Add "SSLUserName" directive to set r->user based on a chosen SSL

environment variable name.

* modules/ssl/ssl_private.h (struct SSLDirConfigRec): Add
szUserName field.

* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
 the value of the chosen SSL environment variable.

* modules/ssl/mod_ssl.c: Add SSLUserName config directive.

PR: 20957
Submitted by: Martin v. Loewis <martin v.loewis.de>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103834 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 454227bdb1fa5e47b07192a7b0efae216e630095..2c2c1e84f28336ef274e269fc46f17203735bb81 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,10 +2,14 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
+     chosen SSL environment variable.  PR 20957. 
+     [Martin v. Loewis <martin v.loewis.de>]
+
   *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
      OpenSSL 0.9.7 flag which uses the server's cipher order rather
-     than the client's.  
-     PR 28665.  [Jim Schneider <jschneid netilla.com>]
+     than the client's.  PR 28665.
+     [Jim Schneider <jschneid netilla.com>]
 
   *) mod_ssl: Drop support for the CompatEnvVars argument to
      SSLOptions, which was never actually implemented in 2.0.

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 748f3b286cb16c5e1f03f7c3da4579396adb1730..0d93fea0edce5d25fa89f900a7e7ed165bb8cde0 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -136,6 +136,8 @@ static const command_rec ssl_config_cmds[] = {
                 "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
     SSL_CMD_SRV(HonorCipherOrder, FLAG,
                 "Use the server's cipher ordering preference")
+    SSL_CMD_ALL(UserName, TAKE1,
+               "Set user name to SSL variable value")
 
     /* 
      * Proxy configuration for remote SSL connections

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 5fe54a8406ac52ec4928eebed11bd914402e9dd1..d43810929ab369ca558ffab4f195e4dd8334284e 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -288,6 +288,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir)
 
     dc->szCACertificatePath    = NULL;
     dc->szCACertificateFile    = NULL;
+    dc->szUserName             = NULL;
 
     return dc;
 }
@@ -324,6 +325,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
 
     cfgMergeString(szCACertificatePath);
     cfgMergeString(szCACertificateFile);
+    cfgMergeString(szUserName);
 
     return mrg;
 }
@@ -1372,3 +1374,10 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *cmd,
 }
 
 
+const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, 
+                               const char *arg)
+{
+    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
+    dc->szUserName = arg;
+    return NULL;
+}

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 538612cb258b1b5000b3ef4cc11992f9557ab3ad..ccd84deed7fbcb89c470115daf3e171d646d72d6 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1024,6 +1024,17 @@ int ssl_hook_Fixup(request_rec *r)
         return DECLINED;
     }
 
+    /*
+     * Set r->user if requested
+     */
+    if (dc->szUserName) {
+        val = ssl_var_lookup(r->pool, r->server, r->connection, 
+                             r, (char *)dc->szUserName);
+        if (val && val[0]) {
+            r->user = val;
+        }
+    }
+
     /*
      * Annotate the SSI/CGI environment with standard SSL information
      */

diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 8b79b7e7e0b35893b9eb6563e33676d7a801a6b9..e044f3a80fa5768c2a1db1aff15bbd3e0796ffa6 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -455,6 +455,7 @@ typedef struct {
     int           nVerifyDepth;
     const char   *szCACertificatePath;
     const char   *szCACertificateFile;
+    const char   *szUserName;
 } SSLDirConfigRec;
 
 /*
@@ -497,8 +498,9 @@ const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
 const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
 
-const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
+const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);