1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
$NetBSD: patch-as,v 1.1 2004/06/05 16:21:44 taca Exp $
--- modules/ssl/ssl_engine_kernel.c.orig 2004-02-10 05:53:20.000000000 +0900
+++ modules/ssl/ssl_engine_kernel.c
@@ -793,7 +793,6 @@ int ssl_hook_UserCheck(request_rec *r)
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
- char buf1[MAX_STRING_LEN], buf2[MAX_STRING_LEN];
char *clientdn;
const char *auth_line, *username, *password;
@@ -872,14 +871,16 @@ int ssl_hook_UserCheck(request_rec *r)
* adding the string "xxj31ZMTZzkVA" as the password in the user file.
* This is just the crypted variant of the word "password" ;-)
*/
- apr_snprintf(buf1, sizeof(buf1), "%s:password", clientdn);
- ssl_util_uuencode(buf2, buf1, FALSE);
-
- apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2);
- apr_table_set(r->headers_in, "Authorization", buf1);
+ auth_line = apr_pstrcat(r->pool, "Basic ",
+ ap_pbase64encode(r->pool,
+ apr_pstrcat(r->pool, clientdn,
+ ":password", NULL)),
+ NULL);
+ apr_table_set(r->headers_in, "Authorization", auth_line);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
- "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
+ "Faking HTTP Basic Auth header: \"Authorization: %s\"",
+ auth_line);
return DECLINED;
}
|
