Hi,
The usernames in WIN32 are, IIRC , case insensitive (and they are in
BS2000, and perhaps in OS2?).
Some of the username auth code uses tables, and thus case insensitive
matching, but at some places, user names are compared literally.
The appended patch tries to make these literal comparisons
case insensitive, too, by using strcasecmp() in place of strcmp().
Q: Should this also be #ifdef'd OS2?
Q: If applied, should the patch be backported to 2.2.x?
Cheers,
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
Index: modules/aaa/mod_authn_file.c
===================================================================
--- modules/aaa/mod_authn_file.c (Revision 600712)
+++ modules/aaa/mod_authn_file.c (Arbeitskopie)
@@ -89,7 +89,12 @@
rpw = l;
w = ap_getword(r->pool, &rpw, ':');
+#if defined(WIN32) || defined(_OSD_POSIX)
+ /* In Windows and BS2000, user names are case insensitive */
+ if (!strcasecmp(user, w)) {
+#else
if (!strcmp(user, w)) {
+#endif
file_password = ap_getword(r->pool, &rpw, ':');
break;
}
@@ -138,7 +143,12 @@
w = ap_getword(r->pool, &rpw, ':');
x = ap_getword(r->pool, &rpw, ':');
+#if defined(WIN32) || defined(_OSD_POSIX)
+ /* In Windows and BS2000, user names are case insensitive */
+ if (x && w && !strcasecmp(user, w) && !strcmp(realm, x)) {
+#else
if (x && w && !strcmp(user, w) && !strcmp(realm, x)) {
+#endif
/* Remember that this is a md5 hash of user:realm:password. */
file_hash = ap_getword(r->pool, &rpw, ':');
break;
Index: modules/aaa/mod_authz_owner.c
===================================================================
--- modules/aaa/mod_authz_owner.c (Revision 600712)
+++ modules/aaa/mod_authz_owner.c (Arbeitskopie)
@@ -89,7 +89,12 @@
return AUTHZ_DENIED;
}
+#if defined(WIN32) || defined(_OSD_POSIX)
+ /* In Windows and BS2000, user names are case insensitive */
+ if (strcasecmp(owner, r->user)) {
+#else
if (strcmp(owner, r->user)) {
+#endif
reason = apr_psprintf(r->pool, "file owner %s does not match.",
owner);
ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r,
Index: modules/aaa/mod_authz_groupfile.c
===================================================================
--- modules/aaa/mod_authz_groupfile.c (Revision 600712)
+++ modules/aaa/mod_authz_groupfile.c (Arbeitskopie)
@@ -123,7 +123,12 @@
while (ll[0]) {
w = ap_getword_conf(sp, &ll);
+#if defined(WIN32) || defined(_OSD_POSIX)
+ /* In Windows and BS2000, user names are case insensitive */
+ if (!strcasecmp(w, user)) {
+#else
if (!strcmp(w, user)) {
+#endif
apr_table_setn(grps, apr_pstrmemdup(p, group_name, group_len),
"in");
break;
Index: modules/aaa/mod_authz_user.c
===================================================================
--- modules/aaa/mod_authz_user.c (Revision 600712)
+++ modules/aaa/mod_authz_user.c (Arbeitskopie)
@@ -52,7 +52,12 @@
t = require_args;
while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
+#if defined(WIN32) || defined(_OSD_POSIX)
+ /* In Windows and BS2000, user names are case insensitive */
+ if (!strcasecmp(r->user, w)) {
+#else
if (!strcmp(r->user, w)) {
+#endif
return AUTHZ_GRANTED;
}
}
