chuck 96/06/07 13:11:34
Modified: src mod_auth.c mod_digest.c
Log:
Reviewed by: Chuck Murcko
Submitted by: Cliff Skolnick
Obtained from: [EMAIL PROTECTED]
mod_auth.c already accepts any user id, if there are
no "requires" directives found for a directory or
location.
Since "requires" directives can occur inside a
<Limit> directive it should also accept any
user id if there are "requires" directives, but
done matches the actual request method.
The same problem exists in mod_digest.c
Revision Changes Path
1.3 +6 -1 apache/src/mod_auth.c
Index: mod_auth.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_auth.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -C3 -r1.2 -r1.3
*** mod_auth.c 1996/02/22 11:46:55 1.2
--- mod_auth.c 1996/06/07 20:11:28 1.3
***************
*** 193,199 ****
(auth_config_rec *)get_module_config (r->per_dir_config,
&auth_module);
char *user = r->connection->user;
int m = r->method_number;
!
register int x;
char *t, *w;
table *grpstatus;
--- 193,199 ----
(auth_config_rec *)get_module_config (r->per_dir_config,
&auth_module);
char *user = r->connection->user;
int m = r->method_number;
! int method_restricted = 0;
register int x;
char *t, *w;
table *grpstatus;
***************
*** 216,221 ****
--- 216,223 ----
if (! (reqs[x].method_mask & (1 << m))) continue;
+ method_restricted = 1;
+
t = reqs[x].requirement;
w = getword(r->pool, &t, ' ');
if(!strcmp(w,"valid-user"))
***************
*** 239,244 ****
--- 241,249 ----
}
}
+ if (!method_restricted)
+ return OK;
+
note_basic_auth_failure (r);
return AUTH_REQUIRED;
}
1.6 +7 -2 apache/src/mod_digest.c
Index: mod_digest.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_digest.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -C3 -r1.5 -r1.6
*** mod_digest.c 1996/05/29 23:42:15 1.5
--- mod_digest.c 1996/06/07 20:11:30 1.6
***************
*** 290,296 ****
int digest_check_auth (request_rec *r) {
char *user = r->connection->user;
int m = r->method_number;
!
register int x;
char *t, *w;
array_header *reqs_arr;
--- 290,296 ----
int digest_check_auth (request_rec *r) {
char *user = r->connection->user;
int m = r->method_number;
! int method_restricted = 0;
register int x;
char *t, *w;
array_header *reqs_arr;
***************
*** 311,317 ****
if (! (reqs[x].method_mask & (1 << m))) continue;
! t = reqs[x].requirement;
w = getword(r->pool, &t, ' ');
if(!strcmp(w,"valid-user"))
return OK;
--- 311,319 ----
if (! (reqs[x].method_mask & (1 << m))) continue;
! method_restricted = 1;
!
! t = reqs[x].requirement;
w = getword(r->pool, &t, ' ');
if(!strcmp(w,"valid-user"))
return OK;
***************
*** 326,331 ****
--- 328,336 ----
return DECLINED;
}
+ if (!method_restricted)
+ return OK;
+
note_digest_auth_failure(r);
return AUTH_REQUIRED;
}
