to run when this module has a FastCGI authorizer configured
and it fails the request.</dd>
+ <dt>DefaultUser <em>userid</em></dt>
+ <dd>When the authorizer returns success and <code>UserExpr</code>
+ is configured and evaluates to an empty string (e.g., authorizer
+ didn't return a variable), this value will be used as the user
+ id. This is typically used when the authorizer has a concept of
+ guest, or unauthenticated, users and guest users are mapped to
+ some specific user id for logging and other purposes.</dd>
+
<dt>RequireBasicAuth On|Off (default Off)</dt>
<dd>This controls whether or not Basic auth is required
before passing the request to the authorizer. If required,
typedef struct {
const char *name; /* provider name */
- ap_expr_info_t *user_expr; /* expr to evaluate t set r->user */
+ const char *default_user; /* this is user if authorizer returns
+ * success and a user expression yields
+ * empty string
+ */
+ ap_expr_info_t *user_expr; /* expr to evaluate to set r->user */
char authoritative; /* fail request if user is rejected? */
char require_basic_auth; /* fail if client didn't send credentials? */
} fcgi_dir_conf;
APLOGNO(02519) "%s: Setting user to '%s'",
fn, r->user);
}
+ else if (user && dconf->default_user) {
+ r->user = apr_pstrdup(r->pool, dconf->default_user);
+ }
else if (user) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
APLOGNO(02520) "%s: Failure extracting user "
r->status = HTTP_INTERNAL_SERVER_ERROR;
}
else {
+ /* unexpected error, not even an empty string was returned */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
APLOGNO(02521) "%s: Failure extracting user "
"after calling authorizer: %s",
badarg = 1;
}
}
+ else if (!strcasecmp(var, "DefaultUser")) {
+ dc->default_user = val;
+ }
else if (!strcasecmp(var, "RequireBasicAuth")) {
if (!strcasecmp(val, "On")) {
dc->require_basic_auth = 1;
projects / apache / commitdiff