You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/06/24 23:22:55 UTC
DO NOT REPLY [Bug 21062] New: -
[PATCH] Environment variable interpolation in "require" directives
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21062>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21062
[PATCH] Environment variable interpolation in "require" directives
Summary: [PATCH] Environment variable interpolation in "require"
directives
Product: Apache httpd-2.0
Version: 2.0.46
Platform: All
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Other
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: andrew@cadre5.com
This is a patch to the Apache core.c which changes the handling of all require
directives in the server. It allows the content of environment variables to be
interpolated into the require directive during the evaluation of each request.
The intended purpose of this patch is to give greated flexibility for AAA when
combined with mod_rewrite.
This code touches only two functions within core.c: require() and
ap_requires(). require() parses the require directives in the configuration
file and stores a parsed list for later reference. ap_requires() is called when
an AAA module needs to get the require directives that apply to the current
request, and generates a require directive based on the current environment
variables.
An example usage:
----
RewriteRule ^/users/(\w+)/.* - [env=username:$1]
<Location /users>
# Various AAA stuff here (user file, etc)
require user ${username}
</Location>
----
Depending on the request, the require directive would evaluate differently.
Request URI require directive
=========== =================
/users/andrew/test.txt require user andrew
/users/asdf/ require user asdf
...
This is obviously even more useful when authenticating against an LDAP directory
with mod_auth_ldap (which is the reason I created this patch):
----
RewriteRule /projects/(\w+)/.* - [env=project:$1]
<Location /projects>
require group cn=${project},ou=Projects,...
</Location>
----
Which would check that users attempting to access, e.g.
/projects/topsecret/stuff.html were in the "cn=topsecret,ou=Projects,..." group
on the LDAP server.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org