From: David Reid <dreid@apache.org>
Date: Sat, 5 Feb 2005 14:20:26 +0000 (+0000)
Subject: Change where we set r->user if we're setting it from a
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da09c65894cc3aeee7250e5f43cb582ac6499632;p=thirdparty%2Fapache%2Fhttpd.git

Change where we set r->user if we're setting it from a
client certificate.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@151493 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c
index efa7230b17a..1fe1b3b0cbb 100644
--- a/ssl_engine_kernel.c
+++ b/ssl_engine_kernel.c
@@ -799,6 +799,20 @@ int ssl_hook_Access(request_rec *r)
         }
     }
 
+    /* If we're trying to have the user name set from a client
+     * certificate then we need to set it here. This should be safe as
+     * the user name probably isn't important from an auth checking point
+     * of view as the certificate supplied acts in that capacity.
+     * However, if FakeAuth is being used then this isn't the case so
+     * we need to postpone setting the username until later.
+     */
+    if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
+        char *val = ssl_var_lookup(r->pool, r->server, r->connection,
+                                   r, (char *)dc->szUserName);
+        if (val && val[0])
+            r->user = val;
+    } 
+
     /*
      * Else access is granted from our point of view (except vendor
      * handlers override). But we have to return DECLINED here instead
@@ -1042,17 +1056,6 @@ int ssl_hook_Fixup(request_rec *r)
         return DECLINED;
     }
 
-    /*
-     * Set r->user if requested
-     */
-    if (dc->szUserName) {
-        val = ssl_var_lookup(r->pool, r->server, r->connection, 
-                             r, (char *)dc->szUserName);
-        if (val && val[0]) {
-            r->user = val;
-        }
-    }
-
     /*
      * Annotate the SSI/CGI environment with standard SSL information
      */