> currently, mod_auth_basic and mod_auth_digest behave inconsistently > in some cases. for example, if i enter a wrong user/pw combination, > mod_auth_basic writes the following logline (i.e. without a username)
... > another inconsistency would be that if the authentication provider > reports and internal error, mod_auth_basic produces an "internal server > error" whereas mod_auth_diges produces a "user not found" message, both > to the client an in the logs. > > there are probably other edge cases where the two modules behave > inconsistenly. ideally, if i change the paramter of AuthType, > other things should stay the same in every possible way. yeah, that would certainly be a good idea. give the attached patches a whirl and see if they work for you. feedback from justin or others that are familiar appreciated :) --Geoff
Index: modules/aaa/mod_auth_basic.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/modules/aaa/mod_auth_basic.c,v retrieving revision 1.16 diff -u -r1.16 mod_auth_basic.c --- modules/aaa/mod_auth_basic.c 9 Feb 2004 20:29:17 -0000 1.16 +++ modules/aaa/mod_auth_basic.c 19 Feb 2004 17:14:33 -0000 @@ -176,6 +176,9 @@ *user = ap_getword_nulls(r->pool, (const char**)&decoded_line, ':'); *pw = decoded_line; + /* set the user, even though the user is unauthenticated at this point */ + r->user = (char *) *user; + return OK; }
Index: modules/aaa/mod_auth_digest.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/modules/aaa/mod_auth_digest.c,v retrieving revision 1.85 diff -u -r1.85 mod_auth_digest.c --- modules/aaa/mod_auth_digest.c 9 Feb 2004 20:29:17 -0000 1.85 +++ modules/aaa/mod_auth_digest.c 19 Feb 2004 17:14:25 -0000 @@ -1328,8 +1328,8 @@ * Authorization header verification code */ -static const char *get_hash(request_rec *r, const char *user, - digest_config_rec *conf) +static authn_status get_hash(request_rec *r, const char *user, + digest_config_rec *conf) { authn_status auth_result; char *password; @@ -1374,12 +1374,11 @@ current_provider = current_provider->next; } while (current_provider); - if (auth_result != AUTH_USER_FOUND) { - return NULL; - } - else { - return password; + if (auth_result == AUTH_USER_FOUND) { + conf->ha1 = password; } + + return auth_result; } static int check_nc(const request_rec *r, const digest_header_rec *resp, @@ -1593,6 +1592,7 @@ request_rec *mainreq; const char *t; int res; + authn_status return_code; /* do we require Digest auth for this URI? */ @@ -1738,14 +1738,25 @@ return HTTP_UNAUTHORIZED; } - if (!(conf->ha1 = get_hash(r, r->user, conf))) { + return_code = get_hash(r, r->user, conf); + + if (return_code == AUTH_USER_NOT_FOUND) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Digest: user `%s' in realm `%s' not found: %s", r->user, conf->realm, r->uri); note_digest_auth_failure(r, conf, resp, 0); return HTTP_UNAUTHORIZED; } - + else if (return_code == AUTH_USER_FOUND) { + /* we have a password, so continue */ + } + else { + /* AUTH_GENERAL_ERROR (or worse) + * We'll assume that the module has already said what its error + * was in the logs. + */ + return HTTP_INTERNAL_SERVER_ERROR; + } if (resp->message_qop == NULL) { /* old (rfc-2069) style digest */