Received: (qmail 64731 invoked by uid 501); 3 Jun 2001 05:41:16 -0000 Message-Id: <20010603054116.64730.qmail@apache.org> Date: 3 Jun 2001 05:41:16 -0000 From: Peng@apache.org, Daniel Reply-To: danielpeng@bigfoot.com To: submit@bugz.apache.org Subject: Can't log the password given through mod_auth_anon in access_log X-Send-Pr-Version: 3.110 >Number: 7813 >Category: mod_auth-any >Synopsis: Can't log the password given through mod_auth_anon in access_log >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: apache >Arrival-Date: Sat Jun 02 22:50:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: danielpeng@bigfoot.com >Release: 1.3 >Organization: apache >Environment: Linux dan.linux 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 unknown >Description: I wanted to be able to log the password given by an anonymous user in my access log, so I patched mod_auth_anon to make a note "anonpw" with the password for each request. Then I can put %{anonpw}n in the access log to log it. >How-To-Repeat: >Fix: diff -ru apache_1.3.20/src/modules/standard/mod_auth_anon.c apache-1.3.20/src/modules/standard/mod_auth_anon.c --- apache_1.3.20/src/modules/standard/mod_auth_anon.c Mon Jan 15 12:05:37 2001 +++ apache-1.3.20/src/modules/standard/mod_auth_anon.c Sun Jun 3 00:59:53 2001 @@ -228,6 +228,9 @@ if (!sec->auth_anon_passwords) return DECLINED; + /* Allow logging of anonymous passwords*/ + ap_table_setn(r->notes, "anonpw", sent_pw); + /* Do we allow an empty userID and/or is it the magic one */ >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]