You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Pål Baltzersen <pa...@imap.ost.eltele.no> on 2001/12/10 15:20:53 UTC

REMOTE_GROUP patch

Apache sets the env REMOTE_USER which is nice, but in several CGI applications I
missed the ability to know which group the user authenticated as, without having
to parse the group-file. So I made this little patch that sets the env
REMOTE_GROUP to the group (first match) a user was authenticated with. I think
the performance penalty is microscopic.

-- 
Regards
Tele Danmark InterNordia
Pål Baltzersen
Seniorkonsulent, Cand. Scient.
********************************************************************
Addr:	Fredrik Selmers vei 2, P.O. Box 6299 Etterstad, NO-0603 Oslo
Phone:	+47 23 18 10 00		Direct:	+47 23 18 11 74
Fax:	+47 23 18 10 01		Mobile:	+47 93 08 11 74
Mail:	pb@teledanmark.no	pal.baltzersen@teledanmark.no
Web:	www.teledanmark.no
********************************************************************
ElTele Øst endrer profil til Tele Danmark InterNordia

RE: REMOTE_GROUP patch

Posted by Joshua Slive <jo...@slive.ca>.

> From: Rodent of Unusual Size [mailto:Ken.Coar@Golux.Com]

>
> Pål Baltzersen wrote:
> >
> > So I made this little patch that sets the env REMOTE_GROUP to
> > the group (first match) a user was authenticated with. I think
> > the performance penalty is microscopic.
>
> There are some problems with this patch:

> 2. It only touches some of the files involved; it should also
>    hit suexec.c and mod_setenvif.c at a minimum.

Although apparently REMOTE_USER is not working in mod_setenvif either, so
adding REMOTE_GROUP would probably be pointless.

Joshua.

Re: REMOTE_GROUP patch

Posted by Rodent of Unusual Size <Ke...@Golux.Com>.

Pål Baltzersen wrote:
> 
> So I made this little patch that sets the env REMOTE_GROUP to
> the group (first match) a user was authenticated with. I think
> the performance penalty is microscopic.

There are some problems with this patch:

1. It munges the middle of the conn_rec structure, breaking
   binary compatibility across the board.
2. It only touches some of the files involved; it should also
   hit suexec.c and mod_setenvif.c at a minimum.

[The sender is not subscribed to this list.]
-- 
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"All right everyone!  Step away from the glowing hamburger!"