On Tue, 20 Nov 2001, sterling wrote:
> Hi -
>
> Set up an auth directory without AuthType but with require valid-user and
> AuthName and load an auth module that uses ap_note_basic_auth_failure...
> el kabong!! this patch stops the coro dumpo.
this has bitten others in 1.x too. ended up adding protection in the
modperl wrapper functions. i applied a slightly different version to
prevent the same problem in ap_note_auth_failure(). and also changed
if (type && strcasecmp(ap_auth_type(r), "Basic"))
to
if (!type || ...)
cause i don't think it should set the *-Authenticate header if there is no
AuthType configured, right? or maybe ap_auth_type() should default to
Basic?
Index: server/protocol.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/protocol.c,v
retrieving revision 1.52
diff -u -r1.52 protocol.c
--- server/protocol.c 2001/11/12 23:49:06 1.52
+++ server/protocol.c 2001/11/21 03:10:39
@@ -756,15 +756,25 @@
AP_DECLARE(void) ap_note_auth_failure(request_rec *r)
{
- if (!strcasecmp(ap_auth_type(r), "Basic"))
- ap_note_basic_auth_failure(r);
- else if (!strcasecmp(ap_auth_type(r), "Digest"))
- ap_note_digest_auth_failure(r);
+ const char *type = ap_auth_type(r);
+ if (type) {
+ if (!strcasecmp(type, "Basic"))
+ ap_note_basic_auth_failure(r);
+ else if (!strcasecmp(type, "Digest"))
+ ap_note_digest_auth_failure(r);
+ }
+ /* XXX: else there is no AuthType configured
+ * should we log an error or something ?
+ */
}
AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r)
{
- if (strcasecmp(ap_auth_type(r), "Basic"))
+ const char *type = ap_auth_type(r);
+ /* if there is no AuthType configure or it is something other than
+ * Basic, let ap_note_auth_failure() deal with it
+ */
+ if (!type || strcasecmp(type, "Basic"))
ap_note_auth_failure(r);
else
apr_table_setn(r->err_headers_out,
