From 9cc65ede6773cb6720cfcd428acc4d5797624abb Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Sun, 20 Jun 2010 19:46:54 +0000 Subject: [PATCH] Don't restore r->user after authn/authz failure. Any authn module that sets r->user even if authentication failed is broken, anyway. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@956395 13f79535-47bb-0310-9956-ffa450edef68 --- server/request.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/server/request.c b/server/request.c index d371113b5f..880f0efc96 100644 --- a/server/request.c +++ b/server/request.c @@ -201,7 +201,6 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) r->ap_auth_type = r->main->ap_auth_type; } else { - char *failed_user = NULL; switch (ap_satisfies(r)) { case SATISFY_ALL: case SATISFY_NOSPEC: @@ -211,7 +210,6 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) if ((access_status = ap_run_check_user_id(r)) != OK) { if (access_status == HTTP_UNAUTHORIZED) { - failed_user = r->user; r->user = NULL; ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "authn failed with HTTP_UNAUTHORIZED, " @@ -223,8 +221,6 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) } if ((access_status = ap_run_auth_checker(r)) != OK) { - if (failed_user) - r->user = failed_user; return decl_die(access_status, "check authorization", r); } break; @@ -233,7 +229,6 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) if ((access_status = ap_run_check_user_id(r)) != OK) { if (access_status == HTTP_UNAUTHORIZED) { - failed_user = r->user; r->user = NULL; ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "authn failed with HTTP_UNAUTHORIZED, " @@ -245,8 +240,6 @@ AP_DECLARE(int) ap_process_request_internal(request_rec *r) } if ((access_status = ap_run_auth_checker(r)) != OK) { - if (failed_user) - r->user = failed_user; return decl_die(access_status, "check authorization", r); } } -- 2.50.1