www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Move the

Browse Source 
SSLUsername-controlled assignment of r->user above the SSLRequire
checks so that the "username" gets logged if SSLRequire denies access.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153280 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Joe Orton
2005-02-10 18:28:43 +00:00
parent 426571f773
commit c2f37c7a4d
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
modules/ssl/ssl_engine_kernel.c
View File

@@ -751,6 +751,20 @@ int ssl_hook_Access(request_rec *r)
} }
} }
/* If we're trying to have the user name set from a client
* certificate then we need to set it here. This should be safe as
* the user name probably isn't important from an auth checking point
* of view as the certificate supplied acts in that capacity.
* However, if FakeAuth is being used then this isn't the case so
* we need to postpone setting the username until later.
*/
if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
char *val = ssl_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (val && val[0])
r->user = val;
}
/* /*
* Check SSLRequire boolean expressions * Check SSLRequire boolean expressions
*/ */
@@ -799,20 +813,6 @@ int ssl_hook_Access(request_rec *r)
} }
} }
/* If we're trying to have the user name set from a client
* certificate then we need to set it here. This should be safe as
* the user name probably isn't important from an auth checking point
* of view as the certificate supplied acts in that capacity.
* However, if FakeAuth is being used then this isn't the case so
* we need to postpone setting the username until later.
*/
if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
char *val = ssl_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (val && val[0])
r->user = val;
}
/* /*
* Else access is granted from our point of view (except vendor * Else access is granted from our point of view (except vendor
* handlers override). But we have to return DECLINED here instead * handlers override). But we have to return DECLINED here instead