]>
Commit | Line | Data |
---|---|---|
ff319070 | 1 | diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c mod_fastcgi-2.4.6.apache22/mod_fastcgi.c |
2 | --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c 2007-12-28 21:00:46.000000000 -0700 | |
3 | +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c 2007-12-28 21:00:58.000000000 -0700 | |
d58a6c49 | 4 | @@ -82,6 +82,10 @@ |
5 | ||
6 | #include "unixd.h" | |
7 | ||
8 | +#ifdef APACHE22 | |
9 | +#include "mod_auth.h" | |
10 | +#endif | |
11 | + | |
12 | #endif | |
13 | #endif | |
14 | ||
ff319070 | 15 | @@ -738,7 +742,7 @@ |
16 | } | |
17 | hasContentType = TRUE; | |
18 | #ifdef APACHE2 | |
19 | - apr_set_content_type(r, value); | |
20 | + ap_set_content_type(r, value); | |
21 | #else | |
22 | r->content_type = apr_pstrdup(r->pool, value); | |
23 | #endif | |
24 | @@ -2697,10 +2701,15 @@ | |
d505af0a | 25 | r->status_line = NULL; |
26 | } | |
27 | ||
28 | +#ifdef APACHE22 | |
29 | +static authn_status check_user_authentication(request_rec *r, const char *user, const char *password) | |
30 | +{ | |
31 | +#else /* !APACHE22 */ | |
32 | static int check_user_authentication(request_rec *r) | |
33 | { | |
34 | - int res, authenticated = 0; | |
35 | const char *password; | |
36 | +#endif | |
37 | + int res, authenticated = 0; | |
38 | fcgi_request *fr; | |
39 | const fcgi_dir_config * const dir_config = | |
40 | (const fcgi_dir_config *)ap_get_module_config(r->per_dir_config, &fastcgi_module); | |
ff319070 | 41 | @@ -2708,9 +2717,11 @@ |
d505af0a | 42 | if (dir_config->authenticator == NULL) |
43 | return DECLINED; | |
44 | ||
45 | - /* Get the user password */ | |
46 | +#ifndef APACHE22 | |
47 | + /* Get the user password */ | |
48 | if ((res = ap_get_basic_auth_pw(r, &password)) != OK) | |
49 | return res; | |
50 | +#endif /* APACHE22 */ | |
51 | ||
52 | res = create_fcgi_request(r, dir_config->authenticator, &fr); | |
53 | if (res) | |
ff319070 | 54 | @@ -2744,6 +2755,20 @@ |
d505af0a | 55 | goto AuthenticationFailed; |
56 | } | |
57 | ||
58 | +#ifdef APACHE22 | |
59 | + if (authenticated) | |
d58a6c49 | 60 | + return AUTH_GRANTED; |
d505af0a | 61 | + |
62 | +AuthenticationFailed: | |
d505af0a | 63 | + /* @@@ Probably should support custom_responses */ |
64 | + ap_note_basic_auth_failure(r); | |
65 | + ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
66 | + "FastCGI: authentication failed for user \"%s\": %s", | |
67 | + r->user, r->uri); | |
68 | + | |
69 | + return (res == OK) ? AUTH_DENIED : AUTH_GRANTED; | |
70 | + | |
71 | +#else /* !APACHE22 */ | |
72 | if (authenticated) | |
73 | return OK; | |
74 | ||
ff319070 | 75 | @@ -2762,6 +2787,7 @@ |
d505af0a | 76 | #endif |
77 | ||
78 | return (res == OK) ? HTTP_UNAUTHORIZED : res; | |
79 | +#endif /* !APACHE22 */ | |
80 | } | |
81 | ||
82 | static int check_user_authorization(request_rec *r) | |
ff319070 | 83 | @@ -2955,16 +2981,31 @@ |
d505af0a | 84 | |
85 | #ifdef APACHE2 | |
86 | ||
87 | +#ifdef APACHE22 | |
88 | +static const authn_provider authn_fastcgi_provider = | |
89 | +{ | |
d58a6c49 | 90 | + &check_user_authentication, |
d505af0a | 91 | + NULL, |
92 | +}; | |
93 | +#endif /* APACHE22 */ | |
94 | + | |
95 | + | |
96 | static void register_hooks(apr_pool_t * p) | |
97 | { | |
98 | /* ap_hook_pre_config(x_pre_config, NULL, NULL, APR_HOOK_MIDDLE); */ | |
2254c02d | 99 | ap_hook_post_config(init_module, NULL, NULL, APR_HOOK_MIDDLE); |
100 | ap_hook_child_init(fcgi_child_init, NULL, NULL, APR_HOOK_MIDDLE); | |
101 | ap_hook_handler(content_handler, NULL, NULL, APR_HOOK_MIDDLE); | |
102 | - ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE); | |
d505af0a | 103 | ap_hook_access_checker(check_access, NULL, NULL, APR_HOOK_MIDDLE); |
104 | ap_hook_auth_checker(check_user_authorization, NULL, NULL, APR_HOOK_MIDDLE); | |
105 | ap_hook_fixups(fixups, NULL, NULL, APR_HOOK_MIDDLE); | |
106 | +#ifdef APACHE22 | |
107 | + ap_register_provider(p, AUTHN_PROVIDER_GROUP, "fastcgi", "0", | |
108 | + &authn_fastcgi_provider); | |
2254c02d | 109 | +#else |
110 | + ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE); | |
111 | +#endif | |
d505af0a | 112 | + |
113 | } | |
114 | ||
115 | module AP_MODULE_DECLARE_DATA fastcgi_module = | |
ff319070 | 116 | diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig |
117 | --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig 2007-11-12 16:00:10.000000000 -0700 | |
118 | +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig 2007-12-28 21:00:46.000000000 -0700 | |
119 | @@ -268,7 +268,7 @@ | |
120 | ||
121 | /* Register to reset to default values when the config pool is cleaned */ | |
122 | ap_block_alarms(); | |
123 | - ap_register_cleanup(p, NULL, fcgi_config_reset_globals, ap_null_cleanup); | |
124 | + apr_pool_cleanup_register(p, NULL, fcgi_config_reset_globals, apr_pool_cleanup_null); | |
125 | ap_unblock_alarms(); | |
126 | ||
127 | #ifdef APACHE2 | |
128 | @@ -286,7 +286,7 @@ | |
129 | #ifdef WIN32 | |
130 | if (fcgi_socket_dir == NULL) | |
131 | fcgi_socket_dir = DEFAULT_SOCK_DIR; | |
132 | - fcgi_dynamic_dir = ap_pstrcat(p, fcgi_socket_dir, "dynamic", NULL); | |
133 | + fcgi_dynamic_dir = apr_pstrcat(p, fcgi_socket_dir, "dynamic", NULL); | |
134 | #else | |
135 | ||
136 | if (fcgi_socket_dir == NULL) | |
137 | @@ -723,11 +723,11 @@ | |
138 | } | |
139 | if (statusValue < 0) { | |
140 | fr->parseHeader = SCAN_CGI_BAD_HEADER; | |
141 | - return ap_psprintf(r->pool, "invalid Status '%s'", value); | |
142 | + return apr_psprintf(r->pool, "invalid Status '%s'", value); | |
143 | } | |
144 | hasStatus = TRUE; | |
145 | r->status = statusValue; | |
146 | - r->status_line = ap_pstrdup(r->pool, value); | |
147 | + r->status_line = apr_pstrdup(r->pool, value); | |
148 | continue; | |
149 | } | |
150 | ||
151 | @@ -738,9 +738,9 @@ | |
152 | } | |
153 | hasContentType = TRUE; | |
154 | #ifdef APACHE2 | |
155 | - ap_set_content_type(r, value); | |
156 | + apr_set_content_type(r, value); | |
157 | #else | |
158 | - r->content_type = ap_pstrdup(r->pool, value); | |
159 | + r->content_type = apr_pstrdup(r->pool, value); | |
160 | #endif | |
161 | continue; | |
162 | } | |
163 | @@ -750,16 +750,16 @@ | |
164 | goto DuplicateNotAllowed; | |
165 | } | |
166 | hasLocation = TRUE; | |
167 | - ap_table_set(r->headers_out, "Location", value); | |
168 | + apr_table_set(r->headers_out, "Location", value); | |
169 | continue; | |
170 | } | |
171 | ||
172 | /* If the script wants them merged, it can do it */ | |
173 | - ap_table_add(r->err_headers_out, name, value); | |
174 | + apr_table_add(r->err_headers_out, name, value); | |
175 | continue; | |
176 | } | |
177 | else { | |
178 | - ap_table_add(fr->authHeaders, name, value); | |
179 | + apr_table_add(fr->authHeaders, name, value); | |
180 | } | |
181 | } | |
182 | ||
183 | @@ -770,7 +770,7 @@ | |
184 | * Who responds, this handler or Apache? | |
185 | */ | |
186 | if (hasLocation) { | |
187 | - const char *location = ap_table_get(r->headers_out, "Location"); | |
188 | + const char *location = apr_table_get(r->headers_out, "Location"); | |
189 | /* | |
190 | * Based on internal redirect handling in mod_cgi.c... | |
191 | * | |
192 | @@ -840,11 +840,11 @@ | |
193 | if ((p = strpbrk(name, "\r\n")) != NULL) | |
194 | *p = '\0'; | |
195 | fr->parseHeader = SCAN_CGI_BAD_HEADER; | |
196 | - return ap_psprintf(r->pool, "malformed header '%s'", name); | |
197 | + return apr_psprintf(r->pool, "malformed header '%s'", name); | |
198 | ||
199 | DuplicateNotAllowed: | |
200 | fr->parseHeader = SCAN_CGI_BAD_HEADER; | |
201 | - return ap_psprintf(r->pool, "duplicate header '%s'", name); | |
202 | + return apr_psprintf(r->pool, "duplicate header '%s'", name); | |
203 | } | |
204 | ||
205 | /* | |
206 | @@ -1023,9 +1023,9 @@ | |
207 | char *end = strchr(r->uri + 2, '/'); | |
208 | ||
209 | if (end) | |
210 | - *user = memcpy(ap_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1); | |
211 | + *user = memcpy(apr_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1); | |
212 | else | |
213 | - *user = ap_pstrdup(r->pool, r->uri + 1); | |
214 | + *user = apr_pstrdup(r->pool, r->uri + 1); | |
215 | *group = "-"; | |
216 | } | |
217 | else { | |
218 | @@ -1034,8 +1034,8 @@ | |
219 | ||
220 | get_request_identity(r, &uid, &gid); | |
221 | ||
222 | - *user = ap_psprintf(r->pool, "%ld", (long) uid); | |
223 | - *group = ap_psprintf(r->pool, "%ld", (long) gid); | |
224 | + *user = apr_psprintf(r->pool, "%ld", (long) uid); | |
225 | + *group = apr_psprintf(r->pool, "%ld", (long) gid); | |
226 | } | |
227 | } | |
228 | ||
229 | @@ -1235,7 +1235,7 @@ | |
230 | { | |
231 | /* xxx this handle should live somewhere (see CloseHandle()s below too) */ | |
232 | char * wait_npipe_mutex_name, * cp; | |
233 | - wait_npipe_mutex_name = cp = ap_pstrdup(rp, socket_path); | |
234 | + wait_npipe_mutex_name = cp = apr_pstrdup(rp, socket_path); | |
235 | while ((cp = strchr(cp, '\\'))) *cp = '/'; | |
236 | ||
237 | wait_npipe_mutex = CreateMutex(NULL, FALSE, wait_npipe_mutex_name); | |
238 | @@ -2333,7 +2333,7 @@ | |
239 | } | |
240 | ||
241 | ap_block_alarms(); | |
242 | - ap_register_cleanup(rp, (void *)fr, cleanup, ap_null_cleanup); | |
243 | + apr_pool_cleanup_register(rp, (void *)fr, cleanup, apr_pool_cleanup_null); | |
244 | ap_unblock_alarms(); | |
245 | ||
246 | #ifdef WIN32 | |
247 | @@ -2437,7 +2437,7 @@ | |
248 | const char *fs_path; | |
249 | pool * const p = r->pool; | |
250 | fcgi_server *fs; | |
251 | - fcgi_request * const fr = (fcgi_request *)ap_pcalloc(p, sizeof(fcgi_request)); | |
252 | + fcgi_request * const fr = (fcgi_request *)apr_pcalloc(p, sizeof(fcgi_request)); | |
253 | uid_t uid; | |
254 | gid_t gid; | |
255 | ||
256 | @@ -2465,7 +2465,7 @@ | |
257 | else | |
258 | #endif | |
259 | { | |
260 | - my_finfo = (struct stat *) ap_palloc(p, sizeof(struct stat)); | |
261 | + my_finfo = (struct stat *) apr_palloc(p, sizeof(struct stat)); | |
262 | ||
263 | if (stat(fs_path, my_finfo) < 0) | |
264 | { | |
265 | @@ -2494,7 +2494,7 @@ | |
266 | fr->erBufPtr = fcgi_buf_new(p, sizeof(FCGI_EndRequestBody) + 1); | |
267 | fr->gotHeader = FALSE; | |
268 | fr->parseHeader = SCAN_CGI_READING_HEADERS; | |
269 | - fr->header = ap_make_array(p, 1, 1); | |
270 | + fr->header = apr_array_make(p, 1, 1); | |
271 | fr->fs_stderr = NULL; | |
272 | fr->r = r; | |
273 | fr->readingEndRequestBody = FALSE; | |
274 | @@ -2507,7 +2507,7 @@ | |
275 | fr->keepReadingFromFcgiApp = TRUE; | |
276 | fr->fs = fs; | |
277 | fr->fs_path = fs_path; | |
278 | - fr->authHeaders = ap_make_table(p, 10); | |
279 | + fr->authHeaders = apr_table_make(p, 10); | |
280 | #ifdef WIN32 | |
281 | fr->fd = INVALID_SOCKET; | |
282 | fr->dynamic = ((fs == NULL) || (fs->directive == APP_CLASS_DYNAMIC)) ? TRUE : FALSE; | |
283 | @@ -2571,7 +2571,7 @@ | |
284 | */ | |
285 | static int apache_is_scriptaliased(request_rec *r) | |
286 | { | |
287 | - const char *t = ap_table_get(r->notes, "alias-forced-type"); | |
288 | + const char *t = apr_table_get(r->notes, "alias-forced-type"); | |
289 | return t && (!strcasecmp(t, "cgi-script")); | |
290 | } | |
291 | ||
292 | @@ -2594,9 +2594,9 @@ | |
293 | */ | |
294 | r->method = "GET"; | |
295 | r->method_number = M_GET; | |
296 | - ap_table_unset(r->headers_in, "Content-length"); | |
297 | + apr_table_unset(r->headers_in, "Content-length"); | |
298 | ||
299 | - ap_internal_redirect_handler(ap_table_get(r->headers_out, "Location"), r); | |
300 | + ap_internal_redirect_handler(apr_table_get(r->headers_out, "Location"), r); | |
301 | return OK; | |
302 | ||
303 | case SCAN_CGI_SRV_REDIRECT: | |
304 | @@ -2652,21 +2652,21 @@ | |
305 | if (strncasecmp(key, "Variable-", 9) == 0) | |
306 | key += 9; | |
307 | ||
308 | - ap_table_setn(t, key, val); | |
309 | + apr_table_setn(t, key, val); | |
310 | return 1; | |
311 | } | |
312 | ||
313 | static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val) | |
314 | { | |
315 | if (strncasecmp(key, "Variable-", 9) == 0) | |
316 | - ap_table_setn(t, key + 9, val); | |
317 | + apr_table_setn(t, key + 9, val); | |
318 | ||
319 | return 1; | |
320 | } | |
321 | ||
322 | static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val) | |
323 | { | |
324 | - ap_table_setn(t, key, val); | |
325 | + apr_table_setn(t, key, val); | |
326 | return 1; | |
327 | } | |
328 | ||
329 | @@ -2679,16 +2679,16 @@ | |
330 | ||
331 | if (passed) { | |
332 | if (fr->auth_compat) { | |
333 | - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header, | |
334 | + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header, | |
335 | (void *)r->subprocess_env, fr->authHeaders, NULL); | |
336 | } | |
337 | else { | |
338 | - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header, | |
339 | + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header, | |
340 | (void *)r->subprocess_env, fr->authHeaders, NULL); | |
341 | } | |
342 | } | |
343 | else { | |
344 | - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header, | |
345 | + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header, | |
346 | (void *)r->err_headers_out, fr->authHeaders, NULL); | |
347 | } | |
348 | ||
349 | @@ -2719,10 +2719,10 @@ | |
350 | } | |
351 | ||
352 | /* Save the existing subprocess_env, because we're gonna muddy it up */ | |
353 | - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); | |
354 | + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); | |
355 | ||
356 | - ap_table_setn(r->subprocess_env, "REMOTE_PASSWD", password); | |
357 | - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR"); | |
358 | + apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password); | |
359 | + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR"); | |
360 | ||
361 | /* The FastCGI Protocol doesn't differentiate authentication */ | |
362 | fr->role = FCGI_AUTHORIZER; | |
363 | @@ -2737,7 +2737,7 @@ | |
364 | post_process_auth(fr, authenticated); | |
365 | ||
366 | /* A redirect shouldn't be allowed during the authentication phase */ | |
367 | - if (ap_table_get(r->headers_out, "Location") != NULL) { | |
368 | + if (apr_table_get(r->headers_out, "Location") != NULL) { | |
369 | ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
370 | "FastCGI: FastCgiAuthenticator \"%s\" redirected (not allowed)", | |
371 | dir_config->authenticator); | |
372 | @@ -2786,9 +2786,9 @@ | |
373 | } | |
374 | ||
375 | /* Save the existing subprocess_env, because we're gonna muddy it up */ | |
376 | - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); | |
377 | + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); | |
378 | ||
379 | - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER"); | |
380 | + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER"); | |
381 | ||
382 | fr->role = FCGI_AUTHORIZER; | |
383 | ||
384 | @@ -2802,7 +2802,7 @@ | |
385 | post_process_auth(fr, authorized); | |
386 | ||
387 | /* A redirect shouldn't be allowed during the authorization phase */ | |
388 | - if (ap_table_get(r->headers_out, "Location") != NULL) { | |
389 | + if (apr_table_get(r->headers_out, "Location") != NULL) { | |
390 | ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
391 | "FastCGI: FastCgiAuthorizer \"%s\" redirected (not allowed)", | |
392 | dir_config->authorizer); | |
393 | @@ -2846,9 +2846,9 @@ | |
394 | } | |
395 | ||
396 | /* Save the existing subprocess_env, because we're gonna muddy it up */ | |
397 | - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); | |
398 | + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); | |
399 | ||
400 | - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER"); | |
401 | + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER"); | |
402 | ||
403 | /* The FastCGI Protocol doesn't differentiate access control */ | |
404 | fr->role = FCGI_AUTHORIZER; | |
405 | @@ -2863,7 +2863,7 @@ | |
406 | post_process_auth(fr, access_allowed); | |
407 | ||
408 | /* A redirect shouldn't be allowed during the access check phase */ | |
409 | - if (ap_table_get(r->headers_out, "Location") != NULL) { | |
410 | + if (apr_table_get(r->headers_out, "Location") != NULL) { | |
411 | ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, | |
412 | "FastCGI: FastCgiAccessChecker \"%s\" redirected (not allowed)", | |
413 | dir_config->access_checker); |