You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/06/24 23:22:55 UTC

DO NOT REPLY [Bug 21062] New: - [PATCH] Environment variable interpolation in "require" directives

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21062>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21062

[PATCH]  Environment variable interpolation in "require" directives

           Summary: [PATCH]  Environment variable interpolation in "require"
                    directives
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: Core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: andrew@cadre5.com


This is a patch to the Apache core.c which changes the handling of all require
directives in the server.  It allows the content of environment variables to be
interpolated into the require directive during the evaluation of each request. 
The intended purpose of this patch is to give greated flexibility for AAA when
combined with mod_rewrite.

This code touches only two functions within core.c:  require() and
ap_requires().  require() parses the require directives in the configuration
file and stores a parsed list for later reference.  ap_requires() is called when
an AAA module needs to get the require directives that apply to the current
request, and generates a require directive based on the current environment
variables.

An example usage:

----
RewriteRule     ^/users/(\w+)/.*    -    [env=username:$1]

<Location /users>
    # Various AAA stuff here (user file, etc)
    require user ${username}
</Location>
----

Depending on the request, the require directive would evaluate differently.
Request URI                  require directive
===========                  =================
/users/andrew/test.txt       require user andrew
/users/asdf/                 require user asdf
...

This is obviously even more useful when authenticating against an LDAP directory
with mod_auth_ldap (which is the reason I created this patch):

----
RewriteRule    /projects/(\w+)/.*    -    [env=project:$1]
<Location /projects>
    require group cn=${project},ou=Projects,...
</Location>
----

Which would check that users attempting to access, e.g.
/projects/topsecret/stuff.html were in the "cn=topsecret,ou=Projects,..." group
on the LDAP server.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org