You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Cliff Skolnick <cl...@organic.com> on 1995/12/04 21:08:30 UTC

WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)


no response sent...

---------- Forwarded message ----------
Date: Mon Dec 4 8:50:14 1995
From: rico@vpro.nl
To: cliff@organic.com
Subject: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x

Submitter: rico@vpro.nl
Operating system: Solaris 2.x, version: 
Extra Modules used: 
URL exhibiting problem: 

Symptoms:
--
CGI scripts are not passed the authentication
information when in a secure area.
 
Note this is in both 0.8.14 and 1.0.0

I fixed it myself in mod_auth.c 
by adding the line c->auth_type=auth_type(r);
on line 195 (0.8.14) before return OK;
In 1.0.0 it is line 185

I reported this before but got no response.

--

Backtrace:
--

--

Re: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)

Posted by Brian Behlendorf <br...@organic.com>.

On Tue, 5 Dec 1995, James H. Cloos Jr. wrote:
> I just tested this, and the Environment I get looks like:
...
>     REMOTE_USER=cloos
...
> Note that the username entered at authentication never made it to the
> environment.  I think this is what the original complaint was about.

Eh?

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/

Re: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)

Posted by "James H. Cloos Jr." <cl...@jhcloos.com>.

>> CGI scripts are not passed the authentication information when in a
>> secure area.
>> 
>> Note this is in both 0.8.14 and 1.0.0
>> 
>> I fixed it myself in mod_auth.c by adding the line
>> c->auth_type=auth_type(r); on line 195 (0.8.14) before return OK;
>> In 1.0.0 it is line 185
>> 

Rob> This doesn't sound right.  Lots of people are using
Rob> authentication on scripts.

Rob> Did you forget to add "POST" to the <Limit ... > ?

Rob> e.g.

Rob> <Limit GET POST> require valid-user </Limit>

I just tested this, and the Environment I get looks like:

    DOCUMENT_ROOT=/home/www
    GATEWAY_INTERFACE=CGI/1.1
    HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
    HTTP_CONNECTION=Keep-Alive
    HTTP_COOKIE=s=caffeine6364818144005190
    HTTP_HOST=www.io.com
    HTTP_PRAGMA=no-cache
    HTTP_REFERER=http://www.io.com/auth/
    HTTP_USER_AGENT=Mozilla/2.0b3 (X11; I; BSD/OS 2.0 i386)
    PATH=/usr/local/bin:/usr/bin:/bin
    QUERY_STRING=
    REMOTE_ADDR=199.170.88.30
    REMOTE_HOST=caffeine.io.com
    REMOTE_USER=cloos
    REQUEST_METHOD=GET
    SCRIPT_FILENAME=/home/www/auth/env.cgi
    SCRIPT_NAME=/auth/env.cgi
    SERVER_ADMIN=webmaster@io.com
    SERVER_NAME=www.io.com
    SERVER_PORT=80
    SERVER_PROTOCOL=HTTP/1.0
    SERVER_SOFTWARE=Apache/1.0.0

Note that the username entered at authentication never made it to the
environment.  I think this is what the original complaint was about.

-JimC
-- 
James H. Cloos, Jr.	<URL:http://www.jhcloos.com/~cloos/>
cloos@jhcloos.com	Work: cloos@io.com
LPF,Usenix,SAGE,ISOC