DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12814>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12814 login through URL Summary: login through URL Product: Apache httpd-1.3 Version: 1.3.24 Platform: Other OS/Version: Linux Status: NEW Severity: Critical Priority: Other Component: Auth/Access AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] I have 2 apache servers. And On both servers different URLs are password protected using mod_auth_dbm. But both URLs use same AuthDBMFile. So, user logs in on first URL and when he goes into 2 URL (on 2nd server) , he is asked to login again with same userid and password. So, in the URL ( through a hyperlink on server 1) which leads him to 2nd server I am passing userid and password. Like http://userid:[EMAIL PROTECTED]/url2.htm Everything worked fine , but when userid or password have @, :, / it did not. So, I passed encoded data , for example %40 for @.But apache DID NOT decode them. It started to search user%40id in AuthDBMFile. So, I modified get_dbm_pw in mod_auth_dbm.c as shown below. ------------------------------------------------------------------- static char *get_dbm_pw(request_rec *r, char *user, char *auth_dbmpwfile) { DBM *f; datum d, q; char *pw = NULL; #############my code starts here ############################# char *enc; char part1[100]; int ulen,elen,part2lens,part2lene,part1len,i; enc = strstr(user,"%40"); if(enc) { ulen = strlen(user); elen = strlen(enc); if(elen > 0) { part1len = ulen - elen; part2lens = part1len + 3; part2lene = elen - 3; for(i=0;i<part1len;i++) { part1[i] = *user++; } part1[i]='@'; *user++; *user++; *user++; for(i=i+1;i<ulen;i++) { part1[i]=*user++; } part1[i] = '\0'; strcpy(user,part1); part1[0]='\0'; enc = NULL; } } #################my code ends here ################################ q.dptr = user; #ifndef NETSCAPE_DBM_COMPAT q.dsize = strlen(q.dptr); #else q.dsize = strlen(q.dptr) + 1; #endif if (!(f = dbm_open(auth_dbmpwfile, O_RDONLY, 0664))) { ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "could not open dbm auth file: %s", auth_dbmpwfile); return NULL; } d = dbm_fetch(f, q); if (d.dptr) { pw = ap_palloc(r->pool, d.dsize + 1); strncpy(pw, d.dptr, d.dsize); pw[d.dsize] = '\0'; /* Terminate the string */ } dbm_close(f); return pw; } --------------------------------------------------------------------- If it is a bug in apache module, or if there is any other way of doing , please let me know. Thanks, Lakshmi --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
