httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <oh...@cox.net>
Subject Re: Confused about modules processing order...
Date Tue, 26 Jun 2012 17:56:37 GMT

---- ohaya@cox.net wrote: 
> 
> ---- Sorin Manolache <sorinm@gmail.com> wrote: 
> > On 2012-06-26 13:55, ohaya@cox.net wrote:
> > >
> > >>>>>
> > >>>>>
> > >>>>> And for webgate, I see:
> > >>>>>
> > >>>>> Registering hooks for apache2entry_web_gate.cpp
> > >>>>>      Hooked post_config
> > >>>>>      Hooked handler
> > >>>>>      Hooked check_user_id
> > >>>>>      Hooked auth_checker
> > >>>>>
> > >>>>>
> > >
> > > The original mod_headers code has a hook for fixups.  If I added an "after"
string in the code that registers my fixup function, with the name of the webgate, would that
cause my modified mod_headers to run before the webgate?
> > 
> > As you see in the debug messages obtained with SHOW_HOOKS=1, the webgate 
> > does not place any callback on the fixups hook.
> > 
> > The relative order of the callbacks in question is:
> > 
> > 1) post_read_request
> > 2) other callbacks (e.g. translate_name, header_parser)
> > 3) access_checker
> > 4) check_user_id
> > 5) auth_checker
> > 6) fixups
> > 7) insert_filter
> > 8) handler
> > 
> > mod_ssl hooks (1), (3-6), and (8) but it initialises the environment 
> > only in the fixups hook (6).
> > 
> > webgate hooks (4), (5), and (8). So putting your code in (6) is already 
> > too late if it is webgate's (4) or (5) that you want to precede.
> > 
> > There's no way in which your fixups callback can run earlier than 
> > webgate's check_user_id or auth_checker simply because the latter are 
> > run by apache earlier than fixups.
> > 
> > > Also can you clarify/expand on what you mean by " you'll have to get those
variables yourself"?  I think that I'm currently getting them using env->setproc or something
like that.
> > 
> > What I mean is:
> > 
> > *) apparently you need the variables before webgate's check_user_id or 
> > auth_checker.
> > *) but mod_ssl initialises them in fixups, i.e. _after_ check_user_id 
> > and auth_checker
> > 
> > You cannot wait until mod_ssl runs its fixups, you have to hook one of 
> > the hooks that execute earlier than webgate's check_user_id or 
> > auth_checker. (You have to hook one of the hooks (1)-(4).) There, in 
> > your hook, you have to get yourself the values of the server 
> > certificates, client certificate, etc, everything that mod_ssl would 
> > have given you, but too late.
> > 
> > 
> > Please note that what I say holds under the condition that it is 
> > webgate's check_user_id and auth_checker that you want to precede. If it 
> > is webgate's handler, then your code already runs before webgate's handler.
> > 
> > 
> > Sorin
> > 
> > P.S. For the order of hooks, check
> > modules/http/http_core.c, ap_process_http_connection
> > server/protocol.c, ap_read_request
> > server/request.c, ap_process_request_internal
> 
> 
> Hi,
> 
> I tried adding a hook for check_user_id that just dumps envvars.  My check_user_id function
gets called, but from the dump, it looks like none of the SSL vars are populated at that point.
> 
> Not sure where to go next with this :(...
> 
> Jim


Sorin,

Re-reading your email, where you said:

"
> > You cannot wait until mod_ssl runs its fixups, you have to hook one of 
> > the hooks that execute earlier than webgate's check_user_id or 
> > auth_checker. (You have to hook one of the hooks (1)-(4).) There, in 
> > your hook, you have to get yourself the values of the server 
> > certificates, client certificate, etc, everything that mod_ssl would 
> > have given you, but too late.
"

I guess that what I'm seeing is exactly what you said would happen, i.e., my check_user_id
hook function is being called, but none of the SSL vars are populated (since, as you said
mod_ssl doesn't populate them until the fixup phase).

What mechanisms/methods could I use to get those SSL vars ("you have to get yourself the values
of the server certificates, client certificate, etc, ") at this point?

Thanks,
Jim

Mime
View raw message