You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.7 KiB
38 lines
1.7 KiB
6 years ago
|
# ./pullrev.sh 1708699
|
||
|
|
http://svn.apache.org/viewvc?view=revision&revision=1708699
|
||
|
|
|
||
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1306431
|
||
|
|
|
||
|
|
--- subversion-1.7.14/subversion/mod_authz_svn/mod_authz_svn.c.r1708699
|
||
|
|
+++ subversion-1.7.14/subversion/mod_authz_svn/mod_authz_svn.c
|
||
|
|
@@ -807,19 +807,21 @@
|
||
|
|
#if USE_FORCE_AUTHN
|
||
|
|
if (authn_configured) {
|
||
|
|
/* We have to check to see if authn is required because if so we must
|
||
|
|
- * return UNAUTHORIZED (401) rather than FORBIDDEN (403) since returning
|
||
|
|
+ * return DECLINED rather than FORBIDDEN (403) since returning
|
||
|
|
* the 403 leaks information about what paths may exist to
|
||
|
|
- * unauthenticated users. We must set a note here in order
|
||
|
|
- * to use ap_some_authn_rquired() without triggering an infinite
|
||
|
|
- * loop since the call will trigger this function to be called again. */
|
||
|
|
+ * unauthenticated users. Returning DECLINED means apache's request
|
||
|
|
+ * handling will continue until the authn module itself generates
|
||
|
|
+ * UNAUTHORIZED (401).
|
||
|
|
+
|
||
|
|
+ * We must set a note here in order to use
|
||
|
|
+ * ap_some_authn_rquired() without triggering an infinite
|
||
|
|
+ * loop since the call will trigger this function to be
|
||
|
|
+ * called again. */
|
||
|
|
apr_table_setn(r->notes, IN_SOME_AUTHN_NOTE, (const char*)1);
|
||
|
|
authn_required = ap_some_authn_required(r);
|
||
|
|
apr_table_unset(r->notes, IN_SOME_AUTHN_NOTE);
|
||
|
|
if (authn_required)
|
||
|
|
- {
|
||
|
|
- ap_note_auth_failure(r);
|
||
|
|
- return HTTP_UNAUTHORIZED;
|
||
|
|
- }
|
||
|
|
+ return DECLINED;
|
||
|
|
}
|
||
|
|
#else
|
||
|
|
if (!ap_some_auth_required(r))
|