From 48dd09236f0ab35d31f54c8b707216f34e623ebf Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Sun, 16 Dec 2012 12:38:45 +0000 Subject: [PATCH] mod_auth_form: Make sure that get_notes_auth() sets the user as does get_form_auth() and get_session_auth(). Makes sure that REMOTE_USER does not vanish during mod_include driven subrequests. trunk patch: http://svn.apache.org/viewvc?rev=1393152&view=rev Submitted by: minfrin Reviewed by: minfrin, jim, gsmith git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1422570 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ modules/aaa/mod_auth_form.c | 26 ++++++++++++++++---------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 99d823de6c..2176926aa3 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.4.4 + *) mod_auth_form: Make sure that get_notes_auth() sets the user as does + get_form_auth() and get_session_auth(). Makes sure that REMOTE_USER + does not vanish during mod_include driven subrequests. [Graham + Leggett] + *) mod_cache_disk: Resolve errors while revalidating disk-cached files on Windows ("...rename tempfile to datafile failed..."). PR 38827 [Eric Covener] diff --git a/modules/aaa/mod_auth_form.c b/modules/aaa/mod_auth_form.c index 7c305f150b..28045b5dbc 100644 --- a/modules/aaa/mod_auth_form.c +++ b/modules/aaa/mod_auth_form.c @@ -489,34 +489,40 @@ static void set_notes_auth(request_rec * r, * Get the auth username and password from the main request * notes table, if present. */ -static void get_notes_auth(request_rec * r, +static void get_notes_auth(request_rec *r, const char **user, const char **pw, const char **method, const char **mimetype) { const char *authname; + request_rec *m = r; /* find the main request */ - while (r->main) { - r = r->main; + while (m->main) { + m = m->main; } /* find the first redirect */ - while (r->prev) { - r = r->prev; + while (m->prev) { + m = m->prev; } /* have we isolated the user and pw before? */ - authname = ap_auth_name(r); + authname = ap_auth_name(m); if (user) { - *user = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-user", NULL)); + *user = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-user", NULL)); } if (pw) { - *pw = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-pw", NULL)); + *pw = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-pw", NULL)); } if (method) { - *method = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-method", NULL)); + *method = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-method", NULL)); } if (mimetype) { - *mimetype = (char *) apr_table_get(r->notes, apr_pstrcat(r->pool, authname, "-mimetype", NULL)); + *mimetype = (char *) apr_table_get(m->notes, apr_pstrcat(m->pool, authname, "-mimetype", NULL)); + } + + /* set the user, even though the user is unauthenticated at this point */ + if (user && *user) { + r->user = (char *) *user; } ap_log_rerror(APLOG_MARK, APLOG_TRACE6, 0, r, -- 2.50.1