Changes with Apache 1.3.27
+ *) Relaxed mod_digest its parsing in order to make it work
+ with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)"
+ User-Agent. Apache (incorrectly) insisted on a quoted URI's
+ in the uri field of the Authorization client header. Not
+ yet done for EBCDIC plaforms.
+ [Dirk-Willem van Gulik]
+
*) Back out an older patch for PR 9932, which had some incorrect
behavior. Instead, use a backport of the APR fix. This has
the nice effect that ap_snprintf() can now distinguish between
key = ap_palloc(r->pool, l);
value = ap_palloc(r->pool, l);
- /* There's probably a better way to do this, but for the time being... */
+ /* There's probably a better way to do this, but for the time being...
+ *
+ * Right now the parsing is very 'slack'. Actual rules from RFC 2069 are:
+ *
+ * Authorization = "Authorization" ":" "Digest" digest-response
+ * digest-response = 1#( username | realm | nonce | digest-uri |
+ * response | [ digest ] | [ algorithm ] |
+ * opaque )
+ * username = "username" "=" username-value
+ * username-value = quoted-string
+ * digest-uri = "uri" "=" digest-uri-value
+ * digest-uri-value = request-uri ; As specified by HTTP/1.1
+ * response = "response" "=" response-digest
+ * digest = "digest" "=" entity-digest
+ * response-digest = <"> *LHEX <">
+ * entity-digest = <"> *LHEX <">
+ * LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
+ * "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f"
+ *
+ * Current Discrepancies:
+ * quoted-string section 2.2 of RFC 2068
+ * --> We also acccept unquoted strings or strings
+ * like foo" bar". And take a space, comma or EOL as
+ * the terminator in that case.
+ *
+ * request-uri section 5.1 of RFC 2068
+ * --> We currently also accept any quoted string - and
+ * ignore those quotes.
+ *
+ * response/entity-digest
+ * --> We ignore the presense of the " if any.
+ *
+ * Note: * - not yet for CHARSET_EBCDIC XXXX
+ *
+ * Note: There is an inherent problem with the request URI; as it should
+ * be used unquoted - yet may contain a ',' - which is used as
+ * a terminator:
+ * Authorization: Digest username="dirkx", realm="DAV", nonce="1031662894",
+ * uri=/mary,+dirkx,+peter+and+mary.ics, response="99a6275793be28c31a5b6e4467fa4c79",
+ * algorithm=MD5
+ */
#define D_KEY 0
#define D_VALUE 1
break;
case D_VALUE:
+#ifdef CHARSET_EBCDIC
+ /* This is *wrong* - a request URI may be unquoted and yet
+ * contain non alpha/num chars. (Though gets terminated by
+ * a ',' - which in fact may be in the URI - so I guess
+ * 2069 should be updated to suggest strongly to quote).
+ */
if (ap_isalnum(auth_line[0])) {
value[vv] = auth_line[0];
vv++;
- }
- else if (auth_line[0] == '\"') {
+ } else
+#endif
+ if (auth_line[0] == '\"') {
s = D_STRING;
}
+#ifndef CHARSET_EBCDIC
+ else if ((auth_line[0] != ',') && (auth_line[0] != ' ') && (auth_line[0] != '\0')) {
+ value[vv] = auth_line[0];
+ vv++;
+ }
+#endif
else {
value[vv] = '\0';
projects / thirdparty / apache / httpd.git / commitdiff
