You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ge...@apache.org on 2004/04/05 20:00:16 UTC

cvs commit: httpd-2.0 CHANGES

geoff       2004/04/05 11:00:16

  Modified:    modules/aaa mod_auth_digest.c
               .        CHANGES
  Log:
  Allow Digest providers to return AUTH_DENIED to propagate a 401
  status and terminate the provider chain prior to checking the password.
  Reviewed by:	justin
  
  Revision  Changes    Path
  1.88      +8 -0      httpd-2.0/modules/aaa/mod_auth_digest.c
  
  Index: mod_auth_digest.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/aaa/mod_auth_digest.c,v
  retrieving revision 1.87
  retrieving revision 1.88
  diff -u -r1.87 -r1.88
  --- mod_auth_digest.c	23 Mar 2004 13:57:48 -0000	1.87
  +++ mod_auth_digest.c	5 Apr 2004 18:00:15 -0000	1.88
  @@ -1777,6 +1777,14 @@
       else if (return_code == AUTH_USER_FOUND) {
           /* we have a password, so continue */
       }
  +    else if (return_code == AUTH_DENIED) {
  +        /* authentication denied in the provider before attempting a match */
  +        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
  +                      "Digest: user `%s' in realm `%s' denied by provider: %s",
  +                      r->user, conf->realm, r->uri);
  +        note_digest_auth_failure(r, conf, resp, 0);
  +        return HTTP_UNAUTHORIZED;
  +    }
       else {
           /* AUTH_GENERAL_ERROR (or worse)
            * We'll assume that the module has already said what its error
  
  
  
  1.1448    +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1447
  retrieving revision 1.1448
  diff -u -r1.1447 -r1.1448
  --- CHANGES	5 Apr 2004 17:34:46 -0000	1.1447
  +++ CHANGES	5 Apr 2004 18:00:15 -0000	1.1448
  @@ -2,6 +2,10 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) Allow Digest providers to return AUTH_DENIED to propagate a 401
  +     status and terminate the provider chain prior to checking the password.
  +     [Geoffrey Young]
  +
     *) Allow RequestHeader directives to be conditional. PR 27951.
        [Vincent Deffontaines <vincent gryzor.com>, Andr� Malo]