From: Dirk-Willem van Gulik Date: Tue, 10 Sep 2002 13:56:06 +0000 (+0000) Subject: Make apache work with the iCal webdav client when using X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73d03e88142de301ccba177f4b94ef33fdc5bf55;p=thirdparty%2Fapache%2Fhttpd.git Make apache work with the iCal webdav client when using DigestAuth. We propably should revisit mod_digest its parsing at some point. NOTE: - not yet done for EBCDIC ! git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@96743 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/CHANGES b/src/CHANGES index d1a896ce988..b0723f2e048 100644 --- a/src/CHANGES +++ b/src/CHANGES @@ -1,5 +1,12 @@ Changes with Apache 1.3.27 + *) Relaxed mod_digest its parsing in order to make it work + with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)" + User-Agent. Apache (incorrectly) insisted on a quoted URI's + in the uri field of the Authorization client header. Not + yet done for EBCDIC plaforms. + [Dirk-Willem van Gulik] + *) Back out an older patch for PR 9932, which had some incorrect behavior. Instead, use a backport of the APR fix. This has the nice effect that ap_snprintf() can now distinguish between diff --git a/src/modules/standard/mod_digest.c b/src/modules/standard/mod_digest.c index 8ef874d3661..28d9af10fbe 100644 --- a/src/modules/standard/mod_digest.c +++ b/src/modules/standard/mod_digest.c @@ -179,7 +179,47 @@ static int get_digest_rec(request_rec *r, digest_header_rec * response) key = ap_palloc(r->pool, l); value = ap_palloc(r->pool, l); - /* There's probably a better way to do this, but for the time being... */ + /* There's probably a better way to do this, but for the time being... + * + * Right now the parsing is very 'slack'. Actual rules from RFC 2069 are: + * + * Authorization = "Authorization" ":" "Digest" digest-response + * digest-response = 1#( username | realm | nonce | digest-uri | + * response | [ digest ] | [ algorithm ] | + * opaque ) + * username = "username" "=" username-value + * username-value = quoted-string + * digest-uri = "uri" "=" digest-uri-value + * digest-uri-value = request-uri ; As specified by HTTP/1.1 + * response = "response" "=" response-digest + * digest = "digest" "=" entity-digest + * response-digest = <"> *LHEX <"> + * entity-digest = <"> *LHEX <"> + * LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | + * "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" + * + * Current Discrepancies: + * quoted-string section 2.2 of RFC 2068 + * --> We also acccept unquoted strings or strings + * like foo" bar". And take a space, comma or EOL as + * the terminator in that case. + * + * request-uri section 5.1 of RFC 2068 + * --> We currently also accept any quoted string - and + * ignore those quotes. + * + * response/entity-digest + * --> We ignore the presense of the " if any. + * + * Note: * - not yet for CHARSET_EBCDIC XXXX + * + * Note: There is an inherent problem with the request URI; as it should + * be used unquoted - yet may contain a ',' - which is used as + * a terminator: + * Authorization: Digest username="dirkx", realm="DAV", nonce="1031662894", + * uri=/mary,+dirkx,+peter+and+mary.ics, response="99a6275793be28c31a5b6e4467fa4c79", + * algorithm=MD5 + */ #define D_KEY 0 #define D_VALUE 1 @@ -201,13 +241,26 @@ static int get_digest_rec(request_rec *r, digest_header_rec * response) break; case D_VALUE: +#ifdef CHARSET_EBCDIC + /* This is *wrong* - a request URI may be unquoted and yet + * contain non alpha/num chars. (Though gets terminated by + * a ',' - which in fact may be in the URI - so I guess + * 2069 should be updated to suggest strongly to quote). + */ if (ap_isalnum(auth_line[0])) { value[vv] = auth_line[0]; vv++; - } - else if (auth_line[0] == '\"') { + } else +#endif + if (auth_line[0] == '\"') { s = D_STRING; } +#ifndef CHARSET_EBCDIC + else if ((auth_line[0] != ',') && (auth_line[0] != ' ') && (auth_line[0] != '\0')) { + value[vv] = auth_line[0]; + vv++; + } +#endif else { value[vv] = '\0';