From: Sander Striker <striker@apache.org>
Date: Thu, 7 Aug 2003 01:53:11 +0000 (+0000)
Subject: Fix FakeBasicAuth for subrequests.  This was reported via issue
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9ef8457413dfb80e8f23547acf0a4c7e0bbe536;p=thirdparty%2Fapache%2Fhttpd.git

Fix FakeBasicAuth for subrequests.  This was reported via issue
#1364 in Subversion:

  http://subversion.tigris.org/issues/show_bug.cgi?id=1364

The fix is to make mod_ssl's check_user_id hook stop tripping
over it's own checks in case of a subrequest.  That is, it
should DECLINE in case of a subrequest.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100926 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c
index a69ee372385..9e46c81ad40 100644
--- a/ssl_engine_kernel.c
+++ b/ssl_engine_kernel.c
@@ -855,6 +855,14 @@ int ssl_hook_UserCheck(request_rec *r)
         return HTTP_FORBIDDEN;
     }
 
+    /*
+     * We decline when we are in a subrequest.  The Authorization header
+     * would already be present if it was added in the main request.
+     */
+    if (!ap_is_initial_req(r)) {
+        return DECLINED;
+    }
+
     /*
      * Make sure the user is not able to fake the client certificate
      * based authentication by just entering an X.509 Subject DN