diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c mod_fastcgi-2.4.6.apache22/mod_fastcgi.c --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c 2007-12-28 21:00:46.000000000 -0700 +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c 2007-12-28 21:00:58.000000000 -0700 @@ -82,6 +82,10 @@ #include "unixd.h" +#ifdef APACHE22 +#include "mod_auth.h" +#endif + #endif #endif @@ -2697,10 +2701,15 @@ r->status_line = NULL; } +#ifdef APACHE22 +static authn_status check_user_authentication(request_rec *r, const char *user, const char *password) +{ +#else /* !APACHE22 */ static int check_user_authentication(request_rec *r) { - int res, authenticated = 0; const char *password; +#endif + int res, authenticated = 0; fcgi_request *fr; const fcgi_dir_config * const dir_config = (const fcgi_dir_config *)ap_get_module_config(r->per_dir_config, &fastcgi_module); @@ -2708,9 +2717,11 @@ if (dir_config->authenticator == NULL) return DECLINED; - /* Get the user password */ +#ifndef APACHE22 + /* Get the user password */ if ((res = ap_get_basic_auth_pw(r, &password)) != OK) return res; +#endif /* APACHE22 */ res = create_fcgi_request(r, dir_config->authenticator, &fr); if (res) @@ -2744,6 +2755,20 @@ goto AuthenticationFailed; } +#ifdef APACHE22 + if (authenticated) + return AUTH_GRANTED; + +AuthenticationFailed: + /* @@@ Probably should support custom_responses */ + ap_note_basic_auth_failure(r); + ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, + "FastCGI: authentication failed for user \"%s\": %s", + r->user, r->uri); + + return (res == OK) ? AUTH_DENIED : AUTH_GRANTED; + +#else /* !APACHE22 */ if (authenticated) return OK; @@ -2762,6 +2787,7 @@ #endif return (res == OK) ? HTTP_UNAUTHORIZED : res; +#endif /* !APACHE22 */ } static int check_user_authorization(request_rec *r) @@ -2955,16 +2981,31 @@ #ifdef APACHE2 +#ifdef APACHE22 +static const authn_provider authn_fastcgi_provider = +{ + &check_user_authentication, + NULL, +}; +#endif /* APACHE22 */ + + static void register_hooks(apr_pool_t * p) { /* ap_hook_pre_config(x_pre_config, NULL, NULL, APR_HOOK_MIDDLE); */ ap_hook_post_config(init_module, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_child_init(fcgi_child_init, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_handler(content_handler, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(check_access, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker(check_user_authorization, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_fixups(fixups, NULL, NULL, APR_HOOK_MIDDLE); +#ifdef APACHE22 + ap_register_provider(p, AUTHN_PROVIDER_GROUP, "fastcgi", "0", + &authn_fastcgi_provider); +#else + ap_hook_check_user_id(check_user_authentication, NULL, NULL, APR_HOOK_MIDDLE); +#endif + } module AP_MODULE_DECLARE_DATA fastcgi_module = diff -Nur mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig --- mod_fastcgi-2.4.6.orig/mod_fastcgi.c.orig 2007-11-12 16:00:10.000000000 -0700 +++ mod_fastcgi-2.4.6.apache22/mod_fastcgi.c.orig 2007-12-28 21:00:46.000000000 -0700 @@ -268,7 +268,7 @@ /* Register to reset to default values when the config pool is cleaned */ ap_block_alarms(); - ap_register_cleanup(p, NULL, fcgi_config_reset_globals, ap_null_cleanup); + apr_pool_cleanup_register(p, NULL, fcgi_config_reset_globals, apr_pool_cleanup_null); ap_unblock_alarms(); #ifdef APACHE2 @@ -286,7 +286,7 @@ #ifdef WIN32 if (fcgi_socket_dir == NULL) fcgi_socket_dir = DEFAULT_SOCK_DIR; - fcgi_dynamic_dir = ap_pstrcat(p, fcgi_socket_dir, "dynamic", NULL); + fcgi_dynamic_dir = apr_pstrcat(p, fcgi_socket_dir, "dynamic", NULL); #else if (fcgi_socket_dir == NULL) @@ -723,11 +723,11 @@ } if (statusValue < 0) { fr->parseHeader = SCAN_CGI_BAD_HEADER; - return ap_psprintf(r->pool, "invalid Status '%s'", value); + return apr_psprintf(r->pool, "invalid Status '%s'", value); } hasStatus = TRUE; r->status = statusValue; - r->status_line = ap_pstrdup(r->pool, value); + r->status_line = apr_pstrdup(r->pool, value); continue; } @@ -738,9 +738,9 @@ } hasContentType = TRUE; #ifdef APACHE2 - ap_set_content_type(r, value); + apr_set_content_type(r, value); #else - r->content_type = ap_pstrdup(r->pool, value); + r->content_type = apr_pstrdup(r->pool, value); #endif continue; } @@ -750,16 +750,16 @@ goto DuplicateNotAllowed; } hasLocation = TRUE; - ap_table_set(r->headers_out, "Location", value); + apr_table_set(r->headers_out, "Location", value); continue; } /* If the script wants them merged, it can do it */ - ap_table_add(r->err_headers_out, name, value); + apr_table_add(r->err_headers_out, name, value); continue; } else { - ap_table_add(fr->authHeaders, name, value); + apr_table_add(fr->authHeaders, name, value); } } @@ -770,7 +770,7 @@ * Who responds, this handler or Apache? */ if (hasLocation) { - const char *location = ap_table_get(r->headers_out, "Location"); + const char *location = apr_table_get(r->headers_out, "Location"); /* * Based on internal redirect handling in mod_cgi.c... * @@ -840,11 +840,11 @@ if ((p = strpbrk(name, "\r\n")) != NULL) *p = '\0'; fr->parseHeader = SCAN_CGI_BAD_HEADER; - return ap_psprintf(r->pool, "malformed header '%s'", name); + return apr_psprintf(r->pool, "malformed header '%s'", name); DuplicateNotAllowed: fr->parseHeader = SCAN_CGI_BAD_HEADER; - return ap_psprintf(r->pool, "duplicate header '%s'", name); + return apr_psprintf(r->pool, "duplicate header '%s'", name); } /* @@ -1023,9 +1023,9 @@ char *end = strchr(r->uri + 2, '/'); if (end) - *user = memcpy(ap_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1); + *user = memcpy(apr_pcalloc(r->pool, end - r->uri), r->uri + 1, end - r->uri - 1); else - *user = ap_pstrdup(r->pool, r->uri + 1); + *user = apr_pstrdup(r->pool, r->uri + 1); *group = "-"; } else { @@ -1034,8 +1034,8 @@ get_request_identity(r, &uid, &gid); - *user = ap_psprintf(r->pool, "%ld", (long) uid); - *group = ap_psprintf(r->pool, "%ld", (long) gid); + *user = apr_psprintf(r->pool, "%ld", (long) uid); + *group = apr_psprintf(r->pool, "%ld", (long) gid); } } @@ -1235,7 +1235,7 @@ { /* xxx this handle should live somewhere (see CloseHandle()s below too) */ char * wait_npipe_mutex_name, * cp; - wait_npipe_mutex_name = cp = ap_pstrdup(rp, socket_path); + wait_npipe_mutex_name = cp = apr_pstrdup(rp, socket_path); while ((cp = strchr(cp, '\\'))) *cp = '/'; wait_npipe_mutex = CreateMutex(NULL, FALSE, wait_npipe_mutex_name); @@ -2333,7 +2333,7 @@ } ap_block_alarms(); - ap_register_cleanup(rp, (void *)fr, cleanup, ap_null_cleanup); + apr_pool_cleanup_register(rp, (void *)fr, cleanup, apr_pool_cleanup_null); ap_unblock_alarms(); #ifdef WIN32 @@ -2437,7 +2437,7 @@ const char *fs_path; pool * const p = r->pool; fcgi_server *fs; - fcgi_request * const fr = (fcgi_request *)ap_pcalloc(p, sizeof(fcgi_request)); + fcgi_request * const fr = (fcgi_request *)apr_pcalloc(p, sizeof(fcgi_request)); uid_t uid; gid_t gid; @@ -2465,7 +2465,7 @@ else #endif { - my_finfo = (struct stat *) ap_palloc(p, sizeof(struct stat)); + my_finfo = (struct stat *) apr_palloc(p, sizeof(struct stat)); if (stat(fs_path, my_finfo) < 0) { @@ -2494,7 +2494,7 @@ fr->erBufPtr = fcgi_buf_new(p, sizeof(FCGI_EndRequestBody) + 1); fr->gotHeader = FALSE; fr->parseHeader = SCAN_CGI_READING_HEADERS; - fr->header = ap_make_array(p, 1, 1); + fr->header = apr_array_make(p, 1, 1); fr->fs_stderr = NULL; fr->r = r; fr->readingEndRequestBody = FALSE; @@ -2507,7 +2507,7 @@ fr->keepReadingFromFcgiApp = TRUE; fr->fs = fs; fr->fs_path = fs_path; - fr->authHeaders = ap_make_table(p, 10); + fr->authHeaders = apr_table_make(p, 10); #ifdef WIN32 fr->fd = INVALID_SOCKET; fr->dynamic = ((fs == NULL) || (fs->directive == APP_CLASS_DYNAMIC)) ? TRUE : FALSE; @@ -2571,7 +2571,7 @@ */ static int apache_is_scriptaliased(request_rec *r) { - const char *t = ap_table_get(r->notes, "alias-forced-type"); + const char *t = apr_table_get(r->notes, "alias-forced-type"); return t && (!strcasecmp(t, "cgi-script")); } @@ -2594,9 +2594,9 @@ */ r->method = "GET"; r->method_number = M_GET; - ap_table_unset(r->headers_in, "Content-length"); + apr_table_unset(r->headers_in, "Content-length"); - ap_internal_redirect_handler(ap_table_get(r->headers_out, "Location"), r); + ap_internal_redirect_handler(apr_table_get(r->headers_out, "Location"), r); return OK; case SCAN_CGI_SRV_REDIRECT: @@ -2652,21 +2652,21 @@ if (strncasecmp(key, "Variable-", 9) == 0) key += 9; - ap_table_setn(t, key, val); + apr_table_setn(t, key, val); return 1; } static int post_process_auth_passed_compat_header(table *t, const char *key, const char * const val) { if (strncasecmp(key, "Variable-", 9) == 0) - ap_table_setn(t, key + 9, val); + apr_table_setn(t, key + 9, val); return 1; } static int post_process_auth_failed_header(table * const t, const char * const key, const char * const val) { - ap_table_setn(t, key, val); + apr_table_setn(t, key, val); return 1; } @@ -2679,16 +2679,16 @@ if (passed) { if (fr->auth_compat) { - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header, + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_compat_header, (void *)r->subprocess_env, fr->authHeaders, NULL); } else { - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header, + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_passed_header, (void *)r->subprocess_env, fr->authHeaders, NULL); } } else { - ap_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header, + apr_table_do((int (*)(void *, const char *, const char *))post_process_auth_failed_header, (void *)r->err_headers_out, fr->authHeaders, NULL); } @@ -2719,10 +2719,10 @@ } /* Save the existing subprocess_env, because we're gonna muddy it up */ - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); - ap_table_setn(r->subprocess_env, "REMOTE_PASSWD", password); - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR"); + apr_table_setn(r->subprocess_env, "REMOTE_PASSWD", password); + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHENTICATOR"); /* The FastCGI Protocol doesn't differentiate authentication */ fr->role = FCGI_AUTHORIZER; @@ -2737,7 +2737,7 @@ post_process_auth(fr, authenticated); /* A redirect shouldn't be allowed during the authentication phase */ - if (ap_table_get(r->headers_out, "Location") != NULL) { + if (apr_table_get(r->headers_out, "Location") != NULL) { ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, "FastCGI: FastCgiAuthenticator \"%s\" redirected (not allowed)", dir_config->authenticator); @@ -2786,9 +2786,9 @@ } /* Save the existing subprocess_env, because we're gonna muddy it up */ - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER"); + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "AUTHORIZER"); fr->role = FCGI_AUTHORIZER; @@ -2802,7 +2802,7 @@ post_process_auth(fr, authorized); /* A redirect shouldn't be allowed during the authorization phase */ - if (ap_table_get(r->headers_out, "Location") != NULL) { + if (apr_table_get(r->headers_out, "Location") != NULL) { ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, "FastCGI: FastCgiAuthorizer \"%s\" redirected (not allowed)", dir_config->authorizer); @@ -2846,9 +2846,9 @@ } /* Save the existing subprocess_env, because we're gonna muddy it up */ - fr->saved_subprocess_env = ap_copy_table(r->pool, r->subprocess_env); + fr->saved_subprocess_env = apr_table_copy(r->pool, r->subprocess_env); - ap_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER"); + apr_table_setn(r->subprocess_env, "FCGI_APACHE_ROLE", "ACCESS_CHECKER"); /* The FastCGI Protocol doesn't differentiate access control */ fr->role = FCGI_AUTHORIZER; @@ -2863,7 +2863,7 @@ post_process_auth(fr, access_allowed); /* A redirect shouldn't be allowed during the access check phase */ - if (ap_table_get(r->headers_out, "Location") != NULL) { + if (apr_table_get(r->headers_out, "Location") != NULL) { ap_log_rerror(FCGI_LOG_ERR_NOERRNO, r, "FastCGI: FastCgiAccessChecker \"%s\" redirected (not allowed)", dir_config->access_checker);