On Tue, Jul 02, 2002 at 10:31:53AM -0400, Rodent of Unusual Size wrote: > Did anyone check this one out? (I haven't) It sounds > as though it would scratch some itches..
Not many other itches, by the looks of things :-( On the assumption that it would be convenient to make available a version of the patch that actually applies to the current CVS HEAD, I'm including an updated version below. Background and docs are available at, for example, http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=102190232502173&q=raw -- if reposting that would be useful, let me know and I'll get on to it. Possibly this should be adapted to include some of the other 400-series status codes -- 402, 407, or perhaps 411 or 412 might be useful (longer term) to be handled similarly. I'll wait to copy from the mod_autoindex code on that count, though. For now, it's 401 only. Build and tested against 2.0.39, which appears to still be the current version (1.102) of mod_negotiation.c Comments and criticisms welcome. f -- Francis Daly [EMAIL PROTECTED] --- modules/mappers/mod_negotiation.c.2039 Fri May 17 12:24:16 2002 +++ modules/mappers/mod_negotiation.c Mon Jul 8 22:27:45 2002 @@ -88,10 +88,17 @@ */ typedef struct { + int reveal_secret_url; int forcelangpriority; apr_array_header_t *language_priority; } neg_dir_config; +/* reveal_secret_url flags + */ +#define RSU_UNDEF 2 /* this means "no explicit config" */ +#define RSU_ON 1 /* "config on" */ +#define RSU_OFF 0 /* "config off" */ + /* forcelangpriority flags */ #define FLP_UNDEF 0 /* Same as FLP_DEFAULT, but base overrides */ @@ -107,6 +114,7 @@ { neg_dir_config *new = (neg_dir_config *) apr_palloc(p, sizeof(neg_dir_config)); + new->reveal_secret_url = RSU_UNDEF; new->forcelangpriority = FLP_UNDEF; new->language_priority = NULL; return new; @@ -119,6 +127,9 @@ neg_dir_config *new = (neg_dir_config *) apr_palloc(p, sizeof(neg_dir_config)); /* give priority to the config in the subdirectory */ + new->reveal_secret_url = (add->reveal_secret_url != RSU_UNDEF) + ? add->reveal_secret_url + : base->reveal_secret_url; new->forcelangpriority = (add->forcelangpriority != FLP_UNDEF) ? add->forcelangpriority : base->forcelangpriority; @@ -128,6 +139,22 @@ return new; } +static const char *reveal_secret_url(cmd_parms *cmd, void *n_, int arg) +{ + neg_dir_config *n = n_; + const char *err = ap_check_cmd_context(cmd, NOT_IN_FILES); + + if (err != NULL) { + return err; + } + n->reveal_secret_url = arg == RSU_OFF ? RSU_OFF : RSU_ON; +/* that is functionally equivalent to + n->reveal_secret_url = arg != 0; + for the RSU_* values #defined'd above. Clarity vs efficiency? +*/ + return NULL; +} + static const char *set_language_priority(cmd_parms *cmd, void *n_, const char *lang) { @@ -188,6 +215,8 @@ { AP_INIT_FLAG("CacheNegotiatedDocs", cache_negotiated_docs, NULL, RSRC_CONF, "Either 'on' or 'off' (default)"), + AP_INIT_FLAG("MultiviewsRevealSecretURL", reveal_secret_url, NULL, +RSRC_CONF|OR_AUTHCFG, + "Either 'on' or 'off' (default)"), AP_INIT_ITERATE("LanguagePriority", set_language_priority, NULL, OR_FILEINFO, "space-delimited list of MIME language abbreviations"), AP_INIT_ITERATE("ForceLanguagePriority", set_force_priority, NULL, OR_FILEINFO, @@ -1045,6 +1074,7 @@ struct accept_rec accept_info; void *new_var; int anymatch = 0; + int secretmatch = 0; clean_var_rec(&mime_info); @@ -1110,6 +1140,13 @@ if (sub_req->finfo.filetype != APR_REG) continue; + /* Note if it failed UNAUTHORIZED. We may want to return this + * status, eventually + */ + if (sub_req->status == HTTP_UNAUTHORIZED) { + secretmatch = 1; + } + /* If it has a handler, we'll pretend it's a CGI script, * since that's a good indication of the sort of thing it * might be doing. @@ -1232,6 +1269,9 @@ * request must die. */ if (anymatch && !neg->avail_vars->nelts) { + if (secretmatch && neg->conf->reveal_secret_url == RSU_ON) { + return HTTP_UNAUTHORIZED; + } ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Negotiation: discovered file(s) matching request: %s" " (None could be negotiated).",