When using Digest authentication along with .htaccess files, where the DocumentRoot contains an .htaccess file with "AuthDigestGroupFile" and "Require valid-user" directives, and some subdirectories contain .htaccess files with a "Require group testgroup" directive, Apache may crash when trying to access those group-restricted directories or the index of a directory directly above those IF the authenticated username does NOT appear among the usernames of that group in the AuthDigestGroupFile file. Example: * User to log in as "foo". * Group "testgroup" in AuthDigestGroupFile does NOT contain the user "foo". DocumentRoot | .htaccess with "AuthDigestGroupFile", "Require valid-user" | +-Files | +-Unrestricted | +-Restricted | .htaccess with "Require group testgroup" | Restricted files go here . . . In this example, the user may log in as "foo" using digest authentication and access the DocumentRoot. However, as soon as he/she accesses the "Files" directory (mod_autoindex is on), Apache crashes. Under normal circumstances, mod_autoindex should list the subdirectory "Unrestricted" (only), since there is no .htaccess in that directory - and more important - there is an .htaccess in the "Restricted" directory, requiring the user to be part of the group "testgroup" (which "foo" is not). I've spent quite some time experimenting with this, but still haven't figured out why this happens. To make things worse, it doesn't happen for all "examples" I've tried. The only consistent behavior I managed to track was that if the user "foo" DOES appear in the group file as a member of the "testgroup" group, everything works just fine. As soon as "foo" is removed from the group, no matter if there are other users left in the group or not, the problem appears. The problem also appears if the required group does not exist in the AuthDigestGroupFile file, no matter if other groups appear in the AuthDigestGroupFile file or not. My name-based virtual host configuration contains the following for the DocumentRoot: AllowOverride AuthConfig Indexes Limit Options Indexes MultiViews The DocumentRoot directory contains an .htaccess file with: AuthType Digest AuthName "myserver.dyndns.org" AuthDigestDomain / AuthDigestFile "custom/auth/.htdigest.pwd" AuthDigestGroupFile "custom/auth/.htdigest.group" Require valid-user Order Allow,Deny Allow from all Satisfy All The "Restricted" directory in the example contains an .htaccess file with: # Require user to be part of group "testgroup" Require group testgroup The Apache error log states that it denied the client access, just before Apache crashed: [Sat Jul 12 00:11:56 2003] [error] [client xx.xxx.xxx.xxx] Digest: access to /Files/Restricted/ failed, reason: user foo not allowed access, referer: http://myserver.dyndns.org/ On the client side, the connection of course hangs since Apache crashes. The crash information given by Dr. Watson on my Swedish Windows XP Professional SP-1 v5.1.2600 is (sorry for the long listing): szAppName : Apache.exe szAppVer : 2.0.47.0 szModName : mod_auth_digest.so szModVer : 2.0.47.0 offset : 0000259d [appcompat.txt] <?xml version="1.0" encoding="UTF-16"?> <DATABASE> <EXE NAME="Apache.exe" FILTER="GRABMI_FILTER_PRIVACY"> <MATCHING_FILE NAME="ab.exe" SIZE="65601" CHECKSUM="0xF5F7BB53" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="ApacheBench Utility" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="ab.exe.exe" INTERNAL_NAME="ab.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:39" UPTO_LINK_DATE="07/09/2003 04:57:39" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="Apache.exe" SIZE="20541" CHECKSUM="0xBD1E49DF" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="Apache HTTP Server" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="Apache.exe.exe" INTERNAL_NAME="Apache.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 05:02:14" UPTO_LINK_DATE="07/09/2003 05:02:14" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="ApacheMonitor.exe" SIZE="41042" CHECKSUM="0xC8BD35DD" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="Apache HTTP Server Monitor" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="ApacheMonitor.exe.exe" INTERNAL_NAME="ApacheMonitor.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:46" UPTO_LINK_DATE="07/09/2003 04:57:46" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="htdbm.exe" SIZE="77892" CHECKSUM="0x8BBD3D38" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="htdbm Utility" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="htdbm.exe.exe" INTERNAL_NAME="htdbm.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:40" UPTO_LINK_DATE="07/09/2003 04:57:40" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="htdigest.exe" SIZE="65607" CHECKSUM="0x2D18206F" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="htdigest Utility" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="htdigest.exe.exe" INTERNAL_NAME="htdigest.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:40" UPTO_LINK_DATE="07/09/2003 04:57:40" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="htpasswd.exe" SIZE="73799" CHECKSUM="0xF2B639AE" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="htpasswd Utility" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="htpasswd.exe.exe" INTERNAL_NAME="htpasswd.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:41" UPTO_LINK_DATE="07/09/2003 04:57:41" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="libapr.dll" SIZE="122952" CHECKSUM="0x9971AC84" BIN_FILE_VERSION="0.0.0.0" BIN_PRODUCT_VERSION="0.0.0.0" PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Apache Portability Runtime Library" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache Portable Runtime" FILE_VERSION="0.0.0.0" ORIGINAL_FILENAME="libapr.dll" INTERNAL_NAME="libapr" LEGAL_COPYRIGHT="Copyright © 2000-2003 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.0.0.0" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="07/09/2003 04:53:02" UPTO_LINK_DATE="07/09/2003 04:53:02" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="libapriconv.dll" SIZE="36947" CHECKSUM="0x9E006DC2" BIN_FILE_VERSION="0.0.0.0" BIN_PRODUCT_VERSION="0.0.0.0" PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Apache APR I18N Conversion Library" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache Portable Runtime" FILE_VERSION="0.0.0.0" ORIGINAL_FILENAME="libapriconv.dll" INTERNAL_NAME="libapriconv" LEGAL_COPYRIGHT="Copyright © 2000-2003 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.0.0.0" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="07/09/2003 04:53:08" UPTO_LINK_DATE="07/09/2003 04:53:08" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="libaprutil.dll" SIZE="168017" CHECKSUM="0x16072260" BIN_FILE_VERSION="0.0.0.0" BIN_PRODUCT_VERSION="0.0.0.0" PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Apache APR Utility Library" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache Portable Runtime" FILE_VERSION="0.0.0.0" ORIGINAL_FILENAME="libaprutil.dll" INTERNAL_NAME="libaprutil" LEGAL_COPYRIGHT="Copyright © 2000-2003 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="0.0.0.0" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="07/09/2003 04:55:48" UPTO_LINK_DATE="07/09/2003 04:55:48" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="libhttpd.dll" SIZE="249919" CHECKSUM="0x1C2F6C94" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="Apache HTTP Server Core" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="libhttpd.dll.exe" INTERNAL_NAME="libhttpd.dll" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 05:02:13" UPTO_LINK_DATE="07/09/2003 05:02:13" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="logresolve.exe" SIZE="20553" CHECKSUM="0x5B12A316" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="logresolve Utility" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="logresolve.exe.exe" INTERNAL_NAME="logresolve.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:42" UPTO_LINK_DATE="07/09/2003 04:57:42" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="rotatelogs.exe" SIZE="41033" CHECKSUM="0x943B360E" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="rotatelogs Utility" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="rotatelogs.exe.exe" INTERNAL_NAME="rotatelogs.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:42" UPTO_LINK_DATE="07/09/2003 04:57:42" VER_LANGUAGE="Engelska (USA) [0x409]" /> <MATCHING_FILE NAME="wintty.exe" SIZE="20555" CHECKSUM="0xCB14B75A" BIN_FILE_VERSION="2.0.47.0" BIN_PRODUCT_VERSION="2.0.47.0" PRODUCT_VERSION="2.0.47" FILE_DESCRIPTION="wintty Console Utility" COMPANY_NAME="Apache Software Foundation" PRODUCT_NAME="Apache HTTP Server" FILE_VERSION="2.0.47" ORIGINAL_FILENAME="wintty.exe.exe" INTERNAL_NAME="wintty.exe" LEGAL_COPYRIGHT="Copyright © 2000-2002 The Apache Software Foundation." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.0.47.0" UPTO_BIN_PRODUCT_VERSION="2.0.47.0" LINK_DATE="07/09/2003 04:57:46" UPTO_LINK_DATE="07/09/2003 04:57:46" VER_LANGUAGE="Engelska (USA) [0x409]" /> </EXE> <EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY"> <MATCHING_FILE NAME="kernel32.dll" SIZE="944128" CHECKSUM="0xE974D2BD" BIN_FILE_VERSION="5.1.2600.1106" BIN_PRODUCT_VERSION="5.1.2600.1106" PRODUCT_VERSION="5.1.2600.1106" FILE_DESCRIPTION="Klient-DLL för Windows NT BASE API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Operativsystemet Microsoft® Windows® " FILE_VERSION="5.1.2600.1106 (xpsp1.020828-1920)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. Med ensamrätt." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE818D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.1106" UPTO_BIN_PRODUCT_VERSION="5.1.2600.1106" LINK_DATE="09/09/2002 21:06:43" UPTO_LINK_DATE="09/09/2002 21:06:43" VER_LANGUAGE="Svenska [0x41d]" /> </EXE> </DATABASE> Please let me know if I can be of any further assistance. The temporary solution for me is not to use the group feature of digest authentication... :-/ Best regards, Björn
This bug also exists in 1.3.28. I've encounterd it without using groups, just requre user in the sub-DocumentRoot will cause apache to crash. It occurs if the sub-DocumentRoot is restricted using .htaccess or via httpd.conf. I've debugged this somewhat and found that it is related to FancyIndexing combined with auth digest. Here's a stack trace: note_digest_auth_failure(request_rec * 0x00860dc0, const digest_config_struct * 0x007c5e30, digest_header_struct * 0x00000000, int 0) line 1210 + 3 bytes digest_check_auth(request_rec * 0x00860dc0) line 1861 + 33 bytes run_method(request_rec * 0x00860dc0, int 7, int 0) line 370 + 7 bytes ap_check_auth(request_rec * 0x00860dc0) line 427 + 17 bytes ap_sub_req_lookup_file(const char * 0x00864f9e, const request_rec * 0x0085dad8) line 1027 + 186 bytes make_autoindex_entry(char * 0x00864f9e, int 1, autoindex_config_struct * 0x007b7478, request_rec * 0x0085dad8, char 78, char 65) line 1281 + 13 bytes index_directory(request_rec * 0x0085dad8, autoindex_config_struct * 0x007b7478) line 1762 + 32 bytes handle_autoindex(request_rec * 0x0085dad8) line 1822 + 13 bytes ap_invoke_handler(request_rec * 0x0085dad8) line 518 + 10 bytes process_request_internal(request_rec * 0x0085dad8) line 1324 + 9 bytes ap_process_request(request_rec * 0x0085dad8) line 1340 + 9 bytes child_sub_main(int 0) line 5992 child_main(int 0) line 6062 + 9 bytes _threadstartex(void * 0x007f3a48) line 212 + 13 bytes KERNEL32! 77e8b2d8() note_digest_auth_failure bombs because the third parameter (digest_header_rec *resp) is null. Here's the call to note_digest_auth_failure from digest_check_auth: note_digest_auth_failure(r, conf, (digest_header_rec *) ap_get_module_config(r->request_config, &digest_auth_module), 0); The third parameter is passed via ap_get_module_config which returns 0. This is as far as I got. I don't know enough about apache/mod_autoindex/mod_auth_digest to suggest a patch. I do have some questions though. Why is FancyIndexing checking auth for sub directories while building the index for the parrent? If this this valid, why would mod_auth_digest log an error in this case? The user hasn't even selected the sub directory, but the log file records it like they did: Digest: access to /webfolder/Kurt failed, reason: user kurt not allowed access Hope this helps somewhat. I will help testing any proposed patches. -Kurt
Hello Kurt! Glad that someone else has encountered the same thing. Well, sort of. :-) The reason for mod_autoindex to look for .htaccess files in subdirectories is to exclude those subdirectories from the directory listing if the user isn't allowed access to them; a pretty nice feature. I have also noticed the "access failed" error messages in the error log, and they are somewhat annoying, although perhaps necessary to make things simple. Basic authentication (instead of digest authentication) seems to work fine, though, without any crashes and with the intended functionality. That's my temporary solution until this bug gets fixed. Best regards, Björn
I reviewed the 1.3.28 code some more and have a proposed patch (should I have opened a separate bug report for 1.3.28?). If I understand things correctly the following is happening... request_req.request_config is being intialized in update_nonce_count. update_nonce_count appears to be called when the client sends authorization records. Since the call to digest_check_auth is comming from mod_autoindex's call to ap_sub_req_lookup_file and not from a browser request with authorization records, update_nonce_count is not being called and thus request_config is not being initialized. The following patch assumes that if request_config is NULL then the call to digest_check_auth must be coming from a non user request. If this is not true then maybe another solution may be better. However, if the assumption is correct then we know when a call to digest_check_auth has been initiated not by a user, so we don't need to log and note the failure. --- mod_auth_digest.c.orig Sat Feb 15 22:42:24 2003 +++ mod_auth_digest.c Sun Aug 10 23:03:16 2003 @@ -1788,6 +1788,7 @@ const digest_config_rec *conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config, &digest_auth_module); + digest_header_rec *resp; const char *user = r->connection->user; int m = r->method_number; int method_restricted = 0; @@ -1851,15 +1852,21 @@ if (!method_restricted) return OK; - ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, - "Digest: access to %s failed, reason: user %s not allowed access", - r->uri, user); + resp = (digest_header_rec *) ap_get_module_config(r->request_config, + &digest_auth_module); - note_digest_auth_failure(r, conf, - (digest_header_rec *) ap_get_module_config(r->request_config, - &digest_auth_module), - 0); - return AUTH_REQUIRED; + /* if there isn't a resp initalized then this check auth + didn't come from a user request (i.e. FancyIndexing) + so don't log it */ + if (resp != NULL) { + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, + "Digest: access to %s failed, reason: user %s not allowed access", + r->uri, user); + + note_digest_auth_failure(r, conf, resp, 0); + } + + return AUTH_REQUIRED; } Please excuse any white space style errors, I wasn't sure what the style was from the existing code and didn't take the time to see if there was a published style for apache. -Kurt
Changed severity according to classification recommendations ("crashes, loss of data, severe memory leak").