]>
Commit | Line | Data |
---|---|---|
ff319070 | 1 | diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c mod_fastcgi-2.4.6.apache22/mod_fastcgi.c |
2 | --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c 2007-12-28 21:00:46.000000000 -0700 | |
3 | +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c 2007-12-28 21:00:58.000000000 -0700 | |
d58a6c49 | 4 | @@ -82,6 +82,10 @@ |
5 | ||
6 | #include "unixd.h" | |
7 | ||
8 | +#ifdef APACHE22 | |
9 | +#include "mod_auth.h" | |
10 | +#endif | |
11 | + | |
12 | #endif | |
13 | #endif | |
14 | ||
ff319070 | 15 | @@ -2697,10 +2701,15 @@ |
d505af0a | 16 | r->status_line = NULL; |
17 | } | |
18 | ||
19 | +#ifdef APACHE22 | |
20 | +static authn_status check_user_authentication(request_rec *r, const char *user, const char *password) | |
21 | +{ | |
22 | +#else /* !APACHE22 */ | |
23 | static int check_user_authentication(request_rec *r) | |
24 | { | |
25 | - int res, authenticated = 0; | |
26 | const char *password; | |
27 | +#endif | |
28 | + int res, authenticated = 0; | |
29 | fcgi_request *fr; | |
30 | const fcgi_dir_config * const dir_config = | |
31 | (const fcgi_dir_config *)ap_get_module_config(r->per_dir_config, &fastcgi_module); | |
ff319070 | 32 | @@ -2708,9 +2717,11 @@ |
d505af0a | 33 | if (dir_config->authenticator == NULL) |
34 | return DECLINED; | |
35 | ||
36 | - /* Get the user password */ | |
37 | +#ifndef APACHE22 | |
38 | + /* Get the user password */ | |
39 | if ((res = ap_get_basic_auth_pw(r, &password)) != OK) | |
40 | return res; | |
41 | +#endif /* APACHE22 */ | |
42 | ||
43 | res = create_fcgi_request(r, dir_config->authenticator, &fr); | |
44 | if (res) | |
ff319070 | 45 | @@ -2744,6 +2755,20 @@ |
d505af0a | 46 | goto AuthenticationFailed; |
47 | } | |
48 | ||
49 | +#ifdef APACHE22 | |
50 | + if (authenticated) | |
d58a6c49 | 51 | + return AUTH_GRANTED; |
d505af0a | 52 | + |
53 | +AuthenticationFailed: | |
d505af0a | 54 | + /* @@@ Probably should support custom_responses */ |
55 | + ap_note_basic_auth_failure(r); | |
56 | + ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
57 | + "FastCGI: authentication failed for user \"%s\": %s", | |
58 | + r->user, r->uri); | |
59 | + | |
60 | + return (res == OK) ? AUTH_DENIED : AUTH_GRANTED; | |
61 | + | |
62 | +#else /* !APACHE22 */ | |
63 | if (authenticated) | |
64 | return OK; | |
65 | ||
ff319070 | 66 | @@ -2762,6 +2787,7 @@ |
d505af0a | 67 | #endif |
68 | ||
69 | return (res == OK) ? HTTP_UNAUTHORIZED : res; | |
70 | +#endif /* !APACHE22 */ | |
71 | } | |
72 | ||
73 | static int check_user_authorization(request_rec *r) | |
ff319070 | 74 | @@ -2955,16 +2981,31 @@ |
d505af0a | 75 | |
76 | #ifdef APACHE2 | |
77 | ||
78 | +#ifdef APACHE22 | |
79 | +static const authn_provider authn_fastcgi_provider = | |
80 | +{ | |
d58a6c49 | 81 | + &check_user_authentication, |
d505af0a | 82 | + NULL, |
83 | +}; | |
84 | +#endif /* APACHE22 */ | |
85 | + | |
86 | + | |
87 | static void register_hooks(apr_pool_t * p) | |
88 | { | |
89 | /* ap_hook_pre_config(x_pre_config, NULL, NULL, APR_HOOK_MIDDLE); */ | |
2254c02d | 90 | ap_hook_post_config(init_module, NULL, NULL, APR_HOOK_MIDDLE); |
91 | ap_hook_child_init(fcgi_child_init, NULL, NULL, APR_HOOK_MIDDLE); | |
92 | ap_hook_handler(content_handler, NULL, NULL, APR_HOOK_MIDDLE); | |
93 | - ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE); | |
d505af0a | 94 | ap_hook_access_checker(check_access, NULL, NULL, APR_HOOK_MIDDLE); |
95 | ap_hook_auth_checker(check_user_authorization, NULL, NULL, APR_HOOK_MIDDLE); | |
96 | ap_hook_fixups(fixups, NULL, NULL, APR_HOOK_MIDDLE); | |
97 | +#ifdef APACHE22 | |
98 | + ap_register_provider(p, AUTHN_PROVIDER_GROUP, "fastcgi", "0", | |
99 | + &authn_fastcgi_provider); | |
2254c02d | 100 | +#else |
101 | + ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE); | |
102 | +#endif | |
d505af0a | 103 | + |
104 | } | |
105 | ||
106 | module AP_MODULE_DECLARE_DATA fastcgi_module = | |
ff319070 | 107 | diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig |
108 | --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig 2007-11-12 16:00:10.000000000 -0700 | |
109 | +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig 2007-12-28 21:00:46.000000000 -0700 | |
110 | @@ -268,7 +268,7 @@ | |
111 | ||
112 | /* Register to reset to default values when the config pool is cleaned */ | |
113 | ap_block_alarms(); | |
114 | - ap_register_cleanup(p, NULL, fcgi_config_reset_globals, ap_null_cleanup); | |
115 | + apr_pool_cleanup_register(p, NULL, fcgi_config_reset_globals, apr_pool_cleanup_null); | |
116 | ap_unblock_alarms(); | |
117 | ||
118 | #ifdef APACHE2 | |
119 | @@ -286,7 +286,7 @@ | |
120 | #ifdef WIN32 | |
121 | if (fcgi_socket_dir == NULL) | |
122 | fcgi_socket_dir = DEFAULT_SOCK_DIR; | |
123 | - fcgi_dynamic_dir = ap_pstrcat(p, fcgi_socket_dir, "dynamic", NULL); | |
124 | + fcgi_dynamic_dir = apr_pstrcat(p, fcgi_socket_dir, "dynamic", NULL); | |
125 | #else | |
126 | ||
127 | if (fcgi_socket_dir == NULL) | |
128 | @@ -723,11 +723,11 @@ | |
129 | } | |
130 | if (statusValue < 0) { | |
131 | fr->parseHeader = SCAN_CGI_BAD_HEADER; | |
132 | - return ap_psprintf(r->pool, "invalid Status '%s'", value); | |
133 | + return apr_psprintf(r->pool, "invalid Status '%s'", value); | |
134 | } | |
135 | hasStatus = TRUE; | |
136 | r->status = statusValue; | |
137 | - r->status_line = ap_pstrdup(r->pool, value); | |
138 | + r->status_line = apr_pstrdup(r->pool, value); | |
139 | continue; | |
140 | } | |
141 | ||
142 | @@ -738,9 +738,9 @@ | |
143 | } | |
144 | hasContentType = TRUE; | |
145 | #ifdef APACHE2 | |
146 | - ap_set_content_type(r, value); | |
147 | + apr_set_content_type(r, value); | |
148 | #else | |
149 | - r->content_type = ap_pstrdup(r->pool, value); | |
150 | + r->content_type = apr_pstrdup(r->pool, value); | |
151 | #endif | |
152 | continue; | |
153 | } | |
154 | @@ -750,16 +750,16 @@ | |
155 | goto DuplicateNotAllowed; | |
156 | } | |
157 | hasLocation = TRUE; | |
158 | - ap_table_set(r->headers_out, "Location", value); | |
159 | + apr_table_set(r->headers_out, "Location", value); | |
160 | continue; | |
161 | } | |
162 | ||
163 | /* If the script wants them merged, it can do it */ | |
164 | - ap_table_add(r->err_headers_out, name, value); | |
165 | + apr_table_add(r->err_headers_out, name, value); | |
166 | continue; | |
167 | } | |
168 | else { | |
169 | - ap_table_add(fr->authHeaders, name, value); | |
170 | + apr_table_add(fr->authHeaders, name, value); | |
171 | } | |
172 | } | |
173 | ||
174 | @@ -770,7 +770,7 @@ | |
175 | * Who responds, this handler or Apache? | |
176 | */ | |
177 | if (hasLocation) { | |
178 | - const char *location = ap_table_get(r->headers_out, "Location"); | |
179 | + const char *location = apr_table_get(r->headers_out, "Location"); | |
180 | /* | |
181 | * Based on internal redirect handling in mod_cgi.c... | |
182 | * | |
183 | @@ -840,11 +840,11 @@ | |
184 | if ((p = strpbrk(name, "\r\n")) != NULL) | |
185 | *p = '\0'; | |
186 | fr->parseHeader = SCAN_CGI_BAD_HEADER; | |
187 | - return ap_psprintf(r->pool, "malformed header '%s'", name); | |
188 | + return apr_psprintf(r->pool, "malformed header '%s'", name); | |
189 | ||
190 | DuplicateNotAllowed: | |
191 | fr->parseHeader = SCAN_CGI_BAD_HEADER; | |
192 | - return ap_psprintf(r->pool, "duplicate header '%s'", name); | |
193 | + return apr_psprintf(r->pool, "duplicate header '%s'", name); | |
194 | } | |
195 | ||
196 | /* | |
197 | @@ -1023,9 +1023,9 @@ | |
198 | char *end = strchr(r->uri + 2, '/'); | |
199 | ||
200 | if (end) | |
201 | - *user = memcpy(ap_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1); | |
202 | + *user = memcpy(apr_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1); | |
203 | else | |
204 | - *user = ap_pstrdup(r->pool, r->uri + 1); | |
205 | + *user = apr_pstrdup(r->pool, r->uri + 1); | |
206 | *group = "-"; | |
207 | } | |
208 | else { | |
209 | @@ -1034,8 +1034,8 @@ | |
210 | ||
211 | get_request_identity(r, &uid, &gid); | |
212 | ||
213 | - *user = ap_psprintf(r->pool, "%ld", (long) uid); | |
214 | - *group = ap_psprintf(r->pool, "%ld", (long) gid); | |
215 | + *user = apr_psprintf(r->pool, "%ld", (long) uid); | |
216 | + *group = apr_psprintf(r->pool, "%ld", (long) gid); | |
217 | } | |
218 | } | |
219 | ||
220 | @@ -1235,7 +1235,7 @@ | |
221 | { | |
222 | /* xxx this handle should live somewhere (see CloseHandle()s below too) */ | |
223 | char * wait_npipe_mutex_name, * cp; | |
224 | - wait_npipe_mutex_name = cp = ap_pstrdup(rp, socket_path); | |
225 | + wait_npipe_mutex_name = cp = apr_pstrdup(rp, socket_path); | |
226 | while ((cp = strchr(cp, '\\'))) *cp = '/'; | |
227 | ||
228 | wait_npipe_mutex = CreateMutex(NULL, FALSE, wait_npipe_mutex_name); | |
229 | @@ -2333,7 +2333,7 @@ | |
230 | } | |
231 | ||
232 | ap_block_alarms(); | |
233 | - ap_register_cleanup(rp, (void *)fr, cleanup, ap_null_cleanup); | |
234 | + apr_pool_cleanup_register(rp, (void *)fr, cleanup, apr_pool_cleanup_null); | |
235 | ap_unblock_alarms(); | |
236 | ||
237 | #ifdef WIN32 | |
238 | @@ -2437,7 +2437,7 @@ | |
239 | const char *fs_path; | |
240 | pool * const p = r->pool; | |
241 | fcgi_server *fs; | |
242 | - fcgi_request * const fr = (fcgi_request *)ap_pcalloc(p, sizeof(fcgi_request)); | |
243 | + fcgi_request * const fr = (fcgi_request *)apr_pcalloc(p, sizeof(fcgi_request)); | |
244 | uid_t uid; | |
245 | gid_t gid; | |
246 | ||
247 | @@ -2465,7 +2465,7 @@ | |
248 | else | |
249 | #endif | |
250 | { | |
251 | - my_finfo = (struct stat *) ap_palloc(p, sizeof(struct stat)); | |
252 | + my_finfo = (struct stat *) apr_palloc(p, sizeof(struct stat)); | |
253 | ||
254 | if (stat(fs_path, my_finfo) < 0) | |
255 | { | |
256 | @@ -2494,7 +2494,7 @@ | |
257 | fr->erBufPtr = fcgi_buf_new(p, sizeof(FCGI_EndRequestBody) + 1); | |
258 | fr->gotHeader = FALSE; | |
259 | fr->parseHeader = SCAN_CGI_READING_HEADERS; | |
260 | - fr->header = ap_make_array(p, 1, 1); | |
261 | + fr->header = apr_array_make(p, 1, 1); | |
262 | fr->fs_stderr = NULL; | |
263 | fr->r = r; | |
264 | fr->readingEndRequestBody = FALSE; | |
265 | @@ -2507,7 +2507,7 @@ | |
266 | fr->keepReadingFromFcgiApp = TRUE; | |
267 | fr->fs = fs; | |
268 | fr->fs_path = fs_path; | |
269 | - fr->authHeaders = ap_make_table(p, 10); | |
270 | + fr->authHeaders = apr_table_make(p, 10); | |
271 | #ifdef WIN32 | |
272 | fr->fd = INVALID_SOCKET; | |
273 | fr->dynamic = ((fs == NULL) || (fs->directive == APP_CLASS_DYNAMIC)) ? TRUE : FALSE; | |
274 | @@ -2571,7 +2571,7 @@ | |
275 | */ | |
276 | static int apache_is_scriptaliased(request_rec *r) | |
277 | { | |
278 | - const char *t = ap_table_get(r->notes, "alias-forced-type"); | |
279 | + const char *t = apr_table_get(r->notes, "alias-forced-type"); | |
280 | return t && (!strcasecmp(t, "cgi-script")); | |
281 | } | |
282 | ||
283 | @@ -2594,9 +2594,9 @@ | |
284 | */ | |
285 | r->method = "GET"; | |
286 | r->method_number = M_GET; | |
287 | - ap_table_unset(r->headers_in, "Content-length"); | |
288 | + apr_table_unset(r->headers_in, "Content-length"); | |
289 | ||
290 | - ap_internal_redirect_handler(ap_table_get(r->headers_out, "Location"), r); | |
291 | + ap_internal_redirect_handler(apr_table_get(r->headers_out, "Location"), r); | |
292 | return OK; | |
293 | ||
294 | case SCAN_CGI_SRV_REDIRECT: | |
295 | @@ -2652,21 +2652,21 @@ | |
296 | if (strncasecmp(key, "Variable-", 9) == 0) | |
297 | key += 9; | |
298 | ||
299 | - ap_table_setn(t, key, val); | |
300 | + apr_table_setn(t, key, val); | |
301 | return 1; | |
302 | } | |
303 | ||
304 | static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val) | |
305 | { | |
306 | if (strncasecmp(key, "Variable-", 9) == 0) | |
307 | - ap_table_setn(t, key + 9, val); | |
308 | + apr_table_setn(t, key + 9, val); | |
309 | ||
310 | return 1; | |
311 | } | |
312 | ||
313 | static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val) | |
314 | { | |
315 | - ap_table_setn(t, key, val); | |
316 | + apr_table_setn(t, key, val); | |
317 | return 1; | |
318 | } | |
319 | ||
320 | @@ -2679,16 +2679,16 @@ | |
321 | ||
322 | if (passed) { | |
323 | if (fr->auth_compat) { | |
324 | - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header, | |
325 | + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header, | |
326 | (void *)r->subprocess_env, fr->authHeaders, NULL); | |
327 | } | |
328 | else { | |
329 | - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header, | |
330 | + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header, | |
331 | (void *)r->subprocess_env, fr->authHeaders, NULL); | |
332 | } | |
333 | } | |
334 | else { | |
335 | - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header, | |
336 | + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header, | |
337 | (void *)r->err_headers_out, fr->authHeaders, NULL); | |
338 | } | |
339 | ||
340 | @@ -2719,10 +2719,10 @@ | |
341 | } | |
342 | ||
343 | /* Save the existing subprocess_env, because we're gonna muddy it up */ | |
344 | - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); | |
345 | + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); | |
346 | ||
347 | - ap_table_setn(r->subprocess_env, "REMOTE_PASSWD", password); | |
348 | - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR"); | |
349 | + apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password); | |
350 | + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR"); | |
351 | ||
352 | /* The FastCGI Protocol doesn't differentiate authentication */ | |
353 | fr->role = FCGI_AUTHORIZER; | |
354 | @@ -2737,7 +2737,7 @@ | |
355 | post_process_auth(fr, authenticated); | |
356 | ||
357 | /* A redirect shouldn't be allowed during the authentication phase */ | |
358 | - if (ap_table_get(r->headers_out, "Location") != NULL) { | |
359 | + if (apr_table_get(r->headers_out, "Location") != NULL) { | |
360 | ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
361 | "FastCGI: FastCgiAuthenticator \"%s\" redirected (not allowed)", | |
362 | dir_config->authenticator); | |
363 | @@ -2786,9 +2786,9 @@ | |
364 | } | |
365 | ||
366 | /* Save the existing subprocess_env, because we're gonna muddy it up */ | |
367 | - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); | |
368 | + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); | |
369 | ||
370 | - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER"); | |
371 | + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER"); | |
372 | ||
373 | fr->role = FCGI_AUTHORIZER; | |
374 | ||
375 | @@ -2802,7 +2802,7 @@ | |
376 | post_process_auth(fr, authorized); | |
377 | ||
378 | /* A redirect shouldn't be allowed during the authorization phase */ | |
379 | - if (ap_table_get(r->headers_out, "Location") != NULL) { | |
380 | + if (apr_table_get(r->headers_out, "Location") != NULL) { | |
381 | ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
382 | "FastCGI: FastCgiAuthorizer \"%s\" redirected (not allowed)", | |
383 | dir_config->authorizer); | |
384 | @@ -2846,9 +2846,9 @@ | |
385 | } | |
386 | ||
387 | /* Save the existing subprocess_env, because we're gonna muddy it up */ | |
388 | - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); | |
389 | + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); | |
390 | ||
391 | - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER"); | |
392 | + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER"); | |
393 | ||
394 | /* The FastCGI Protocol doesn't differentiate access control */ | |
395 | fr->role = FCGI_AUTHORIZER; | |
396 | @@ -2863,7 +2863,7 @@ | |
397 | post_process_auth(fr, access_allowed); | |
398 | ||
399 | /* A redirect shouldn't be allowed during the access check phase */ | |
400 | - if (ap_table_get(r->headers_out, "Location") != NULL) { | |
401 | + if (apr_table_get(r->headers_out, "Location") != NULL) { | |
402 | ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
403 | "FastCGI: FastCgiAccessChecker \"%s\" redirected (not allowed)", | |
404 | dir_config->access_checker); |