You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2013/12/11 23:59:53 UTC
svn commit: r1550302 - in /httpd/httpd/trunk: CHANGES
modules/aaa/mod_auth_form.c
Author: minfrin
Date: Wed Dec 11 22:59:53 2013
New Revision: 1550302
URL: http://svn.apache.org/r1550302
Log:
mod_auth_form: Add a debug message when the fields on a form are not
recognised.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/aaa/mod_auth_form.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1550302&r1=1550301&r2=1550302&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Dec 11 22:59:53 2013
@@ -1,5 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+
+ *) mod_auth_form: Add a debug message when the fields on a form are not
+ recognised. [Graham Leggett]
+
*) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
[Jan Kaluza]
Modified: httpd/httpd/trunk/modules/aaa/mod_auth_form.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_form.c?rev=1550302&r1=1550301&r2=1550302&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_auth_form.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_auth_form.c Wed Dec 11 22:59:53 2013
@@ -669,12 +669,25 @@ static int get_form_auth(request_rec * r
}
/* set the user, even though the user is unauthenticated at this point */
- if (*sent_user) {
+ if (sent_user && *sent_user) {
r->user = (char *) *sent_user;
}
/* a missing username or missing password means auth denied */
- if (!sent_user || !*sent_user || !sent_pw || !*sent_pw) {
+ if (!sent_user || !*sent_user) {
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "form parsed, but username field '%s' was missing or empty, unauthorized",
+ username);
+
+ return HTTP_UNAUTHORIZED;
+ }
+ if (!sent_pw || !*sent_pw) {
+
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "form parsed, but password field '%s' was missing or empty, unauthorized",
+ password);
+
return HTTP_UNAUTHORIZED;
}