* Justin Erenkrantz wrote:
> --On Monday, January 13, 2003 1:13 AM +0100 Andr� Malo <[EMAIL PROTECTED]>
> wrote:
>
>> hmm, I'd like to move the ident code out of core into a separate
>> module, say "mod_ident", since it's a feature, which is hardly
>> used in more than 1% of the cases, where the apache httpd will be
>> used. But before doing any effort: are there any objections on
>> this?
>
> Sounds decent. I wouldn't even turn it on by default.
>
> Of course, this is 2.1+ only. -- justin
well, been there, done that ;-)
I've attached the full patch against HEAD. Changes to the rfc1413.c/core
code:
- added IdentityCheckTimeout directive (defaults to 30)
- the ident lookup is plugged via an optional function
- the function ap_rfc1413 no longer exists (to avoid failures, resp. force
compile errors if someone trys)
- -> removed rfc1413.c and rfc1413.h
- put mod_ident.c into modules/metadata (ok? or is there a better place?)
I'd like to let someone review before committing, because it's at least a
bunch of core changes.
(module documentation follows then.)
nd
--
s s^saaaaaoaaaoaaaaooooaaoaaaomaaaa a alataa aaoat a a
a maoaa a laoata a oia a o a m a o alaoooat aaool aaoaa
matooololaaatoto aaa o a o ms;s;\s;s;g;y;s;:;s;y#mailto: #
\51/\134\137| http://www.perlig.de #;print;# > [EMAIL PROTECTED]
diff -Nur httpd-2.1/include/http_core.h httpd-2.1.new/include/http_core.h
--- httpd-2.1/include/http_core.h Sun Dec 15 21:05:23 2002
+++ httpd-2.1.new/include/http_core.h Tue Jan 14 21:33:02 2003
@@ -464,8 +464,6 @@
#define HOSTNAME_LOOKUP_UNSET 3
unsigned int hostname_lookups : 4;
- signed int do_rfc1413 : 2; /* See if client is advertising a username? */
-
signed int content_md5 : 2; /* calculate Content-MD5? */
#define USE_CANONICAL_NAME_OFF (0)
@@ -634,6 +632,14 @@
APR_DECLARE_OPTIONAL_FN(void, ap_logio_add_bytes_out,
(conn_rec *c, apr_off_t bytes));
+
+/* ----------------------------------------------------------------------
+ *
+ * ident lookups with mod_ident
+ */
+
+APR_DECLARE_OPTIONAL_FN(const char *, ap_ident_lookup,
+ (request_rec *r));
/* ---------------------------------------------------------------------- */
diff -Nur httpd-2.1/include/httpd.h httpd-2.1.new/include/httpd.h
--- httpd-2.1/include/httpd.h Fri Nov 08 18:19:10 2002
+++ httpd-2.1.new/include/httpd.h Tue Jan 14 06:36:52 2003
@@ -168,11 +168,6 @@
#define SERVER_CONFIG_FILE "conf/httpd.conf"
#endif
-/* Whether we should enable rfc1413 identity checking */
-#ifndef DEFAULT_RFC1413
-#define DEFAULT_RFC1413 0
-#endif
-
/* The default path for CGI scripts if none is currently set */
#ifndef DEFAULT_PATH
#define DEFAULT_PATH "/bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin"
diff -Nur httpd-2.1/include/rfc1413.h httpd-2.1.new/include/rfc1413.h
--- httpd-2.1/include/rfc1413.h Wed Mar 13 21:47:42 2002
+++ httpd-2.1.new/include/rfc1413.h Thu Jan 01 01:00:00 1970
@@ -1,84 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact [EMAIL PROTECTED]
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_RFC1413_H
-#define APACHE_RFC1413_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @package RFC1413 package
- */
-
-/**
- * Retrieve the remote user name, given socket structures. This implements
- * RFC1413, which involves querying the client's identd or auth daemon.
- * @param conn The current connection
- * @param srv The current server
- * @return The remote user name
- * @deffunc char *ap_rfc1413(conn_rec *conn, server_rec *srv)
- */
-extern char *ap_rfc1413(conn_rec *conn, server_rec *srv);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !APACHE_RFC1413_H */
diff -Nur httpd-2.1/modules/metadata/config.m4
httpd-2.1.new/modules/metadata/config.m4
--- httpd-2.1/modules/metadata/config.m4 Sat May 12 04:48:31 2001
+++ httpd-2.1.new/modules/metadata/config.m4 Tue Jan 14 05:16:06 2003
@@ -9,6 +9,7 @@
APACHE_MODULE(cern_meta, CERN-type meta files)
APACHE_MODULE(expires, Expires header control, , , most)
APACHE_MODULE(headers, HTTP header control, , , most)
+APACHE_MODULE(ident, RFC 1413 identity check, , , most)
APACHE_MODULE(usertrack, user-session tracking, , , , [
AC_CHECK_HEADERS(sys/times.h)
diff -Nur httpd-2.1/modules/metadata/mod_ident.c
httpd-2.1.new/modules/metadata/mod_ident.c
--- httpd-2.1/modules/metadata/mod_ident.c Thu Jan 01 01:00:00 1970
+++ httpd-2.1.new/modules/metadata/mod_ident.c Wed Jan 15 00:05:21 2003
@@ -0,0 +1,396 @@
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact [EMAIL PROTECTED]
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+/*
+ * mod_ident: Handle RFC 1413 ident request
+ * obtained from rfc1413.c
+ *
+ * rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
+ * protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
+ * host to look up the owner of a connection. The information should not be
+ * used for authentication purposes. This routine intercepts alarm signals.
+ *
+ * Diagnostics are reported through syslog(3).
+ *
+ * Author: Wietse Venema, Eindhoven University of Technology,
+ * The Netherlands.
+ */
+
+/* Some small additions for Apache --- ditch the "sccsid" var if
+ * compiling with gcc (it *has* changed), include ap_config.h for the
+ * prototypes it defines on at least one system (SunlOSs) which has
+ * them missing from the standard header files, and one minor change
+ * below (extra parens around assign "if (foo = bar) ..." to shut up
+ * gcc -Wall).
+ */
+
+/* Rewritten by David Robinson */
+
+#include "apr.h"
+#include "apr_network_io.h"
+#include "apr_strings.h"
+#include "apr_optional.h"
+
+#define APR_WANT_STDIO
+#define APR_WANT_STRFUNC
+#include "apr_want.h"
+
+#include "httpd.h" /* for server_rec, conn_rec, etc. */
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h" /* for aplog_error */
+#include "util_ebcdic.h"
+
+/* Whether we should enable rfc1413 identity checking */
+#ifndef DEFAULT_RFC1413
+#define DEFAULT_RFC1413 0
+#endif
+
+#define RFC1413_UNSET 2
+
+/* request timeout (sec) */
+#ifndef RFC1413_TIMEOUT
+#define RFC1413_TIMEOUT 30
+#endif
+
+/* Local stuff. */
+
+/* Semi-well-known port */
+#define RFC1413_PORT 113
+
+/* maximum allowed length of userid */
+#define RFC1413_USERLEN 512
+
+/* rough limit on the amount of data we accept. */
+#define RFC1413_MAXDATA 1000
+
+/* default username, if it could not determined */
+#define FROM_UNKNOWN "unknown"
+
+typedef struct {
+ int do_rfc1413;
+ int timeout_unset;
+ apr_time_t timeout;
+} ident_config_rec;
+
+static apr_status_t rfc1413_connect(apr_socket_t **newsock, conn_rec *conn,
+ server_rec *srv, apr_time_t timeout)
+{
+ apr_status_t rv;
+ apr_sockaddr_t *localsa, *destsa;
+
+ if ((rv = apr_sockaddr_info_get(&localsa, conn->local_ip, APR_UNSPEC,
+ 0, /* ephemeral port */
+ 0, conn->pool)) != APR_SUCCESS) {
+ /* This should not fail since we have a numeric address string
+ * as the host. */
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
+ "rfc1413: apr_sockaddr_info_get(%s) failed",
+ conn->local_ip);
+ return rv;
+ }
+
+ if ((rv = apr_sockaddr_info_get(&destsa, conn->remote_ip,
+ localsa->family, /* has to match */
+ RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
+ /* This should not fail since we have a numeric address string
+ * as the host. */
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
+ "rfc1413: apr_sockaddr_info_get(%s) failed",
+ conn->remote_ip);
+ return rv;
+ }
+
+ if ((rv = apr_socket_create(newsock,
+ localsa->family, /* has to match */
+ SOCK_STREAM, conn->pool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
+ "rfc1413: error creating query socket");
+ return rv;
+ }
+
+ if ((rv = apr_socket_timeout_set(*newsock, timeout)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
+ "rfc1413: error setting query socket timeout");
+ apr_socket_close(*newsock);
+ return rv;
+ }
+
+/*
+ * Bind the local and remote ends of the query socket to the same
+ * IP addresses as the connection under investigation. We go
+ * through all this trouble because the local or remote system
+ * might have more than one network address. The RFC1413 etc.
+ * client sends only port numbers; the server takes the IP
+ * addresses from the query socket.
+ */
+
+ if ((rv = apr_bind(*newsock, localsa)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
+ "rfc1413: Error binding query socket to local port");
+ apr_socket_close(*newsock);
+ return rv;
+ }
+
+/*
+ * errors from connect usually imply the remote machine doesn't support
+ * the service; don't log such an error
+ */
+ if ((rv = apr_connect(*newsock, destsa)) != APR_SUCCESS) {
+ apr_socket_close(*newsock);
+ return rv;
+ }
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn,
+ server_rec *srv)
+{
+ apr_port_t rmt_port, our_port;
+ apr_port_t sav_rmt_port, sav_our_port;
+ apr_size_t i;
+ char *cp;
+ char buffer[RFC1413_MAXDATA + 1];
+ char user[RFC1413_USERLEN + 1]; /* XXX */
+ apr_size_t buflen;
+
+ apr_sockaddr_port_get(&sav_our_port, conn->local_addr);
+ apr_sockaddr_port_get(&sav_rmt_port, conn->remote_addr);
+
+ /* send the data */
+ buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
+ sav_our_port);
+ ap_xlate_proto_to_ascii(buffer, buflen);
+
+ /* send query to server. Handle short write. */
+ i = 0;
+ while (i < buflen) {
+ apr_size_t j = strlen(buffer + i);
+ apr_status_t status;
+ status = apr_send(sock, buffer+i, &j);
+ if (status != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
+ "write: rfc1413: error sending request");
+ return status;
+ }
+ else if (j > 0) {
+ i+=j;
+ }
+ }
+
+ /*
+ * Read response from server. - the response should be newline
+ * terminated according to rfc - make sure it doesn't stomp its
+ * way out of the buffer.
+ */
+
+ i = 0;
+ memset(buffer, '\0', sizeof(buffer));
+ /*
+ * Note that the strchr function below checks for \012 instead of '\n'
+ * this allows it to work on both ASCII and EBCDIC machines.
+ */
+ while((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) {
+ apr_size_t j = sizeof(buffer) - 1 - i;
+ apr_status_t status;
+ status = apr_recv(sock, buffer+i, &j);
+ if (status != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
+ "read: rfc1413: error reading response");
+ return status;
+ }
+ else if (j > 0) {
+ i+=j;
+ }
+ else if (status == APR_SUCCESS && j == 0) {
+ /* Oops... we ran out of data before finding newline */
+ return APR_EINVAL;
+ }
+ }
+
+/* RFC1413_USERLEN = 512 */
+ ap_xlate_proto_from_ascii(buffer, i);
+ if (sscanf(buffer, "%hu , %hu : USERID :%*[^:]:%512s", &rmt_port, &our_port,
+ user) != 3 || sav_rmt_port != rmt_port
+ || sav_our_port != our_port)
+ return APR_EINVAL;
+
+ /*
+ * Strip trailing carriage return. It is part of the
+ * protocol, not part of the data.
+ */
+
+ if ((cp = strchr(user, '\r')))
+ *cp = '\0';
+
+ conn->remote_logname = apr_pstrdup(conn->pool, user);
+
+ return APR_SUCCESS;
+}
+
+static const char *set_idcheck(cmd_parms *cmd, void *d_, int arg)
+{
+ ident_config_rec *d = d_;
+ const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
+
+ if (!err) {
+ d->do_rfc1413 = arg ? 1 : 0;
+ }
+
+ return err;
+}
+
+static const char *set_timeout(cmd_parms *cmd, void *d_, const char *arg)
+{
+ ident_config_rec *d = d_;
+ const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
+
+ if (!err) {
+ d->timeout = apr_time_from_sec(atoi(arg));
+ d->timeout_unset = 0;
+ }
+
+ return err;
+}
+
+static void *create_ident_dir_config(apr_pool_t *p, char *d)
+{
+ ident_config_rec *conf = apr_palloc(p, sizeof(*conf));
+
+ conf->do_rfc1413 = DEFAULT_RFC1413 | RFC1413_UNSET;
+ conf->timeout = apr_time_from_sec(RFC1413_TIMEOUT);
+ conf->timeout_unset = 1;
+
+ return (void *)conf;
+}
+
+static void *merge_ident_dir_config(apr_pool_t *p, void *old_, void *new_)
+{
+ ident_config_rec *conf = (ident_config_rec *)apr_pcalloc(p, sizeof(*conf));
+ ident_config_rec *old = (ident_config_rec *) old_;
+ ident_config_rec *new = (ident_config_rec *) new_;
+
+ conf->timeout = new->timeout_unset
+ ? old->timeout
+ : new->timeout;
+
+ conf->do_rfc1413 = new->do_rfc1413 & RFC1413_UNSET
+ ? old->do_rfc1413
+ : new->do_rfc1413;
+
+ return (void *)conf;
+}
+
+static const command_rec ident_cmds[] =
+{
+ AP_INIT_FLAG("IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF,
+ "Enable identd (RFC 1413) user lookups - SLOW"),
+ AP_INIT_TAKE1("IdentityCheckTimeout", set_timeout, NULL,
+ RSRC_CONF|ACCESS_CONF,
+ "Identity check (RFC 1413) timeout duration (sec)"),
+ {NULL}
+};
+
+module AP_MODULE_DECLARE_DATA ident_module;
+
+/*
+ * Optional function for the core to to the actual ident request
+ */
+static const char *ap_ident_lookup(request_rec *r)
+{
+ ident_config_rec *conf;
+ apr_socket_t *sock;
+ apr_status_t rv;
+ conn_rec *conn = r->connection;
+ server_rec *srv = r->server;
+
+ conf = ap_get_module_config(r->per_dir_config, &ident_module);
+
+ /* return immediately if ident requests are disabled */
+ if (!(conf->do_rfc1413 & ~RFC1413_UNSET)) {
+ return NULL;
+ }
+
+ rv = rfc1413_connect(&sock, conn, srv, conf->timeout);
+ if (rv == APR_SUCCESS) {
+ rv = rfc1413_query(sock, conn, srv);
+ apr_socket_close(sock);
+ }
+ if (rv != APR_SUCCESS) {
+ conn->remote_logname = FROM_UNKNOWN;
+ }
+
+ return (const char *)conn->remote_logname;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+ APR_REGISTER_OPTIONAL_FN(ap_ident_lookup);
+}
+
+module AP_MODULE_DECLARE_DATA ident_module =
+{
+ STANDARD20_MODULE_STUFF,
+ create_ident_dir_config, /* dir config creater */
+ merge_ident_dir_config, /* dir merger --- default is to override */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ ident_cmds, /* command apr_table_t */
+ register_hooks /* register hooks */
+};
diff -Nur httpd-2.1/server/core.c httpd-2.1.new/server/core.c
--- httpd-2.1/server/core.c Tue Jan 14 18:01:32 2003
+++ httpd-2.1.new/server/core.c Tue Jan 14 22:49:04 2003
@@ -79,7 +79,6 @@
#include "http_vhost.h"
#include "http_main.h" /* For the default_handler below... */
#include "http_log.h"
-#include "rfc1413.h"
#include "util_md5.h"
#include "http_connection.h"
#include "apr_buckets.h"
@@ -144,7 +143,6 @@
conf->use_canonical_name = USE_CANONICAL_NAME_UNSET;
conf->hostname_lookups = HOSTNAME_LOOKUP_UNSET;
- conf->do_rfc1413 = DEFAULT_RFC1413 | 2; /* set bit 1 to indicate default */
conf->satisfy = SATISFY_NOSPEC;
#ifdef RLIMIT_CPU
@@ -323,10 +321,6 @@
conf->hostname_lookups = new->hostname_lookups;
}
- if ((new->do_rfc1413 & 2) == 0) {
- conf->do_rfc1413 = new->do_rfc1413;
- }
-
if ((new->content_md5 & 2) == 0) {
conf->content_md5 = new->content_md5;
}
@@ -827,24 +821,22 @@
}
}
+/*
+ * Optional function coming from mod_ident, used for looking up ident user
+ */
+static APR_OPTIONAL_FN_TYPE(ap_ident_lookup) *ident_lookup;
+
AP_DECLARE(const char *) ap_get_remote_logname(request_rec *r)
{
- core_dir_config *dir_conf;
-
if (r->connection->remote_logname != NULL) {
return r->connection->remote_logname;
}
- /* If we haven't checked the identity, and we want to */
- dir_conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
- &core_module);
-
- if (dir_conf->do_rfc1413 & 1) {
- return ap_rfc1413(r->connection, r->server);
- }
- else {
- return NULL;
+ if (ident_lookup) {
+ return ident_lookup(r);
}
+
+ return NULL;
}
/* There are two options regarding what the "name" of a server is. The
@@ -2074,19 +2066,6 @@
return NULL;
}
-static const char *set_idcheck(cmd_parms *cmd, void *d_, int arg)
-{
- core_dir_config *d = d_;
- const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-
- if (err != NULL) {
- return err;
- }
-
- d->do_rfc1413 = arg != 0;
- return NULL;
-}
-
static const char *set_hostname_lookups(cmd_parms *cmd, void *d_,
const char *arg)
{
@@ -3000,8 +2979,6 @@
"The pathname the server can be reached at"),
AP_INIT_TAKE1("Timeout", set_timeout, NULL, RSRC_CONF,
"Timeout duration (sec)"),
-AP_INIT_FLAG("IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF,
- "Enable identd (RFC 1413) user lookups - SLOW"),
AP_INIT_FLAG("ContentDigest", set_content_md5, NULL, OR_OPTIONS,
"whether or not to send a Content-MD5 header with each request"),
AP_INIT_TAKE1("UseCanonicalName", set_use_canonical_name, NULL,
@@ -4054,6 +4031,7 @@
static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp,
server_rec *s)
{
logio_add_bytes_out = APR_RETRIEVE_OPTIONAL_FN(ap_logio_add_bytes_out);
+ ident_lookup = APR_RETRIEVE_OPTIONAL_FN(ap_ident_lookup);
ap_set_version(pconf);
ap_setup_make_content_type(pconf);
diff -Nur httpd-2.1/server/Makefile.in httpd-2.1.new/server/Makefile.in
--- httpd-2.1/server/Makefile.in Thu Dec 12 18:11:02 2002
+++ httpd-2.1.new/server/Makefile.in Wed Jan 15 00:18:52 2003
@@ -11,7 +11,7 @@
test_char.h \
config.c log.c main.c vhost.c util.c \
util_script.c util_md5.c util_cfgtree.c util_ebcdic.c util_time.c \
- rfc1413.c connection.c listen.c \
+ connection.c listen.c \
mpm_common.c util_charset.c util_debug.c util_xml.c \
util_filter.c $(top_builddir)/server/exports.c buildmark.c \
scoreboard.c error_bucket.c protocol.c core.c request.c provider.c
diff -Nur httpd-2.1/server/rfc1413.c httpd-2.1.new/server/rfc1413.c
--- httpd-2.1/server/rfc1413.c Mon Jul 15 09:18:50 2002
+++ httpd-2.1.new/server/rfc1413.c Thu Jan 01 01:00:00 1970
@@ -1,285 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact [EMAIL PROTECTED]
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* TODO - put timeouts back in */
-/*
- * rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
- * protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
- * host to look up the owner of a connection. The information should not be
- * used for authentication purposes. This routine intercepts alarm signals.
- *
- * Diagnostics are reported through syslog(3).
- *
- * Author: Wietse Venema, Eindhoven University of Technology,
- * The Netherlands.
- */
-
-/* Some small additions for Apache --- ditch the "sccsid" var if
- * compiling with gcc (it *has* changed), include ap_config.h for the
- * prototypes it defines on at least one system (SunlOSs) which has
- * them missing from the standard header files, and one minor change
- * below (extra parens around assign "if (foo = bar) ..." to shut up
- * gcc -Wall).
- */
-
-/* Rewritten by David Robinson */
-
-#include "apr.h"
-#include "apr_network_io.h"
-#include "apr_strings.h"
-#include "apr_lib.h"
-#include "apr_inherit.h"
-
-#define APR_WANT_STDIO
-#define APR_WANT_STRFUNC
-#include "apr_want.h"
-
-#include "ap_config.h"
-#include "httpd.h" /* for server_rec, conn_rec, etc. */
-#include "http_log.h" /* for aplog_error */
-#include "rfc1413.h"
-#include "http_main.h" /* set_callback_and_alarm */
-#include "util_ebcdic.h"
-
-/* Local stuff. */
-/* Semi-well-known port */
-#define RFC1413_PORT 113
-/* maximum allowed length of userid */
-#define RFC1413_USERLEN 512
-/* rough limit on the amount of data we accept. */
-#define RFC1413_MAXDATA 1000
-
-#ifndef RFC1413_TIMEOUT
-#define RFC1413_TIMEOUT 30
-#endif
-#define FROM_UNKNOWN "unknown"
-
-int ap_rfc1413_timeout = RFC1413_TIMEOUT; /* Global so it can be changed */
-
-static apr_status_t rfc1413_connect(apr_socket_t **newsock, conn_rec *conn,
- server_rec *srv)
-{
- apr_status_t rv;
- apr_sockaddr_t *localsa, *destsa;
-
- if ((rv = apr_sockaddr_info_get(&localsa, conn->local_ip, APR_UNSPEC,
- 0, /* ephemeral port */
- 0, conn->pool)) != APR_SUCCESS) {
- /* This should not fail since we have a numeric address string
- * as the host. */
- ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
- "rfc1413: apr_sockaddr_info_get(%s) failed",
- conn->local_ip);
- return rv;
- }
-
- if ((rv = apr_sockaddr_info_get(&destsa, conn->remote_ip,
- localsa->family, /* has to match */
- RFC1413_PORT, 0, conn->pool)) != APR_SUCCESS) {
- /* This should not fail since we have a numeric address string
- * as the host. */
- ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
- "rfc1413: apr_sockaddr_info_get(%s) failed",
- conn->remote_ip);
- return rv;
- }
-
- if ((rv = apr_socket_create(newsock,
- localsa->family, /* has to match */
- SOCK_STREAM, conn->pool)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
- "rfc1413: error creating query socket");
- return rv;
- }
-
- if ((rv = apr_socket_timeout_set(*newsock,
apr_time_from_sec(ap_rfc1413_timeout)))
- != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
- "rfc1413: error setting query socket timeout");
- apr_socket_close(*newsock);
- return rv;
- }
-
-/*
- * Bind the local and remote ends of the query socket to the same
- * IP addresses as the connection under investigation. We go
- * through all this trouble because the local or remote system
- * might have more than one network address. The RFC1413 etc.
- * client sends only port numbers; the server takes the IP
- * addresses from the query socket.
- */
-
- if ((rv = apr_bind(*newsock, localsa)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, rv, srv,
- "rfc1413: Error binding query socket to local port");
- apr_socket_close(*newsock);
- return rv;
- }
-
-/*
- * errors from connect usually imply the remote machine doesn't support
- * the service; don't log such an error
- */
- if ((rv = apr_connect(*newsock, destsa)) != APR_SUCCESS) {
- apr_socket_close(*newsock);
- return rv;
- }
-
- return APR_SUCCESS;
-}
-
-static apr_status_t rfc1413_query(apr_socket_t *sock, conn_rec *conn,
- server_rec *srv)
-{
- apr_port_t rmt_port, our_port;
- apr_port_t sav_rmt_port, sav_our_port;
- apr_size_t i;
- char *cp;
- char buffer[RFC1413_MAXDATA + 1];
- char user[RFC1413_USERLEN + 1]; /* XXX */
- apr_size_t buflen;
-
- apr_sockaddr_port_get(&sav_our_port, conn->local_addr);
- apr_sockaddr_port_get(&sav_rmt_port, conn->remote_addr);
-
- /* send the data */
- buflen = apr_snprintf(buffer, sizeof(buffer), "%hu,%hu\r\n", sav_rmt_port,
- sav_our_port);
- ap_xlate_proto_to_ascii(buffer, buflen);
-
- /* send query to server. Handle short write. */
- i = 0;
- while (i < buflen) {
- apr_size_t j = strlen(buffer + i);
- apr_status_t status;
- status = apr_send(sock, buffer+i, &j);
- if (status != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
- "write: rfc1413: error sending request");
- return status;
- }
- else if (j > 0) {
- i+=j;
- }
- }
-
- /*
- * Read response from server. - the response should be newline
- * terminated according to rfc - make sure it doesn't stomp its
- * way out of the buffer.
- */
-
- i = 0;
- memset(buffer, '\0', sizeof(buffer));
- /*
- * Note that the strchr function below checks for \012 instead of '\n'
- * this allows it to work on both ASCII and EBCDIC machines.
- */
- while((cp = strchr(buffer, '\012')) == NULL && i < sizeof(buffer) - 1) {
- apr_size_t j = sizeof(buffer) - 1 - i;
- apr_status_t status;
- status = apr_recv(sock, buffer+i, &j);
- if (status != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_CRIT, status, srv,
- "read: rfc1413: error reading response");
- return status;
- }
- else if (j > 0) {
- i+=j;
- }
- else if (status == APR_SUCCESS && j == 0) {
- /* Oops... we ran out of data before finding newline */
- return APR_EINVAL;
- }
- }
-
-/* RFC1413_USERLEN = 512 */
- ap_xlate_proto_from_ascii(buffer, i);
- if (sscanf(buffer, "%hu , %hu : USERID :%*[^:]:%512s", &rmt_port, &our_port,
- user) != 3 || sav_rmt_port != rmt_port
- || sav_our_port != our_port)
- return APR_EINVAL;
-
- /*
- * Strip trailing carriage return. It is part of the
- * protocol, not part of the data.
- */
-
- if ((cp = strchr(user, '\r')))
- *cp = '\0';
-
- conn->remote_logname = apr_pstrdup(conn->pool, user);
-
- return APR_SUCCESS;
-}
-
-char *ap_rfc1413(conn_rec *conn, server_rec *srv)
-{
- apr_socket_t *sock;
- apr_status_t rv;
-
- rv = rfc1413_connect(&sock, conn, srv);
- if (rv == APR_SUCCESS) {
- rv = rfc1413_query(sock, conn, srv);
- apr_socket_close(sock);
- }
- if (rv != APR_SUCCESS) {
- conn->remote_logname = FROM_UNKNOWN;
- }
- return conn->remote_logname;
-}
