httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <oh...@cox.net>
Subject Re: Confused about modules processing order...
Date Tue, 26 Jun 2012 17:48:01 GMT

---- Sorin Manolache <sorinm@gmail.com> wrote: 
> On 2012-06-26 13:55, ohaya@cox.net wrote:
> >
> >>>>>
> >>>>>
> >>>>> And for webgate, I see:
> >>>>>
> >>>>> Registering hooks for apache2entry_web_gate.cpp
> >>>>>      Hooked post_config
> >>>>>      Hooked handler
> >>>>>      Hooked check_user_id
> >>>>>      Hooked auth_checker
> >>>>>
> >>>>>
> >
> > The original mod_headers code has a hook for fixups.  If I added an "after" string
in the code that registers my fixup function, with the name of the webgate, would that cause
my modified mod_headers to run before the webgate?
> 
> As you see in the debug messages obtained with SHOW_HOOKS=1, the webgate 
> does not place any callback on the fixups hook.
> 
> The relative order of the callbacks in question is:
> 
> 1) post_read_request
> 2) other callbacks (e.g. translate_name, header_parser)
> 3) access_checker
> 4) check_user_id
> 5) auth_checker
> 6) fixups
> 7) insert_filter
> 8) handler
> 
> mod_ssl hooks (1), (3-6), and (8) but it initialises the environment 
> only in the fixups hook (6).
> 
> webgate hooks (4), (5), and (8). So putting your code in (6) is already 
> too late if it is webgate's (4) or (5) that you want to precede.
> 
> There's no way in which your fixups callback can run earlier than 
> webgate's check_user_id or auth_checker simply because the latter are 
> run by apache earlier than fixups.
> 
> > Also can you clarify/expand on what you mean by " you'll have to get those variables
yourself"?  I think that I'm currently getting them using env->setproc or something like
that.
> 
> What I mean is:
> 
> *) apparently you need the variables before webgate's check_user_id or 
> auth_checker.
> *) but mod_ssl initialises them in fixups, i.e. _after_ check_user_id 
> and auth_checker
> 
> You cannot wait until mod_ssl runs its fixups, you have to hook one of 
> the hooks that execute earlier than webgate's check_user_id or 
> auth_checker. (You have to hook one of the hooks (1)-(4).) There, in 
> your hook, you have to get yourself the values of the server 
> certificates, client certificate, etc, everything that mod_ssl would 
> have given you, but too late.
> 
> 
> Please note that what I say holds under the condition that it is 
> webgate's check_user_id and auth_checker that you want to precede. If it 
> is webgate's handler, then your code already runs before webgate's handler.
> 
> 
> Sorin
> 
> P.S. For the order of hooks, check
> modules/http/http_core.c, ap_process_http_connection
> server/protocol.c, ap_read_request
> server/request.c, ap_process_request_internal


Hi,

I tried adding a hook for check_user_id that just dumps envvars.  My check_user_id function
gets called, but from the dump, it looks like none of the SSL vars are populated at that point.

Not sure where to go next with this :(...

Jim

Mime
View raw message