Return-Path: 
 <apache-bugdb-owner-apache-bugdb-archive=hyperreal.org@apache.org>
Delivered-To: apache-bugdb-archive@hyperreal.org
Received: (qmail 11343 invoked by uid 6000); 27 Sep 1998 16:12:45 -0000
Received: (qmail 11318 invoked by uid 2012); 27 Sep 1998 16:12:44 -0000
Date: 27 Sep 1998 16:12:44 -0000
Message-ID: <19980927161244.11317.qmail@hyperreal.org>
To: apache-bugdb@apache.org, coar@apache.org, fming@dso.org.sg
From: coar@apache.org
Subject: Re: mod_proxy/2552: IdentityCheck  reports wrong user name from
 Identd when apache act as a proxy server
Sender: apache-bugdb-owner@apache.org
Precedence: bulk

[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]


Synopsis: IdentityCheck  reports wrong user name from Identd when apache act as a proxy server

Comment-Added-By: coar
Comment-Added-When: Sun Sep 27 09:12:43 PDT 1998
Comment-Added:
[More from submitter]
Hi:

I examed the source code, and got the following findings.

In normal HTTP access to local file system, the rfc1413 was called by
auth mod. This is still at an earlier stage of processing of the
request, so the client machine, upon receiving the Identd check,  was
able to locate its end of the tcp/ip connection, and properly reply the
user id who owns that port.

But in proxy mode, the Auth module was some how skipped, so the Identd
check is left until the process reached log modules. I believe that it
was too late for log module to ask the client machine for the remote
user ID. When HTTP connection in question is closing,  it's impossible
for the client machine to respond when the FIN packet of the HTTP
connection was sent.

I inserted a rfc1413 call to get the remote user ID into the
ap_read_request () function, just after it constructed all the request
record. The problem is thus fixed as the rfc1413 request is early
enough. Yet, my solution doesn't seems to be a gracious one.  Any advice
of where should do the remote ID check in the proxy module?

Thanks
Fu Ming