Project

General

Profile

feature-322.patch

Updated patch for 1.4.35, no longer relying on con->authed_user - ckreutzer, 2016-01-09 08:24

View differences:

lighttpd-1.4.35_ck/src/mod_fastcgi.c 2016-01-08 11:56:55.842300955 +0100
1443 1443
							host->mode = FCGI_RESPONDER;
1444 1444
						} else if (strcmp(fcgi_mode->ptr, "authorizer") == 0) {
1445 1445
							host->mode = FCGI_AUTHORIZER;
1446
							if (buffer_is_empty(host->docroot)) {
1447
								log_error_write(srv, __FILE__, __LINE__, "s",
1448
										"ERROR: docroot is required for authorizer mode.");
1449
								goto error;
1450
							}
1451 1446
						} else {
1452 1447
							log_error_write(srv, __FILE__, __LINE__, "sbs",
1453 1448
									"WARNING: unknown fastcgi mode:",
......
1638 1633

  
1639 1634
static int fcgi_header(FCGI_Header * header, unsigned char type, size_t request_id, int contentLength, unsigned char paddingLength) {
1640 1635
	force_assert(contentLength <= FCGI_MAX_LENGTH);
1641
	
1636

  
1642 1637
	header->version = FCGI_VERSION_1;
1643 1638
	header->type = type;
1644 1639
	header->requestIdB0 = request_id & 0xff;
......
1707 1702
				log_error_write(srv, __FILE__, __LINE__, "sbs",
1708 1703
						"converting IP address failed for", host->host,
1709 1704
						"\nBe sure to specify an IP address here");
1710
	
1705

  
1711 1706
				return CONNECTION_DEAD;
1712 1707
			}
1713 1708
		} else {
......
2065 2060
	b->used++; /* add virtual \0 */
2066 2061
	hctx->wb->bytes_in += b->used - 1;
2067 2062

  
2068
	if (con->request.content_length) {
2063
	if (con->request.content_length && host->mode != FCGI_AUTHORIZER) {
2069 2064
		chunkqueue *req_cq = con->request_content_queue;
2070 2065
		chunk *req_c;
2071 2066
		off_t offset;
......
2367 2362
		default:
2368 2363
			break;
2369 2364
		}
2365
		if ( host->mode == FCGI_AUTHORIZER &&
2366
		     key_len > 9 &&
2367
		     0 == strncasecmp(key, CONST_STR_LEN("Variable-")) )
2368
		{
2369
			if (key_len == 20 && 0 == strncasecmp(key, CONST_STR_LEN("Variable-REMOTE_USER"))) {
2370
				if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
2371
					ds = data_response_init();
2372
				}
2373
				buffer_copy_string(ds->key, "REMOTE_USER");
2374
				buffer_copy_string(ds->value, value);
2375

  
2376
				array_insert_unique(con->environment, (data_unset *)ds);
2377
			} else {
2378
				if (NULL == (ds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
2379
					ds = data_response_init();
2380
				}
2381
				buffer_copy_string_len(ds->key, key + 9, key_len - 9);
2382
				buffer_copy_string(ds->value, value);
2383

  
2384
				array_insert_unique(con->environment, (data_unset *)ds);
2385
			}
2386
		}
2370 2387
	}
2371 2388

  
2372 2389
	if (have_sendfile2) {
......
3263 3280
				 * was processed already, and status 200 has been returned. We need
3264 3281
				 * now to handle authorized request.
3265 3282
				 */
3283
				con->http_status = 0;
3284
				if (!buffer_is_empty(host->docroot)) {
3285
					/* Serve local file if they specified a docroot */
3286
					buffer_copy_string_buffer(con->physical.doc_root, host->docroot);
3287
					buffer_copy_string_buffer(con->physical.basedir, host->docroot);
3288

  
3289
					buffer_copy_string_buffer(con->physical.path, host->docroot);
3290
					buffer_append_string_buffer(con->physical.path, con->uri.path);
3291
					fcgi_connection_close(srv, hctx);
3266 3292

  
3267
				buffer_copy_string_buffer(con->physical.doc_root, host->docroot);
3268
				buffer_copy_string_buffer(con->physical.basedir, host->docroot);
3293
					con->mode = DIRECT;
3294
					con->file_started = 1; /* fcgi_extension won't touch the request afterwards */
3295
				} else {
3296
					/* a user was authorized, set the FastCGI authorizer flag */
3297
					data_string *auth_cnt = NULL;
3298
					if (NULL == (auth_cnt = (data_string *)array_get_element(con->environment, "FastCGI-Authorizer"))) {
3299
						if (NULL == (auth_cnt = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
3300
							auth_cnt = data_response_init();
3301
						}
3302
						buffer_copy_string(auth_cnt->key, "FastCGI-Authorizer");
3303
						buffer_copy_string(auth_cnt->value, "1");
3269 3304

  
3270
				buffer_copy_string_buffer(con->physical.path, host->docroot);
3271
				buffer_append_string_buffer(con->physical.path, con->uri.path);
3272
				fcgi_connection_close(srv, hctx);
3305
						array_insert_unique(con->environment, (data_unset *)auth_cnt);
3306
					}
3273 3307

  
3274
				con->mode = DIRECT;
3275
				con->http_status = 0;
3276
				con->file_started = 1; /* fcgi_extension won't touch the request afterwards */
3308
					fcgi_connection_close(srv, hctx);
3309
					con->mode = DIRECT;
3310
					con->file_started = 0;
3311
					con->file_finished = 0;
3312
					buffer_reset(con->physical.path);
3313
				}
3277 3314
			} else {
3278 3315
				/* we are done */
3279 3316
				fcgi_connection_close(srv, hctx);
......
3504 3541
	for (k = 0; k < p->conf.ext_mapping->used; k++) {
3505 3542
		data_string *ds = (data_string *)p->conf.ext_mapping->data[k];
3506 3543
		size_t ct_len; /* length of the config entry */
3544
		data_string *auth_cnt = NULL;
3507 3545

  
3508 3546
		if (ds->key->used == 0) continue;
3509 3547

  
......
3528 3566
				/* found nothign */
3529 3567
				extension = NULL;
3530 3568
			}
3569

  
3570
			if (extension != NULL &&
3571
			    NULL != (auth_cnt = (data_string *)array_get_element(con->environment, "FastCGI-Authorizer")) &&
3572
			    extension->used > 0 &&
3573
			    extension->hosts[0]->mode == FCGI_AUTHORIZER) extension = NULL;
3574

  
3531 3575
			break;
3532 3576
		}
3533 3577
	}
......
3536 3580
		/* check if extension matches */
3537 3581
		for (k = 0; k < p->conf.exts->used; k++) {
3538 3582
			size_t ct_len; /* length of the config entry */
3583
			data_string *auth_cnt = NULL;
3539 3584
			fcgi_extension *ext = p->conf.exts->exts[k];
3540 3585

  
3586
			if (NULL != (auth_cnt = (data_string *)array_get_element(con->environment, "FastCGI-Authorizer")) &&
3587
			    ext->used > 0 &&
3588
			    ext->hosts[0]->mode == FCGI_AUTHORIZER) continue;
3589

  
3541 3590
			if (ext->key->used == 0) continue;
3542 3591

  
3543 3592
			ct_len = ext->key->used - 1;
......
3662 3711
					con->uri.path->used = 1;
3663 3712
					con->uri.path->ptr[con->uri.path->used - 1] = '\0';
3664 3713
				} else if (extension->key->ptr[0] == '/' &&
3714
					extension->key->used > 2 &&
3665 3715
					con->uri.path->used > extension->key->used &&
3666 3716
					NULL != (pathinfo = strchr(con->uri.path->ptr + extension->key->used - 1, '/'))) {
3667 3717
					/* rewrite uri.path and pathinfo */