mod_auth_form: Add a debug message when the fields on a form are not

recognised.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1550302 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 4a868ea903fff21a6713006497bd5545399771e9..c6429ac14d85434a9f57c409a768eda4093285b0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
+
+  *) mod_auth_form: Add a debug message when the fields on a form are not
+     recognised. [Graham Leggett]
+
   *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all
      configured SSL CA certificates to stdout the same way as DUMP_CERTS does.
      [Jan Kaluza]

diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c
index 13d9243e5bee9ef500726ebbaa5274a5cf3de29e..0c3bb2b3a97dda8df84662a5698e7ffed5edcdfd 100644 (file)
--- a/modules/aaa/mod_auth_form.c
+++ b/modules/aaa/mod_auth_form.c
@@ -669,12 +669,25 @@ static int get_form_auth(request_rec * r,
     }
 
     /* set the user, even though the user is unauthenticated at this point */
-    if (*sent_user) {
+    if (sent_user && *sent_user) {
         r->user = (char *) *sent_user;
     }
 
     /* a missing username or missing password means auth denied */
-    if (!sent_user || !*sent_user || !sent_pw || !*sent_pw) {
+    if (!sent_user || !*sent_user) {
+
+        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                      "form parsed, but username field '%s' was missing or empty, unauthorized",
+                      username);
+
+        return HTTP_UNAUTHORIZED;
+    }
+    if (!sent_pw || !*sent_pw) {
+
+        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                      "form parsed, but password field '%s' was missing or empty, unauthorized",
+                      password);
+
         return HTTP_UNAUTHORIZED;
     }