https://bz.apache.org/bugzilla/show_bug.cgi?id=63734
Bug ID: 63734
Summary: Support use-time parameters for AuthzProviderAlias
Product: Apache httpd-2
Version: 2.4.25
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_authz_core
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Looking at authz_alias_check_authorization in mod_authz_core.c, it appears that
all parameters for the alias must be present at define time, and parameters at
use time are silently ignored. I.e.,
<AuthzProviderAlias ldap-group mygroup>
(LDAP connect settings here)
</AuthzProviderAlias>
…
Require mygroup cn=foo,…
does not do what one might expect to happen. Furthermore, there is no
error/warning that mygroup does not take any parameters.
I would like to submit for consideration that it would be useful if the use
case sketched above worked. (In my case, it would simplify handling against
several dozen different LDAP groups without having to duplicate the credentials
all over the place.)
For example, authz_alias_check_authorization could use the passed-in call-time
parameters require_args and parsed_require_args it already receives anyway if
the define-time parameters prvdraliasrec->provider_args and
prvdraliasrec->provider_parsed_args are null.
Chances to break existing configs appear minimal: not passing parameters at
define time is currently only useful for things like valid-user that do not
take any parameters in the first place. Parameters passed to an alias at
call-time currently are simply ignored.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
