mod_auth_form: Make sure that get_notes_auth() sets the user as does

get_form_auth() and get_session_auth(). Makes sure that REMOTE_USER
does not vanish during mod_include driven subrequests.

trunk patch: http://svn.apache.org/viewvc?rev=1393152&view=rev
Submitted by: minfrin
Reviewed by: minfrin, jim, gsmith

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1422570 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 99d823de6c153446f633ca06091e19bd441ab360..2176926aa388ae3866fe1c28d36d05626e10115b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@
 
 Changes with Apache 2.4.4
 
+  *) mod_auth_form: Make sure that get_notes_auth() sets the user as does
+     get_form_auth() and get_session_auth(). Makes sure that REMOTE_USER
+     does not vanish during mod_include driven subrequests. [Graham
+     Leggett]
+
   *) mod_cache_disk: Resolve errors while revalidating disk-cached files on
      Windows ("...rename tempfile to datafile failed..."). PR 38827
      [Eric Covener]

diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c
index 7c305f150b99b9606f7736e0c37db59921478d8e..28045b5dbc87d79f46cd5c16452b4ce26635a20c 100644 (file)
--- a/modules/aaa/mod_auth_form.c
+++ b/modules/aaa/mod_auth_form.c
@@ -489,34 +489,40 @@ static void set_notes_auth(request_rec * r,
  * Get the auth username and password from the main request
  * notes table, if present.
  */
-static void get_notes_auth(request_rec * r,
+static void get_notes_auth(request_rec *r,
                            const char **user, const char **pw,
                            const char **method, const char **mimetype)
 {
     const char *authname;
+    request_rec *m = r;
 
     /* find the main request */
-    while (r->main) {
-        r = r->main;
+    while (m->main) {
+        m = m->main;
     }
     /* find the first redirect */
-    while (r->prev) {
-        r = r->prev;
+    while (m->prev) {
+        m = m->prev;
     }
 
     /* have we isolated the user and pw before? */
-    authname = ap_auth_name(r);
+    authname = ap_auth_name(m);
     if (user) {
-        *user = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-user", NULL));
+        *user = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-user", NULL));
     }
     if (pw) {
-        *pw = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-pw", NULL));
+        *pw = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-pw", NULL));
     }
     if (method) {
-        *method = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-method", NULL));
+        *method = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-method", NULL));
     }
     if (mimetype) {
-        *mimetype = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-mimetype", NULL));
+        *mimetype = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-mimetype", NULL));
+    }
+
+    /* set the user, even though the user is unauthenticated at this point */
+    if (user && *user) {
+        r->user = (char *) *user;
     }
 
     ap_log_rerror(APLOG_MARK, APLOG_TRACE6, 0, r,