dgaudet 98/01/02 15:58:29
Modified: . STATUS
src CHANGES
src/modules/standard mod_digest.c
Log:
Using the digest Authentication scheme for proxy authentication, authorization
never succeeds because mod_digest always looks at the Authorization header,
never at the Proxy-Authorization header.
Also, the scheme in the auth header is compared to "Digest" using a case-
sensitive comparison, instead of a case-insensitive comparison.
PR: 1599
Submitted by: Ronald Tschalaer <[EMAIL PROTECTED]>
Reviewed by: Dean Gaudet, Jim Jagielski
Revision Changes Path
1.47 +1 -5 apachen/STATUS
Index: STATUS
===================================================================
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- STATUS 1998/01/02 23:46:06 1.46
+++ STATUS 1998/01/02 23:58:24 1.47
@@ -65,6 +65,7 @@
* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments
* Dean's [PATCH] mod_info minor cleanups (take 2)
* Dean's [PATCH] mod_status cleanups
+ * [PATCH] mod_digest/1599: proxy authentication using the digest auth
scheme never succeeds (fwd)
Available Patches:
@@ -72,11 +73,6 @@
<[EMAIL PROTECTED]>
Status: Ken +1, Jim +1
Gregory Lundberg says it's legally invalid
-
- * [PATCH] mod_digest/1599: proxy authentication using the digest auth
- scheme never succeeds (fwd)
- <[EMAIL PROTECTED]>
- Status: Dean +1, Jim +1
* Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe
<[EMAIL PROTECTED]>
1.556 +4 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.555
retrieving revision 1.556
diff -u -r1.555 -r1.556
--- CHANGES 1998/01/02 23:46:07 1.555
+++ CHANGES 1998/01/02 23:58:26 1.556
@@ -1,5 +1,9 @@
Changes with Apache 1.3b4
+ *) mod_digest didn't properly deal with proxy authentication. It
+ also lacked a case-insensitive comparision of the "Digest"
+ token. [Ronald Tschalaer <[EMAIL PROTECTED]>] PR#1599
+
*) A few cleanups in mod_status for efficiency. [Dean Gaudet]
*) A few cleanups in mod_info to make it thread-safe, and remove an
1.28 +4 -2 apachen/src/modules/standard/mod_digest.c
Index: mod_digest.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_digest.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- mod_digest.c 1997/12/18 20:39:18 1.27
+++ mod_digest.c 1998/01/02 23:58:28 1.28
@@ -132,7 +132,9 @@
int get_digest_rec(request_rec *r, digest_header_rec * response)
{
- const char *auth_line = table_get(r->headers_in, "Authorization");
+ const char *auth_line = table_get(r->headers_in,
+ r->proxyreq ? "Proxy-Authorization"
+ : "Authorization");
int l;
int s = 0, vk = 0, vv = 0;
char *t, *key, *value;
@@ -151,7 +153,7 @@
return AUTH_REQUIRED;
}
- if (strcmp(getword(r->pool, &auth_line, ' '), "Digest")) {
+ if (strcasecmp(getword(r->pool, &auth_line, ' '), "Digest")) {
/* Client tried to authenticate using wrong auth scheme */
aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
"client used wrong authentication scheme: %s", r->uri);
