Skip to content
GitLab
  1. 26 Oct, 2008 1 commit
  3. 25 Oct, 2008 1 commit
  5. 24 Oct, 2008 2 commits
  7. 23 Oct, 2008 5 commits
  9. 22 Oct, 2008 10 commits
  11. 21 Oct, 2008 1 commit
  13. 20 Oct, 2008 1 commit
  15. 19 Oct, 2008 1 commit
  17. 17 Oct, 2008 1 commit
  19. 16 Oct, 2008 4 commits
    • Chris Darroch's avatar
      Prior to authn/z refactoring in r368027, if authorization Require · 65d1ef00
      Chris Darroch authored 
      directives had no matching AuthType and associated authentication
directives, requests would generally fall through in the
check_user_id hook to mod_authn_default.c's authentication_no_user()
handler, which returned DECLINED if ap_auth_type() was not set.
The ap_process_request_internal() function in request.c would handle
this case by logging an "AuthType not set!" error and returning
HTTP_INTERNAL_SERVER_ERROR.

The refactoring removes this error handling in request.c, so
individual modules will need to test for a lack of authentication,
as necessary.  Since some modules such as mod_authz_host.c support
Require directives that do not need any authentication, the
mod_authn_default.c handler no longer returns DECLINED if ap_auth_type()
is not set.  (Also, mod_authn_default can be compiled out with
--disable-authn-default, so it can't be relied upon to exist.)

Since r->user may now be NULL, individual handlers must test for that
case when necessary.  Otherwise, most Require directives in the
absence of AuthType directives cause handlers to crash while performing
strcmp() and friends on a NULL r->user value.

NOTE: I can't test mod_authnz_ldap.c myself, so I'm not sure if it
needs similar fixes.  On the one hand, a NULL r->user in the authz
handlers always generates a log message.  However, it appears that
authn_ldap_build_filter() will sometimes then be called, perform no
action, which may result in a possibly uninitialized filtbuf buffer
being passed to util_ldap_cache_getuserdn().  I don't know if that
could cause problems in the LDAP cache code.  If someone familiar with
LDAP authz could take a look, that would be much appreciated.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@705361 13f79535-47bb-0310-9956-ffa450edef68
      65d1ef00
    • Mads Toftum's avatar
      Make text match example. · dcfe1982
      Mads Toftum authored 
      

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@705198 13f79535-47bb-0310-9956-ffa450edef68
      dcfe1982
    • Tony Stevenson's avatar
      Add example and comments when using ScriptAlias with a file. · df36364c
      Tony Stevenson authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@705117 13f79535-47bb-0310-9956-ffa450edef68
      df36364c
    • Tony Stevenson's avatar
      Update howto/cgi.xml to link to RFC 3875 not a document on Ken's site · 76c67153
      Tony Stevenson authored 
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@705116 13f79535-47bb-0310-9956-ffa450edef68
      76c67153
  21. 15 Oct, 2008 8 commits
  23. 14 Oct, 2008 1 commit
  25. 13 Oct, 2008 2 commits
  27. 12 Oct, 2008 1 commit
  29. 11 Oct, 2008 1 commit