Add "SSLUserName" directive to set r->user based on a chosen SSL

environment variable name.

* modules/ssl/ssl_private.h (struct SSLDirConfigRec): Add
szUserName field.

* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
 the value of the chosen SSL environment variable.

* modules/ssl/mod_ssl.c: Add SSLUserName config directive.

PR: 20957
Submitted by: Martin v. Loewis <martin v.loewis.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103834 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -2,10 +2,14 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_ssl: Add "SSLUserName" directive to set r->user based on a
+     chosen SSL environment variable.  PR 20957. 
+     [Martin v. Loewis <martin v.loewis.de>]
+
   *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
      OpenSSL 0.9.7 flag which uses the server's cipher order rather
-     than the client's.  
+     than the client's.  PR 28665.
-     PR 28665.  [Jim Schneider <jschneid netilla.com>]
+     [Jim Schneider <jschneid netilla.com>]
 
   *) mod_ssl: Drop support for the CompatEnvVars argument to
      SSLOptions, which was never actually implemented in 2.0.

modules/ssl/mod_ssl.c

@@ -136,6 +136,8 @@ static const command_rec ssl_config_cmds[] = {
                 "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
     SSL_CMD_SRV(HonorCipherOrder, FLAG,
                 "Use the server's cipher ordering preference")
+    SSL_CMD_ALL(UserName, TAKE1,
+		"Set user name to SSL variable value")
 
     /* 
      * Proxy configuration for remote SSL connections

modules/ssl/ssl_engine_config.c

@@ -288,6 +288,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir)
 
     dc->szCACertificatePath    = NULL;
     dc->szCACertificateFile    = NULL;
+    dc->szUserName             = NULL;
 
     return dc;
 }
@@ -324,6 +325,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv)
 
     cfgMergeString(szCACertificatePath);
     cfgMergeString(szCACertificateFile);
+    cfgMergeString(szUserName);
 
     return mrg;
 }
@@ -1372,3 +1374,10 @@ const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *cmd,
 }
 
 
+const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, 
+				const char *arg)
+{
+    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
+    dc->szUserName = arg;
+    return NULL;
+}

modules/ssl/ssl_engine_kernel.c

@@ -1024,6 +1024,17 @@ int ssl_hook_Fixup(request_rec *r)
         return DECLINED;
     }
 
+    /*
+     * Set r->user if requested
+     */
+    if (dc->szUserName) {
+        val = ssl_var_lookup(r->pool, r->server, r->connection, 
+                             r, (char *)dc->szUserName);
+        if (val && val[0]) {
+            r->user = val;
+        }
+    }
+
     /*
      * Annotate the SSI/CGI environment with standard SSL information
      */

modules/ssl/ssl_private.h

@@ -455,6 +455,7 @@ typedef struct {
     int           nVerifyDepth;
     const char   *szCACertificatePath;
     const char   *szCACertificateFile;
+    const char   *szUserName;
 } SSLDirConfigRec;
 
 /*
@@ -497,8 +498,9 @@ const char  *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
 const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
 
-const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
+const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);