You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Cliff Skolnick <cl...@organic.com> on 1995/12/04 21:08:30 UTC
WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)
no response sent...
---------- Forwarded message ----------
Date: Mon Dec 4 8:50:14 1995
From: rico@vpro.nl
To: cliff@organic.com
Subject: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x
Submitter: rico@vpro.nl
Operating system: Solaris 2.x, version:
Extra Modules used:
URL exhibiting problem:
Symptoms:
--
CGI scripts are not passed the authentication
information when in a secure area.
Note this is in both 0.8.14 and 1.0.0
I fixed it myself in mod_auth.c
by adding the line c->auth_type=auth_type(r);
on line 195 (0.8.14) before return OK;
In 1.0.0 it is line 185
I reported this before but got no response.
--
Backtrace:
--
--
Re: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)
Posted by Brian Behlendorf <br...@organic.com>.
On Tue, 5 Dec 1995, James H. Cloos Jr. wrote:
> I just tested this, and the Environment I get looks like:
...
> REMOTE_USER=cloos
...
> Note that the username entered at authentication never made it to the
> environment. I think this is what the original complaint was about.
Eh?
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/
Re: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)
Posted by "James H. Cloos Jr." <cl...@jhcloos.com>.
>> CGI scripts are not passed the authentication information when in a
>> secure area.
>>
>> Note this is in both 0.8.14 and 1.0.0
>>
>> I fixed it myself in mod_auth.c by adding the line
>> c->auth_type=auth_type(r); on line 195 (0.8.14) before return OK;
>> In 1.0.0 it is line 185
>>
Rob> This doesn't sound right. Lots of people are using
Rob> authentication on scripts.
Rob> Did you forget to add "POST" to the <Limit ... > ?
Rob> e.g.
Rob> <Limit GET POST> require valid-user </Limit>
I just tested this, and the Environment I get looks like:
DOCUMENT_ROOT=/home/www
GATEWAY_INTERFACE=CGI/1.1
HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
HTTP_CONNECTION=Keep-Alive
HTTP_COOKIE=s=caffeine6364818144005190
HTTP_HOST=www.io.com
HTTP_PRAGMA=no-cache
HTTP_REFERER=http://www.io.com/auth/
HTTP_USER_AGENT=Mozilla/2.0b3 (X11; I; BSD/OS 2.0 i386)
PATH=/usr/local/bin:/usr/bin:/bin
QUERY_STRING=
REMOTE_ADDR=199.170.88.30
REMOTE_HOST=caffeine.io.com
REMOTE_USER=cloos
REQUEST_METHOD=GET
SCRIPT_FILENAME=/home/www/auth/env.cgi
SCRIPT_NAME=/auth/env.cgi
SERVER_ADMIN=webmaster@io.com
SERVER_NAME=www.io.com
SERVER_PORT=80
SERVER_PROTOCOL=HTTP/1.0
SERVER_SOFTWARE=Apache/1.0.0
Note that the username entered at authentication never made it to the
environment. I think this is what the original complaint was about.
-JimC
--
James H. Cloos, Jr. <URL:http://www.jhcloos.com/~cloos/>
cloos@jhcloos.com Work: cloos@io.com
LPF,Usenix,SAGE,ISOC