From 65800885e7c749733cdfb6ea2dd93d83323add3c Mon Sep 17 00:00:00 2001
From: Andrew McNab <andrew.mcnab@manchester.ac.uk>
Date: Tue, 13 Sep 2005 07:40:43 +0000
Subject: [PATCH] Fix for bug #10031

---
 org.gridsite.core/CHANGES                   |  7 +++++
 org.gridsite.core/doc/httpd-fileserver.conf |  6 ++--
 org.gridsite.core/doc/httpd-webserver.conf  |  6 ++--
 org.gridsite.core/src/grst_gacl.c           | 20 ++++++++----
 org.gridsite.core/src/mod_gridsite.c        | 49 ++++++++++++++++++++++-------
 5 files changed, 64 insertions(+), 24 deletions(-)

diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES
index ef4120e..e68d642 100644
--- a/org.gridsite.core/CHANGES
+++ b/org.gridsite.core/CHANGES
@@ -1,3 +1,10 @@
+* Tue Sep 13 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
+- Fix bug #10031 submitted by Fabrizio Pacini 
+  <fabrizio.pacini@cern.ch> (invalid free in 
+  GRSTgaclAclLoadFile if ACL format not valid.)
+* Mon Sep 12 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
+- Accept GRIDHTTP_ONETIME when passed in HTTP query
+  (still overridden by a GRIDHTTP_ONETIME in a cookie.)
 * Sat Sep 10 2005 Andrew McNab <Andrew.McNab@man.ac.uk>
 - Fix problem with attempted upgrades to GridHTTP when
   already on the HTTP virtual server.
diff --git a/org.gridsite.core/doc/httpd-fileserver.conf b/org.gridsite.core/doc/httpd-fileserver.conf
index 5e1196b..eddad08 100644
--- a/org.gridsite.core/doc/httpd-fileserver.conf
+++ b/org.gridsite.core/doc/httpd-fileserver.conf
@@ -23,7 +23,7 @@
 ## in /etc/grid-security/dn-lists/
 ##
 ## To start serving files, make a directory /var/www/htdocs owned by
-## nobody.nobody, including the file .gacl containing:
+## apache.apache, including the file .gacl containing:
 ##
 ## <gacl>
 ## <entry>
@@ -87,8 +87,8 @@ LoadModule dir_module		/usr/lib/httpd/modules/mod_dir.so
 TypesConfig /etc/mime.types
 
 # User and group who will own files created by Apache
-User  nobody
-Group nobody
+User  apache
+Group apache
 
 DocumentRoot "/var/www/htdocs"
 
diff --git a/org.gridsite.core/doc/httpd-webserver.conf b/org.gridsite.core/doc/httpd-webserver.conf
index 6919c9b..57adb5d 100644
--- a/org.gridsite.core/doc/httpd-webserver.conf
+++ b/org.gridsite.core/doc/httpd-webserver.conf
@@ -25,7 +25,7 @@
 ## (Lists in /etc/grid-security/dn-lists/ override lists elsewhere.)
 ##
 ## To start serving files, make a directory /var/www/htdocs owned by
-## nobody.nobody, including the file .gacl containing:
+## apache.apache, including the file .gacl containing:
 ##
 ## <gacl>
 ## <entry>
@@ -95,8 +95,8 @@ LoadModule cgi_module		/usr/lib/httpd/modules/mod_cgi.so
 TypesConfig /etc/mime.types
 
 # User and group who will own files created by Apache
-User  nobody
-Group nobody
+User  apache
+Group apache
 
 DocumentRoot "/var/www/htdocs"
 
diff --git a/org.gridsite.core/src/grst_gacl.c b/org.gridsite.core/src/grst_gacl.c
index 1df2f02..336c853 100644
--- a/org.gridsite.core/src/grst_gacl.c
+++ b/org.gridsite.core/src/grst_gacl.c
@@ -646,17 +646,25 @@ GRSTgaclAcl *GRSTgaclAclLoadFile(char *filename)
   if (doc == NULL) return NULL;
 
   cur = xmlDocGetRootElement(doc);
-  if (cur == NULL) return NULL;
+  if (cur == NULL) 
+    {
+      xmlFreeDoc(doc);      
+      return NULL;
+    }
 
-  if (!xmlStrcmp(cur->name, (const xmlChar *) "Policy")) { acl=GRSTxacmlAclParse(doc, cur, acl);}
-  else if (!xmlStrcmp(cur->name, (const xmlChar *) "gacl")) {acl=GRSTgaclAclParse(doc, cur, acl);}
+  if (!xmlStrcmp(cur->name, (const xmlChar *) "Policy")) 
+    { 
+      acl=GRSTxacmlAclParse(doc, cur, acl);
+    }
+  else if (!xmlStrcmp(cur->name, (const xmlChar *) "gacl")) 
+    {
+      acl=GRSTgaclAclParse(doc, cur, acl);
+    }
   else /* ACL format not recognised */
     {
-      free(doc);
-      free(cur);
+      xmlFreeDoc(doc);
       return NULL;
     }
-
     
   xmlFreeDoc(doc);
   return acl;
diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c
index 5d90b13..b81d7b2 100644
--- a/org.gridsite.core/src/mod_gridsite.c
+++ b/org.gridsite.core/src/mod_gridsite.c
@@ -2003,8 +2003,8 @@ static int mod_gridsite_perm_handler(request_rec *r)
                  destination_is_acl = 0;
     char        *dn, *p, envname[14], *grst_cred_0 = NULL, *dir_path, 
                 *remotehost, s[99], *grst_cred_i, *cookies, *file,
-                *gridauthonetime, *cookiefile, oneline[1025], *key_i,
-                *destination = NULL, *destination_uri = NULL, 
+                *gridauthonetime = NULL, *cookiefile, oneline[1025], *key_i,
+                *destination = NULL, *destination_uri = NULL, *querytmp, 
                 *destination_prefix = NULL, *destination_translated = NULL;
     const char  *content_type;
     time_t       now, notbefore, notafter;
@@ -2158,6 +2158,8 @@ static int mod_gridsite_perm_handler(request_rec *r)
           }
       }
       
+    /* first look for GRIDHTTP_ONETIME cookie */
+      
     if ((p = (char *) apr_table_get(r->headers_in, "Cookie")) != NULL)
       {
         cookies = apr_pstrcat(r->pool, " ", p, NULL);
@@ -2165,23 +2167,47 @@ static int mod_gridsite_perm_handler(request_rec *r)
                 
         if (gridauthonetime != NULL)
           {
-            for (p = &gridauthonetime[18]; (*p != '\0') && (*p != ';'); ++p)
-                                                if (!isalnum(*p)) *p = '_';
-        
-            cookiefile = apr_psprintf(r->pool, "%s/%s",
+            for (p = &gridauthonetime[18]; 
+                 (*p != '\0') && (*p != ';'); ++p)
+                                      if (!isalnum(*p)) *p = '\0';
+          }
+      }
+
+    /* then look for GRIDHTTP_ONETIME in QUERY_STRING ie after ? */
+      
+    if (gridauthonetime == NULL)
+      {
+        if ((r->parsed_uri.query != NULL) && (r->parsed_uri.query[0] != '\0'))
+          {
+            querytmp = apr_pstrcat(r->pool,"&",r->parsed_uri.query,"&",NULL);
+            
+            gridauthonetime = strstr(querytmp, "&GRIDHTTP_ONETIME=");
+            
+            if (gridauthonetime != NULL)
+              {
+                for (p = &gridauthonetime[18]; 
+                     (*p != '\0') && (*p != '&'); ++p)
+                                          if (!isalnum(*p)) *p = '\0';
+              }            
+          }
+      }
+
+    if ((gridauthonetime != NULL) && (gridauthonetime[0] != '\0')) 
+      {
+        cookiefile = apr_psprintf(r->pool, "%s/%s",
                  ap_server_root_relative(r->pool,
                    ((mod_gridsite_srv_cfg *) 
                     ap_get_module_config(r->server->module_config, 
                                     &gridsite_module))->onetimesdir),
                  &gridauthonetime[18]);
                                       
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
                              "Opening GridHTTP onetime file %s", cookiefile);
               
-            if ((apr_stat(&cookiefile_info, cookiefile, 
+        if ((apr_stat(&cookiefile_info, cookiefile, 
                           APR_FINFO_TYPE, r->pool) == APR_SUCCESS) &&
-                (cookiefile_info.filetype == APR_REG) &&
-                (apr_file_open(&fp, cookiefile, APR_READ, 0, r->pool)
+            (cookiefile_info.filetype == APR_REG) &&
+            (apr_file_open(&fp, cookiefile, APR_READ, 0, r->pool)
                                                          == APR_SUCCESS))
               {
                 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
@@ -2215,8 +2241,7 @@ static int mod_gridsite_perm_handler(request_rec *r)
                      }
 
                 apr_file_close(fp);
-              }            
-          }
+              }
       }
     
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-- 
1.8.2.3