mod_auth_form: Make sure the logged in user is populated correctly

after a form login. Fixes a missing REMOTE_USER variable directly
following a login.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@690493 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index e9f636bb21bc66a4b447d4339c6419babac62ebd..ccbecc42dfccbe1f17dcc3011a4fd2b7854856b7 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_auth_form: Make sure the logged in user is populated correctly
+     after a form login. Fixes a missing REMOTE_USER variable directly
+     following a login. [Graham Leggett]
+
   *) mod_session_cookie: Make sure that cookie attributes are correctly
      included in the blank cookie when cookies are removed. This fixes an
      inability to log out when using mod_auth_form. [Graham Leggett]

diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c
index 1d34f154610ed2944d7e0f62e38135d1c1af81e1..61bae23939115f49a725904f785a2fbcd9e3a479 100644 (file)
--- a/modules/aaa/mod_auth_form.c
+++ b/modules/aaa/mod_auth_form.c
@@ -941,6 +941,11 @@ static int authenticate_form_authn(request_rec * r)
                            &sent_user, &sent_pw, &sent_loc, &sent_method,
                            &sent_mimetype, &sent_body, conf);
 
+        /* make sure any user detected within the subrequest is saved back to
+         * the main request.
+         */
+        r->user = rr->user;
+
         /* insert the kept_body filter on the main request to guarantee the
          * input filter stack cannot be read a second time, optionally inject
          * a saved body if one was specified in the login form.