Summary: | Case sensitive option in mod_auth | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Tianyin Xu <tixu> |
Component: | mod_auth | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | tixu |
Priority: | P2 | Keywords: | FixedInTrunk, PatchAvailable |
Version: | 2.4.3 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: | Case insensitive for mod_auth |
Well, not sure this is the correct fix. I really don't see the use of the 2nd optional parameter for these options. They are not documented and the code seems to be useless. This has been this way for more than 10 years. Should these parameters be defined with AP_INIT_TAKE1 (instead of AP_INIT_TAKE12) and/or the test against "standard" removed ? This could break conf file compatibility, but I see no reason for someone to use this 2nd parameter anyway. |
Created attachment 29878 [details] Case insensitive for mod_auth The "AuthGroupFile" and "AuthUserFile" in mod_auth use case sensitive string comparison function, i.e., strcmp, which conflicts with the case insensitivity of Apache's configuration design. According to my understanding, httpd champions case insensitivity for both configuration directive and configuration options, e.g., all boolean options and the options in the core module. The fix is straightforward as follows: --- modules/aaa/mod_authn_file.c 2011-12-04 16:08:01.000000000 -0800 +++ modules/aaa/mod_authn_file.c 2013-01-21 22:29:01.536197988 -0800 @@ -48,7 +48,7 @@ static const char *set_authn_file_slot(cmd_parms *cmd, void *offset, const char *f, const char *t) { - if (t && strcmp(t, "standard")) { + if (t && strcasecmp(t, "standard")) { return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); } --- modules/aaa/mod_authz_groupfile.c 2011-12-04 16:08:01.000000000 -0800 +++ modules/aaa/mod_authz_groupfile.c 2013-01-21 22:29:25.056198548 -0800 @@ -73,7 +73,7 @@ static const char *set_authz_groupfile_slot(cmd_parms *cmd, void *offset, const char *f, const char *t) { - if (t && strcmp(t, "standard")) { + if (t && strcasecmp(t, "standard")) { return apr_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL); }