mod_authn_socache: fix it to enable initialisation to work if configured

only in .htaccess context, and provide a toggle for that.
PR 51991


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1180384 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 33 insertions, 3 deletions

diff --git a/CHANGES b/CHANGES
index f1a39afc6e..e74f609594 100644
--- a/CHANGES
+++ b/CHANGES
@@ -137,6 +137,10 @@ Changes with Apache 2.3.15
   *) mod_deflate: Fix endless loop if first bucket is metadata. PR 51590.
      [Torsten Foertsch <torsten foertsch gmx net>]
 
+  *) mod_authn_socache: Fix to work in .htaccess if not configured anywhere
+     in httpd.conf, and introduce an AuthnCacheEnable directive.
+     PR 51991 [Nick Kew]
+
 Changes with Apache 2.3.14
 
   *) mod_proxy_ajp: Improve trace logging.  [Rainer Jung]
diff --git a/docs/manual/mod/mod_authn_socache.xml b/docs/manual/mod/mod_authn_socache.xml
index 7a1816ab26..c9617a7366 100644
--- a/docs/manual/mod/mod_authn_socache.xml
+++ b/docs/manual/mod/mod_authn_socache.xml
@@ -94,6 +94,23 @@ the load on backends</description>
 </section>
 
 <directivesynopsis>
+<name>AuthnCacheEnable</name>
+<description>Enable Authn caching configured anywhere</description>
+<syntax>AuthnCacheEnable</syntax>
+<contextlist><context>server config</context></contextlist>
+<override>None</override>
+
+<usage>
+    <p>This directive is not normally necessary: it is implied if
+    authentication cacheing is enabled anywhere in <var>httpd.conf</var>.
+    However, if it is not enabled anywhere in <var>httpd.conf</var>
+    it will by default not be initialised, and is therefore not
+    available in a <var>.htaccess</var> context.  This directive
+    ensures it is initialised so it can be used in <var>.htaccess</var>.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
 <name>AuthnCacheSOCache</name>
 <description>Select socache backend provider to use</description>
 <syntax>AuthnCacheSOCache <var>provider-name</var></syntax>
diff --git a/modules/aaa/mod_authn_socache.c b/modules/aaa/mod_authn_socache.c
index 4ba572f9e2..60a7c7aaa3 100644
--- a/modules/aaa/mod_authn_socache.c
+++ b/modules/aaa/mod_authn_socache.c
@@ -151,6 +151,13 @@ static const char *authn_cache_socache(cmd_parms *cmd, void *CFG,
     return errmsg;
 }
 
+static const char *authn_cache_enable(cmd_parms *cmd, void *CFG)
+{
+    const char *errmsg = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    configured = 1;
+    return errmsg;
+}
+
 static const char *const directory = "directory";
 static void* authn_cache_dircfg_create(apr_pool_t *pool, char *s)
 {
@@ -205,6 +212,8 @@ static const command_rec authn_cache_cmds[] =
     /* global stuff: cache and mutex */
     AP_INIT_TAKE1("AuthnCacheSOCache", authn_cache_socache, NULL, RSRC_CONF,
                   "socache provider for authn cache"),
+    AP_INIT_NO_ARGS("AuthnCacheEnable", authn_cache_enable, NULL, RSRC_CONF,
+                    "enable socache configuration in htaccess even if not enabled anywhere else"),
     /* per-dir stuff */
     AP_INIT_ITERATE("AuthnCacheProvideFor", authn_cache_setprovider, NULL,
                     OR_AUTHCFG, "Determine what authn providers to cache for"),
@@ -250,7 +259,7 @@ static void ap_authn_cache_store(request_rec *r, const char *module,
 
     /* first check whether we're cacheing for this module */
     dcfg = ap_get_module_config(r->per_dir_config, &authn_socache_module);
-    if (!dcfg->providers) {
+    if (!configured || !dcfg->providers) {
         return;
     }
     for (i = 0; i < dcfg->providers->nelts; ++i) {
@@ -327,7 +336,7 @@ static authn_status check_password(request_rec *r, const char *user,
     unsigned char val[MAX_VAL_LEN];
     unsigned int vallen = MAX_VAL_LEN - 1;
     dcfg = ap_get_module_config(r->per_dir_config, &authn_socache_module);
-    if (!dcfg->providers) {
+    if (!configured || !dcfg->providers) {
         return AUTH_USER_NOT_FOUND;
     }
     key = construct_key(r, dcfg->context, user, NULL);
@@ -372,7 +381,7 @@ static authn_status get_realm_hash(request_rec *r, const char *user,
     unsigned char val[MAX_VAL_LEN];
     unsigned int vallen = MAX_VAL_LEN - 1;
     dcfg = ap_get_module_config(r->per_dir_config, &authn_socache_module);
-    if (!dcfg->providers) {
+    if (!configured || !dcfg->providers) {
         return AUTH_USER_NOT_FOUND;
     }
     key = construct_key(r, dcfg->context, user, realm);