Re: An unusual request [PATCH] mod_autoindex

[Francis Daly <de...@daoine.org>]

On Wed, May 15, 2002 at 09:40:56PM -0400, Cliff Woolley wrote:
> On Wed, 15 May 2002, William A. Rowe, Jr. wrote:
> 
> >    I think this is a good direction.  What about IndexResults [with a
> > default of 2xx/3xx]?  Shorthand would be #xx for a group [so you could
> > include 2xx 3xx 4xx], or explicit response codes, say 200 only.
> 
> +1.  I never liked that we arbitrarily took away the 4xx's, especially
> 401.  It should be up to the admin.

Vaguely related to this, the appended patch lets the admin allow 401s
through. I don't think may other 400-series errors want to passed
through at all? 

Anyway, for your consideration:


This patch introduces a config option which changes the
behaviour of Options +Indexes. It potentially exposes names of
authentication-requiring URLs to unauthenticated users. I've called
the option "IndexOptions RevealSecretURL" to make sure that it isn't
unintentionally enabled. It defaults to not set, which leaves behaviour
as it currently is.

This patch does not address the concern raised earlier about the many
stat()s and subrequests made in an autoindex'ed directory containing
directories. I think changing that would require a different design
entirely.

It introduces a fake filename "^^UNAUTHORIZED^^" which can be used by
AddIcon and AddAlt to enhance the display if IndexOptions FancyIndexing
is also set, mirroring ^^DIRECTORY^^ and ^^BLANKICON^^. An UNAUTHORIZED
DIRECTORY will appear UNAUTHORIZED, falling back to DefaultIcon. That
could be changed to appear DIRECTORY by adding a filetype check just
before setting the string ^^UNAUTHORIZED^^.

It explicitly hides the file size and modification time of unauthorized
resources. This differs from the behaviour of 1.3. Code already in
find_title() ensures that IndexOptions ScanHTMLTitles won't reveal any
content.

Arguably, it should require AllowOverride AuthConfig too for use in
.htaccess, although that may need a new directive rather than a new
option to an existing directive.

===========

Docs for the IndexOptions RevealSecretURL option:

set or unset on a per-directory basis, just like the rest of
IndexOptions. Default unset overall. 

If set, URLs for which valid authentication credentials have not
been presented will appear in autoindex-generated lists of directory
contents.

"^^UNAUTHORIZED^^" can be used as a filename for AddIcon or AddAlt, 
if the default choices are inappropriate.

It's only useful in directories where only some files require
authentication; it will reveal to unauthenticated clients the names
of urls that require authentication. However, it also allows Options
+Indexes to work more like it used to in 1.3.

============

I'm sure someone with more imagination can come up with a better option
name.

Built and tested against the version of mod_autoindex released with
httpd-2.0.35, it applies cleanly to the version released with 2.0.36,
which appears to be the current version in CVS.

	f
-- 
Francis Daly        deva@daoine.org


--- modules/generators/mod_autoindex.c	Fri Apr  5 18:50:37 2002
+++ modules/generators/mod_autoindex.c.new	Thu May 16 22:36:38 2002
@@ -110,6 +110,7 @@
 #define FANCY_INDEXING      0x2000
 #define TABLE_INDEXING      0x4000
 #define IGNORE_CLIENT       0x8000
+#define REVEAL_401         0x10000
 
 #define K_NOADJUST 0
 #define K_ADJUST 1
@@ -407,6 +408,9 @@
         else if (!strcasecmp(w, "VersionSort")) {
             option = VERSION_SORT;
         }
+        else if (!strcasecmp(w, "RevealSecretURL")) {
+            option = REVEAL_401; 
+        } 
         else if (!strcasecmp(w, "None")) {
             if (action != '\0') {
                 return "Cannot combine '+' or '-' with 'None' keyword";
@@ -1316,7 +1320,9 @@
 
     if ((rr->finfo.filetype != APR_DIR && rr->finfo.filetype != APR_REG)
         || !(rr->status == OK || ap_is_HTTP_SUCCESS(rr->status)
-                              || ap_is_HTTP_REDIRECT(rr->status))) {
+                              || ap_is_HTTP_REDIRECT(rr->status)
+                              || ( rr->status == HTTP_UNAUTHORIZED 
+                                  && (autoindex_opts & REVEAL_401) ))) {
         ap_destroy_sub_req(rr);
         return (NULL);
     }
@@ -1337,6 +1343,13 @@
     p->key = apr_toupper(keyid);
     p->ascending = (apr_toupper(direction) == D_ASCENDING);
     p->version_sort = !!(autoindex_opts & VERSION_SORT);
+
+/* Now hide bits that don't need to be revealed */
+    if (rr->status == HTTP_UNAUTHORIZED) {
+        rr->finfo.mtime = -1;
+        rr->finfo.size = -1;
+        rr->filename = "^^UNAUTHORIZED^^";
+    }
 
     if (autoindex_opts & (FANCY_INDEXING | TABLE_INDEXING)) {
         p->lm = rr->finfo.mtime;