Fuck Apache

2024-09-19 16:15:13 +00:00 · 2023-06-11 10:34:36 +10:00 · 2023-06-11 10:34:36 +10:00 · 9dd0ecd8a4
commit 9dd0ecd8a4
parent fc40564cb0
6 changed files with 31 additions and 4 deletions
--- a/Code/Module/Cdav.php
+++ b/Code/Module/Cdav.php
@ -56,6 +56,14 @@ class Cdav extends Controller
        }
    
        if ((argv(1) !== 'calendar') && (argv(1) !== 'addressbook')) {
+
+            if (isset($_SERVER['HTTP_SIGNATURE']) &&
+                !isset($_SERVER['REDIRECT_REMOTE_USER']) &&
+                !isset($_SERVER['HTTP_AUTHORIZATION'])) {
+                $_SERVER['HTTP_AUTHORIZATION'] = 'Signature ' . $_SERVER['HTTP_SIGNATURE'];
+            }
+
+
            foreach (['REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION'] as $head) {
                /* Basic authentication */

--- a/Code/Module/Dav.php
+++ b/Code/Module/Dav.php
@ -36,6 +36,11 @@ class Dav extends Controller
     */
    public function init()
    {
+        if (isset($_SERVER['HTTP_SIGNATURE']) &&
+            !isset($_SERVER['REDIRECT_REMOTE_USER']) &&
+            !isset($_SERVER['HTTP_AUTHORIZATION'])) {
+            $_SERVER['HTTP_AUTHORIZATION'] = 'Signature ' . $_SERVER['HTTP_SIGNATURE'];
+        }

        foreach (['REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION'] as $head) {
            /* Basic authentication */
--- a/Code/Module/Getfile.php
+++ b/Code/Module/Getfile.php
@ -56,6 +56,13 @@ class Getfile extends Controller
            killme();
        }

+        if (isset($_SERVER['HTTP_SIGNATURE']) &&
+            !isset($_SERVER['REDIRECT_REMOTE_USER']) &&
+            !isset($_SERVER['HTTP_AUTHORIZATION'])) {
+            $_SERVER['HTTP_AUTHORIZATION'] = 'Signature ' . $_SERVER['HTTP_SIGNATURE'];
+        }
+
+
        foreach (['REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION'] as $head) {
            if (array_key_exists($head, $_SERVER) && str_starts_with(trim($_SERVER[$head]), 'Signature')) {
                if ($head !== 'HTTP_AUTHORIZATION') {
--- a/Code/Module/Owa.php
+++ b/Code/Module/Owa.php
@ -20,13 +20,15 @@ class Owa extends Controller

    public function init()
    {
-
        $ret = ['success' => false];

        if (array_key_exists('REDIRECT_REMOTE_USER', $_SERVER) && (!array_key_exists('HTTP_AUTHORIZATION', $_SERVER))) {
            $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
        }

+        if (array_key_exists('HTTP_SIGNATURE', $_SERVER) && (!array_key_exists('HTTP_AUTHORIZATION', $_SERVER))) {
+            $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_SIGNATURE'];
+        }

        if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER) && str_starts_with(trim($_SERVER['HTTP_AUTHORIZATION']), 'Signature')) {
            $sigblock = HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']);
--- a/Code/Web/HTTPSig.php
+++ b/Code/Web/HTTPSig.php
@ -562,11 +562,12 @@ class HTTPSig
            }
        }

+        $authorisation = '';
+
        if ($auth) {
-            $sighead = 'Authorization: Signature ' . $headerval;
-        } else {
-            $sighead = 'Signature: ' . $headerval;
+            $authorisation = 'Authorization: Signature ' . $headerval;
        }
+        $sighead = 'Signature: ' . $headerval;

        if ($head) {
            foreach ($head as $k => $v) {
@ -578,6 +579,9 @@ class HTTPSig
            }
        }
        $return_headers[] = $sighead;
+        if ($authorisation) {
+            $return_headers[] = $authorisation;
+        }

        return $return_headers;
    }
--- a/htaccess.dist
+++ b/htaccess.dist
@ -1,6 +1,7 @@
 Options -Indexes
 AddType application/x-java-archive .jar
 AddType audio/ogg .oga
+CGIPassAuth On
 #SSLCipherSuite HIGH:AES256-SHA:AES128-SHA:RC4:!aNULL:!eNULL:!EDH

 # don't allow any web access to logfiles, even after rotation/compression