coar 97/12/27 20:51:03
Modified: . STATUS src CHANGES src/ap Makefile.tmpl src/main http_core.c Added: src/ap ap_strings.c Log: Correct handling of quotation marks in AuthName realm names. PR: 1195 Reviewed by: Dean Gaudet, Jim Jagielski Revision Changes Path 1.38 +5 -6 apachen/STATUS Index: STATUS =================================================================== RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- STATUS 1997/12/27 23:08:20 1.37 +++ STATUS 1997/12/28 04:50:57 1.38 @@ -57,7 +57,9 @@ * Dean's [PATCH] fix Rasmus' chunking error * [PATCH] PR#1366: fix result of send_fd_length * Ben Hyde's [PATCH] Finish suite of mutex ops for non-threaded platforms - * Ben Hyde's [PATCH] Serialize the update to pool.sub_* in destroy_pool (take 2) + * Ben Hyde's [PATCH] Serialize the update to pool.sub_* in destroy_pool + (take 2) + * Ken's [PATCH] for PR#1195 (" in realm names) Available Patches: @@ -65,13 +67,10 @@ <[EMAIL PROTECTED]> Status: Jim +1, Dirk +1, Marc wants to think about the name, Dean +1 - * [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) + * [PATCH] mod_digest/1599: proxy authentication using the digest auth + scheme never succeeds (fwd) <[EMAIL PROTECTED]> Status: Dean +1, Jim +1 - - * Ken's [PATCH] for PR#1195 (" in realm names) - <[EMAIL PROTECTED]> - Status: Ken +1, Dean +1, Jim +1 * Dean's [PATCH] mod_status cleanups <[EMAIL PROTECTED]> 1.550 +3 -0 apachen/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.549 retrieving revision 1.550 diff -u -r1.549 -r1.550 --- CHANGES 1997/12/28 04:23:41 1.549 +++ CHANGES 1997/12/28 04:50:59 1.550 @@ -1,5 +1,8 @@ Changes with Apache 1.3b4 + *) Correct handling of quotation marks in AuthName realm names; as a + byproduct, a new function: ap_escape_quotes(). [Ken Coar] PR#1195 + *) WIN32: Work around optimiser bug that killed ISAPI in release versions. [Ben Laurie] PR#1533 1.5 +2 -1 apachen/src/ap/Makefile.tmpl Index: Makefile.tmpl =================================================================== RCS file: /export/home/cvs/apachen/src/ap/Makefile.tmpl,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Makefile.tmpl 1997/12/24 04:36:15 1.4 +++ Makefile.tmpl 1997/12/28 04:51:01 1.5 @@ -6,7 +6,7 @@ LIB=libap.a -OBJS=ap_signal.o ap_slack.o ap_snprintf.o +OBJS=ap_signal.o ap_slack.o ap_snprintf.o ap_strings.o .c.o: $(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $< @@ -27,3 +27,4 @@ ap_signal.o: $(INCDIR)/httpd.h ap_slack.o: $(INCDIR)/httpd.h $(INCDIR)/http_log.h ap_snprintf.o: $(INCDIR)/conf.h +ap_strings.o: $(INCDIR)/httpd.h 1.1 apachen/src/ap/ap_strings.c Index: ap_strings.c =================================================================== /* ==================================================================== * Copyright (c) 1995-1997 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this * software must display the following acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * 4. The names "Apache Server" and "Apache Group" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * [EMAIL PROTECTED] * * 5. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/)." * * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Group and was originally based * on public domain software written at the National Center for * Supercomputing Applications, University of Illinois, Urbana-Champaign. * For more information on the Apache Group and the Apache HTTP server * project, please see <http://www.apache.org/>. * */ #include "httpd.h" /* * Given a string, replace any bare " with \" . */ char *ap_escape_quotes (pool *p, char *instring) { int newlen = 0; char *inchr = instring; char *outchr, *outstring; /* * Look through the input string, jogging the length of the output * string up by an extra byte each time we find an unescaped ". */ while (*inchr != '\0') { newlen++; if (*inchr == '"') { newlen++; } /* * If we find a slosh, and it's not the last byte in the string, * it's escaping something - advance past both bytes. */ if ((*inchr == '\\') && (inchr[1] != '\0')) { inchr++; } inchr++; } outstring = palloc(p, newlen + 1); inchr = instring; outchr = outstring; /* * Now copy the input string to the output string, inserting a slosh * in front of every " that doesn't already have one. */ while (*inchr != '\0') { if ((*inchr == '\\') && (inchr[1] != '\0')) { *outchr++ = *inchr++; *outchr++ = *inchr++; } if (*inchr == '"') { *outchr++ = '\\'; } if (*inchr != '\0') { *outchr++ = *inchr++; } } *outchr = '\0'; return outstring; } 1.143 +14 -2 apachen/src/main/http_core.c Index: http_core.c =================================================================== RCS file: /export/home/cvs/apachen/src/main/http_core.c,v retrieving revision 1.142 retrieving revision 1.143 diff -u -r1.142 -r1.143 --- http_core.c 1997/11/30 19:18:46 1.142 +++ http_core.c 1997/12/28 04:51:02 1.143 @@ -1618,6 +1618,18 @@ return NULL; } +/* + * Load an authorisation realm into our location configuration, applying the + * usual rules that apply to realms. + */ +static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1) +{ + core_dir_config *aconfig = (core_dir_config *)mconfig; + + aconfig->auth_name = ap_escape_quotes(cmd->pool, word1); + return NULL; +} + /* Note --- ErrorDocument will now work from .htaccess files. * The AllowOverride of Fileinfo allows webmasters to turn it off */ @@ -1646,8 +1658,8 @@ { "</FilesMatch>", end_filesection, NULL, OR_ALL, NO_ARGS, "Marks end of <FilesMatch>" }, { "AuthType", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_type), OR_AUTHCFG, TAKE1, "An HTTP authorization type (e.g., \"Basic\")" }, -{ "AuthName", set_string_slot, (void*)XtOffsetOf(core_dir_config, auth_name), - OR_AUTHCFG, RAW_ARGS, "The authentication realm (e.g. \"Members Only\")" }, +{ "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1, + "The authentication realm (e.g. \"Members Only\")" }, { "Require", require, NULL, OR_AUTHCFG, RAW_ARGS, "Selects which authenticated users or groups may access a protected space" }, { "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1, "access policy if both allow and require used ('all' or 'any')" },