You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Michael Fuhr <mf...@dimensional.com> on 1997/03/16 01:00:02 UTC

config/234: REMOTE_IDENT not always available to mod_rewrite

>Number:         234
>Category:       config
>Synopsis:       REMOTE_IDENT not always available to mod_rewrite
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sat Mar 15 16:00:01 1997
>Originator:     mfuhr@dimensional.com
>Organization:
apache
>Release:        1.2b7
>Environment:
FreeBSD 2.1.7
gcc 2.6.3
>Description:
REMOTE_IDENT isn't available to a virtual host's rewrite rules under
the following conditions:

    * IdentityCheck is "off" by default.
    * IdentityCheck is turned "on" inside the <VirtualHost> directive.

REMOTE_IDENT is available later for SSI and CGI, but not for the
rewriting rules in a <VirtualHost> section.
>How-To-Repeat:
1. Set the default IdentityCheck to "off".
2. Add the following lines inside some <VirtualHost> section:

    RewriteEngine on
    RewriteLogLevel 4
    RewriteLog logs/virt-rewrite_log
    RewriteCond %{REMOTE_ADDR} 1.2.3.4    # IP of some host running IDENT
    RewriteCond %{REMOTE_IDENT} someuser  # name of some user on that host
    RewriteRule ^/somefile.html /otherfile.html [R,L]

3. Try to retrieve /somefile.html from the specified host as the specified
user.  The rewrite will fail; that REMOTE_IDENT is set later can be verified
by printing its value using SSI or CGI.

4.  The rewrite log will show something like this for the RewriteCond in
question:

    RewriteCond: input='' pattern='someuser' => not-matched

5. Set the default "IdentityCheck" to "on".
6. Try to retrieve /somefile.html again.
7. You should get /otherfile.html (a successful rewrite).
    
>Fix:
The problem shows itself in get_remote_login(), http_core.c, line 396:

    if (dir_conf->do_rfc1413 & 1)
        return rfc1413(r->connection, r->server);
    else
        return NULL;

When get_remote_login() is called from mod_rewrite.c, line 2532, it
always returns NULL.  Apparently dir_conf->do_rfc1413 hasn't been set
from the virtual host's IdentityCheck directive yet
>Audit-Trail:
>Unformatted:

Re: config/234: REMOTE_IDENT not always available to mod_rewrite

Posted by Dean Gaudet <dg...@arctic.org>.

I can't reproduce this with 1.2b8-dev, do_rfc1413 is always set correctly. 
Could you send your config file?

Thanks
Dean

On Sat, 15 Mar 1997, Michael Fuhr wrote:

> 
> >Number:         234
> >Category:       config
> >Synopsis:       REMOTE_IDENT not always available to mod_rewrite
> >Confidential:   no
> >Severity:       non-critical
> >Priority:       medium
> >Responsible:    apache (Apache HTTP Project)
> >State:          open
> >Class:          sw-bug
> >Submitter-Id:   apache
> >Arrival-Date:   Sat Mar 15 16:00:01 1997
> >Originator:     mfuhr@dimensional.com
> >Organization:
> apache
> >Release:        1.2b7
> >Environment:
> FreeBSD 2.1.7
> gcc 2.6.3
> >Description:
> REMOTE_IDENT isn't available to a virtual host's rewrite rules under
> the following conditions:
> 
>     * IdentityCheck is "off" by default.
>     * IdentityCheck is turned "on" inside the <VirtualHost> directive.
> 
> REMOTE_IDENT is available later for SSI and CGI, but not for the
> rewriting rules in a <VirtualHost> section.
> >How-To-Repeat:
> 1. Set the default IdentityCheck to "off".
> 2. Add the following lines inside some <VirtualHost> section:
> 
>     RewriteEngine on
>     RewriteLogLevel 4
>     RewriteLog logs/virt-rewrite_log
>     RewriteCond %{REMOTE_ADDR} 1.2.3.4    # IP of some host running IDENT
>     RewriteCond %{REMOTE_IDENT} someuser  # name of some user on that host
>     RewriteRule ^/somefile.html /otherfile.html [R,L]
> 
> 3. Try to retrieve /somefile.html from the specified host as the specified
> user.  The rewrite will fail; that REMOTE_IDENT is set later can be verified
> by printing its value using SSI or CGI.
> 
> 4.  The rewrite log will show something like this for the RewriteCond in
> question:
> 
>     RewriteCond: input='' pattern='someuser' => not-matched
> 
> 5. Set the default "IdentityCheck" to "on".
> 6. Try to retrieve /somefile.html again.
> 7. You should get /otherfile.html (a successful rewrite).
>     
> >Fix:
> The problem shows itself in get_remote_login(), http_core.c, line 396:
> 
>     if (dir_conf->do_rfc1413 & 1)
>         return rfc1413(r->connection, r->server);
>     else
>         return NULL;
> 
> When get_remote_login() is called from mod_rewrite.c, line 2532, it
> always returns NULL.  Apparently dir_conf->do_rfc1413 hasn't been set
> from the virtual host's IdentityCheck directive yet
> >Audit-Trail:
> >Unformatted:
> 
> 
>