1 diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c mod_fastcgi-2.4.6.apache22/mod_fastcgi.c
2 --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c 2007-12-28 21:00:46.000000000 -0700
3 +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c 2007-12-28 21:00:58.000000000 -0700
15 @@ -2697,10 +2701,15 @@
16 r->status_line = NULL;
20 +static authn_status check_user_authentication(request_rec *r, const char *user, const char *password)
22 +#else /* !APACHE22 */
23 static int check_user_authentication(request_rec *r)
25 - int res, authenticated = 0;
28 + int res, authenticated = 0;
30 const fcgi_dir_config * const dir_config =
31 (const fcgi_dir_config *)ap_get_module_config(r->per_dir_config, &fastcgi_module);
32 @@ -2708,9 +2717,11 @@
33 if (dir_config->authenticator == NULL)
36 - /* Get the user password */
38 + /* Get the user password */
39 if ((res = ap_get_basic_auth_pw(r, &password)) != OK)
41 +#endif /* APACHE22 */
43 res = create_fcgi_request(r, dir_config->authenticator, &fr);
45 @@ -2744,6 +2755,20 @@
46 goto AuthenticationFailed;
51 + return AUTH_GRANTED;
53 +AuthenticationFailed:
54 + /* @@@ Probably should support custom_responses */
55 + ap_note_basic_auth_failure(r);
56 + ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r,
57 + "FastCGI: authentication failed for user \"%s\": %s",
60 + return (res == OK) ? AUTH_DENIED : AUTH_GRANTED;
62 +#else /* !APACHE22 */
69 return (res == OK) ? HTTP_UNAUTHORIZED : res;
70 +#endif /* !APACHE22 */
73 static int check_user_authorization(request_rec *r)
74 @@ -2955,16 +2981,31 @@
79 +static const authn_provider authn_fastcgi_provider =
81 + &check_user_authentication,
84 +#endif /* APACHE22 */
87 static void register_hooks(apr_pool_t * p)
89 /* ap_hook_pre_config(x_pre_config, NULL, NULL, APR_HOOK_MIDDLE); */
90 ap_hook_post_config(init_module, NULL, NULL, APR_HOOK_MIDDLE);
91 ap_hook_child_init(fcgi_child_init, NULL, NULL, APR_HOOK_MIDDLE);
92 ap_hook_handler(content_handler, NULL, NULL, APR_HOOK_MIDDLE);
93 - ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE);
94 ap_hook_access_checker(check_access, NULL, NULL, APR_HOOK_MIDDLE);
95 ap_hook_auth_checker(check_user_authorization, NULL, NULL, APR_HOOK_MIDDLE);
96 ap_hook_fixups(fixups, NULL, NULL, APR_HOOK_MIDDLE);
98 + ap_register_provider(p, AUTHN_PROVIDER_GROUP, "fastcgi", "0",
99 + &authn_fastcgi_provider);
101 + ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE);
106 module AP_MODULE_DECLARE_DATA fastcgi_module =
107 diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig
108 --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig 2007-11-12 16:00:10.000000000 -0700
109 +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig 2007-12-28 21:00:46.000000000 -0700
112 /* Register to reset to default values when the config pool is cleaned */
114 - ap_register_cleanup(p, NULL, fcgi_config_reset_globals, ap_null_cleanup);
115 + apr_pool_cleanup_register(p, NULL, fcgi_config_reset_globals, apr_pool_cleanup_null);
121 if (fcgi_socket_dir == NULL)
122 fcgi_socket_dir = DEFAULT_SOCK_DIR;
123 - fcgi_dynamic_dir = ap_pstrcat(p, fcgi_socket_dir, "dynamic", NULL);
124 + fcgi_dynamic_dir = apr_pstrcat(p, fcgi_socket_dir, "dynamic", NULL);
127 if (fcgi_socket_dir == NULL)
128 @@ -723,11 +723,11 @@
130 if (statusValue < 0) {
131 fr->parseHeader = SCAN_CGI_BAD_HEADER;
132 - return ap_psprintf(r->pool, "invalid Status '%s'", value);
133 + return apr_psprintf(r->pool, "invalid Status '%s'", value);
136 r->status = statusValue;
137 - r->status_line = ap_pstrdup(r->pool, value);
138 + r->status_line = apr_pstrdup(r->pool, value);
144 hasContentType = TRUE;
146 - ap_set_content_type(r, value);
147 + apr_set_content_type(r, value);
149 - r->content_type = ap_pstrdup(r->pool, value);
150 + r->content_type = apr_pstrdup(r->pool, value);
154 @@ -750,16 +750,16 @@
155 goto DuplicateNotAllowed;
158 - ap_table_set(r->headers_out, "Location", value);
159 + apr_table_set(r->headers_out, "Location", value);
163 /* If the script wants them merged, it can do it */
164 - ap_table_add(r->err_headers_out, name, value);
165 + apr_table_add(r->err_headers_out, name, value);
169 - ap_table_add(fr->authHeaders, name, value);
170 + apr_table_add(fr->authHeaders, name, value);
175 * Who responds, this handler or Apache?
178 - const char *location = ap_table_get(r->headers_out, "Location");
179 + const char *location = apr_table_get(r->headers_out, "Location");
181 * Based on internal redirect handling in mod_cgi.c...
183 @@ -840,11 +840,11 @@
184 if ((p = strpbrk(name, "\r\n")) != NULL)
186 fr->parseHeader = SCAN_CGI_BAD_HEADER;
187 - return ap_psprintf(r->pool, "malformed header '%s'", name);
188 + return apr_psprintf(r->pool, "malformed header '%s'", name);
191 fr->parseHeader = SCAN_CGI_BAD_HEADER;
192 - return ap_psprintf(r->pool, "duplicate header '%s'", name);
193 + return apr_psprintf(r->pool, "duplicate header '%s'", name);
197 @@ -1023,9 +1023,9 @@
198 char *end = strchr(r->uri + 2, '/');
201 - *user = memcpy(ap_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1);
202 + *user = memcpy(apr_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1);
204 - *user = ap_pstrdup(r->pool, r->uri + 1);
205 + *user = apr_pstrdup(r->pool, r->uri + 1);
209 @@ -1034,8 +1034,8 @@
211 get_request_identity(r, &uid, &gid);
213 - *user = ap_psprintf(r->pool, "%ld", (long) uid);
214 - *group = ap_psprintf(r->pool, "%ld", (long) gid);
215 + *user = apr_psprintf(r->pool, "%ld", (long) uid);
216 + *group = apr_psprintf(r->pool, "%ld", (long) gid);
220 @@ -1235,7 +1235,7 @@
222 /* xxx this handle should live somewhere (see CloseHandle()s below too) */
223 char * wait_npipe_mutex_name, * cp;
224 - wait_npipe_mutex_name = cp = ap_pstrdup(rp, socket_path);
225 + wait_npipe_mutex_name = cp = apr_pstrdup(rp, socket_path);
226 while ((cp = strchr(cp, '\\'))) *cp = '/';
228 wait_npipe_mutex = CreateMutex(NULL, FALSE, wait_npipe_mutex_name);
229 @@ -2333,7 +2333,7 @@
233 - ap_register_cleanup(rp, (void *)fr, cleanup, ap_null_cleanup);
234 + apr_pool_cleanup_register(rp, (void *)fr, cleanup, apr_pool_cleanup_null);
238 @@ -2437,7 +2437,7 @@
240 pool * const p = r->pool;
242 - fcgi_request * const fr = (fcgi_request *)ap_pcalloc(p, sizeof(fcgi_request));
243 + fcgi_request * const fr = (fcgi_request *)apr_pcalloc(p, sizeof(fcgi_request));
247 @@ -2465,7 +2465,7 @@
251 - my_finfo = (struct stat *) ap_palloc(p, sizeof(struct stat));
252 + my_finfo = (struct stat *) apr_palloc(p, sizeof(struct stat));
254 if (stat(fs_path, my_finfo) < 0)
256 @@ -2494,7 +2494,7 @@
257 fr->erBufPtr = fcgi_buf_new(p, sizeof(FCGI_EndRequestBody) + 1);
258 fr->gotHeader = FALSE;
259 fr->parseHeader = SCAN_CGI_READING_HEADERS;
260 - fr->header = ap_make_array(p, 1, 1);
261 + fr->header = apr_array_make(p, 1, 1);
262 fr->fs_stderr = NULL;
264 fr->readingEndRequestBody = FALSE;
265 @@ -2507,7 +2507,7 @@
266 fr->keepReadingFromFcgiApp = TRUE;
268 fr->fs_path = fs_path;
269 - fr->authHeaders = ap_make_table(p, 10);
270 + fr->authHeaders = apr_table_make(p, 10);
272 fr->fd = INVALID_SOCKET;
273 fr->dynamic = ((fs == NULL) || (fs->directive == APP_CLASS_DYNAMIC)) ? TRUE : FALSE;
274 @@ -2571,7 +2571,7 @@
276 static int apache_is_scriptaliased(request_rec *r)
278 - const char *t = ap_table_get(r->notes, "alias-forced-type");
279 + const char *t = apr_table_get(r->notes, "alias-forced-type");
280 return t && (!strcasecmp(t, "cgi-script"));
283 @@ -2594,9 +2594,9 @@
286 r->method_number = M_GET;
287 - ap_table_unset(r->headers_in, "Content-length");
288 + apr_table_unset(r->headers_in, "Content-length");
290 - ap_internal_redirect_handler(ap_table_get(r->headers_out, "Location"), r);
291 + ap_internal_redirect_handler(apr_table_get(r->headers_out, "Location"), r);
294 case SCAN_CGI_SRV_REDIRECT:
295 @@ -2652,21 +2652,21 @@
296 if (strncasecmp(key, "Variable-", 9) == 0)
299 - ap_table_setn(t, key, val);
300 + apr_table_setn(t, key, val);
304 static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val)
306 if (strncasecmp(key, "Variable-", 9) == 0)
307 - ap_table_setn(t, key + 9, val);
308 + apr_table_setn(t, key + 9, val);
313 static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val)
315 - ap_table_setn(t, key, val);
316 + apr_table_setn(t, key, val);
320 @@ -2679,16 +2679,16 @@
323 if (fr->auth_compat) {
324 - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header,
325 + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header,
326 (void *)r->subprocess_env, fr->authHeaders, NULL);
329 - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header,
330 + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header,
331 (void *)r->subprocess_env, fr->authHeaders, NULL);
335 - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header,
336 + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header,
337 (void *)r->err_headers_out, fr->authHeaders, NULL);
340 @@ -2719,10 +2719,10 @@
343 /* Save the existing subprocess_env, because we're gonna muddy it up */
344 - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env);
345 + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env);
347 - ap_table_setn(r->subprocess_env, "REMOTE_PASSWD", password);
348 - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR");
349 + apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password);
350 + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR");
352 /* The FastCGI Protocol doesn't differentiate authentication */
353 fr->role = FCGI_AUTHORIZER;
354 @@ -2737,7 +2737,7 @@
355 post_process_auth(fr, authenticated);
357 /* A redirect shouldn't be allowed during the authentication phase */
358 - if (ap_table_get(r->headers_out, "Location") != NULL) {
359 + if (apr_table_get(r->headers_out, "Location") != NULL) {
360 ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r,
361 "FastCGI: FastCgiAuthenticator \"%s\" redirected (not allowed)",
362 dir_config->authenticator);
363 @@ -2786,9 +2786,9 @@
366 /* Save the existing subprocess_env, because we're gonna muddy it up */
367 - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env);
368 + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env);
370 - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER");
371 + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER");
373 fr->role = FCGI_AUTHORIZER;
375 @@ -2802,7 +2802,7 @@
376 post_process_auth(fr, authorized);
378 /* A redirect shouldn't be allowed during the authorization phase */
379 - if (ap_table_get(r->headers_out, "Location") != NULL) {
380 + if (apr_table_get(r->headers_out, "Location") != NULL) {
381 ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r,
382 "FastCGI: FastCgiAuthorizer \"%s\" redirected (not allowed)",
383 dir_config->authorizer);
384 @@ -2846,9 +2846,9 @@
387 /* Save the existing subprocess_env, because we're gonna muddy it up */
388 - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env);
389 + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env);
391 - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER");
392 + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER");
394 /* The FastCGI Protocol doesn't differentiate access control */
395 fr->role = FCGI_AUTHORIZER;
396 @@ -2863,7 +2863,7 @@
397 post_process_auth(fr, access_allowed);
399 /* A redirect shouldn't be allowed during the access check phase */
400 - if (ap_table_get(r->headers_out, "Location") != NULL) {
401 + if (apr_table_get(r->headers_out, "Location") != NULL) {
402 ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r,
403 "FastCGI: FastCgiAccessChecker \"%s\" redirected (not allowed)",
404 dir_config->access_checker);