www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Fix FakeBasicAuth for subrequests. This was reported via issue

Browse Source 
#1364 in Subversion:

  http://subversion.tigris.org/issues/show_bug.cgi?id=1364

The fix is to make mod_ssl's check_user_id hook stop tripping
over it's own checks in case of a subrequest.  That is, it
should DECLINE in case of a subrequest.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100926 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Sander Striker
2003-08-07 01:53:11 +00:00
parent ab054b39d8
commit ee9dda04d6
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/ssl/ssl_engine_kernel.c
View File

@@ -855,6 +855,14 @@ int ssl_hook_UserCheck(request_rec *r)
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
/*
* We decline when we are in a subrequest. The Authorization header
* would already be present if it was added in the main request.
*/
if (!ap_is_initial_req(r)) {
return DECLINED;
}
/* /*
* Make sure the user is not able to fake the client certificate * Make sure the user is not able to fake the client certificate
* based authentication by just entering an X.509 Subject DN * based authentication by just entering an X.509 Subject DN