httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1521909 - in /httpd/httpd/trunk: docs/manual/mod/mod_authnz_fcgi.xml modules/aaa/mod_authnz_fcgi.c
Date Wed, 11 Sep 2013 15:37:34 GMT
Author: trawick
Date: Wed Sep 11 15:37:34 2013
New Revision: 1521909

URL: http://svn.apache.org/r1521909
Log:
Add "default user id" capability for authorizers that handle
check_authn and return success but don't have a specific user
id to assign (e.g., guest users).


Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml
    httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c

Modified: httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml?rev=1521909&r1=1521908&r2=1521909&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_authnz_fcgi.xml Wed Sep 11 15:37:34 2013
@@ -487,6 +487,14 @@ authentication hook.</description>
          to run when this module has a FastCGI authorizer configured
          and it fails the request.</dd>
 
+         <dt>DefaultUser <em>userid</em></dt>
+         <dd>When the authorizer returns success and <code>UserExpr</code>
+         is configured and evaluates to an empty string (e.g., authorizer
+         didn't return a variable), this value will be used as the user
+         id.  This is typically used when the authorizer has a concept of
+         guest, or unauthenticated, users and guest users are mapped to
+         some specific user id for logging and other purposes.</dd>
+
          <dt>RequireBasicAuth On|Off (default Off)</dt>
          <dd>This controls whether or not Basic auth is required
          before passing the request to the authorizer.  If required,

Modified: httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c?rev=1521909&r1=1521908&r2=1521909&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authnz_fcgi.c Wed Sep 11 15:37:34 2013
@@ -44,7 +44,11 @@ typedef struct {
 
 typedef struct {
     const char *name; /* provider name */
-    ap_expr_info_t *user_expr; /* expr to evaluate t set r->user */
+    const char *default_user; /* this is user if authorizer returns
+                               * success and a user expression yields
+                               * empty string
+                               */
+    ap_expr_info_t *user_expr; /* expr to evaluate to set r->user */
     char authoritative; /* fail request if user is rejected? */
     char require_basic_auth; /* fail if client didn't send credentials? */
 } fcgi_dir_conf;
@@ -859,6 +863,9 @@ static int fcgi_check_authn(request_rec 
                               APLOGNO(02519) "%s: Setting user to '%s'",
                               fn, r->user);
             }
+            else if (user && dconf->default_user) {
+                r->user = apr_pstrdup(r->pool, dconf->default_user);
+            }
             else if (user) {
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                               APLOGNO(02520) "%s: Failure extracting user "
@@ -868,6 +875,7 @@ static int fcgi_check_authn(request_rec 
                 r->status = HTTP_INTERNAL_SERVER_ERROR;
             }
             else {
+                /* unexpected error, not even an empty string was returned */
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                               APLOGNO(02521) "%s: Failure extracting user "
                               "after calling authorizer: %s",
@@ -1108,6 +1116,9 @@ static const char *fcgi_check_authn_prov
                 badarg = 1;
             }
         }
+        else if (!strcasecmp(var, "DefaultUser")) {
+            dc->default_user = val;
+        }
         else if (!strcasecmp(var, "RequireBasicAuth")) {
             if (!strcasecmp(val, "On")) {
                 dc->require_basic_auth = 1;



Mime
View raw message