mod_auth_digest.c: In function ‘set_shmem_size’:
mod_auth_digest.c:681: warning: format ‘%ld’ expects type ‘long int’, but argument 7 has type ‘apr_size_t’
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@886213 13f79535-47bb-0310-9956-ffa450edef68
watchdog: use better mutex type name
ldap/digest: use same FOO_mutex_type variable name as other modules
for easier searching
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@883708 13f79535-47bb-0310-9956-ffa450edef68
and WatchdogMutexPath with a single Mutex directive. Add APIs to
simplify setup and user customization of APR proc and global mutexes.
(See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer
respected; set DEFAULT_REL_RUNTIMEDIR instead.
Some existing modules, such as mod_ldap and mod_auth_digest gain
configurability for their mutexes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@883540 13f79535-47bb-0310-9956-ffa450edef68
which allows optional functions that just wrapped ap_list_provider_names()
to be removed from authn/z modules.
This change requires modules/aaa/mod_auth.h to be included into
server/request.c, which necessitates a minor change to configure.in for
Unix platforms.
I'm unable to tell whether a similar change is necessary for Windows and
NetWare builds or not. Could developers with access to those platforms
please test and make any needed configuration or build alterations? Thanks!
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@659160 13f79535-47bb-0310-9956-ffa450edef68
configurations which match those of the initial request. Revert to
the original behaviour (call access control hooks for internal requests
with URIs different from the initial request) if any access control hooks
or providers are not registered as permitting this optimization.
Introduce wrappers for access control hook and provider registration
which can accept additional mode and flag data.
The configuration walk optimizations were originally proposed a while
ago (see http://marc.info/?l=apache-httpd-dev&m=116536713506234&w=2);
they have been used since then in production systems and appear to be
stable and effective. They permit certain combinations of modules
and clients to function efficiently, especially when a deeply recursive
series of internal requests, such as those generated by certain WebDAV
requests, are all subject to the identical authentication and authorization
directives.
The major change from the original proposal is a cleaner mechanism for
detecting modules which may expect the old behaviour. This has been
tested successfully with Subversion's mod_authz_svn, which specifically
requires the old behaviour when performing path-based authorization based
against its own private access control configuration files.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644525 13f79535-47bb-0310-9956-ffa450edef68
used uninitialized" warning; fix validation of digest-uri for CONNECT
requests:
(copy_uri_components): Copy the hostinfo field.
(authenticate_digest_user): Don't pass NULL (or, previously, a random
pointer) to strcmp if a digest-uri is provided which doesn't match the
request-uri in a CONNECT request.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@193127 13f79535-47bb-0310-9956-ffa450edef68
now populates r->user with the (possibly unauthenticated) user,
and mod_auth_digest returns 500 when a provider returns
AUTH_GENERAL_ERROR
Reviewed by: justin
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102719 13f79535-47bb-0310-9956-ffa450edef68
Our docs say about AuthDigestDomain:
This directive should always be specified and contain at least the (set of)
root URI(s) for this space. Omitting to do so will cause the client to send
the Authorization header for every request sent to this server.
guessing the parameter is somewhat bogus. guess_domain() also resulted sometimes
in relative URIs, non-URI strings or empty strings, which caused a lot of
problems.
According to the docs, the domain parameter will be omitted now,
if not specified. This is exactly, what one would expect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98636 13f79535-47bb-0310-9956-ffa450edef68
AuthDigestProvider dbm? This results in a great kaboom. The patch makes
apache throw an error, if someone tries a provider, that doesn't support
the particular auth scheme.
Submitted by: Andre Malo <nd@perlig.de>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97802 13f79535-47bb-0310-9956-ffa450edef68
not only break, if access is granted. It should also break, if
access was *denied* by one provider. To be safe, it has to break
also, if an error occured. So the patch turns the condition around
and continues only, if the user was not found.
I find it also weird, that if auth was denied (by password
usually), the AuthBasicAuthoritative behaviour can override that
by "passing to lower modules". The patch changes that behaviour,
too.
Justin notes:
I'm kind of on the fence about that. I was originally thinking
optimistically, but yeah, it might make sense to do it
pessimistically. If there's any error, bug out.
Submitted by: Andre Malo <nd@perlig.de>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97801 13f79535-47bb-0310-9956-ffa450edef68
the DSO link problems for DAV and the new aaa modules by moving the
provider code into the core of the server and generalizing them to be
used by any code.
Remove the auth{nz}_*_provider functions as they are no longer needed.
Change the dav_*_provider functions to wrap the ap_*_provider functions
as they have a bit more of a historical precedent that we should keep
around.
Reviewed by: John K. Sterling <john@sterls.com> (in concept)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96919 13f79535-47bb-0310-9956-ffa450edef68
