From 559b198f862903885b0e54a12aa9ac31d9721002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Fri, 30 Aug 2013 13:14:52 +0000 Subject: [PATCH] [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Stefan Bühler git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2892 152afb58-edef-0310-8abb-c4023f1b3aa9 --- NEWS | 1 + src/base.h | 1 - src/connections.c | 3 --- src/mod_accesslog.c | 4 ++-- src/mod_auth.c | 21 ++++++++++++++------- src/mod_cgi.c | 5 ----- src/mod_fastcgi.c | 4 ---- src/mod_scgi.c | 6 ------ src/mod_ssi.c | 5 ----- src/response.c | 12 ++++++++++-- 10 files changed, 27 insertions(+), 35 deletions(-) diff --git a/NEWS b/NEWS index 24e3e370..1ea4ab79 100644 --- a/NEWS +++ b/NEWS @@ -26,6 +26,7 @@ NEWS * [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) * [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) * [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) + * [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) - 1.4.32 - 2012-11-21 * Code cleanup with clang/sparse (fixes #2437, thx kibi) diff --git a/src/base.h b/src/base.h index 1dcaaeed..66710f1b 100644 --- a/src/base.h +++ b/src/base.h @@ -411,7 +411,6 @@ typedef struct { size_t header_len; - buffer *authed_user; array *environment; /* used to pass lighttpd internal stuff to the FastCGI/CGI apps, setenv does that */ /* response */ diff --git a/src/connections.c b/src/connections.c index b478fd52..8a2774dc 100644 --- a/src/connections.c +++ b/src/connections.c @@ -676,7 +676,6 @@ connection *connection_init(server *srv) { CLEAN(physical.etag); CLEAN(parse_request); - CLEAN(authed_user); CLEAN(server_name); CLEAN(error_handler); CLEAN(dst_addr_buf); @@ -743,7 +742,6 @@ void connections_free(server *srv) { CLEAN(physical.rel_path); CLEAN(parse_request); - CLEAN(authed_user); CLEAN(server_name); CLEAN(error_handler); CLEAN(dst_addr_buf); @@ -817,7 +815,6 @@ int connection_reset(server *srv, connection *con) { CLEAN(parse_request); - CLEAN(authed_user); CLEAN(server_name); CLEAN(error_handler); #if defined USE_OPENSSL && ! defined OPENSSL_NO_TLSEXT diff --git a/src/mod_accesslog.c b/src/mod_accesslog.c index a5f1dcfc..9df0e4e7 100644 --- a/src/mod_accesslog.c +++ b/src/mod_accesslog.c @@ -760,8 +760,8 @@ REQUESTDONE_FUNC(log_access_write) { buffer_append_string_len(b, CONST_STR_LEN("-")); break; case FORMAT_REMOTE_USER: - if (con->authed_user->used > 1) { - buffer_append_string_buffer(b, con->authed_user); + if (NULL != (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER")) && ds->value->used > 1) { + accesslog_append_escaped(b, ds->value); } else { buffer_append_string_len(b, CONST_STR_LEN("-")); } diff --git a/src/mod_auth.c b/src/mod_auth.c index d9818927..3fa00bc6 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -304,18 +304,25 @@ static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) { } else { /* the REMOTE_USER header */ - buffer_copy_string_buffer(con->authed_user, p->auth_user); + if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) { + if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) { + ds = data_string_init(); + } + buffer_copy_string(ds->key, "REMOTE_USER"); + array_insert_unique(con->environment, (data_unset *)ds); + } + buffer_copy_string_buffer(ds->value, p->auth_user); /* AUTH_TYPE environment */ - if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) { - ds = data_string_init(); + if (NULL == (ds = (data_string *)array_get_element(con->environment, "AUTH_TYPE"))) { + if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) { + ds = data_string_init(); + } + buffer_copy_string(ds->key, "AUTH_TYPE"); + array_insert_unique(con->environment, (data_unset *)ds); } - - buffer_copy_string(ds->key, "AUTH_TYPE"); buffer_copy_string(ds->value, auth_type); - - array_insert_unique(con->environment, (data_unset *)ds); } return HANDLER_GO_ON; diff --git a/src/mod_cgi.c b/src/mod_cgi.c index 4a0d6416..fad5d5bd 100644 --- a/src/mod_cgi.c +++ b/src/mod_cgi.c @@ -918,11 +918,6 @@ static int cgi_create_env(server *srv, connection *con, plugin_data *p, buffer * ); cgi_env_add(&env, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf)); - if (!buffer_is_empty(con->authed_user)) { - cgi_env_add(&env, CONST_STR_LEN("REMOTE_USER"), - CONST_BUF_LEN(con->authed_user)); - } - if (buffer_is_equal_caseless_string(con->uri.scheme, CONST_STR_LEN("https"))) { cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); } diff --git a/src/mod_fastcgi.c b/src/mod_fastcgi.c index 452dfb9f..bcd36a23 100644 --- a/src/mod_fastcgi.c +++ b/src/mod_fastcgi.c @@ -1916,10 +1916,6 @@ static int fcgi_create_env(server *srv, handler_ctx *hctx, size_t request_id) { s = inet_ntop_cache_get_ip(srv, &(con->dst_addr)); FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)),con) - if (!buffer_is_empty(con->authed_user)) { - FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("REMOTE_USER"), CONST_BUF_LEN(con->authed_user)),con) - } - if (con->request.content_length > 0 && host->mode != FCGI_AUTHORIZER) { /* CGI-SPEC 6.1.2 and FastCGI spec 6.3 */ diff --git a/src/mod_scgi.c b/src/mod_scgi.c index 5bfec5c9..4c782ccd 100644 --- a/src/mod_scgi.c +++ b/src/mod_scgi.c @@ -1542,12 +1542,6 @@ static int scgi_create_env(server *srv, handler_ctx *hctx) { s = inet_ntop_cache_get_ip(srv, &(con->dst_addr)); scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_ADDR"), s, strlen(s)); - if (!buffer_is_empty(con->authed_user)) { - scgi_env_add(p->scgi_env, CONST_STR_LEN("REMOTE_USER"), - CONST_BUF_LEN(con->authed_user)); - } - - /* * SCRIPT_NAME, PATH_INFO and PATH_TRANSLATED according to * http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html diff --git a/src/mod_ssi.c b/src/mod_ssi.c index 897f49ea..1d77a7b9 100644 --- a/src/mod_ssi.c +++ b/src/mod_ssi.c @@ -276,11 +276,6 @@ static int build_ssi_cgi_vars(server *srv, connection *con, plugin_data *p) { ssi_env_add(p->ssi_cgi_env, CONST_STRING("REMOTE_ADDR"), inet_ntop_cache_get_ip(srv, &(con->dst_addr))); - if (con->authed_user->used) { - ssi_env_add(p->ssi_cgi_env, CONST_STRING("REMOTE_USER"), - con->authed_user->ptr); - } - if (con->request.content_length > 0) { /* CGI-SPEC 6.1.2 and FastCGI spec 6.3 */ diff --git a/src/response.c b/src/response.c index efb09373..0875efd8 100644 --- a/src/response.c +++ b/src/response.c @@ -169,11 +169,19 @@ static void https_add_ssl_entries(connection *con) { envds->value, (const char *)xe->value->data, xe->value->length ); - /* pick one of the exported values as "authed user", for example + /* pick one of the exported values as "REMOTE_USER", for example * ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID" or "SSL_CLIENT_S_DN_emailAddress" */ if (buffer_is_equal(con->conf.ssl_verifyclient_username, envds->key)) { - buffer_copy_string_buffer(con->authed_user, envds->value); + data_string *ds; + if (NULL == (ds = (data_string *)array_get_element(con->environment, "REMOTE_USER"))) { + if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) { + ds = data_string_init(); + } + buffer_copy_string(ds->key, "REMOTE_USER"); + array_insert_unique(con->environment, (data_unset *)ds); + } + buffer_copy_string_buffer(ds->value, envds->value); } array_insert_unique(con->environment, (data_unset *)envds); }