Hi! Because i have a similar problem (i want to run a webmail client by the user who logged in) i wrote a patch for suphp-0.6.1, but it should also be usable for 0.6.2.
If suphp was compiled with force-mode, and the username-definition of "suPHP_UserGroup" is ".htaccess", and the environment-variable "AUTH_TYPE" is set to "Basic" (to prevent the usage of another username if it was not required to log in; case sensitive, in this early version), then the targetUsername is extracted from SUPHP_AUTH_USER-environment-var. Please note that this patch is just a proof-of-concept. It might open security issues. Furthermore there should be an own apache directive, so that this feature is not restricted to "force"-mode. I could think about a fallback-method which uses "owner"-mode if AUTH_TYPE is empty. Greets from Osnabrück (Germany) Roland
--- suphp-0.6.1-orig/src/Application.cpp 2005-11-26 20:45:49.000000000 +0100
+++ suphp-0.6.1/src/Application.cpp 2007-07-28 17:57:31.000000000 +0200
@@ -304,6 +304,14 @@
try {
targetUsername = environment.getVar("SUPHP_USER");
targetGroupname = environment.getVar("SUPHP_GROUP");
+ if (environment.getVar("SUPHP_USER") == ".htaccess") {
+ if (environment.getVar("AUTH_TYPE") != "Basic") {
+ std::string error = ".htaccess change model set but AUTH_TYPE not set to basic";
+ logger.logWarning(error);
+ throw SoftException(error, __FILE__, __LINE__);
+ }
+ targetUsername = environment.getVar("SUPHP_AUTH_USER");
+ }
} catch (KeyNotFoundException& e) {
throw SecurityException(
"Environment variable SUPHP_USER or SUPHP_GROUP not set",
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp
