[auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2892 152afb58-edef-0310-8abb-c4023f1b3aa9
This commit is contained in:
parent
93fd9ea7a4
commit
559b198f86
1
NEWS
1
NEWS
|
|
@ -26,6 +26,7 @@ NEWS
|
|||
* [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
|
||||
* [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
|
||||
* [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
|
||||
* [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
|
||||
|
||||
- 1.4.32 - 2012-11-21
|
||||
* Code cleanup with clang/sparse (fixes #2437, thx kibi)
|
||||
|
|
|
|||
|
|
@ -411,7 +411,6 @@ typedef struct {
|
|||
|
||||
size_t header_len;
|
||||
|
||||
buffer *authed_user;
|
||||
array *environment; /* used to pass lighttpd internal stuff to the FastCGI/CGI apps, setenv does that */
|
||||
|
||||
/* response */
|
||||
|
|
|
|||
|
|
@ -676,7 +676,6 @@ connection *connection_init(server *srv) {
|
|||
CLEAN(physical.etag);
|
||||
CLEAN(parse_request);
|
||||
|
||||
CLEAN(authed_user);
|
||||
CLEAN(server_name);
|
||||
CLEAN(error_handler);
|
||||
CLEAN(dst_addr_buf);
|
||||
|
|
@ -743,7 +742,6 @@ void connections_free(server *srv) {
|
|||
CLEAN(physical.rel_path);
|
||||
CLEAN(parse_request);
|
||||
|
||||
CLEAN(authed_user);
|
||||
CLEAN(server_name);
|
||||
CLEAN(error_handler);
|
||||
CLEAN(dst_addr_buf);
|
||||
|
|
@ -817,7 +815,6 @@ int connection_reset(server *srv, connection *con) {
|
|||
|
||||
CLEAN(parse_request);
|
||||
|
||||
CLEAN(authed_user);
|
||||
CLEAN(server_name);
|
||||
CLEAN(error_handler);
|
||||
#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT
|
||||
|
|
|
|||
|
|
@ -760,8 +760,8 @@ REQUESTDONE_FUNC(log_access_write) {
|
|||
buffer_append_string_len(b, CONST_STR_LEN("-"));
|
||||
break;
|
||||
case FORMAT_REMOTE_USER:
|
||||
if (con->authed_user->used > 1) {
|
||||
buffer_append_string_buffer(b, con->authed_user);
|
||||
if (NULL != (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER")) && ds->value->used > 1) {
|
||||
accesslog_append_escaped(b, ds->value);
|
||||
} else {
|
||||
buffer_append_string_len(b, CONST_STR_LEN("-"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -304,18 +304,25 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
|
|||
} else {
|
||||
/* the REMOTE_USER header */
|
||||
|
||||
buffer_copy_string_buffer(con->authed_user, p->auth_user);
|
||||
if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) {
|
||||
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
|
||||
ds = data_string_init();
|
||||
}
|
||||
buffer_copy_string(ds->key, "REMOTE_USER");
|
||||
array_insert_unique(con->environment, (data_unset *)ds);
|
||||
}
|
||||
buffer_copy_string_buffer(ds->value, p->auth_user);
|
||||
|
||||
/* AUTH_TYPE environment */
|
||||
|
||||
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
|
||||
ds = data_string_init();
|
||||
if (NULL == (ds = (data_string *)array_get_element(con->environment, "AUTH_TYPE"))) {
|
||||
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
|
||||
ds = data_string_init();
|
||||
}
|
||||
buffer_copy_string(ds->key, "AUTH_TYPE");
|
||||
array_insert_unique(con->environment, (data_unset *)ds);
|
||||
}
|
||||
|
||||
buffer_copy_string(ds->key, "AUTH_TYPE");
|
||||
buffer_copy_string(ds->value, auth_type);
|
||||
|
||||
array_insert_unique(con->environment, (data_unset *)ds);
|
||||
}
|
||||
|
||||
return HANDLER_GO_ON;
|
||||
|
|
|
|||
|
|
@ -918,11 +918,6 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *
|
|||
);
|
||||
cgi_env_add(&env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
|
||||
|
||||
if (!buffer_is_empty(con->authed_user)) {
|
||||
cgi_env_add(&env, CONST_STR_LEN("REMOTE_USER"),
|
||||
CONST_BUF_LEN(con->authed_user));
|
||||
}
|
||||
|
||||
if (buffer_is_equal_caseless_string(con->uri.scheme, CONST_STR_LEN("https"))) {
|
||||
cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1916,10 +1916,6 @@ static int fcgi_create_env(server *srv, handler_ctx *hctx, size_t request_id) {
|
|||
s = inet_ntop_cache_get_ip(srv, &(con->dst_addr));
|
||||
FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)),con)
|
||||
|
||||
if (!buffer_is_empty(con->authed_user)) {
|
||||
FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user)),con)
|
||||
}
|
||||
|
||||
if (con->request.content_length > 0 && host->mode != FCGI_AUTHORIZER) {
|
||||
/* CGI-SPEC 6.1.2 and FastCGI spec 6.3 */
|
||||
|
||||
|
|
|
|||
|
|
@ -1542,12 +1542,6 @@ static int scgi_create_env(server *srv, handler_ctx *hctx) {
|
|||
s = inet_ntop_cache_get_ip(srv, &(con->dst_addr));
|
||||
scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
|
||||
|
||||
if (!buffer_is_empty(con->authed_user)) {
|
||||
scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_USER"),
|
||||
CONST_BUF_LEN(con->authed_user));
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* SCRIPT_NAME, PATH_INFO and PATH_TRANSLATED according to
|
||||
* http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html
|
||||
|
|
|
|||
|
|
@ -276,11 +276,6 @@ static int build_ssi_cgi_vars(server *srv, connection *con, plugin_data *p) {
|
|||
ssi_env_add(p->ssi_cgi_env, CONST_STRING("REMOTE_ADDR"),
|
||||
inet_ntop_cache_get_ip(srv, &(con->dst_addr)));
|
||||
|
||||
if (con->authed_user->used) {
|
||||
ssi_env_add(p->ssi_cgi_env, CONST_STRING("REMOTE_USER"),
|
||||
con->authed_user->ptr);
|
||||
}
|
||||
|
||||
if (con->request.content_length > 0) {
|
||||
/* CGI-SPEC 6.1.2 and FastCGI spec 6.3 */
|
||||
|
||||
|
|
|
|||
|
|
@ -169,11 +169,19 @@ static void https_add_ssl_entries(connection *con) {
|
|||
envds->value,
|
||||
(const char *)xe->value->data, xe->value->length
|
||||
);
|
||||
/* pick one of the exported values as "authed user", for example
|
||||
/* pick one of the exported values as "REMOTE_USER", for example
|
||||
* ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID" or "SSL_CLIENT_S_DN_emailAddress"
|
||||
*/
|
||||
if (buffer_is_equal(con->conf.ssl_verifyclient_username, envds->key)) {
|
||||
buffer_copy_string_buffer(con->authed_user, envds->value);
|
||||
data_string *ds;
|
||||
if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) {
|
||||
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
|
||||
ds = data_string_init();
|
||||
}
|
||||
buffer_copy_string(ds->key, "REMOTE_USER");
|
||||
array_insert_unique(con->environment, (data_unset *)ds);
|
||||
}
|
||||
buffer_copy_string_buffer(ds->value, envds->value);
|
||||
}
|
||||
array_insert_unique(con->environment, (data_unset *)envds);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue