You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/01/20 08:11:55 UTC
[Bug 62025] New: mod_headers doesn't edit WWW-Authentication from
mod_auth_basic
https://bz.apache.org/bugzilla/show_bug.cgi?id=62025
Bug ID: 62025
Summary: mod_headers doesn't edit WWW-Authentication from
mod_auth_basic
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_headers
Assignee: bugs@httpd.apache.org
Reporter: rr@antcom.de
Target Milestone: ---
Created attachment 35690
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35690&action=edit
Fix for editing headers from mod_auth_basic in mod_headers
Hi!
When using a directive like
"Header always edit WWW-Authenticate ^Basic SR_Basic"
in the apache configuration to fine tune mod_auth_basic functionality,
mod_headers doesn't change this header as expected.
I traced that apache adds the "WWW-Authenticate" header in mod_auth_basic.c (to
r->err_headers_out) and afterwards handles the "Header" directive in
mod_headers.c which unfortunately operates on a different copy of
r->err_headers_out in mod_headers.c:ap_headers_error_filter().
When adding a second do_headers_fixup() to ap_headers_error_filter() as done in
ap_headers_output_filter() to operate on r->headers_out also, the problem is
gone.
Some context with a similar problem description at:
https://stackoverflow.com/questions/46220113/remove-www-authenticate-header
I'm attaching a patch that fixed it for me.
Thanks!
Roland
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62025] mod_headers doesn't edit WWW-Authentication from
mod_auth_basic
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62025
Paolo Di Patria <pa...@finantix.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |paolo.dipatria@finantix.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62025] mod_headers doesn't edit WWW-Authentication from
mod_auth_basic
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62025
--- Comment #2 from Luca Toscano <to...@gmail.com> ---
Also very interesting that with trunk I get the correct result:
# curl localhost/session/test -i
HTTP/1.1 401 Unauthorized
Date: Mon, 22 Oct 2018 07:35:07 GMT
Server: Apache/2.5.1-dev (Unix) OpenSSL/1.1.0f
HelloHello: Blupp
WWW-Authenticate: SR_Basic realm="abcdef"
Content-Length: 381
Content-Type: text/html; charset=iso-8859-1
and gdb tells me that mod_headers get WWW-Authenticate in err_headers_out, as
expected..
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62025] mod_headers doesn't edit WWW-Authentication from
mod_auth_basic
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62025
Luca Toscano <to...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62025] mod_headers doesn't edit WWW-Authentication from
mod_auth_basic
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62025
--- Comment #1 from Luca Toscano <to...@gmail.com> ---
Hi Roland,
thanks a lot for the report. I reproduced with the basic config outlined in the
stack-overflow post and the latest 2.4.x version of the code.
gdb shows me:
Thread 6 "httpd" hit Breakpoint 1, ap_headers_error_filter (f=0x7fffc4007698,
in=0x7fffc4007830) at mod_headers.c:906
906 do_headers_fixup(f->r, f->r->err_headers_out, dirconf->fixup_err,
0);
(gdb) dump_table f->r->err_headers_out
(gdb) dump_table f->r->headers_out
[0] 'WWW-Authenticate'='Basic realm="abcdef"' [0x7fffc4007658]
Header always should only add/modify/etc.. the err_headers_out list, not the
headers_out one, so mod_headers seems to work as intended. The main issue that
I am seeing is related to the WWW-Authenticate header, that should not be in
headers_out..
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 62025] mod_headers doesn't edit WWW-Authentication from
mod_auth_basic
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62025
--- Comment #3 from Luca Toscano <to...@gmail.com> ---
I re-tested 2.4.x with http://svn.apache.org/r1832092 and it seems to work
fine, can you test Roland if you still have patience/time?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org