative, Passwd <%s> not accepted",
send_pw ? send_pw : "\'none\'");
log_error(errstr,r->server);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
/* Drop out the bottom to return DECLINED */
}
--- 251,257 ----
"Anonymous: Authoritative, Passwd <%s> not accepted",
send_pw ? send_pw : "\'none\'");
log_error(errstr,r->server);
! return AUTH_REQUIRED;
}
/* Drop out the bottom to return DECLINED */
}
1.15 +4 -8 apache/src/mod_auth_db.c
Index: mod_auth_db.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth_db.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -C3 -r1.14 -r1.15
*** mod_auth_db.c 1997/07/19 06:20:44 1.14
--- mod_auth_db.c 1997/07/19 08:02:05 1.15
***************
*** 204,211 ****
ap_snprintf(errstr, sizeof(errstr), "DB user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
/* Password is up to first : if exists */
colon_pw = strchr(real_pw,':');
--- 204,210 ----
ap_snprintf(errstr, sizeof(errstr), "DB user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
/* Password is up to first : if exists */
colon_pw = strchr(real_pw,':');
***************
*** 216,223 ****
"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
return OK;
}
--- 215,221 ----
"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
return OK;
}
***************
*** 261,268 ****
user, sec->auth_dbgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
orig_groups = groups;
while(t[0]) {
--- 259,265 ----
user, sec->auth_dbgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
orig_groups = groups;
while(t[0]) {
***************
*** 278,285 ****
"user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
}
--- 275,281 ----
"user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
! return AUTH_REQUIRED;
}
}
1.19 +4 -8 apache/src/mod_auth_dbm.c
Index: mod_auth_dbm.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth_dbm.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -C3 -r1.18 -r1.19
*** mod_auth_dbm.c 1997/07/19 06:20:44 1.18
--- mod_auth_dbm.c 1997/07/19 08:02:05 1.19
***************
*** 197,204 ****
ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
/* Password is up to first : if exists */
colon_pw = strchr(real_pw,':');
--- 197,203 ----
ap_snprintf(errstr, sizeof(errstr), "DBM user %s not found", c->user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
/* Password is up to first : if exists */
colon_pw = strchr(real_pw,':');
***************
*** 209,216 ****
"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
return OK;
}
--- 208,214 ----
"user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
return OK;
}
***************
*** 254,261 ****
user, sec->auth_dbmgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
orig_groups = groups;
while(t[0]) {
--- 252,258 ----
user, sec->auth_dbmgrpfile);
log_reason (errstr, r->filename, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
orig_groups = groups;
while(t[0]) {
***************
*** 271,278 ****
"user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
}
--- 268,274 ----
"user %s not in right group",user);
log_reason (errstr, r->filename, r);
note_basic_auth_failure(r);
! return AUTH_REQUIRED;
}
}
1.23 +13 -29 apache/src/mod_auth_msql.c
Index: mod_auth_msql.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth_msql.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -C3 -r1.22 -r1.23
*** mod_auth_msql.c 1997/07/19 06:20:45 1.22
--- mod_auth_msql.c 1997/07/19 08:02:06 1.23
***************
*** 809,816 ****
ap_snprintf(msql_errstr, MAX_STRING_LEN,
"mSQL: Password for user %s not found", c->user);
note_basic_auth_failure (r);
! res = (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
} else {
/* pass control on to the next authorization module.
*/
--- 809,815 ----
ap_snprintf(msql_errstr, MAX_STRING_LEN,
"mSQL: Password for user %s not found", c->user);
note_basic_auth_failure (r);
! res = AUTH_REQUIRED;
} else {
/* pass control on to the next authorization module.
*/
***************
*** 842,849 ****
"mSQL: user %s: Empty Password(s) Rejected",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
};
if(sec->auth_msql_encrypted) {
--- 841,847 ----
"mSQL: user %s: Empty Password(s) Rejected",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
};
if(sec->auth_msql_encrypted) {
***************
*** 862,869 ****
"mSQL user %s: password mismatch",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
return OK;
}
--- 860,866 ----
"mSQL user %s: password mismatch",c->user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure (r);
! return AUTH_REQUIRED;
}
return OK;
}
***************
*** 897,904 ****
ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s denied, no access rules specified (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
};
return DECLINED;
};
--- 894,900 ----
ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s denied, no access rules specified (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
! return AUTH_REQUIRED;
};
return DECLINED;
};
***************
*** 911,918 ****
w = getword(r->pool, &t, ' ');
if ((user_result != OK) && (!strcmp(w,"user"))) {
! user_result=(r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
while(t[0]) {
w = getword_conf (r->pool, &t);
if (!strcmp(user,w)) {
--- 907,913 ----
w = getword(r->pool, &t, ' ');
if ((user_result != OK) && (!strcmp(w,"user"))) {
! user_result=AUTH_REQUIRED;
while(t[0]) {
w = getword_conf (r->pool, &t);
if (!strcmp(user,w)) {
***************
*** 924,931 ****
ap_snprintf(msql_errstr, MAX_STRING_LEN, "User %s not found (MSQL-Auhtorative)",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
};
}
--- 919,925 ----
ap_snprintf(msql_errstr, MAX_STRING_LEN, "User %s not found (MSQL-Auhtorative)",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
! return AUTH_REQUIRED;
};
}
***************
*** 936,943 ****
) {
/* look up the membership for each of the groups in the table
*/
! group_result=(r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
while ( (t[0]) && (group_result != OK) && (!msql_errstr[0]) ) {
if (get_msql_grp(r,getword(r->pool, &t, ' '),user,sec,msql_errstr)) {
group_result= OK;
--- 930,936 ----
) {
/* look up the membership for each of the groups in the table
*/
! group_result=AUTH_REQUIRED;
while ( (t[0]) && (group_result != OK) && (!msql_errstr[0]) ) {
if (get_msql_grp(r,getword(r->pool, &t, ' '),user,sec,msql_errstr)) {
group_result= OK;
***************
*** 954,961 ****
ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s not in right groups (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
};
};
--- 947,953 ----
ap_snprintf(msql_errstr, MAX_STRING_LEN, "user %s not in right groups (MSQL-Authoritative) ",user);
log_reason (msql_errstr, r->uri, r);
note_basic_auth_failure(r);
! return AUTH_REQUIRED;
};
};
***************
*** 968,988 ****
* returns are only if msql yielded a correct result.
* This really is not needed.
*/
! if (((group_result == (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED)) ||
! (user_result == (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED))) &&
! (sec->auth_msql_authoritative)) {
ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL-Authoritative: Access denied on %s %s rule(s) ",
! (group_result ==
! (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED)) ? "USER" : "",
! (user_result ==
! (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED)) ? "GROUP" : "");
log_reason (msql_errstr, r->uri, r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
};
if ( (user_result == OK) || (group_result == OK))
--- 960,972 ----
* returns are only if msql yielded a correct result.
* This really is not needed.
*/
! if (((group_result == AUTH_REQUIRED) || (user_result == AUTH_REQUIRED)) && (sec->auth_msql_authoritative) ) {
ap_snprintf(msql_errstr, MAX_STRING_LEN, "mSQL-Authoritative: Access denied on %s %s rule(s) ",
! (group_result == AUTH_REQUIRED) ? "USER" : "",
! (user_result == AUTH_REQUIRED) ? "GROUP" : ""
! );
log_reason (msql_errstr, r->uri, r);
! return AUTH_REQUIRED;
};
if ( (user_result == OK) || (group_result == OK))
1.18 +6 -8 apache/src/mod_digest.c
Index: mod_digest.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_digest.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -C3 -r1.17 -r1.18
*** mod_digest.c 1997/07/19 06:20:45 1.17
--- mod_digest.c 1997/07/19 08:02:06 1.18
***************
*** 142,155 ****
if (!auth_line) {
note_digest_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED);
}
if (strcmp(getword (r->pool, &auth_line, ' '), "Digest")) {
/* Client tried to authenticate using wrong auth scheme */
log_reason ("client used wrong authentication scheme", r->uri, r);
note_digest_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED);
}
l = strlen(auth_line);
--- 142,155 ----
if (!auth_line) {
note_digest_auth_failure (r);
! return AUTH_REQUIRED;
}
if (strcmp(getword (r->pool, &auth_line, ' '), "Digest")) {
/* Client tried to authenticate using wrong auth scheme */
log_reason ("client used wrong authentication scheme", r->uri, r);
note_digest_auth_failure (r);
! return AUTH_REQUIRED;
}
l = strlen(auth_line);
***************
*** 226,232 ****
if (!response->username || !response->realm || !response->nonce ||
!response->requested_uri || !response->digest) {
note_digest_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED);
}
r->connection->user = response->username;
--- 226,232 ----
if (!response->username || !response->realm || !response->nonce ||
!response->requested_uri || !response->digest) {
note_digest_auth_failure (r);
! return AUTH_REQUIRED;
}
r->connection->user = response->username;
***************
*** 280,295 ****
ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
/* anyone know where the prototype for crypt is? */
if(strcmp(response->digest, find_digest(r, response, a1))) {
ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED :
! AUTH_REQUIRED);
}
return OK;
}
--- 280,293 ----
ap_snprintf(errstr, sizeof(errstr), "user %s not found",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
! return AUTH_REQUIRED;
}
/* anyone know where the prototype for crypt is? */
if(strcmp(response->digest, find_digest(r, response, a1))) {
ap_snprintf(errstr, sizeof(errstr), "user %s: password mismatch",c->user);
log_reason (errstr, r->uri, r);
note_digest_auth_failure (r);
! return AUTH_REQUIRED;
}
return OK;
}
***************
*** 342,348 ****
return OK;
note_digest_auth_failure(r);
! return (r->proxyreq ? HTTP_PROXY_AUTHENTICATION_REQUIRED : AUTH_REQUIRED);
}
module MODULE_VAR_EXPORT digest_module = {
--- 340,346 ----
return OK;
note_digest_auth_failure(r);
! return AUTH_REQUIRED;
}
module MODULE_VAR_EXPORT digest_module = {