perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Sinelnikov" <dennis.sinelni...@augustschell.com>
Subject RE: Controlling subversion access
Date Sun, 26 Mar 2006 18:52:47 GMT
" What you need to implement is a handler which is
working after mod_ssl has done it's job and before mod_dav is doing its
job but therefore you must know in which phase of Apache they are working."

Ahhh, thanks for pointing me in the right direction. (light bulb lit up) ;)

-----Original Message-----
From: Tom Schindl [mailto:tomAtLinux@gmx.at] 
Sent: Sunday, March 26, 2006 5:07 AM
To: Dennis Sinelnikov
Cc: modperl@perl.apache.org
Subject: Re: Controlling subversion access

Hi Dennis,

first of all it would be nice if you could tell us what version of
Apache/mod-perl you are running. Second I'm not sure I userstand what
you are trying to do because I'm not very familiar with SSL and DAV.

If I'm not completely mistaken things like $ENV{SSL_CLIENT_S_DN} are set
on request time and not on startup where the perl-sections in your
httpd.conf are parsed. What you need to implement is a handler which is
working after mod_ssl has done it's job and before mod_dav is doing its
job but therefore you must know in which phase of Apache they are working.

If elaborate a bit more I'm sure we (mod_perl) can help you ;-)

Tom

Dennis Sinelnikov wrote:
> Dear fellow developers,
> 
>  
> 
> Here is what I'm trying to do in my httpd-ssl.conf:
> 
>  
> 
> <Perl>
> 
> $client_dn = $ENV{SSL_CLIENT_S_DN};
> 
> $client_dn =~ /.*UID=(.*)$/;
> 
> $client_uid = $1;
> 
>  
> 
>   $Location{"/svnroot"} = {
> 
>         DAV => 'svn',
> 
>         SVNPath => '/home/svnroot',
> 
>         SSLUserName => $client_uid,
> 
>         AuthzSVNAccessFile => '/usr/local/apache2/conf/svnauthorization'
> 
>         }
> 
> </Perl>
> 
>  
> 
> Obviously, the above code is not quite right (otherwise I would not be
> emailing everyone ;)
> 
> Basically, I'm trying to parse the UID off of the Client's certificate
> DN and use it to set SSLUserName, so I can later use that uid in
> svnauthorization file to control read/write privileges of my subversion
> repository per user basis.  The reason why I need to parse UID off of
> the DN is because for some reason SSL_CLIENT_S_DN_UID is not getting
> set, but I see it in my log when I log the full DN (bug?).  If anyone
> had to do similar authorization using the client cert, please let me
> know and any suggestions are welcome. 
> 
> Thanks much!
> 
> Dennis
> 




Mime
View raw message