From: Graham Leggett <minfrin@apache.org>
Date: Sun, 16 Dec 2012 12:38:45 +0000 (+0000)
Subject: mod_auth_form: Make sure that get_notes_auth() sets the user as does
X-Git-Tag: 2.4.4~279
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=48dd09236f0ab35d31f54c8b707216f34e623ebf;p=apache

mod_auth_form: Make sure that get_notes_auth() sets the user as does
get_form_auth() and get_session_auth(). Makes sure that REMOTE_USER
does not vanish during mod_include driven subrequests.

trunk patch: http://svn.apache.org/viewvc?rev=1393152&view=rev
Submitted by: minfrin
Reviewed by: minfrin, jim, gsmith



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1422570 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 99d823de6c..2176926aa3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@
 
 Changes with Apache 2.4.4
 
+  *) mod_auth_form: Make sure that get_notes_auth() sets the user as does
+     get_form_auth() and get_session_auth(). Makes sure that REMOTE_USER
+     does not vanish during mod_include driven subrequests. [Graham
+     Leggett]
+
   *) mod_cache_disk: Resolve errors while revalidating disk-cached files on
      Windows ("...rename tempfile to datafile failed..."). PR 38827
      [Eric Covener]
diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c
index 7c305f150b..28045b5dbc 100644
--- a/modules/aaa/mod_auth_form.c
+++ b/modules/aaa/mod_auth_form.c
@@ -489,34 +489,40 @@ static void set_notes_auth(request_rec * r,
  * Get the auth username and password from the main request
  * notes table, if present.
  */
-static void get_notes_auth(request_rec * r,
+static void get_notes_auth(request_rec *r,
                            const char **user, const char **pw,
                            const char **method, const char **mimetype)
 {
     const char *authname;
+    request_rec *m = r;
 
     /* find the main request */
-    while (r->main) {
-        r = r->main;
+    while (m->main) {
+        m = m->main;
     }
     /* find the first redirect */
-    while (r->prev) {
-        r = r->prev;
+    while (m->prev) {
+        m = m->prev;
     }
 
     /* have we isolated the user and pw before? */
-    authname = ap_auth_name(r);
+    authname = ap_auth_name(m);
     if (user) {
-        *user = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-user", NULL));
+        *user = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-user", NULL));
     }
     if (pw) {
-        *pw = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-pw", NULL));
+        *pw = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-pw", NULL));
     }
     if (method) {
-        *method = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-method", NULL));
+        *method = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-method", NULL));
     }
     if (mimetype) {
-        *mimetype = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-mimetype", NULL));
+        *mimetype = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-mimetype", NULL));
+    }
+
+    /* set the user, even though the user is unauthenticated at this point */
+    if (user && *user) {
+        r->user = (char *) *user;
     }
 
     ap_log_rerror(APLOG_MARK, APLOG_TRACE6, 0, r,