From bd04ef3a633c7e54738452a91b6bc0b63b51fbf1 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 23 Aug 2004 15:18:55 +0000
Subject: [PATCH] Backport from HEAD: add "SSLUserName" directive to set
 r->user based on a chosen SSL environment variable name.

* modules/ssl/mod_ssl.h (struct SSLDirConfigRec): Add
szUserName field.

* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
the value of the chosen SSL environment variable.

* modules/ssl/mod_ssl.c: Add SSLUserName config directive.

PR: 20957
Submitted by: Martin v. Loewis
Reviewed by: trawick, jorton, nd


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104770 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                         |  4 ++++
 STATUS                          | 10 +---------
 modules/ssl/mod_ssl.c           |  2 ++
 modules/ssl/mod_ssl.h           |  2 ++
 modules/ssl/ssl_engine_config.c |  9 +++++++++
 modules/ssl/ssl_engine_kernel.c | 11 +++++++++++
 6 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index e621cf669ee..a8639b017fe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.51
 
+  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
+     chosen SSL environment variable.  PR 20957. 
+     [Martin v. Loewis <martin v.loewis.de>]
+
   *) suexec: Pass the SERVER_SIGNATURE envvar through to CGIs.
      [Zvi Har'El <rl math.technion.ac.il>]
 
diff --git a/STATUS b/STATUS
index df7dcbdab4f..a92b52c6efa 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/23 15:07:18 $]
+Last modified at [$Date: 2004/08/23 15:18:54 $]
 
 Release:
 
@@ -153,14 +153,6 @@ PATCHES TO BACKPORT FROM 2.1
        0: nd: IMHO that's a public API change then and not applicable for
               2.0, just let 'em in
 
-    *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
-       chosen SSL environment variable.  PR 20957. 
-         mod_ssl.c r1.99
-         ssl_engine_config.c r1.94
-         ssl_engine_kernel.c r1.107
-         ssl_private.h r1.7
-       +1: trawick, jorton, nd
-
     *) Prevent Win32 pool corruption at startup
          server/mpm/winnt/child.c: r1.36 
        +1: ake, trawick, nd, stoddard
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index cf556f52a25..25cba9aad1e 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -133,6 +133,8 @@ static const command_rec ssl_config_cmds[] = {
     SSL_CMD_SRV(Protocol, RAW_ARGS,
                 "Enable or disable various SSL protocols"
                 "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
+    SSL_CMD_ALL(UserName, TAKE1,
+		"Set user name to SSL variable value")
 
     /* 
      * Proxy configuration for remote SSL connections
diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h
index 44b75908a3c..e9db89768ca 100644
--- a/modules/ssl/mod_ssl.h
+++ b/modules/ssl/mod_ssl.h
@@ -502,6 +502,7 @@ typedef struct {
     int           nVerifyDepth;
     const char   *szCACertificatePath;
     const char   *szCACertificateFile;
+    const char   *szUserName;
 } SSLDirConfigRec;
 
 /*
@@ -543,6 +544,7 @@ const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
 const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
 
 const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 2fecd7a72de..17cad8f3a2c 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -286,6 +286,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir)
 
     dc->szCACertificatePath    = NULL;
     dc->szCACertificateFile    = NULL;
+    dc->szUserName             = NULL;
 
     return dc;
 }
@@ -322,6 +323,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
 
     cfgMergeString(szCACertificatePath);
     cfgMergeString(szCACertificateFile);
+    cfgMergeString(szUserName);
 
     return mrg;
 }
@@ -1393,3 +1395,10 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *cmd,
 }
 
 
+const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, 
+				const char *arg)
+{
+    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
+    dc->szUserName = arg;
+    return NULL;
+}
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 0dae04da1e0..eccaa985122 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1006,6 +1006,17 @@ int ssl_hook_Fixup(request_rec *r)
         return DECLINED;
     }
 
+    /*
+     * Set r->user if requested
+     */
+    if (dc->szUserName) {
+        val = ssl_var_lookup(r->pool, r->server, r->connection, 
+                             r, (char *)dc->szUserName);
+        if (val && val[0]) {
+            r->user = val;
+        }
+    }
+
     /*
      * Annotate the SSI/CGI environment with standard SSL information
      */
-- 
2.47.2