Forward-port from mod_dav 1.0:

* modules/dav/main/util.c (dav_validate_resource_state): Fix a 2617
violation: if the lock user validation fails, rather than giving a 401
without a WWW-Authenticate header, give a 403.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102958 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/dav/main/util.c b/modules/dav/main/util.c
index 1f2f66cad296e7ebd955308c6244968b404f9fa7..7919d62abfb7fa4b5455edf975c8de04779b5701 100644 (file)
--- a/modules/dav/main/util.c
+++ b/modules/dav/main/util.c
@@ -1166,7 +1166,7 @@ static dav_error * dav_validate_resource_state(apr_pool_t *p,
                                             "\" submitted a locktoken created "
                                             "by user \"",
                                             lock->auth_user, "\".", NULL);
-                        return dav_new_error(p, HTTP_UNAUTHORIZED, 0, errmsg);
+                        return dav_new_error(p, HTTP_FORBIDDEN, 0, errmsg);
                     }
 
                     /*