httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31384] New: - Adding modssl variables to the environment
Date Thu, 23 Sep 2004 09:55:22 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31384>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31384

Adding modssl variables to the environment

           Summary: Adding modssl variables to the environment
           Product: Apache httpd-2.0
           Version: 2.0-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: mod_headers
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mstern@csc.com


The environment variables created by modssl are not passed back to a forward
request. This prevent to retrieve the user's certificate when Apache is used as
reverse proxy. This is a major issue for user's authentication.

Patch:

diff -aur httpd-2.0.49/modules/metadata/mod_headers.c
httpd-ocsp/modules/metadata/mod_headers.c
--- httpd-2.0.49/modules/metadata/mod_headers.c	2004-02-09 21:53:19.000000000 +0100
+++ httpd-ocsp/modules/metadata/mod_headers.c	2004-08-13 12:10:45.000000000 +0200
@@ -70,6 +70,7 @@
 #include "apr_hash.h"
 #define APR_WANT_STRFUNC
 #include "apr_want.h"
+#include "apr_optional.h"
 
 #include "httpd.h"
 #include "http_config.h"
@@ -128,6 +129,14 @@
     apr_array_header_t *fixup_out;
 } headers_conf;
 
+/* Pointer to ssl_var_lookup, if available. */
+APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
+                        (apr_pool_t *, server_rec *,
+                         conn_rec *, request_rec *,
+                         char *));
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *header_ssl_lookup = NULL;
+
+
 module AP_MODULE_DECLARE_DATA headers_module;
 
 /*
@@ -146,9 +155,27 @@
 {
     return apr_psprintf(r->pool, "t=%" APR_TIME_T_FMT, r->request_time);
 }
+/* to also get the variables from mod_ssl */
+static const char *header_request_ssl_var(request_rec *r, char *name)
+{
+    const char *val;
+
+    ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, "Getting env. var.
'%s' from mod_sll", name );
+
+    if ( !header_ssl_lookup) return NULL;
+
+    val = header_ssl_lookup(r->pool, r->server, r->connection, r, name);
+    if ( !val || !val[0] ) return NULL;
+    
+    ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, "Getting env. var.
from mod_sll: '%s'='%s'", name, val );
+
+    return val;
+}
 static const char *header_request_env_var(request_rec *r, char *a)
 {
     const char *s = apr_table_get(r->subprocess_env,a);
+    /* to also get the variables from mod_ssl */
+    if ( !s ) s = header_request_ssl_var(r, a);
 
     if (s)
         return s;
@@ -573,9 +600,18 @@
     return OK;
 }
 
+/* to also get the variables from mod_ssl */
+static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog,
+                              apr_pool_t *ptemp, server_rec *s)
+{
+    header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+    return OK;
+}
+
 static void register_hooks(apr_pool_t *p)
 {
     ap_hook_pre_config(header_pre_config,NULL,NULL,APR_HOOK_MIDDLE);
+    ap_hook_post_config(header_post_config,NULL,NULL,APR_HOOK_MIDDLE); /* to
also get the variables from mod_ssl */
     ap_hook_insert_filter(ap_headers_insert_output_filter, NULL, NULL,
APR_HOOK_LAST);
     ap_hook_fixups(ap_headers_fixup, NULL, NULL, APR_HOOK_LAST);
     ap_register_output_filter("FIXUP_HEADERS_OUT", ap_headers_output_filter,

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message