I'm still interested in any ideas to try to set REMOTE_USER from a cookie value. AuthBasicFake sounds like it would work, but when I use it authz_dbd still complains: AH00027: No authentication done but request not allowed without authentication for /whatever/file.txt. Authentication not configured? Does that sound like a bug/deficiency in AuthBasicFake? Ie. it appears it didn't 'fake' authentication enough for an authorization module to think that it had been configured. mod_auth_env looks like it would work, but isn't packaged for debian so doesn't work well for my needs (creating a tutorial for users to follow after they've installed apache & modules from debian packages). This patch looks like just the ticket, but isn't included upstream so of course the same source/packaging issue as with mod_auth_env: https://github.com/jkbzh/apache2_mod_authz_dbd If I can't find any other way I might have to just use mod_auth_env (assuming it will work) and provide instructions for how to build and install the .deb file, but I'd sure rather use stock modules. Thanks! Jesse On Tue, 2018-09-25 at 14:54 -0600, Jesse Norell wrote: > Hello, > > I'm trying to use an authz_dbd query to authorize based on the > value > of a cookie (ie. if PHPSESSID cookie is set, a db query can test if > it > should be authorized). It seems the only parameter AUTHzDBDQuery > will > supply to the sql query is the username in place of %s; this could > work > if I could set what REMOTE_USER should be prior to the query running, > but I haven't found a way to do so. Eg. here the username for the > query is from the auth provider (anon), the SetEnv doesn't the query: > > <Directory "/whatever/"> > AuthName "Name" > AuthType Basic > AuthBasicProvider anon > > Anonymous_NoUserID on > Anonymous_MustGiveEmail off > Anonymous anonymous "*" > > SetEnvIf Cookie "PHPSESSID=([^ ]+)" REMOTE_USER=$1 > > Require dbd-group foo > > # this will work, for any username entered in the browser: > #AuthzDBDQuery "SELECT 'foo' FROM sys_session" > > # this does not work to obtain %s from PHPSESSID: > AuthzDBDQuery "SELECT 'foo' FROM sys_session WHERE session_id = %s" > > </Directory> > > I'm pretty sure I must convince apache to set a new REMOTE_USER (or > httpd_username?) internal variable, not an environment variable, but > I > don't see how. If I don't specify any AuthType, or set it to None, > the > AuthzDBDQuery never runs and the error.log says it requires > authentication but authentication is not set up. Any ideas are > appreciated - thanks! > > I'm running 2.4.25-3+deb9u5 from debian stretch. > > Thanks, > Jesse Norell > -- Jesse Norell Kentec Communications, Inc. 970-522-8107 - www.kci.net --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|