[PATCH] Fix Proxy-Auth/WWW-Auth mixup

Hi all,

I have recut these patches as unified diffs, they're the same as I posted earlier. Should be easier to read :)

Regards,
Graham

-- 
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight..."

diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/CHANGES sandbox/proxy/httpd-2.0/CHANGES --- pristine/httpd-2.0/CHANGES Tue Mar 13 00:24:07 2001 +++ sandbox/proxy/httpd-2.0/CHANGES Tue Mar 13 23:13:23 2001
@@ -22,6 +22,10 @@
entire content. It is far safer to just remove the C-L as long as we are scanning it. [Ryan Bloom] + *) Make sure Apache sends WWW-Authenticate during a reverse proxy + request and not Proxy-Authenticate. + [Graham Leggett <minfrin@sharp.fm>] + Changes with Apache 2.0.14 *) Fix content-length computation. We ONLY compute a content-length if diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/include/httpd.h sandbox/proxy/httpd-2.0/include/httpd.h --- pristine/httpd-2.0/include/httpd.h Tue Mar 13 00:26:42 2001 +++ sandbox/proxy/httpd-2.0/include/httpd.h Tue Mar 13 23:13:23 2001
@@ -615,7 +615,9 @@
char *the_request; /** HTTP/0.9, "simple" request */ int assbackwards; - /** A proxy request (calculated during post_read_request/translate_name) */ + /** A proxy request (calculated during post_read_request/translate_name) + * possible values PROXYREQ_NONE, PROXYREQ_PROXY, PROXYREQ_REVERSE + */ int proxyreq; /** HEAD request, as opposed to GET */ int header_only;
@@ -806,6 +808,16 @@
* binary compatibility for some other reason. */ }; + +/** Possible values of request_rec->proxyreq. A request could be normal, + * proxied or reverse proxied. Normally proxied and reverse proxied are + * grouped together as just "proxied", but sometimes it's necessary to + * tell the difference between the two, such as for authentication. + */ + +#define PROXYREQ_NONE 0 +#define PROXYREQ_PROXY 1 +#define PROXYREQ_REVERSE 2 /** Structure to store things which are per connection */ diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/modules/aaa/mod_auth_digest.c sandbox/proxy/httpd-2.0/modules/aaa/mod_auth_digest.c --- pristine/httpd-2.0/modules/aaa/mod_auth_digest.c Thu Mar 1 01:55:03 2001 +++ sandbox/proxy/httpd-2.0/modules/aaa/mod_auth_digest.c Tue Mar 13 23:13:23 2001
@@ -854,7 +854,7 @@
char *key, *value; auth_line = apr_table_get(r->headers_in, - r->proxyreq ? "Proxy-Authorization" + (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization"); if (!auth_line) { resp->auth_hdr_sts = NO_HEADER;
@@ -1322,7 +1322,7 @@
} apr_table_mergen(r->err_headers_out, - r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate", + (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate", apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s\", " "algorithm=%s%s%s%s%s", ap_auth_name(r), nonce, conf->algorithm,
@@ -2050,7 +2050,7 @@
if (ai && ai[0]) apr_table_mergen(r->headers_out, - r->proxyreq ? "Proxy-Authentication-Info" + (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authentication-Info" : "Authentication-Info", ai); return OK; diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/modules/http/http_request.c sandbox/proxy/httpd-2.0/modules/http/http_request.c --- pristine/httpd-2.0/modules/http/http_request.c Mon Mar 5 05:43:56 2001 +++ sandbox/proxy/httpd-2.0/modules/http/http_request.c Tue Mar 13 23:13:23 2001
@@ -135,7 +135,7 @@
* about proxy authentication. They treat it like normal auth, and then * we tweak the status. */ - if (r->status == HTTP_UNAUTHORIZED && r->proxyreq) { + if (HTTP_UNAUTHORIZED == r->status && PROXYREQ_PROXY == r->proxyreq) { r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED; } diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/modules/http/mod_mime.c sandbox/proxy/httpd-2.0/modules/http/mod_mime.c --- pristine/httpd-2.0/modules/http/mod_mime.c Sun Feb 25 01:51:31 2001 +++ sandbox/proxy/httpd-2.0/modules/http/mod_mime.c Tue Mar 13 23:13:23 2001
@@ -720,10 +720,7 @@
/* Check for a special handler, but not for proxy request */ if ((type = apr_table_get(conf->handlers, ext)) -#if 0 - /* XXX fix me when the proxy code is updated */ - && r->proxyreq == NOT_PROXY) -#endif + && (PROXYREQ_NONE == r->proxyreq) ) { r->handler = type; found = 1; diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/modules/mappers/mod_rewrite.c sandbox/proxy/httpd-2.0/modules/mappers/mod_rewrite.c --- pristine/httpd-2.0/modules/mappers/mod_rewrite.c Sat Mar 10 17:51:00 2001 +++ sandbox/proxy/httpd-2.0/modules/mappers/mod_rewrite.c Tue Mar 13 23:13:23 2001
@@ -1127,7 +1127,7 @@
} /* now make sure the request gets handled by the proxy handler */ - r->proxyreq = 1; + r->proxyreq = PROXYREQ_REVERSE; r->handler = "proxy-server"; rewritelog(r, 1, "go-ahead with proxy request %s [OK]",
@@ -1378,7 +1378,7 @@
} /* now make sure the request gets handled by the proxy handler */ - r->proxyreq = 1; + r->proxyreq = PROXYREQ_REVERSE; r->handler = "proxy-server"; rewritelog(r, 1, "[per-dir %s] go-ahead with proxy request " diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/server/protocol.c sandbox/proxy/httpd-2.0/server/protocol.c --- pristine/httpd-2.0/server/protocol.c Wed Mar 7 18:01:28 2001 +++ sandbox/proxy/httpd-2.0/server/protocol.c Tue Mar 13 23:13:23 2001
@@ -1068,7 +1068,7 @@
ap_note_auth_failure(r); else apr_table_setn(r->err_headers_out, - r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate", + (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate", apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), "\"", NULL)); }
@@ -1076,7 +1076,7 @@
AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r) { apr_table_setn(r->err_headers_out, - r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate", + (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate", apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%llx\"", ap_auth_name(r), r->request_time)); }
@@ -1084,7 +1084,7 @@
AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw) { const char *auth_line = apr_table_get(r->headers_in, - r->proxyreq ? "Proxy-Authorization" + (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization" : "Authorization"); const char *t;

diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-proxy/module-2.0/mod_proxy.c sandbox/proxy/httpd-proxy/module-2.0/mod_proxy.c --- pristine/httpd-proxy/module-2.0/mod_proxy.c Mon Mar 12 00:33:08 2001 +++ sandbox/proxy/httpd-proxy/module-2.0/mod_proxy.c Tue Mar 13 23:18:26 2001
@@ -156,7 +156,7 @@
&& !strcasecmp(r->parsed_uri.scheme, ap_http_method(r)) && ap_matches_request_vhost(r, r->parsed_uri.hostname, r->parsed_uri.port_str ? r->parsed_uri.port : ap_default_port(r)))) { - r->proxyreq = 1; + r->proxyreq = PROXYREQ_PROXY; r->uri = r->unparsed_uri; r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL); r->handler = "proxy-server";
@@ -166,7 +166,7 @@
else if (conf->req && r->method_number == M_CONNECT && r->parsed_uri.hostname && r->parsed_uri.port_str) { - r->proxyreq = 1; + r->proxyreq = PROXYREQ_PROXY; r->uri = r->unparsed_uri; r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL); r->handler = "proxy-server";
@@ -201,7 +201,7 @@
r->filename = apr_pstrcat(r->pool, "proxy:", ent[i].real, r->uri + len, NULL); r->handler = "proxy-server"; - r->proxyreq = 1; + r->proxyreq = PROXYREQ_REVERSE; return OK; } }
@@ -303,7 +303,7 @@
long maxfwd = strtol(maxfwd_str, NULL, 10); if (maxfwd < 1) { int access_status; - r->proxyreq = 0; + r->proxyreq = PROXYREQ_NONE; if ((access_status = ap_send_http_trace(r))) ap_die(access_status, r); else diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-proxy/module-2.0/proxy_ftp.c sandbox/proxy/httpd-proxy/module-2.0/proxy_ftp.c --- pristine/httpd-proxy/module-2.0/proxy_ftp.c Sun Feb 11 01:12:43 2001 +++ sandbox/proxy/httpd-proxy/module-2.0/proxy_ftp.c Tue Mar 13 23:18:26 2001
@@ -438,7 +438,7 @@
*/ static int ftp_unauthorized (request_rec *r, int log_it) { - r->proxyreq = 0; + r->proxyreq = PROXYREQ_NONE; /* Log failed requests if they supplied a password * (log username/password guessing attempts) */ Received on Tue Mar 13 21:22:06 2001