From: Graham Leggett Date: Wed, 11 Dec 2013 22:59:53 +0000 (+0000) Subject: mod_auth_form: Add a debug message when the fields on a form are not X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be74c518f173740a5d5735a5f5b28886965a339f;p=thirdparty%2Fapache%2Fhttpd.git mod_auth_form: Add a debug message when the fields on a form are not recognised. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1550302 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 4a868ea903f..c6429ac14d8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + + *) mod_auth_form: Add a debug message when the fields on a form are not + recognised. [Graham Leggett] + *) mod_ssl: Add -t -DDUMP_CA_CERTS option which dumps the filenames of all configured SSL CA certificates to stdout the same way as DUMP_CERTS does. [Jan Kaluza] diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c index 13d9243e5be..0c3bb2b3a97 100644 --- a/modules/aaa/mod_auth_form.c +++ b/modules/aaa/mod_auth_form.c @@ -669,12 +669,25 @@ static int get_form_auth(request_rec * r, } /* set the user, even though the user is unauthenticated at this point */ - if (*sent_user) { + if (sent_user && *sent_user) { r->user = (char *) *sent_user; } /* a missing username or missing password means auth denied */ - if (!sent_user || !*sent_user || !sent_pw || !*sent_pw) { + if (!sent_user || !*sent_user) { + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "form parsed, but username field '%s' was missing or empty, unauthorized", + username); + + return HTTP_UNAUTHORIZED; + } + if (!sent_pw || !*sent_pw) { + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "form parsed, but password field '%s' was missing or empty, unauthorized", + password); + return HTTP_UNAUTHORIZED; }