[Remove entries to the current 2.0 section below, when backported]
+ *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's
+ not specified. Now it assumes "/" as already documented. PR 16937.
+ [André Malo]
+
*) mod_cgi, mod_cgid, mod_ext_filter: Log errors when scripts cannot
be started on Unix because of such problems as bad permissions,
bad shebang line, etc. [Jeff Trawick]
exist. PR 5913, 9977.
[Jonathan W Miner <Jonathan.W.Miner@lmco.com>]
- *) Fix mod_auth_digest not to use local paths for the domain parameter
- on non-unix systems. PR 16937. [André Malo]
-
*) Let suexec send a message to stderr, if it failed or its policy
was violated. This message appears in the error log and allows
for easier debugging. PR 5381, 7638, 8255, 10773. [André Malo]
}
}
-
/*
* Authorization challenge generation code (for WWW-Authenticate)
*/
-static const char *guess_domain(apr_pool_t *p, const char *uri,
- const char *filename, const char *dir)
-{
- apr_size_t u_len = strlen(uri), f_len = strlen(filename),
- d_len = strlen(dir);
- const char *u, *f;
-
-
- /* Because of things like mod_alias and mod_rewrite and the fact that
- * protection is often on a directory basis (not a location basis) it
- * is hard to determine the uri to put in the domain attribute.
- *
- * What we do is the following: first we see if the directory is
- * a prefix for the uri - if this is the case we assume that therefore
- * a <Location> directive was protecting this uri and we can use it
- * for the domain.
- */
- if (u_len >= d_len && !memcmp(uri, dir, d_len)) {
- return dir;
- }
-
- /* Now we check for <Files ...>, and if we find one we send back a
- * dummy uri - this is the only way to specify that the protection
- * space only covers a single uri.
- */
- if (!ap_os_is_path_absolute(p, dir)) {
- /* This doesn't work for Amaya (ok, it's of arguable validity in
- * the first place), so just return the file name instead
- return "http://0.0.0.0/";
- */
- return dir;
- }
-
- /* Next we find the largest common common suffix of the request-uri
- * and the final file name, ignoring any extensions; this gives us a
- * hint as to where any rewriting could've occured (assuming that some
- * prefix of the uri is rewritten, not a suffix).
- */
- u = uri + u_len - 1; /* strip any extension */
- while (u > uri && *u != '/') {
- u--;
- }
- while (*u && *u != '.') {
- u++;
- }
- if (*u == '.') {
- u--;
- }
- if (*u == '/') {
- u--;
- }
-
- f = filename + f_len - 1; /* strip any extension */
- while (f > filename && *f != '/') {
- f--;
- }
- while (*f && *f != '.') {
- f++;
- }
- if (*f == '.') {
- f--;
- }
- if (*f == '/') {
- f--;
- }
-
- while (*f == *u && f > filename && u > uri) {
- u--;
- f--;
- }
- f++;
- u++;
-
- while (*f && *f != '/') {
- f++;
- u++; /* suffix must start with / */
- }
-
- /* Now, if the directory reaches into this common suffix then we can
- * take the uri with the same reach.
- */
- if ((unsigned long) (f-filename) < d_len) {
- char *tmp = apr_pstrdup(p, uri);
- tmp[(u-uri)+(d_len-(f-filename))] = '\0';
- return tmp;
- }
-
- return ""; /* give up */
-}
-
-
static const char *ltox(apr_pool_t *p, unsigned long num)
{
if (num != 0) {
* unneccessarily (it's usually > 200 bytes!).
*/
- if (r->proxyreq) {
- domain = NULL; /* don't send domain for proxy requests */
- }
- else if (conf->uri_list) {
- domain = conf->uri_list;
+
+ /* don't send domain
+ * - for proxy requests
+ * - if it's no specified
+ */
+ if (r->proxyreq || !conf->uri_list) {
+ domain = NULL;
}
else {
- /* They didn't specify any domain, so let's guess at it */
- domain = guess_domain(r->pool, resp->psd_request_uri->path, r->filename,
- conf->dir_name);
- if (domain[0] == '/' && domain[1] == '\0') {
- domain = NULL; /* "/" is the default, so no need to send it */
- }
- else {
- domain = apr_pstrcat(r->pool, ", domain=\"", domain, "\"", NULL);
- }
+ domain = conf->uri_list;
}
apr_table_mergen(r->err_headers_out,