You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37 lines
1.7 KiB
37 lines
1.7 KiB
# ./pullrev.sh 1708699 |
|
http://svn.apache.org/viewvc?view=revision&revision=1708699 |
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1306431 |
|
|
|
--- subversion-1.7.14/subversion/mod_authz_svn/mod_authz_svn.c.r1708699 |
|
+++ subversion-1.7.14/subversion/mod_authz_svn/mod_authz_svn.c |
|
@@ -807,19 +807,21 @@ |
|
#if USE_FORCE_AUTHN |
|
if (authn_configured) { |
|
/* We have to check to see if authn is required because if so we must |
|
- * return UNAUTHORIZED (401) rather than FORBIDDEN (403) since returning |
|
+ * return DECLINED rather than FORBIDDEN (403) since returning |
|
* the 403 leaks information about what paths may exist to |
|
- * unauthenticated users. We must set a note here in order |
|
- * to use ap_some_authn_rquired() without triggering an infinite |
|
- * loop since the call will trigger this function to be called again. */ |
|
+ * unauthenticated users. Returning DECLINED means apache's request |
|
+ * handling will continue until the authn module itself generates |
|
+ * UNAUTHORIZED (401). |
|
+ |
|
+ * We must set a note here in order to use |
|
+ * ap_some_authn_rquired() without triggering an infinite |
|
+ * loop since the call will trigger this function to be |
|
+ * called again. */ |
|
apr_table_setn(r->notes, IN_SOME_AUTHN_NOTE, (const char*)1); |
|
authn_required = ap_some_authn_required(r); |
|
apr_table_unset(r->notes, IN_SOME_AUTHN_NOTE); |
|
if (authn_required) |
|
- { |
|
- ap_note_auth_failure(r); |
|
- return HTTP_UNAUTHORIZED; |
|
- } |
|
+ return DECLINED; |
|
} |
|
#else |
|
if (!ap_some_auth_required(r))
|
|
|