summaryrefslogtreecommitdiffstats
path: root/modules/aaa/mod_authnz_fcgi.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/aaa/mod_authnz_fcgi.c')
-rw-r--r--modules/aaa/mod_authnz_fcgi.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/modules/aaa/mod_authnz_fcgi.c b/modules/aaa/mod_authnz_fcgi.c
index d99f391..69743f1 100644
--- a/modules/aaa/mod_authnz_fcgi.c
+++ b/modules/aaa/mod_authnz_fcgi.c
@@ -571,6 +571,14 @@ static apr_status_t handle_response(const fcgi_provider_conf *conf,
"parsing -> %d/%d",
fn, status, r->status);
+ /* FCGI has its own body framing mechanism which we don't
+ * match against any provided Content-Length, so let the
+ * core determine C-L vs T-E based on what's actually sent.
+ */
+ if (!apr_table_get(r->subprocess_env, AP_TRUST_CGILIKE_CL_ENVVAR))
+ apr_table_unset(r->headers_out, "Content-Length");
+ apr_table_unset(r->headers_out, "Transfer-Encoding");
+
if (rspbuf) { /* caller wants to see response body,
* if any
*/
@@ -681,7 +689,7 @@ static int mod_fcgid_modify_auth_header(void *vars,
/* When the application gives a 200 response, the server ignores response
headers whose names aren't prefixed with Variable- prefix, and ignores
any response content */
- if (strncasecmp(key, "Variable-", 9) == 0)
+ if (ap_cstr_casecmpn(key, "Variable-", 9) == 0)
apr_table_setn(vars, key, val);
return 1;
}
@@ -714,6 +722,7 @@ static void req_rsp(request_rec *r, const fcgi_provider_conf *conf,
}
apr_pool_create(&temp_pool, r->pool);
+ apr_pool_tag(temp_pool, "mod_authnz_fcgi (req_rsp)");
setupenv(r, password, apache_role);
@@ -809,7 +818,7 @@ static int fcgi_check_authn(request_rec *r)
prov = dconf && dconf->name ? dconf->name : NULL;
- if (!prov || !strcasecmp(prov, "None")) {
+ if (!prov || !ap_cstr_casecmp(prov, "None")) {
return DECLINED;
}
@@ -824,7 +833,7 @@ static int fcgi_check_authn(request_rec *r)
dconf->user_expr ? "yes" : "no",
auth_type);
- if (auth_type && !strcasecmp(auth_type, "Basic")) {
+ if (auth_type && !ap_cstr_casecmp(auth_type, "Basic")) {
if ((res = ap_get_basic_auth_pw(r, &password))) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
APLOGNO(02517) "%s: couldn't retrieve basic auth "