Backport from HEAD: add "SSLUserName" directive to set r->user based

on a chosen SSL environment variable name.

* modules/ssl/mod_ssl.h (struct SSLDirConfigRec): Add
szUserName field.

* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
the value of the chosen SSL environment variable.

* modules/ssl/mod_ssl.c: Add SSLUserName config directive.

PR: 20957
Submitted by: Martin v. Loewis
Reviewed by: trawick, jorton, nd

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104770 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index e621cf669eeac276d4aac532c409e1b6baba6ae4..a8639b017fed02a30b87f366178d8920e900d9ed 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.51
 
+  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
+     chosen SSL environment variable.  PR 20957. 
+     [Martin v. Loewis <martin v.loewis.de>]
+
   *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
      [Zvi Har'El <rl math.technion.ac.il>]
 

diff --git a/STATUS b/STATUS
index df7dcbdab4f82bcc50fa7d9249d99ec231b3d77a..a92b52c6efa3d4aeb4b9d8c93ed5772803bfa06a 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/23 15:07:18 $]
+Last modified at [$Date: 2004/08/23 15:18:54 $]
 
 Release:
 
@@ -153,14 +153,6 @@ PATCHES TO BACKPORT FROM 2.1
        0: nd: IMHO that's a public API change then and not applicable for
               2.0, just let 'em in
 
-    *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
-       chosen SSL environment variable.  PR 20957. 
-         mod_ssl.c r1.99
-         ssl_engine_config.c r1.94
-         ssl_engine_kernel.c r1.107
-         ssl_private.h r1.7
-       +1: trawick, jorton, nd
-
     *) Prevent Win32 pool corruption at startup
          server/mpm/winnt/child.c: r1.36 
        +1: ake, trawick, nd, stoddard

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index cf556f52a25cc5c804bf332f67e6c56a9c74937e..25cba9aad1e39c4dc96aae35bb79f4c75b693848 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -133,6 +133,8 @@ static const command_rec ssl_config_cmds[] = {
     SSL_CMD_SRV(Protocol, RAW_ARGS,
                 "Enable or disable various SSL protocols"
                 "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
+    SSL_CMD_ALL(UserName, TAKE1,
+               "Set user name to SSL variable value")
 
     /* 
      * Proxy configuration for remote SSL connections

diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 44b75908a3c956181c188c550f76cf95ca4cb4a0..e9db89768ca13ea956e23b90ae00ccfc4ca887de 100644 (file)
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -502,6 +502,7 @@ typedef struct {
     int           nVerifyDepth;
     const char   *szCACertificatePath;
     const char   *szCACertificateFile;
+    const char   *szUserName;
 } SSLDirConfigRec;
 
 /*
@@ -543,6 +544,7 @@ const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
 const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
 
 const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 2fecd7a72de290be8ef7dac98b39e20c5d7a3452..17cad8f3a2ca18742c604371d6c75bb2b7d92cea 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -286,6 +286,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir)
 
     dc->szCACertificatePath    = NULL;
     dc->szCACertificateFile    = NULL;
+    dc->szUserName             = NULL;
 
     return dc;
 }
@@ -322,6 +323,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
 
     cfgMergeString(szCACertificatePath);
     cfgMergeString(szCACertificateFile);
+    cfgMergeString(szUserName);
 
     return mrg;
 }
@@ -1393,3 +1395,10 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *cmd,
 }
 
 
+const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, 
+                               const char *arg)
+{
+    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
+    dc->szUserName = arg;
+    return NULL;
+}

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 0dae04da1e09b7a7b2aea7e6e84da1d678dbbabf..eccaa98512275d203f25b10da132a0ed7f65e942 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1006,6 +1006,17 @@ int ssl_hook_Fixup(request_rec *r)
         return DECLINED;
     }
 
+    /*
+     * Set r->user if requested
+     */
+    if (dc->szUserName) {
+        val = ssl_var_lookup(r->pool, r->server, r->connection, 
+                             r, (char *)dc->szUserName);
+        if (val && val[0]) {
+            r->user = val;
+        }
+    }
+
     /*
      * Annotate the SSI/CGI environment with standard SSL information
      */