From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Apr 22 18:00:25 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 60EBC1065670 for ; Sun, 22 Apr 2012 18:00:25 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 38D248FC18 for ; Sun, 22 Apr 2012 18:00:25 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q3MI0PJH048977 for ; Sun, 22 Apr 2012 18:00:25 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q3MI0PRg048976; Sun, 22 Apr 2012 18:00:25 GMT (envelope-from gnats) Resent-Date: Sun, 22 Apr 2012 18:00:25 GMT Resent-Message-Id: <201204221800.q3MI0PRg048976@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ryan Steinmetz Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1A6CF106566C for ; Sun, 22 Apr 2012 18:00:18 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id EF2108FC15 for ; Sun, 22 Apr 2012 18:00:17 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q3MI0HOt028697 for ; Sun, 22 Apr 2012 18:00:17 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id q3MI0FKX028696; Sun, 22 Apr 2012 18:00:15 GMT (envelope-from nobody) Message-Id: <201204221800.q3MI0FKX028696@red.freebsd.org> Date: Sun, 22 Apr 2012 18:00:15 GMT From: Ryan Steinmetz To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/167209: [patch] www/lighttpd to allow use of remote-user in conditionals X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Apr 2012 18:00:25 -0000 >Number: 167209 >Category: ports >Synopsis: [patch] www/lighttpd to allow use of remote-user in conditionals >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Apr 22 18:00:24 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Ryan Steinmetz >Release: 8.3-RELEASE >Organization: Rochester Institute of Technology >Environment: >Description: This patch adds the ability to use syntax like the following: $HTTP["url"] =~ "^/url" { $HTTP["remoteuser"] !~ "myuser" { url.access-deny = ( "" ) } } This makes it possible to authorize specific client certificates whenever they are used. Sample syntax could look like the following: ssl.verifyclient.exportcert = "enable" ssl.verifyclient.activate = "enable" ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN" ssl.verifyclient.enforce = "disable" ssl.verifyclient.depth = 3 ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN" ssl.verifyclient.exportcert = "enable" $HTTP["url"] =~ "^/url" { $HTTP["remoteuser"] !~ "mycertCN" { url.access-deny = ( "" ) } } This patch has been submitted upstream in Feature request #2415, however, the last release of lighttpd was over 1 year ago. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/www/lighttpd/Makefile,v retrieving revision 1.107 diff -u -r1.107 Makefile --- Makefile 19 Mar 2012 09:18:13 -0000 1.107 +++ Makefile 22 Apr 2012 17:53:40 -0000 @@ -59,7 +59,8 @@ OPENSSL "Enable SSL support" on \ SPAWNFCGI "Depend on spawn-fcgi utility" off \ VALGRIND "Enable valgrind support" off \ - WEBDAV "Enable WebDAV support" off + WEBDAV "Enable WebDAV support" off \ + REMOTEUSER "Enable remote-user in conditionals" off .if !defined(NOPORTDOCS) DOCS= AUTHORS COPYING INSTALL NEWS README @@ -186,6 +187,10 @@ CONFIGURE_ARGS+= --with-webdav-props --with-webdav-locks .endif +.if defined(WITH_REMOTEUSER) +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-remoteuser +.endif + SUB_LIST+= REQUIRE="${_REQUIRE}" post-patch: Index: files/extra-patch-remoteuser =================================================================== RCS file: files/extra-patch-remoteuser diff -N files/extra-patch-remoteuser --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/extra-patch-remoteuser 22 Apr 2012 17:50:20 -0000 @@ -0,0 +1,64 @@ +diff -urN src/array.h src/array.h +--- src/array.h 2010-02-01 18:28:20.000000000 -0500 ++++ src/array.h 2012-04-22 13:25:16.000000000 -0400 +@@ -96,6 +96,7 @@ + COMP_HTTP_QUERY_STRING, + COMP_HTTP_SCHEME, + COMP_HTTP_REQUEST_METHOD, ++ COMP_HTTP_REMOTE_USER, + + COMP_LAST_ELEMENT + } comp_key_t; +diff -urN src/configfile-glue.c src/configfile-glue.c +--- src/configfile-glue.c 2010-08-17 05:04:38.000000000 -0400 ++++ src/configfile-glue.c 2012-04-22 13:25:16.000000000 -0400 +@@ -455,6 +455,14 @@ + } + break; + } ++ case COMP_HTTP_REMOTE_USER: { ++ if (NULL != con->authed_user) { ++ l = con->authed_user; ++ } else { ++ l = srv->empty_string; ++ } ++ break; ++ } + default: + return COND_RESULT_FALSE; + } +diff -urN src/configparser.c src/configparser.c +--- src/configparser.c 2011-12-18 09:54:21.000000000 -0500 ++++ src/configparser.c 2012-04-22 13:25:16.000000000 -0400 +@@ -1221,6 +1221,8 @@ + { COMP_HTTP_QUERY_STRING, CONST_STR_LEN("HTTP[\"query-string\"]") }, + { COMP_HTTP_REQUEST_METHOD, CONST_STR_LEN("HTTP[\"request-method\"]") }, + { COMP_HTTP_SCHEME, CONST_STR_LEN("HTTP[\"scheme\"]" ) }, ++ { COMP_HTTP_REMOTE_USER, CONST_STR_LEN("HTTP[\"remoteuser\"]" ) }, ++ { COMP_HTTP_REMOTE_USER, CONST_STR_LEN("HTTP[\"remote-user\"]" ) }, + { COMP_UNSET, NULL, 0 }, + }; + size_t i; +diff -urN src/configparser.y src/configparser.y +--- src/configparser.y 2010-02-01 18:28:20.000000000 -0500 ++++ src/configparser.y 2012-04-22 13:25:16.000000000 -0400 +@@ -435,6 +435,8 @@ + { COMP_HTTP_QUERY_STRING, CONST_STR_LEN("HTTP[\"query-string\"]") }, + { COMP_HTTP_REQUEST_METHOD, CONST_STR_LEN("HTTP[\"request-method\"]") }, + { COMP_HTTP_SCHEME, CONST_STR_LEN("HTTP[\"scheme\"]" ) }, ++ { COMP_HTTP_REMOTE_USER, CONST_STR_LEN("HTTP[\"remoteuser\"]" ) }, ++ { COMP_HTTP_REMOTE_USER, CONST_STR_LEN("HTTP[\"remote-user\"]" ) }, + { COMP_UNSET, NULL, 0 }, + }; + size_t i; +diff -urN src/response.c src/response.c +--- src/response.c 2010-08-17 05:04:38.000000000 -0400 ++++ src/response.c 2012-04-22 13:25:30.000000000 -0400 +@@ -280,6 +280,7 @@ + config_patch_connection(srv, con, COMP_HTTP_LANGUAGE); /* Accept-Language: */ + config_patch_connection(srv, con, COMP_HTTP_COOKIE); /* Cookie: */ + config_patch_connection(srv, con, COMP_HTTP_REQUEST_METHOD); /* REQUEST_METHOD */ ++ config_patch_connection(srv, con, COMP_HTTP_REMOTE_USER); /* REMOTE_USER */ + + /** their might be a fragment which has to be cut away */ + if (NULL != (qstr = strchr(con->request.uri->ptr, '#'))) { >Release-Note: >Audit-Trail: >Unformatted: