coar 97/12/27 20:51:03
Modified: . STATUS
src CHANGES
src/ap Makefile.tmpl
src/main http_core.c
Added: src/ap ap_strings.c
Log:
Correct handling of quotation marks in AuthName realm names.
PR: 1195
Reviewed by: Dean Gaudet, Jim Jagielski
Revision Changes Path
1.38 +5 -6 apachen/STATUS
Index: STATUS
===================================================================
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- STATUS 1997/12/27 23:08:20 1.37
+++ STATUS 1997/12/28 04:50:57 1.38
@@ -57,7 +57,9 @@
* Dean's [PATCH] fix Rasmus' chunking error
* [PATCH] PR#1366: fix result of send_fd_length
* Ben Hyde's [PATCH] Finish suite of mutex ops for non-threaded platforms
- * Ben Hyde's [PATCH] Serialize the update to pool.sub_* in destroy_pool
(take 2)
+ * Ben Hyde's [PATCH] Serialize the update to pool.sub_* in destroy_pool
+ (take 2)
+ * Ken's [PATCH] for PR#1195 (" in realm names)
Available Patches:
@@ -65,13 +67,10 @@
<[EMAIL PROTECTED]>
Status: Jim +1, Dirk +1, Marc wants to think about the name, Dean +1
- * [PATCH] mod_digest/1599: proxy authentication using the digest auth
scheme never succeeds (fwd)
+ * [PATCH] mod_digest/1599: proxy authentication using the digest auth
+ scheme never succeeds (fwd)
<[EMAIL PROTECTED]>
Status: Dean +1, Jim +1
-
- * Ken's [PATCH] for PR#1195 (" in realm names)
- <[EMAIL PROTECTED]>
- Status: Ken +1, Dean +1, Jim +1
* Dean's [PATCH] mod_status cleanups
<[EMAIL PROTECTED]>
1.550 +3 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.549
retrieving revision 1.550
diff -u -r1.549 -r1.550
--- CHANGES 1997/12/28 04:23:41 1.549
+++ CHANGES 1997/12/28 04:50:59 1.550
@@ -1,5 +1,8 @@
Changes with Apache 1.3b4
+ *) Correct handling of quotation marks in AuthName realm names; as a
+ byproduct, a new function: ap_escape_quotes(). [Ken Coar] PR#1195
+
*) WIN32: Work around optimiser bug that killed ISAPI in release
versions. [Ben Laurie] PR#1533
1.5 +2 -1 apachen/src/ap/Makefile.tmpl
Index: Makefile.tmpl
===================================================================
RCS file: /export/home/cvs/apachen/src/ap/Makefile.tmpl,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Makefile.tmpl 1997/12/24 04:36:15 1.4
+++ Makefile.tmpl 1997/12/28 04:51:01 1.5
@@ -6,7 +6,7 @@
LIB=libap.a
-OBJS=ap_signal.o ap_slack.o ap_snprintf.o
+OBJS=ap_signal.o ap_slack.o ap_snprintf.o ap_strings.o
.c.o:
$(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $<
@@ -27,3 +27,4 @@
ap_signal.o: $(INCDIR)/httpd.h
ap_slack.o: $(INCDIR)/httpd.h $(INCDIR)/http_log.h
ap_snprintf.o: $(INCDIR)/conf.h
+ap_strings.o: $(INCDIR)/httpd.h
1.1 apachen/src/ap/ap_strings.c
Index: ap_strings.c
===================================================================
/* ====================================================================
* Copyright (c) 1995-1997 The Apache Group. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* 4. The names "Apache Server" and "Apache Group" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* [EMAIL PROTECTED]
*
* 5. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/)."
*
* THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Group and was originally based
* on public domain software written at the National Center for
* Supercomputing Applications, University of Illinois, Urbana-Champaign.
* For more information on the Apache Group and the Apache HTTP server
* project, please see <http://www.apache.org/>.
*
*/
#include "httpd.h"
/*
* Given a string, replace any bare " with \" .
*/
char *ap_escape_quotes (pool *p, char *instring)
{
int newlen = 0;
char *inchr = instring;
char *outchr, *outstring;
/*
* Look through the input string, jogging the length of the output
* string up by an extra byte each time we find an unescaped ".
*/
while (*inchr != '\0') {
newlen++;
if (*inchr == '"') {
newlen++;
}
/*
* If we find a slosh, and it's not the last byte in the string,
* it's escaping something - advance past both bytes.
*/
if ((*inchr == '\\') && (inchr[1] != '\0')) {
inchr++;
}
inchr++;
}
outstring = palloc(p, newlen + 1);
inchr = instring;
outchr = outstring;
/*
* Now copy the input string to the output string, inserting a slosh
* in front of every " that doesn't already have one.
*/
while (*inchr != '\0') {
if ((*inchr == '\\') && (inchr[1] != '\0')) {
*outchr++ = *inchr++;
*outchr++ = *inchr++;
}
if (*inchr == '"') {
*outchr++ = '\\';
}
if (*inchr != '\0') {
*outchr++ = *inchr++;
}
}
*outchr = '\0';
return outstring;
}
1.143 +14 -2 apachen/src/main/http_core.c
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_core.c,v
retrieving revision 1.142
retrieving revision 1.143
diff -u -r1.142 -r1.143
--- http_core.c 1997/11/30 19:18:46 1.142
+++ http_core.c 1997/12/28 04:51:02 1.143
@@ -1618,6 +1618,18 @@
return NULL;
}
+/*
+ * Load an authorisation realm into our location configuration, applying the
+ * usual rules that apply to realms.
+ */
+static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
+{
+ core_dir_config *aconfig = (core_dir_config *)mconfig;
+
+ aconfig->auth_name = ap_escape_quotes(cmd->pool, word1);
+ return NULL;
+}
+
/* Note --- ErrorDocument will now work from .htaccess files.
* The AllowOverride of Fileinfo allows webmasters to turn it off
*/
@@ -1646,8 +1658,8 @@
{ "</FilesMatch>", end_filesection, NULL, OR_ALL, NO_ARGS, "Marks end of
<FilesMatch>" },
{ "AuthType", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_type),
OR_AUTHCFG, TAKE1, "An HTTP authorization type (e.g., \"Basic\")" },
-{ "AuthName", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_name),
- OR_AUTHCFG, RAW_ARGS, "The authentication realm (e.g. \"Members Only\")"
},
+{ "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
+ "The authentication realm (e.g. \"Members Only\")" },
{ "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which
authenticated users or groups may access a protected space" },
{ "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
"access policy if both allow and require used ('all' or 'any')" },
