From nobody@FreeBSD.org  Sun Apr 22 18:00:18 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1A6CF106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 22 Apr 2012 18:00:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id EF2108FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 22 Apr 2012 18:00:17 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q3MI0HOt028697
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 22 Apr 2012 18:00:17 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q3MI0FKX028696;
	Sun, 22 Apr 2012 18:00:15 GMT
	(envelope-from nobody)
Message-Id: <201204221800.q3MI0FKX028696@red.freebsd.org>
Date: Sun, 22 Apr 2012 18:00:15 GMT
From: Ryan Steinmetz <rpsfa@rit.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] www/lighttpd to allow use of remote-user in conditionals
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         167209
>Category:       ports
>Synopsis:       [patch] www/lighttpd to allow use of remote-user in conditionals
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    mm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr 22 18:00:24 UTC 2012
>Closed-Date:    Tue Sep 04 06:41:02 UTC 2012
>Last-Modified:  Tue Sep 04 06:41:02 UTC 2012
>Originator:     Ryan Steinmetz
>Release:        8.3-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
>Description:
This patch adds the ability to use syntax like the following:
$HTTP["url"] =~ "^/url" {
  $HTTP["remoteuser"] !~ "myuser" {
    url.access-deny = ( "" )
  }
}

This makes it possible to authorize specific client certificates whenever they are used.  Sample syntax could look like the following:

ssl.verifyclient.exportcert = "enable"
ssl.verifyclient.activate   = "enable"
ssl.verifyclient.username   = "SSL_CLIENT_S_DN_CN"
ssl.verifyclient.enforce    = "disable"
ssl.verifyclient.depth      = 3
ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
ssl.verifyclient.exportcert = "enable"
$HTTP["url"] =~ "^/url" {
  $HTTP["remoteuser"] !~ "mycertCN" {
    url.access-deny = ( "" )
  }
}

This patch has been submitted upstream in Feature request #2415, however, the last release of lighttpd was over 1 year ago.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/lighttpd/Makefile,v
retrieving revision 1.107
diff -u -r1.107 Makefile
--- Makefile	19 Mar 2012 09:18:13 -0000	1.107
+++ Makefile	22 Apr 2012 17:53:40 -0000
@@ -59,7 +59,8 @@
 		OPENSSL		"Enable SSL support" on \
 		SPAWNFCGI	"Depend on spawn-fcgi utility" off \
 		VALGRIND	"Enable valgrind support" off \
-		WEBDAV		"Enable WebDAV support"	off
+		WEBDAV		"Enable WebDAV support"	off \
+		REMOTEUSER	"Enable remote-user in conditionals" off
 
 .if !defined(NOPORTDOCS)
 DOCS=		AUTHORS COPYING INSTALL NEWS README
@@ -186,6 +187,10 @@
 CONFIGURE_ARGS+=	--with-webdav-props --with-webdav-locks
 .endif
 
+.if defined(WITH_REMOTEUSER)
+EXTRA_PATCHES+=		${FILESDIR}/extra-patch-remoteuser
+.endif
+
 SUB_LIST+=		REQUIRE="${_REQUIRE}"
 
 post-patch:
Index: files/extra-patch-remoteuser
===================================================================
RCS file: files/extra-patch-remoteuser
diff -N files/extra-patch-remoteuser
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/extra-patch-remoteuser	22 Apr 2012 17:50:20 -0000
@@ -0,0 +1,64 @@
+diff -urN src/array.h src/array.h
+--- src/array.h	2010-02-01 18:28:20.000000000 -0500
++++ src/array.h	2012-04-22 13:25:16.000000000 -0400
+@@ -96,6 +96,7 @@
+ 	COMP_HTTP_QUERY_STRING,
+ 	COMP_HTTP_SCHEME,
+ 	COMP_HTTP_REQUEST_METHOD,
++	COMP_HTTP_REMOTE_USER,
+ 
+ 	COMP_LAST_ELEMENT
+ } comp_key_t;
+diff -urN src/configfile-glue.c src/configfile-glue.c
+--- src/configfile-glue.c	2010-08-17 05:04:38.000000000 -0400
++++ src/configfile-glue.c	2012-04-22 13:25:16.000000000 -0400
+@@ -455,6 +455,14 @@
+ 		}
+ 		break;
+ 	}
++	case COMP_HTTP_REMOTE_USER: {
++		if (NULL != con->authed_user) {
++			l = con->authed_user;
++		} else {
++			l = srv->empty_string;
++		}
++		break;
++	}
+ 	default:
+ 		return COND_RESULT_FALSE;
+ 	}
+diff -urN src/configparser.c src/configparser.c
+--- src/configparser.c	2011-12-18 09:54:21.000000000 -0500
++++ src/configparser.c	2012-04-22 13:25:16.000000000 -0400
+@@ -1221,6 +1221,8 @@
+       { COMP_HTTP_QUERY_STRING,  CONST_STR_LEN("HTTP[\"query-string\"]") },
+       { COMP_HTTP_REQUEST_METHOD, CONST_STR_LEN("HTTP[\"request-method\"]") },
+       { COMP_HTTP_SCHEME,        CONST_STR_LEN("HTTP[\"scheme\"]"     ) },
++      { COMP_HTTP_REMOTE_USER,   CONST_STR_LEN("HTTP[\"remoteuser\"]" ) },
++      { COMP_HTTP_REMOTE_USER,   CONST_STR_LEN("HTTP[\"remote-user\"]" ) },
+       { COMP_UNSET, NULL, 0 },
+     };
+     size_t i;
+diff -urN src/configparser.y src/configparser.y
+--- src/configparser.y	2010-02-01 18:28:20.000000000 -0500
++++ src/configparser.y	2012-04-22 13:25:16.000000000 -0400
+@@ -435,6 +435,8 @@
+       { COMP_HTTP_QUERY_STRING,  CONST_STR_LEN("HTTP[\"query-string\"]") },
+       { COMP_HTTP_REQUEST_METHOD, CONST_STR_LEN("HTTP[\"request-method\"]") },
+       { COMP_HTTP_SCHEME,        CONST_STR_LEN("HTTP[\"scheme\"]"     ) },
++      { COMP_HTTP_REMOTE_USER,   CONST_STR_LEN("HTTP[\"remoteuser\"]" ) },
++      { COMP_HTTP_REMOTE_USER,   CONST_STR_LEN("HTTP[\"remote-user\"]" ) },
+       { COMP_UNSET, NULL, 0 },
+     };
+     size_t i;
+diff -urN src/response.c src/response.c
+--- src/response.c	2010-08-17 05:04:38.000000000 -0400
++++ src/response.c	2012-04-22 13:25:30.000000000 -0400
+@@ -280,6 +280,7 @@
+ 		config_patch_connection(srv, con, COMP_HTTP_LANGUAGE);  /* Accept-Language:  */
+ 		config_patch_connection(srv, con, COMP_HTTP_COOKIE);    /* Cookie:  */
+ 		config_patch_connection(srv, con, COMP_HTTP_REQUEST_METHOD); /* REQUEST_METHOD */
++		config_patch_connection(srv, con, COMP_HTTP_REMOTE_USER); /* REMOTE_USER */
+ 
+ 		/** their might be a fragment which has to be cut away */
+ 		if (NULL != (qstr = strchr(con->request.uri->ptr, '#'))) {


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->mm 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sun Apr 22 18:01:08 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=167209 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/167209: commit references a PR
Date: Sat, 16 Jun 2012 22:28:57 +0000 (UTC)

 mm          2012-06-16 22:28:41 UTC
 
   FreeBSD ports repository
 
   Modified files:
     www/lighttpd         Makefile 
   Added files:
     www/lighttpd/files   extra-patch-remoteuser 
   Log:
   Add 3rd party remoteuser patch (optional)
   http://redmine.lighttpd.net/issues/2415
   
   PR:             ports/167209
   Submitted by:   Ryan Steinmetz <rpsfa@rit.edu>
   
   Revision  Changes    Path
   1.112     +7 -1      ports/www/lighttpd/Makefile
   1.1       +64 -0     ports/www/lighttpd/files/extra-patch-remoteuser (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: mm 
State-Changed-When: Tue Sep 4 06:40:59 UTC 2012 
State-Changed-Why:  
Resolved. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=167209 
>Unformatted:
