ben 00/01/11 06:13:50
Modified: src CHANGES
src/include httpd.h
src/main http_core.c http_protocol.c http_request.c
src/modules/proxy mod_proxy.c mod_proxy.h proxy_ftp.c
proxy_http.c proxy_util.c
src/modules/standard mod_mime.c
Log:
Don't convert auth to proxy auth when it shouldn't be.
Revision Changes Path
1.1491 +4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1490
retrieving revision 1.1491
diff -u -r1.1490 -r1.1491
--- CHANGES 2000/01/10 21:33:06 1.1490
+++ CHANGES 2000/01/11 14:13:37 1.1491
@@ -1,5 +1,9 @@
Changes with Apache 1.3.10
+ *) ProxyPass erroneously converted authentication requests to proxy
+ authentication requests. Fixed.
+ [Ben Laurie]
+
*) Reverse a patch which broke HPUX shared builds. Basically
we comment out the SHLIB_SUFFIX_NAME=sl line in Configure.
[Ryan Bloom]
1.298 +7 -1 apache-1.3/src/include/httpd.h
Index: httpd.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
retrieving revision 1.297
retrieving revision 1.298
diff -u -r1.297 -r1.298
--- httpd.h 1999/12/09 12:05:02 1.297
+++ httpd.h 2000/01/11 14:13:39 1.298
@@ -658,6 +658,12 @@
#include "util_uri.h"
+enum proxyreqtype {
+ NOT_PROXY=0,
+ STD_PROXY,
+ PROXY_PASS
+};
+
struct request_rec {
ap_pool *pool;
@@ -681,7 +687,7 @@
char *the_request; /* First line of request, so we can log
it */
int assbackwards; /* HTTP/0.9, "simple" request */
- int proxyreq; /* A proxy request (calculated during
+ enum proxyreqtype proxyreq;/* A proxy request (calculated during
* post_read_request or translate_name) */
int header_only; /* HEAD request, as opposed to GET */
char *protocol; /* Protocol, as given to us, or HTTP/0.9 */
1.277 +1 -1 apache-1.3/src/main/http_core.c
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_core.c,v
retrieving revision 1.276
retrieving revision 1.277
diff -u -r1.276 -r1.277
--- http_core.c 1999/12/21 07:52:55 1.276
+++ http_core.c 2000/01/11 14:13:40 1.277
@@ -2956,7 +2956,7 @@
void *sconf = r->server->module_config;
core_server_config *conf = ap_get_module_config(sconf, &core_module);
- if (r->proxyreq) {
+ if (r->proxyreq != NOT_PROXY) {
return HTTP_FORBIDDEN;
}
if ((r->uri[0] != '/') && strcmp(r->uri, "*")) {
1.286 +8 -5 apache-1.3/src/main/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.285
retrieving revision 1.286
diff -u -r1.285 -r1.286
--- http_protocol.c 2000/01/04 10:20:39 1.285
+++ http_protocol.c 2000/01/11 14:13:41 1.286
@@ -1162,7 +1162,8 @@
ap_note_auth_failure(r);
else
ap_table_setn(r->err_headers_out,
- r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+ r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
+ : "WWW-Authenticate",
ap_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r),
"\"",
NULL));
}
@@ -1170,7 +1171,8 @@
API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r)
{
ap_table_setn(r->err_headers_out,
- r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+ r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
+ : "WWW-Authenticate",
ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%lu\"",
ap_auth_name(r), r->request_time));
}
@@ -1178,8 +1180,9 @@
API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
{
const char *auth_line = ap_table_get(r->headers_in,
- r->proxyreq ? "Proxy-Authorization"
- : "Authorization");
+ r->proxyreq == STD_PROXY
+ ? "Proxy-Authorization"
+ : "Authorization");
const char *t;
if (!(t = ap_auth_type(r)) || strcasecmp(t, "Basic"))
@@ -1352,7 +1355,7 @@
/* mod_proxy is only HTTP/1.0, so avoid sending HTTP/1.1 error response;
* kluge around broken browsers when indicated by force-response-1.0
*/
- if (r->proxyreq
+ if (r->proxyreq != NOT_PROXY
|| (r->proto_num == HTTP_VERSION(1,0)
&& ap_table_get(r->subprocess_env, "force-response-1.0"))) {
1.152 +7 -6 apache-1.3/src/main/http_request.c
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_request.c,v
retrieving revision 1.151
retrieving revision 1.152
diff -u -r1.151 -r1.152
--- http_request.c 1999/11/09 18:02:19 1.151
+++ http_request.c 2000/01/11 14:13:41 1.152
@@ -983,7 +983,7 @@
* about proxy authentication. They treat it like normal auth, and then
* we tweak the status.
*/
- if (r->status == AUTH_REQUIRED && r->proxyreq) {
+ if (r->status == AUTH_REQUIRED && r->proxyreq == STD_PROXY) {
r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
}
@@ -1088,7 +1088,7 @@
int access_status;
/* Ignore embedded %2F's in path for proxy requests */
- if (!r->proxyreq && r->parsed_uri.path) {
+ if (r->proxyreq == NOT_PROXY && r->parsed_uri.path) {
access_status = ap_unescape_url(r->parsed_uri.path);
if (access_status) {
ap_die(access_status, r);
@@ -1108,7 +1108,7 @@
return;
}
- if (!r->proxyreq) {
+ if (r->proxyreq == NOT_PROXY) {
/*
* We don't want TRACE to run through the normal handler set, we
* handle it specially.
@@ -1176,8 +1176,9 @@
case SATISFY_ANY:
if (((access_status = ap_check_access(r)) != 0) || !ap_auth_type(r))
{
if (!ap_some_auth_required(r)) {
- decl_die(access_status ? access_status :
HTTP_INTERNAL_SERVER_ERROR, ap_auth_type(r)
- ? "check access"
+ decl_die(access_status ? access_status :
+ HTTP_INTERNAL_SERVER_ERROR,
+ ap_auth_type(r) ? "check access"
: "perform authentication. AuthType not set!", r);
return;
}
@@ -1197,7 +1198,7 @@
break;
}
- if (! (r->proxyreq
+ if (! (r->proxyreq != NOT_PROXY
&& r->parsed_uri.scheme != NULL
&& strcmp(r->parsed_uri.scheme, "http") == 0) ) {
if ((access_status = ap_find_types(r)) != 0) {
1.68 +8 -8 apache-1.3/src/modules/proxy/mod_proxy.c
Index: mod_proxy.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/mod_proxy.c,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- mod_proxy.c 1999/10/21 20:45:01 1.67
+++ mod_proxy.c 2000/01/11 14:13:43 1.68
@@ -153,7 +153,7 @@
&& !strcasecmp(r->parsed_uri.scheme, ap_http_method(r))
&& ap_matches_request_vhost(r, r->parsed_uri.hostname,
r->parsed_uri.port_str ? r->parsed_uri.port :
ap_default_port(r)))) {
- r->proxyreq = 1;
+ r->proxyreq = STD_PROXY;
r->uri = r->unparsed_uri;
r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL);
r->handler = "proxy-server";
@@ -163,7 +163,7 @@
else if (conf->req && r->method_number == M_CONNECT
&& r->parsed_uri.hostname
&& r->parsed_uri.port_str) {
- r->proxyreq = 1;
+ r->proxyreq = STD_PROXY;
r->uri = r->unparsed_uri;
r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL);
r->handler = "proxy-server";
@@ -179,7 +179,7 @@
int i, len;
struct proxy_alias *ent = (struct proxy_alias *) conf->aliases->elts;
- if (r->proxyreq) {
+ if (r->proxyreq != NOT_PROXY) {
/* someone has already set up the proxy, it was possibly ourselves
* in proxy_detect
*/
@@ -198,7 +198,7 @@
r->filename = ap_pstrcat(r->pool, "proxy:", ent[i].real,
r->uri + len, NULL);
r->handler = "proxy-server";
- r->proxyreq = 1;
+ r->proxyreq = PROXY_PASS;
return OK;
}
}
@@ -215,7 +215,7 @@
{
char *url, *p;
- if (!r->proxyreq || strncmp(r->filename, "proxy:", 6) != 0)
+ if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0)
return DECLINED;
url = &r->filename[6];
@@ -252,7 +252,7 @@
const char *ref;
/* We only want to worry about GETs */
- if (!r->proxyreq || r->method_number != M_GET || !r->parsed_uri.hostname)
+ if (r->proxyreq == NOT_PROXY || r->method_number != M_GET ||
!r->parsed_uri.hostname)
return DECLINED;
/* If host does contain a dot already, or it is "localhost", decline */
@@ -296,7 +296,7 @@
int direct_connect = 0;
const char *maxfwd_str;
- if (!r->proxyreq || strncmp(r->filename, "proxy:", 6) != 0)
+ if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0)
return DECLINED;
if (r->method_number == M_TRACE &&
@@ -304,7 +304,7 @@
int maxfwd = strtol(maxfwd_str, NULL, 10);
if (maxfwd < 1) {
int access_status;
- r->proxyreq = 0;
+ r->proxyreq = NOT_PROXY;
if ((access_status = ap_send_http_trace(r)))
ap_die(access_status, r);
else
1.46 +1 -1 apache-1.3/src/modules/proxy/mod_proxy.h
Index: mod_proxy.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/mod_proxy.h,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- mod_proxy.h 1999/12/09 12:05:06 1.45
+++ mod_proxy.h 2000/01/11 14:13:44 1.46
@@ -293,7 +293,7 @@
int ap_proxy_hex2c(const char *x);
void ap_proxy_c2hex(int ch, char *x);
char *ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t,
- int isenc);
+ enum proxyreqtype isenc);
char *ap_proxy_canon_netloc(pool *p, char **const urlp, char **userp,
char **passwordp, char **hostp, int *port);
const char *ap_proxy_date_canon(pool *p, const char *x);
1.81 +6 -5 apache-1.3/src/modules/proxy/proxy_ftp.c
Index: proxy_ftp.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/proxy_ftp.c,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- proxy_ftp.c 1999/12/09 12:05:06 1.80
+++ proxy_ftp.c 2000/01/11 14:13:45 1.81
@@ -136,7 +136,8 @@
strp = strchr(url, ';');
if (strp != NULL) {
*(strp++) = '\0';
- parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm, r->proxyreq);
+ parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm,
+ r->proxyreq);
if (parms == NULL)
return HTTP_BAD_REQUEST;
}
@@ -149,15 +150,15 @@
if (!ftp_check_string(path))
return HTTP_BAD_REQUEST;
- if (!r->proxyreq && r->args != NULL) {
+ if (r->proxyreq == NOT_PROXY && r->args != NULL) {
if (strp != NULL) {
- strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, 1);
+ strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm,
STD_PROXY);
if (strp == NULL)
return HTTP_BAD_REQUEST;
parms = ap_pstrcat(p, parms, "?", strp, NULL);
}
else {
- strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, 1);
+ strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath,
STD_PROXY);
if (strp == NULL)
return HTTP_BAD_REQUEST;
path = ap_pstrcat(p, path, "?", strp, NULL);
@@ -416,7 +417,7 @@
*/
static int ftp_unauthorized (request_rec *r, int log_it)
{
- r->proxyreq = 0;
+ r->proxyreq = NOT_PROXY;
/* Log failed requests if they supplied a password
* (log username/password guessing attempts)
*/
1.66 +2 -1 apache-1.3/src/modules/proxy/proxy_http.c
Index: proxy_http.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/proxy_http.c,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- proxy_http.c 1999/12/08 23:02:52 1.65
+++ proxy_http.c 2000/01/11 14:13:45 1.66
@@ -97,7 +97,8 @@
search = r->args;
/* process path */
- path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path,
r->proxyreq);
+ path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path,
+ r->proxyreq);
if (path == NULL)
return HTTP_BAD_REQUEST;
1.83 +3 -3 apache-1.3/src/modules/proxy/proxy_util.c
Index: proxy_util.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- proxy_util.c 1999/12/08 23:02:56 1.82
+++ proxy_util.c 2000/01/11 14:13:47 1.83
@@ -134,8 +134,8 @@
* and encodes those which must be encoded, and does not touch
* those which must not be touched.
*/
-char *
- ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t, int
isenc)
+char *ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t,
+ enum proxyreqtype isenc)
{
int i, j, ch;
char *y;
@@ -177,7 +177,7 @@
continue;
}
/* decode it if not already done */
- if (isenc && ch == '%') {
+ if (isenc != NOT_PROXY && ch == '%') {
if (!ap_isxdigit(x[i + 1]) || !ap_isxdigit(x[i + 2]))
return NULL;
ch = ap_proxy_hex2c(&x[i + 1]);
1.53 +2 -1 apache-1.3/src/modules/standard/mod_mime.c
Index: mod_mime.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_mime.c,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- mod_mime.c 1999/12/13 14:17:37 1.52
+++ mod_mime.c 2000/01/11 14:13:49 1.53
@@ -626,7 +626,8 @@
}
/* Check for a special handler, but not for proxy request */
- if ((type = ap_table_get(conf->handlers, ext)) && !r->proxyreq) {
+ if ((type = ap_table_get(conf->handlers, ext))
+ && r->proxyreq == NOT_PROXY) {
r->handler = type;
found = 1;
}
