Add 'GroupExternalAuthNCheck' directive to prevent mod-authz-external from checking...

-'GroupExternalAuthNCheck' is set to 'On' by default for compatibility with all existing configurations.
-When set to 'Off', externalgroup_check_authorization() and externalfilegroup_check_authorization() do not perform the Authentication check.
	-Also, if the User is not set, we now set it to the empty string to prevent a segfault in the Apache process (from trying to print it to stderr).

diff --git a/mod_authnz_external/mod_authnz_external.c b/mod_authnz_external/mod_authnz_external.c
index 7b766fc625feeb11abeeea5138154bad0dc58c44..995e8e3840324d794c62b72ada1b61c976613e74 100644 (file)
--- a/mod_authnz_external/mod_authnz_external.c
+++ b/mod_authnz_external/mod_authnz_external.c
@@ -122,6 +122,7 @@ typedef struct
     char *context;              /* Context string from AuthExternalContext */
     int  groupsatonce;          /* Check all groups in one call? */
     int  providecache;          /* Provide auth data to mod_authn_socache? */
+    int  authncheck;            /* Check for previous authentication? */
 
 } authnz_external_dir_config_rec;
 
@@ -160,6 +161,7 @@ static void *create_authnz_external_dir_config(apr_pool_t *p, char *d)
     dir->context= NULL;                /* no default */
     dir->groupsatonce= 1;      /* default to on */
     dir->providecache= 0;      /* default to off */
+    dir->authncheck= 1;                /* default to on */
     return dir;
 }
 
@@ -358,6 +360,13 @@ static const command_rec authnz_external_cmds[] =
        (void *)APR_OFFSETOF(authnz_external_dir_config_rec, groupsatonce),
        OR_AUTHCFG,
        "Old version of 'GroupExternalManyAtOnce'" ),
+       
+       AP_INIT_FLAG("GroupExternalAuthNCheck",
+       ap_set_flag_slot,
+       (void *)APR_OFFSETOF(authnz_external_dir_config_rec, authncheck),
+       OR_AUTHCFG,
+       "Set to 'off' if group authenticator should skip checking whether "
+                       "user is validly authenticated"),
 
     { NULL }
 };
@@ -633,8 +642,13 @@ static authz_status externalgroup_check_authorization(request_rec *r,
     const char *t, *w;
     int code;
 
-    /* If no authenticated user, pass */
-    if ( !user ) return AUTHZ_DENIED_NO_USER;
+    if (dir->authncheck){
+        /* If no authenticated user, pass */
+        if ( !user ) return AUTHZ_DENIED_NO_USER;
+    }else{
+               /* Prevent crash due to missing user */
+               if ( !user ) r->user = "";
+       }
 
     /* If no external authenticator has been configured, pass */
     if ( !extname ) return AUTHZ_DENIED;
@@ -693,8 +707,13 @@ static authz_status externalfilegroup_check_authorization(request_rec *r,
     const char *t, *w;
     int code;
 
-    /* If no authenticated user, pass */
-    if ( !user ) return AUTHZ_DENIED_NO_USER;
+    if (dir->authncheck){
+        /* If no authenticated user, pass */
+        if ( !user ) return AUTHZ_DENIED_NO_USER;
+    }else{
+               /* Prevent crash due to missing user */
+               if ( !user ) r->user = "";
+       }
 
     /* If no external authenticator has been configured, pass */
     if ( !extname ) return AUTHZ_DENIED;