dgaudet 98/01/02 15:58:29
Modified:.STATUS
src CHANGES
src/modules/standard mod_digest.c
Log:
Using the digest Authentication scheme for proxy authentication, authorization
never succeeds because mod_digest always looks at the Authorization header,
never at the Proxy-Authorization header.
Also, the scheme in the auth header is compared to Digest using a case-
sensitive comparison, instead of a case-insensitive comparison.
PR: 1599
Submitted by: Ronald Tschalaer [EMAIL PROTECTED]
Reviewed by: Dean Gaudet, Jim Jagielski
Revision ChangesPath
1.47 +1 -5 apachen/STATUS
Index: STATUS
===
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- STATUS1998/01/02 23:46:06 1.46
+++ STATUS1998/01/02 23:58:24 1.47
@@ -65,6 +65,7 @@
* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments
* Dean's [PATCH] mod_info minor cleanups (take 2)
* Dean's [PATCH] mod_status cleanups
+* [PATCH] mod_digest/1599: proxy authentication using the digest auth
scheme never succeeds (fwd)
Available Patches:
@@ -72,11 +73,6 @@
[EMAIL PROTECTED]
Status: Ken +1, Jim +1
Gregory Lundberg says it's legally invalid
-
-* [PATCH] mod_digest/1599: proxy authentication using the digest auth
- scheme never succeeds (fwd)
- [EMAIL PROTECTED]
- Status: Dean +1, Jim +1
* Martin's [PATCH] 36kB: Make apache compile run on an EBCDIC mainframe
[EMAIL PROTECTED]
1.556 +4 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.555
retrieving revision 1.556
diff -u -r1.555 -r1.556
--- CHANGES 1998/01/02 23:46:07 1.555
+++ CHANGES 1998/01/02 23:58:26 1.556
@@ -1,5 +1,9 @@
Changes with Apache 1.3b4
+ *) mod_digest didn't properly deal with proxy authentication. It
+ also lacked a case-insensitive comparision of the Digest
+ token. [Ronald Tschalaer [EMAIL PROTECTED]] PR#1599
+
*) A few cleanups in mod_status for efficiency. [Dean Gaudet]
*) A few cleanups in mod_info to make it thread-safe, and remove an
1.28 +4 -2 apachen/src/modules/standard/mod_digest.c
Index: mod_digest.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_digest.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- mod_digest.c 1997/12/18 20:39:18 1.27
+++ mod_digest.c 1998/01/02 23:58:28 1.28
@@ -132,7 +132,9 @@
int get_digest_rec(request_rec *r, digest_header_rec * response)
{
-const char *auth_line = table_get(r-headers_in, Authorization);
+const char *auth_line = table_get(r-headers_in,
+r-proxyreq ? Proxy-Authorization
+: Authorization);
int l;
int s = 0, vk = 0, vv = 0;
char *t, *key, *value;
@@ -151,7 +153,7 @@
return AUTH_REQUIRED;
}
-if (strcmp(getword(r-pool, auth_line, ' '), Digest)) {
+if (strcasecmp(getword(r-pool, auth_line, ' '), Digest)) {
/* Client tried to authenticate using wrong auth scheme */
aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r-server,
client used wrong authentication scheme: %s, r-uri);