Hi all,
I have recut these patches as unified diffs, they're the same as I
posted earlier. Should be easier to read :)
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/CHANGES
sandbox/proxy/httpd-2.0/CHANGES
--- pristine/httpd-2.0/CHANGES Tue Mar 13 00:24:07 2001
+++ sandbox/proxy/httpd-2.0/CHANGES Tue Mar 13 23:13:23 2001
@@ -22,6 +22,10 @@
entire content. It is far safer to just remove the C-L as long
as we are scanning it. [Ryan Bloom]
+ *) Make sure Apache sends WWW-Authenticate during a reverse proxy
+ request and not Proxy-Authenticate.
+ [Graham Leggett <[EMAIL PROTECTED]>]
+
Changes with Apache 2.0.14
*) Fix content-length computation. We ONLY compute a content-length if
diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/include/httpd.h
sandbox/proxy/httpd-2.0/include/httpd.h
--- pristine/httpd-2.0/include/httpd.h Tue Mar 13 00:26:42 2001
+++ sandbox/proxy/httpd-2.0/include/httpd.h Tue Mar 13 23:13:23 2001
@@ -615,7 +615,9 @@
char *the_request;
/** HTTP/0.9, "simple" request */
int assbackwards;
- /** A proxy request (calculated during post_read_request/translate_name) */
+ /** A proxy request (calculated during post_read_request/translate_name)
+ * possible values PROXYREQ_NONE, PROXYREQ_PROXY, PROXYREQ_REVERSE
+ */
int proxyreq;
/** HEAD request, as opposed to GET */
int header_only;
@@ -806,6 +808,16 @@
* binary compatibility for some other reason.
*/
};
+
+/** Possible values of request_rec->proxyreq. A request could be normal,
+ * proxied or reverse proxied. Normally proxied and reverse proxied are
+ * grouped together as just "proxied", but sometimes it's necessary to
+ * tell the difference between the two, such as for authentication.
+ */
+
+#define PROXYREQ_NONE 0
+#define PROXYREQ_PROXY 1
+#define PROXYREQ_REVERSE 2
/** Structure to store things which are per connection */
diff -u3 -r --exclude=srcutil/apr --exclude=CVS
pristine/httpd-2.0/modules/aaa/mod_auth_digest.c
sandbox/proxy/httpd-2.0/modules/aaa/mod_auth_digest.c
--- pristine/httpd-2.0/modules/aaa/mod_auth_digest.c Thu Mar 1 01:55:03 2001
+++ sandbox/proxy/httpd-2.0/modules/aaa/mod_auth_digest.c Tue Mar 13 23:13:23
+2001
@@ -854,7 +854,7 @@
char *key, *value;
auth_line = apr_table_get(r->headers_in,
- r->proxyreq ? "Proxy-Authorization"
+ (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization"
: "Authorization");
if (!auth_line) {
resp->auth_hdr_sts = NO_HEADER;
@@ -1322,7 +1322,7 @@
}
apr_table_mergen(r->err_headers_out,
- r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+ (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" :
+"WWW-Authenticate",
apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s\", "
"algorithm=%s%s%s%s%s",
ap_auth_name(r), nonce, conf->algorithm,
@@ -2050,7 +2050,7 @@
if (ai && ai[0])
apr_table_mergen(r->headers_out,
- r->proxyreq ? "Proxy-Authentication-Info"
+ (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authentication-Info"
: "Authentication-Info",
ai);
return OK;
diff -u3 -r --exclude=srcutil/apr --exclude=CVS
pristine/httpd-2.0/modules/http/http_request.c
sandbox/proxy/httpd-2.0/modules/http/http_request.c
--- pristine/httpd-2.0/modules/http/http_request.c Mon Mar 5 05:43:56 2001
+++ sandbox/proxy/httpd-2.0/modules/http/http_request.c Tue Mar 13 23:13:23 2001
@@ -135,7 +135,7 @@
* about proxy authentication. They treat it like normal auth, and then
* we tweak the status.
*/
- if (r->status == HTTP_UNAUTHORIZED && r->proxyreq) {
+ if (HTTP_UNAUTHORIZED == r->status && PROXYREQ_PROXY == r->proxyreq) {
r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
}
diff -u3 -r --exclude=srcutil/apr --exclude=CVS
pristine/httpd-2.0/modules/http/mod_mime.c
sandbox/proxy/httpd-2.0/modules/http/mod_mime.c
--- pristine/httpd-2.0/modules/http/mod_mime.c Sun Feb 25 01:51:31 2001
+++ sandbox/proxy/httpd-2.0/modules/http/mod_mime.c Tue Mar 13 23:13:23 2001
@@ -720,10 +720,7 @@
/* Check for a special handler, but not for proxy request */
if ((type = apr_table_get(conf->handlers, ext))
-#if 0
- /* XXX fix me when the proxy code is updated */
- && r->proxyreq == NOT_PROXY)
-#endif
+ && (PROXYREQ_NONE == r->proxyreq)
) {
r->handler = type;
found = 1;
diff -u3 -r --exclude=srcutil/apr --exclude=CVS
pristine/httpd-2.0/modules/mappers/mod_rewrite.c
sandbox/proxy/httpd-2.0/modules/mappers/mod_rewrite.c
--- pristine/httpd-2.0/modules/mappers/mod_rewrite.c Sat Mar 10 17:51:00 2001
+++ sandbox/proxy/httpd-2.0/modules/mappers/mod_rewrite.c Tue Mar 13 23:13:23
+2001
@@ -1127,7 +1127,7 @@
}
/* now make sure the request gets handled by the proxy handler */
- r->proxyreq = 1;
+ r->proxyreq = PROXYREQ_REVERSE;
r->handler = "proxy-server";
rewritelog(r, 1, "go-ahead with proxy request %s [OK]",
@@ -1378,7 +1378,7 @@
}
/* now make sure the request gets handled by the proxy handler */
- r->proxyreq = 1;
+ r->proxyreq = PROXYREQ_REVERSE;
r->handler = "proxy-server";
rewritelog(r, 1, "[per-dir %s] go-ahead with proxy request "
diff -u3 -r --exclude=srcutil/apr --exclude=CVS pristine/httpd-2.0/server/protocol.c
sandbox/proxy/httpd-2.0/server/protocol.c
--- pristine/httpd-2.0/server/protocol.c Wed Mar 7 18:01:28 2001
+++ sandbox/proxy/httpd-2.0/server/protocol.c Tue Mar 13 23:13:23 2001
@@ -1068,7 +1068,7 @@
ap_note_auth_failure(r);
else
apr_table_setn(r->err_headers_out,
- r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+ (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" :
+"WWW-Authenticate",
apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), "\"",
NULL));
}
@@ -1076,7 +1076,7 @@
AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r)
{
apr_table_setn(r->err_headers_out,
- r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+ (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" :
+"WWW-Authenticate",
apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%llx\"",
ap_auth_name(r), r->request_time));
}
@@ -1084,7 +1084,7 @@
AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
{
const char *auth_line = apr_table_get(r->headers_in,
- r->proxyreq ? "Proxy-Authorization"
+ (PROXYREQ_PROXY == r->proxyreq) ?
+"Proxy-Authorization"
: "Authorization");
const char *t;
diff -u3 -r --exclude=srcutil/apr --exclude=CVS
pristine/httpd-proxy/module-2.0/mod_proxy.c
sandbox/proxy/httpd-proxy/module-2.0/mod_proxy.c
--- pristine/httpd-proxy/module-2.0/mod_proxy.c Mon Mar 12 00:33:08 2001
+++ sandbox/proxy/httpd-proxy/module-2.0/mod_proxy.c Tue Mar 13 23:18:26 2001
@@ -156,7 +156,7 @@
&& !strcasecmp(r->parsed_uri.scheme, ap_http_method(r))
&& ap_matches_request_vhost(r, r->parsed_uri.hostname,
r->parsed_uri.port_str ? r->parsed_uri.port : ap_default_port(r)))) {
- r->proxyreq = 1;
+ r->proxyreq = PROXYREQ_PROXY;
r->uri = r->unparsed_uri;
r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
r->handler = "proxy-server";
@@ -166,7 +166,7 @@
else if (conf->req && r->method_number == M_CONNECT
&& r->parsed_uri.hostname
&& r->parsed_uri.port_str) {
- r->proxyreq = 1;
+ r->proxyreq = PROXYREQ_PROXY;
r->uri = r->unparsed_uri;
r->filename = apr_pstrcat(r->pool, "proxy:", r->uri, NULL);
r->handler = "proxy-server";
@@ -201,7 +201,7 @@
r->filename = apr_pstrcat(r->pool, "proxy:", ent[i].real,
r->uri + len, NULL);
r->handler = "proxy-server";
- r->proxyreq = 1;
+ r->proxyreq = PROXYREQ_REVERSE;
return OK;
}
}
@@ -303,7 +303,7 @@
long maxfwd = strtol(maxfwd_str, NULL, 10);
if (maxfwd < 1) {
int access_status;
- r->proxyreq = 0;
+ r->proxyreq = PROXYREQ_NONE;
if ((access_status = ap_send_http_trace(r)))
ap_die(access_status, r);
else
diff -u3 -r --exclude=srcutil/apr --exclude=CVS
pristine/httpd-proxy/module-2.0/proxy_ftp.c
sandbox/proxy/httpd-proxy/module-2.0/proxy_ftp.c
--- pristine/httpd-proxy/module-2.0/proxy_ftp.c Sun Feb 11 01:12:43 2001
+++ sandbox/proxy/httpd-proxy/module-2.0/proxy_ftp.c Tue Mar 13 23:18:26 2001
@@ -438,7 +438,7 @@
*/
static int ftp_unauthorized (request_rec *r, int log_it)
{
- r->proxyreq = 0;
+ r->proxyreq = PROXYREQ_NONE;
/* Log failed requests if they supplied a password
* (log username/password guessing attempts)
*/
