propogate a NULL get_realm_hash() implementation from AuthnProviderAlias back
to mod_auth_digest. PR 45196
Submitted by: covener
Reviewed by: rpluem, jerenkrantz
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@696364
13f79535-47bb-0310-9956-
ffa450edef68
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+ *) mod_authn_alias: Detect during startup when AuthDigestProvider
+ is configured to use an incompatible provider via AuthnProviderAlias.
+ PR 45196 [Eric Covener]
+
*) mod_proxy: Add 'scolonpathdelim' parameter to allow for ';' to also be
used as a session path separator/delim PR 45158. [Jim Jagielski]
http://svn.apache.org/viewvc?rev=639010&view=rev (mmn)
+1: niq, rpluem, mturk
- * mod_authn_alias: Propogate a NULL get_realm_hash() implementation
- from AuthnProviderAlias back to mod_auth_digest. This moves detection
- of an incompatible-with-digest provider to a startup error.
- PR 45196
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=678949&view=rev
- Backport version for 2.2.x of patch:
- http://people.apache.org/~covener/2.2.x-auth_alias_digest.diff
- +1: covener, rpluem, jerenkrantz
-
* mod_proxy_balancer: Add in new bybusyness LB method.
Trunk version of patch:
http://svn.apache.org/viewvc?rev=686805&view=rev
&authn_alias_get_realm_hash,
};
+static const authn_provider authn_alias_provider_nodigest =
+{
+ &authn_alias_check_password,
+ NULL,
+};
+
static const char *authaliassection(cmd_parms *cmd, void *mconfig, const char *arg)
{
int old_overrides = cmd->override;
/* Register the fake provider so that we get called first */
ap_register_provider(cmd->pool, AUTHN_PROVIDER_GROUP, provider_alias, "0",
- &authn_alias_provider);
+ provider->get_realm_hash ?
+ &authn_alias_provider :
+ &authn_alias_provider_nodigest);
}
cmd->override = old_overrides;
projects / thirdparty / apache / httpd.git / commitdiff
