Our docs say about AuthDigestDomain:
This directive should always be specified and contain at least the (set of)
root URI(s) for this space. Omitting to do so will cause the client to send
the Authorization header for every request sent to this server.
guessing the parameter is somewhat bogus. guess_domain() also resulted sometimes
in relative URIs, non-URI strings or empty strings, which caused a lot of
problems.
According to the docs, the domain parameter will be omitted now,
if not specified. This is exactly, what one would expect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98636 13f79535-47bb-0310-9956-ffa450edef68
AuthDigestProvider dbm? This results in a great kaboom. The patch makes
apache throw an error, if someone tries a provider, that doesn't support
the particular auth scheme.
Submitted by: Andre Malo <nd@perlig.de>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97802 13f79535-47bb-0310-9956-ffa450edef68
not only break, if access is granted. It should also break, if
access was *denied* by one provider. To be safe, it has to break
also, if an error occured. So the patch turns the condition around
and continues only, if the user was not found.
I find it also weird, that if auth was denied (by password
usually), the AuthBasicAuthoritative behaviour can override that
by "passing to lower modules". The patch changes that behaviour,
too.
Justin notes:
I'm kind of on the fence about that. I was originally thinking
optimistically, but yeah, it might make sense to do it
pessimistically. If there's any error, bug out.
Submitted by: Andre Malo <nd@perlig.de>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97801 13f79535-47bb-0310-9956-ffa450edef68
the DSO link problems for DAV and the new aaa modules by moving the
provider code into the core of the server and generalizing them to be
used by any code.
Remove the auth{nz}_*_provider functions as they are no longer needed.
Change the dav_*_provider functions to wrap the ap_*_provider functions
as they have a bit more of a historical precedent that we should keep
around.
Reviewed by: John K. Sterling <john@sterls.com> (in concept)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96919 13f79535-47bb-0310-9956-ffa450edef68
do not have to re-implement basic auth and to allow mod_auth_digest (and
other modules) to leverage the authn backends.
Adds AuthBasicProvider and AuthDigestProvider directives.
This also moves a lot of the basic auth handling code inside of mod_auth_basic
(but does not remove the code in server/protocol.c - that will have to wait
for a version bump so that we don't totally bust old modules).
This patch incorporates code review comments by Greg Stein.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96739 13f79535-47bb-0310-9956-ffa450edef68
All modules are reorganized under the following scheme:
- mod_auth_*: Front-end (basic, digest)
- mod_authn_*: Authentication (anon, dbm, default, file)
- mod_authz_*: Authorization (dbm, default, groupfile, host, user)
This passes the httpd-test suite when it accounts for the renaming of
aaa modules.
Originally written by: Dirk-Willem van Gulik
Completed by: Justin Erenkrantz
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96728 13f79535-47bb-0310-9956-ffa450edef68
in the hash entry. Once initialize_module() returns, the key pointer in the
hash entry is invalid. This causes a fault the next time that the hash entry
key is checked. Calling the _set() version will store a copy of the key which
has the same lifetime as the hash table entry.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94914 13f79535-47bb-0310-9956-ffa450edef68
Added some comments that will help us make this more portable.
tmpnam() is not portable to platforms that will not inhereit
the process, so we need to pull the lock filename from somewhere
shared, like a configuration directive.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93533 13f79535-47bb-0310-9956-ffa450edef68
Enabling APR_HAS_SHARED_MEMORY again in the previous patch was bad.
This can be toggled once we straighten out all the pointers into offsets.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92794 13f79535-47bb-0310-9956-ffa450edef68
pointer math. This is required for portable scoreboards.
vhost becomes the 'vhost name string' so it now survives ap_generation
clicks. next was apparently never used.
This patch also accounts for the changes to the apr_shm api, and gives
Win32 the magic of a shared scoreboard.
Breakage aplenty on non-win32 platforms, I suspect, but this radical
surgery, and culling of unused functions, was really, really needed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92791 13f79535-47bb-0310-9956-ffa450edef68
- No longer calls exit() when the secret fails to initialize, instead
post_config just returns !OK and lets the server bail out.
- No longer fails on DSOs -- since we load-unload-reload DSOs we lose
any static memory that was initialized during the first load.
This patch allows us to simply pass on the first call to post_config,
and then do the initialization in the second call.
Tested to work on Linux from an IE5.0 client.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92630 13f79535-47bb-0310-9956-ffa450edef68
extra {} blocks. I first ran it through M-x untabify, then went through
the whole thing by hand, then compiled/tested it. This is a preemptive
style-strike.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92626 13f79535-47bb-0310-9956-ffa450edef68
causing the server not to start.
previous method was to call exit(1) which would not fail
gracefully
PR:
Obtained from:
Submitted by:
Reviewed by: (Idea only Jeff Trawick)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92144 13f79535-47bb-0310-9956-ffa450edef68
prefix to all of the uri functions (yuck), changing some includes,
and using APR error codes instead of HTTP-specific error codes.
Other notes to test this patch:
- You need to delete the util_uri.h file - exports picks up on this.
- I'd like to remove the apr_uri.h from httpd.h, but that might
increase the complexity of this patch even further. Once this patch
is accepted (in some form), then I can focus on removing apr_uri.h
from httpd.h entirely. I need baby steps (heh) right now.
- I imagine that this might break a bunch of stuff in Win32 or other OS
builds with foreign dependency files. Any help here is appreciated.
This is a start... -- justin
Submitted by: Justin Erenkrantz
Reviewed by: Roy Fielding
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89198 13f79535-47bb-0310-9956-ffa450edef68
warnings because on line 536, we are trying to assign a non-const to a
const. This started happening after a fix for Windows. This change should
solve the problem on all systems.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88860 13f79535-47bb-0310-9956-ffa450edef68
It sorts out the problem when a password protected reverse proxy URL
sends a Proxy-Authenticate to a browser instead of a WWW-Authenticate.
This patch covers the changes to the httpd-2.0 tree.
Submitted by: Graham Leggett
Reviewed by: Chuck Murcko
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88527 13f79535-47bb-0310-9956-ffa450edef68
previously:
mod_auth_digest.c: In function `set_shmem_size':
mod_auth_digest.c:625: warning: too many arguments for format
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88275 13f79535-47bb-0310-9956-ffa450edef68
some type safety. (unfortunately, our old "void*" is type-safe with the
new one, but over time we should be better)
*) Propagate the new type to all appropriate functions.
*) Random cleaning, whitespace, stylistic nits.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88225 13f79535-47bb-0310-9956-ffa450edef68
the file name, and it is easier to automate the installation
process (generating LoadModule directives from the module filenames).
Next step is to remove the 4th argument to the APACHE_MODULE macro
completely and require people to use the matching names, and to
reduce the LoadModule directive to 1 argument.... Objections?
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88189 13f79535-47bb-0310-9956-ffa450edef68
- explicitly include apr_lib.h since ap_config.h doesn't
- use apr_want.h where possible
- use APR_HAVE_ where possible
- remove some unneeded includes
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@88060 13f79535-47bb-0310-9956-ffa450edef68
