Index: httpd-trunk/modules/aaa/mod_auth_basic.c =================================================================== --- httpd-trunk/modules/aaa/mod_auth_basic.c (revision 686760) +++ httpd-trunk/modules/aaa/mod_auth_basic.c (working copy) @@ -36,6 +36,7 @@ authn_provider_list *providers; char *dir; int authoritative; + int user_from_ssl; } auth_basic_config_rec; static void *create_auth_basic_dir_config(apr_pool_t *p, char *d) @@ -103,6 +104,11 @@ OR_AUTHCFG, "Set to 'Off' to allow access control to be passed along to " "lower modules if the UserID is not known to this module"), + AP_INIT_FLAG("AuthBasicUserFromSSL", ap_set_flag_slot, + (void *)APR_OFFSETOF(auth_basic_config_rec, user_from_ssl), + OR_AUTHCFG, + "Set to 'On' to skip authentication when using client " + "certificates"), {NULL} }; @@ -198,53 +204,64 @@ r->ap_auth_type = (char*)current_auth; - res = get_basic_auth(r, &sent_user, &sent_pw); - if (res) { - return res; + /* Was SSL used to authenticate the user? */ + if (conf->user_from_ssl && r->user) + { + ap_log_rerror(APLOG_MARK, APLOG_INFO, + 0, r, "got user from certficate: %s", r->user); + auth_result = AUTH_GRANTED; } + else + { - current_provider = conf->providers; - do { - const authn_provider *provider; + res = get_basic_auth(r, &sent_user, &sent_pw); + if (res) { + return res; + } - /* For now, if a provider isn't set, we'll be nice and use the file - * provider. - */ - if (!current_provider) { - provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP, - AUTHN_DEFAULT_PROVIDER, - AUTHN_PROVIDER_VERSION); + current_provider = conf->providers; + do { + const authn_provider *provider; - if (!provider || !provider->check_password) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "No Authn provider configured"); - auth_result = AUTH_GENERAL_ERROR; - break; + /* For now, if a provider isn't set, we'll be nice and use the file + * provider. + */ + if (!current_provider) { + provider = ap_lookup_provider(AUTHN_PROVIDER_GROUP, + AUTHN_DEFAULT_PROVIDER, + AUTHN_PROVIDER_VERSION); + + if (!provider || !provider->check_password) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "No Authn provider configured"); + auth_result = AUTH_GENERAL_ERROR; + break; + } + apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, AUTHN_DEFAULT_PROVIDER); } - apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, AUTHN_DEFAULT_PROVIDER); - } - else { - provider = current_provider->provider; - apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, current_provider->provider_name); - } + else { + provider = current_provider->provider; + apr_table_setn(r->notes, AUTHN_PROVIDER_NAME_NOTE, current_provider->provider_name); + } - auth_result = provider->check_password(r, sent_user, sent_pw); + auth_result = provider->check_password(r, sent_user, sent_pw); - apr_table_unset(r->notes, AUTHN_PROVIDER_NAME_NOTE); + apr_table_unset(r->notes, AUTHN_PROVIDER_NAME_NOTE); - /* Something occured. Stop checking. */ - if (auth_result != AUTH_USER_NOT_FOUND) { - break; - } + /* Something occured. Stop checking. */ + if (auth_result != AUTH_USER_NOT_FOUND) { + break; + } - /* If we're not really configured for providers, stop now. */ - if (!conf->providers) { - break; - } + /* If we're not really configured for providers, stop now. */ + if (!conf->providers) { + break; + } - current_provider = current_provider->next; - } while (current_provider); + current_provider = current_provider->next; + } while (current_provider); + } if (auth_result != AUTH_GRANTED) { int return_code;