From: Joe Orton <jorton@apache.org>
Date: Tue, 29 Mar 2005 08:31:16 +0000 (+0000)
Subject: Merge r151493, r153280 from trunk:
X-Git-Tag: 2.0.54~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b084cc057671fd70d40d70d9675b826c0bbe040;p=thirdparty%2Fapache%2Fhttpd.git

Merge r151493, r153280 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Move the
SSLUsername-controlled assignment of r->user earlier.

PR: 31418
Submitted by: dreid
Reviewed by: jorton, jerenkrantz, pquerna, striker


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@159353 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 213598cdf14..7509e54697a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.54
 
+  *) mod_ssl: If SSLUsername is used, set r->user earlier.  PR 31418.
+     [David Reid]
+
   *) htdigest: Fix permissions of created files.  PR 33765.  [Joe Orton]
 
   *) core_input_filter: Move buckets to a persistent brigade instead of
diff --git a/STATUS b/STATUS
index f60f87d760f..2338440f1cb 100644
--- a/STATUS
+++ b/STATUS
@@ -94,16 +94,6 @@ PATCHES TO BACKPORT FROM TRUNK:
     identify exactly what the proposed changes are! ]
   [ please append new backports at the end of this list not the top. ]
 
-    *) mod_ssl: Set r->user from SSLUsername earlier so that it's
-       actually useful.
-       http://svn.apache.org/viewcvs.cgi?rev=153280&view=rev
-       http://svn.apache.org/viewcvs.cgi?rev=151493&view=rev
-       a.k.a. http://www.apache.org/~jorton/ap_ssluser.diff
-       PR: 31418
-       jerenkrantz comments: 151493 deletes a chunk and adds a chunk,
-          with 153280 moving that added hunk elsewhere.  My brain hurts.
-       +1: jorton, jerenkrantz, pquerna, striker
-
     *) Add a build script to create a solaris package.
        svn rev 124104
        +1: minfrin, trawick
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index a3b037afd10..9af8f759fa9 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -737,6 +737,20 @@ int ssl_hook_Access(request_rec *r)
         }
     }
 
+    /* If we're trying to have the user name set from a client
+     * certificate then we need to set it here. This should be safe as
+     * the user name probably isn't important from an auth checking point
+     * of view as the certificate supplied acts in that capacity.
+     * However, if FakeAuth is being used then this isn't the case so
+     * we need to postpone setting the username until later.
+     */
+    if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
+        char *val = ssl_var_lookup(r->pool, r->server, r->connection,
+                                   r, (char *)dc->szUserName);
+        if (val && val[0])
+            r->user = val;
+    } 
+
     /*
      * Check SSLRequire boolean expressions
      */
@@ -1022,17 +1036,6 @@ int ssl_hook_Fixup(request_rec *r)
         return DECLINED;
     }
 
-    /*
-     * Set r->user if requested
-     */
-    if (dc->szUserName) {
-        val = ssl_var_lookup(r->pool, r->server, r->connection, 
-                             r, (char *)dc->szUserName);
-        if (val && val[0]) {
-            r->user = val;
-        }
-    }
-
     /*
      * Annotate the SSI/CGI environment with standard SSL information
      */