www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

mod_ssl: Allow the SSLUserName to be used to control the username passed

Browse Source 
by the FakeBasicAuth option. PR52616.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1432322 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Graham Leggett
2013-01-11 22:53:50 +00:00
parent 880c7a6e2c
commit b5ecd6a038
3 changed files with 28 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
modules/ssl/ssl_engine_kernel.c
View File

@@ -957,7 +957,7 @@ int ssl_hook_UserCheck(request_rec *r)
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
char *clientdn;
char *user;
const char *auth_line, *username, *password;
/*
@@ -1023,7 +1023,19 @@ int ssl_hook_UserCheck(request_rec *r)
OPENSSL_free(cp);
}
clientdn = (char *)sslconn->client_dn;
/* use SSLUserName if defined, otherwise use the full client DN */
if (dc->szUserName) {
user = ssl_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (!user || !user[0]) {
ap_log_rerror(
APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02434) "Failed to set FakeBasicAuth username to '%s', did not exist in certificate", dc->szUserName);
return DECLINED;
}
}
else {
user = (char *)sslconn->client_dn;
}
/*
* Fake a password - which one would be immaterial, as, it seems, an empty
@@ -1038,7 +1050,7 @@ int ssl_hook_UserCheck(request_rec *r)
*/
auth_line = apr_pstrcat(r->pool, "Basic ",
ap_pbase64encode(r->pool,
apr_pstrcat(r->pool, clientdn,
apr_pstrcat(r->pool, user,
":password", NULL)),
NULL);
apr_table_setn(r->headers_in, "Authorization", auth_line);