Browse Source

[auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2892 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.33
Stefan Bühler 8 years ago
parent
commit
559b198f86
  1. 1
      NEWS
  2. 1
      src/base.h
  3. 3
      src/connections.c
  4. 4
      src/mod_accesslog.c
  5. 21
      src/mod_auth.c
  6. 5
      src/mod_cgi.c
  7. 4
      src/mod_fastcgi.c
  8. 6
      src/mod_scgi.c
  9. 5
      src/mod_ssi.c
  10. 12
      src/response.c

1
NEWS

@ -26,6 +26,7 @@ NEWS
* [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
* [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
* [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
* [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
- 1.4.32 - 2012-11-21
* Code cleanup with clang/sparse (fixes #2437, thx kibi)

1
src/base.h

@ -411,7 +411,6 @@ typedef struct {
size_t header_len;
buffer *authed_user;
array *environment; /* used to pass lighttpd internal stuff to the FastCGI/CGI apps, setenv does that */
/* response */

3
src/connections.c

@ -676,7 +676,6 @@ connection *connection_init(server *srv) {
CLEAN(physical.etag);
CLEAN(parse_request);
CLEAN(authed_user);
CLEAN(server_name);
CLEAN(error_handler);
CLEAN(dst_addr_buf);
@ -743,7 +742,6 @@ void connections_free(server *srv) {
CLEAN(physical.rel_path);
CLEAN(parse_request);
CLEAN(authed_user);
CLEAN(server_name);
CLEAN(error_handler);
CLEAN(dst_addr_buf);
@ -817,7 +815,6 @@ int connection_reset(server *srv, connection *con) {
CLEAN(parse_request);
CLEAN(authed_user);
CLEAN(server_name);
CLEAN(error_handler);
#if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT

4
src/mod_accesslog.c

@ -760,8 +760,8 @@ REQUESTDONE_FUNC(log_access_write) {
buffer_append_string_len(b, CONST_STR_LEN("-"));
break;
case FORMAT_REMOTE_USER:
if (con->authed_user->used > 1) {
buffer_append_string_buffer(b, con->authed_user);
if (NULL != (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER")) && ds->value->used > 1) {
accesslog_append_escaped(b, ds->value);
} else {
buffer_append_string_len(b, CONST_STR_LEN("-"));
}

21
src/mod_auth.c

@ -304,18 +304,25 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
} else {
/* the REMOTE_USER header */
buffer_copy_string_buffer(con->authed_user, p->auth_user);
if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) {
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
ds = data_string_init();
}
buffer_copy_string(ds->key, "REMOTE_USER");
array_insert_unique(con->environment, (data_unset *)ds);
}
buffer_copy_string_buffer(ds->value, p->auth_user);
/* AUTH_TYPE environment */
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
ds = data_string_init();
if (NULL == (ds = (data_string *)array_get_element(con->environment, "AUTH_TYPE"))) {
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
ds = data_string_init();
}
buffer_copy_string(ds->key, "AUTH_TYPE");
array_insert_unique(con->environment, (data_unset *)ds);
}
buffer_copy_string(ds->key, "AUTH_TYPE");
buffer_copy_string(ds->value, auth_type);
array_insert_unique(con->environment, (data_unset *)ds);
}
return HANDLER_GO_ON;

5
src/mod_cgi.c

@ -918,11 +918,6 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer *
);
cgi_env_add(&env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
if (!buffer_is_empty(con->authed_user)) {
cgi_env_add(&env, CONST_STR_LEN("REMOTE_USER"),
CONST_BUF_LEN(con->authed_user));
}
if (buffer_is_equal_caseless_string(con->uri.scheme, CONST_STR_LEN("https"))) {
cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
}

4
src/mod_fastcgi.c

@ -1916,10 +1916,6 @@ static int fcgi_create_env(server *srv, handler_ctx *hctx, size_t request_id) {
s = inet_ntop_cache_get_ip(srv, &(con->dst_addr));
FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)),con)
if (!buffer_is_empty(con->authed_user)) {
FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user)),con)
}
if (con->request.content_length > 0 && host->mode != FCGI_AUTHORIZER) {
/* CGI-SPEC 6.1.2 and FastCGI spec 6.3 */

6
src/mod_scgi.c

@ -1542,12 +1542,6 @@ static int scgi_create_env(server *srv, handler_ctx *hctx) {
s = inet_ntop_cache_get_ip(srv, &(con->dst_addr));
scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s));
if (!buffer_is_empty(con->authed_user)) {
scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_USER"),
CONST_BUF_LEN(con->authed_user));
}
/*
* SCRIPT_NAME, PATH_INFO and PATH_TRANSLATED according to
* http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html

5
src/mod_ssi.c

@ -276,11 +276,6 @@ static int build_ssi_cgi_vars(server *srv, connection *con, plugin_data *p) {
ssi_env_add(p->ssi_cgi_env, CONST_STRING("REMOTE_ADDR"),
inet_ntop_cache_get_ip(srv, &(con->dst_addr)));
if (con->authed_user->used) {
ssi_env_add(p->ssi_cgi_env, CONST_STRING("REMOTE_USER"),
con->authed_user->ptr);
}
if (con->request.content_length > 0) {
/* CGI-SPEC 6.1.2 and FastCGI spec 6.3 */

12
src/response.c

@ -169,11 +169,19 @@ static void https_add_ssl_entries(connection *con) {
envds->value,
(const char *)xe->value->data, xe->value->length
);
/* pick one of the exported values as "authed user", for example
/* pick one of the exported values as "REMOTE_USER", for example
* ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID" or "SSL_CLIENT_S_DN_emailAddress"
*/
if (buffer_is_equal(con->conf.ssl_verifyclient_username, envds->key)) {
buffer_copy_string_buffer(con->authed_user, envds->value);
data_string *ds;
if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) {
if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
ds = data_string_init();
}
buffer_copy_string(ds->key, "REMOTE_USER");
array_insert_unique(con->environment, (data_unset *)ds);
}
buffer_copy_string_buffer(ds->value, envds->value);
}
array_insert_unique(con->environment, (data_unset *)envds);
}

Loading…
Cancel
Save