From: Sander Striker <striker@apache.org>
Date: Tue, 24 Feb 2004 09:17:00 +0000 (+0000)
Subject: Backport from HEAD.
X-Git-Tag: 2.0.49~80
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01cff07e009c2645cb9343c5afcbeca5058f228a;p=thirdparty%2Fapache%2Fhttpd.git

Backport from HEAD.

mod_auth_digest: Allow sub-requests with different methods than the original
request.  PR 25040.

Submitted by: Josh Dady <jpd@indecicise.com>
Reviewed by: Justin Erenkrantz, Andre Malo, Jeff Trawick, Sander Striker


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102758 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 76f4ced52a0..921c46ab445 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.49
 
+  *) Allow mod_auth_digest to work with sub-requests with different
+     methods than the original request.  PR 25040.
+     [Josh Dady <jpd indecisive.com>]
+
   *) fix "Expected </Foo>> but saw </Foo>" errors in nested,
      argumentless containers.
      ["Philippe M. Chiasson" <gozer cpan.org>]
diff --git a/STATUS b/STATUS
index ee46cd0ded0..05f2c19d4ee 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/02/21 18:30:11 $]
+Last modified at [$Date: 2004/02/24 09:16:59 $]
 
 Release:
 
@@ -242,11 +242,6 @@ PATCHES TO BACKPORT FROM 2.1
          nd replies: But if it can't be 0 the alternatives thereafter make no
            sense anymore, right?
 
-    * mod_auth_digest: Allow sub-requests with different methods than the
-      original request.  PR 25040.
-        modules/aaa/mod_auth_digest.c: r1.82
-      +1: jerenkrantz, nd, trawick, striker
-
     * Fix corruption of buffered logs with threaded MPMs.  PR 25520.
         http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?r1=1.108&r2=1.109
         http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?r1=1.109&r2=1.110
diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
index 3cf44fbff24..2e09622b858 100644
--- a/modules/aaa/mod_auth_digest.c
+++ b/modules/aaa/mod_auth_digest.c
@@ -143,6 +143,7 @@ typedef struct digest_header_struct {
     const char           *username;
           char           *nonce;
     const char           *uri;
+    const char           *method;
     const char           *digest;
     const char           *algorithm;
     const char           *cnonce;
@@ -959,6 +960,7 @@ static int parse_hdr_and_update_nc(request_rec *r)
     resp->raw_request_uri = r->unparsed_uri;
     resp->psd_request_uri = &r->parsed_uri;
     resp->needed_auth = 0;
+    resp->method = r->method;
     ap_set_module_config(r->request_config, &auth_digest_module, resp);
 
     res = get_digest_rec(r, resp);
@@ -1419,7 +1421,7 @@ static const char *old_digest(const request_rec *r,
 {
     const char *ha2;
 
-    ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, r->method, ":",
+    ha2 = ap_md5(r->pool, (unsigned char *)apr_pstrcat(r->pool, resp->method, ":",
                                                        resp->uri, NULL));
     return ap_md5(r->pool,
                   (unsigned char *)apr_pstrcat(r->pool, ha1, ":", resp->nonce,
@@ -1444,12 +1446,12 @@ static const char *new_digest(const request_rec *r,
     }
 
     if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int")) {
-        a2 = apr_pstrcat(r->pool, r->method, ":", resp->uri, ":",
+        a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, ":",
                          ap_md5(r->pool, (const unsigned char*) ""), NULL);
                          /* TBD */
     }
     else {
-        a2 = apr_pstrcat(r->pool, r->method, ":", resp->uri, NULL);
+        a2 = apr_pstrcat(r->pool, resp->method, ":", resp->uri, NULL);
     }
     ha2 = ap_md5(r->pool, (const unsigned char *)a2);