You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rodent of Unusual Size <Ke...@Golux.Com> on 1997/12/24 17:41:16 UTC
[PATCH] PR#1195 (" in auth realms)
Okey, here's a patch to close this PR and put our handling
of realm-names [back] into compliance with RFC2068. A change
to http_core.c and a new routine/file in src/ap.
The conceptual fix was approved, but no patch submitted for
it til now..
#ken P-)}
Index: ap/Makefile.tmpl
===================================================================
RCS file: /export/home/cvs/apachen/src/ap/Makefile.tmpl,v
retrieving revision 1.4
diff -u -r1.4 Makefile.tmpl
--- Makefile.tmpl 1997/12/24 04:36:15 1.4
+++ Makefile.tmpl 1997/12/24 16:18:03
@@ -6,7 +6,7 @@
LIB=libap.a
-OBJS=ap_signal.o ap_slack.o ap_snprintf.o
+OBJS=ap_signal.o ap_slack.o ap_snprintf.o ap_strings.o
.c.o:
$(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $<
@@ -27,3 +27,4 @@
ap_signal.o: $(INCDIR)/httpd.h
ap_slack.o: $(INCDIR)/httpd.h $(INCDIR)/http_log.h
ap_snprintf.o: $(INCDIR)/conf.h
+ap_strings.o: $(INCDIR)/httpd.h
Index: main/http_core.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_core.c,v
retrieving revision 1.142
diff -u -r1.142 http_core.c
--- http_core.c 1997/11/30 19:18:46 1.142
+++ http_core.c 1997/12/24 16:18:33
@@ -1618,6 +1618,18 @@
return NULL;
}
+/*
+ * Load an authorisation realm into our location configuration, applying the
+ * usual rules that apply to realms.
+ */
+static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
+{
+ core_dir_config *aconfig = (core_dir_config *)mconfig;
+
+ aconfig->auth_name = ap_escape_quotes(cmd->pool, word1);
+ return NULL;
+}
+
/* Note --- ErrorDocument will now work from .htaccess files.
* The AllowOverride of Fileinfo allows webmasters to turn it off
*/
@@ -1646,8 +1658,8 @@
{ "</FilesMatch>", end_filesection, NULL, OR_ALL, NO_ARGS, "Marks end of
<FilesMatch>" },
{ "AuthType", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_type),
OR_AUTHCFG, TAKE1, "An HTTP authorization type (e.g., \"Basic\")" },
-{ "AuthName", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_name),
- OR_AUTHCFG, RAW_ARGS, "The authentication realm (e.g. \"Members Only\")"
},
+{ "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
+ "The authentication realm (e.g. \"Members Only\")" },
{ "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which
authenticated users or groups may access a protected space" },
{ "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
"access policy if both allow and require used ('all' or 'any')" },
---ap_strings.c---
/* ====================================================================
* Copyright (c) 1995-1997 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Group" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* apache@apache.org.
*
* 5. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Group and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Group and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
#include "httpd.h"
/*
* Given a string, replace any bare " with \" .
*/
char *ap_escape_quotes (pool *p, char *instring)
{
int newlen = 0;
char *inchr = instring;
char *outchr, *outstring;
/*
* Look through the input string, jogging the length of the output
* string up by an extra byte each time we find an unescaped ".
*/
while (*inchr != '\0') {
newlen++;
if (*inchr == '"') {
newlen++;
}
/*
* If we find a slosh, and it's not the last byte in the string,
* it's escaping something - advance past both bytes.
*/
if ((*inchr == '\\') && (inchr[1] != '\0')) {
inchr++;
}
inchr++;
}
outstring = palloc(p, newlen + 1);
inchr = instring;
outchr = outstring;
/*
* Now copy the input string to the output string, inserting a slosh
* in front of every " that doesn't already have one.
*/
while (*inchr != '\0') {
if ((*inchr == '\\') && (inchr[1] != '\0')) {
*outchr++ = *inchr++;
*outchr++ = *inchr++;
}
if (*inchr == '"') {
*outchr++ = '\\';
}
if (*inchr != '\0') {
*outchr++ = *inchr++;
}
}
*outchr = '\0';
return outstring;
}
Re: [PATCH] PR#1195 (" in auth realms)
Posted by Dirk-Willem van Gulik <Di...@jrc.it>.
+1, cursory test.
DW.
On Wed, 24 Dec 1997, Rodent of Unusual Size wrote:
> Okey, here's a patch to close this PR and put our handling
> of realm-names [back] into compliance with RFC2068. A change
> to http_core.c and a new routine/file in src/ap.
>
> The conceptual fix was approved, but no patch submitted for
> it til now..
>
> #ken P-)}
>
> Index: ap/Makefile.tmpl
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/ap/Makefile.tmpl,v
> retrieving revision 1.4
> diff -u -r1.4 Makefile.tmpl
> --- Makefile.tmpl 1997/12/24 04:36:15 1.4
> +++ Makefile.tmpl 1997/12/24 16:18:03
> @@ -6,7 +6,7 @@
>
> LIB=libap.a
>
> -OBJS=ap_signal.o ap_slack.o ap_snprintf.o
> +OBJS=ap_signal.o ap_slack.o ap_snprintf.o ap_strings.o
>
> .c.o:
> $(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $<
> @@ -27,3 +27,4 @@
> ap_signal.o: $(INCDIR)/httpd.h
> ap_slack.o: $(INCDIR)/httpd.h $(INCDIR)/http_log.h
> ap_snprintf.o: $(INCDIR)/conf.h
> +ap_strings.o: $(INCDIR)/httpd.h
> Index: main/http_core.c
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/main/http_core.c,v
> retrieving revision 1.142
> diff -u -r1.142 http_core.c
> --- http_core.c 1997/11/30 19:18:46 1.142
> +++ http_core.c 1997/12/24 16:18:33
> @@ -1618,6 +1618,18 @@
> return NULL;
> }
>
> +/*
> + * Load an authorisation realm into our location configuration, applying the
> + * usual rules that apply to realms.
> + */
> +static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
> +{
> + core_dir_config *aconfig = (core_dir_config *)mconfig;
> +
> + aconfig->auth_name = ap_escape_quotes(cmd->pool, word1);
> + return NULL;
> +}
> +
> /* Note --- ErrorDocument will now work from .htaccess files.
> * The AllowOverride of Fileinfo allows webmasters to turn it off
> */
> @@ -1646,8 +1658,8 @@
> { "</FilesMatch>", end_filesection, NULL, OR_ALL, NO_ARGS, "Marks end of
> <FilesMatch>" },
> { "AuthType", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_type),
> OR_AUTHCFG, TAKE1, "An HTTP authorization type (e.g., \"Basic\")" },
> -{ "AuthName", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_name),
> - OR_AUTHCFG, RAW_ARGS, "The authentication realm (e.g. \"Members Only\")"
> },
> +{ "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
> + "The authentication realm (e.g. \"Members Only\")" },
> { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which
> authenticated users or groups may access a protected space" },
> { "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
> "access policy if both allow and require used ('all' or 'any')" },
>
> ---ap_strings.c---
> /* ====================================================================
> * Copyright (c) 1995-1997 The Apache Group. All rights reserved.
> *
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted provided that the following conditions
> * are met:
> *
> * 1. Redistributions of source code must retain the above copyright
> * notice, this list of conditions and the following disclaimer.
> *
> * 2. Redistributions in binary form must reproduce the above copyright
> * notice, this list of conditions and the following disclaimer in
> * the documentation and/or other materials provided with the
> * distribution.
> *
> * 3. All advertising materials mentioning features or use of this
> * software must display the following acknowledgment:
> * "This product includes software developed by the Apache Group
> * for use in the Apache HTTP server project (http://www.apache.org/)."
> *
> * 4. The names "Apache Server" and "Apache Group" must not be used to
> * endorse or promote products derived from this software without
> * prior written permission. For written permission, please contact
> * apache@apache.org.
> *
> * 5. Redistributions of any form whatsoever must retain the following
> * acknowledgment:
> * "This product includes software developed by the Apache Group
> * for use in the Apache HTTP server project (http://www.apache.org/)."
> *
> * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
> * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
> * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
> * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
> * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
> * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> * OF THE POSSIBILITY OF SUCH DAMAGE.
> * ====================================================================
> *
> * This software consists of voluntary contributions made by many
> * individuals on behalf of the Apache Group and was originally based
> * on public domain software written at the National Center for
> * Supercomputing Applications, University of Illinois, Urbana-Champaign.
> * For more information on the Apache Group and the Apache HTTP server
> * project, please see <http://www.apache.org/>.
> *
> */
>
> #include "httpd.h"
>
> /*
> * Given a string, replace any bare " with \" .
> */
> char *ap_escape_quotes (pool *p, char *instring)
> {
> int newlen = 0;
> char *inchr = instring;
> char *outchr, *outstring;
>
> /*
> * Look through the input string, jogging the length of the output
> * string up by an extra byte each time we find an unescaped ".
> */
> while (*inchr != '\0') {
> newlen++;
> if (*inchr == '"') {
> newlen++;
> }
> /*
> * If we find a slosh, and it's not the last byte in the string,
> * it's escaping something - advance past both bytes.
> */
> if ((*inchr == '\\') && (inchr[1] != '\0')) {
> inchr++;
> }
> inchr++;
> }
> outstring = palloc(p, newlen + 1);
> inchr = instring;
> outchr = outstring;
> /*
> * Now copy the input string to the output string, inserting a slosh
> * in front of every " that doesn't already have one.
> */
> while (*inchr != '\0') {
> if ((*inchr == '\\') && (inchr[1] != '\0')) {
> *outchr++ = *inchr++;
> *outchr++ = *inchr++;
> }
> if (*inchr == '"') {
> *outchr++ = '\\';
> }
> if (*inchr != '\0') {
> *outchr++ = *inchr++;
> }
> }
> *outchr = '\0';
> return outstring;
> }
>
http://cils.ceo.org http://enrm.ceo.org
dirkx@technologist.com Dirk.vanGulik@jrc.it
+39 332 78 0014 +39 332 78 9549 fax +39 332 78 9185
ISEI/ESBA; The Center For Earth Observation
Joint Research Centre of the European Communities, Ispra, Italy