On Tue, 20 Nov 2001, sterling wrote: > Hi - > > Set up an auth directory without AuthType but with require valid-user and > AuthName and load an auth module that uses ap_note_basic_auth_failure... > el kabong!! this patch stops the coro dumpo.
this has bitten others in 1.x too. ended up adding protection in the modperl wrapper functions. i applied a slightly different version to prevent the same problem in ap_note_auth_failure(). and also changed if (type && strcasecmp(ap_auth_type(r), "Basic")) to if (!type || ...) cause i don't think it should set the *-Authenticate header if there is no AuthType configured, right? or maybe ap_auth_type() should default to Basic? Index: server/protocol.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/protocol.c,v retrieving revision 1.52 diff -u -r1.52 protocol.c --- server/protocol.c 2001/11/12 23:49:06 1.52 +++ server/protocol.c 2001/11/21 03:10:39 @@ -756,15 +756,25 @@ AP_DECLARE(void) ap_note_auth_failure(request_rec *r) { - if (!strcasecmp(ap_auth_type(r), "Basic")) - ap_note_basic_auth_failure(r); - else if (!strcasecmp(ap_auth_type(r), "Digest")) - ap_note_digest_auth_failure(r); + const char *type = ap_auth_type(r); + if (type) { + if (!strcasecmp(type, "Basic")) + ap_note_basic_auth_failure(r); + else if (!strcasecmp(type, "Digest")) + ap_note_digest_auth_failure(r); + } + /* XXX: else there is no AuthType configured + * should we log an error or something ? + */ } AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r) { - if (strcasecmp(ap_auth_type(r), "Basic")) + const char *type = ap_auth_type(r); + /* if there is no AuthType configure or it is something other than + * Basic, let ap_note_auth_failure() deal with it + */ + if (!type || strcasecmp(type, "Basic")) ap_note_auth_failure(r); else apr_table_setn(r->err_headers_out,