perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Schindl <tomAtLi...@gmx.at>
Subject Re: Controlling subversion access
Date Sun, 26 Mar 2006 10:07:02 GMT
Hi Dennis,

first of all it would be nice if you could tell us what version of
Apache/mod-perl you are running. Second I'm not sure I userstand what
you are trying to do because I'm not very familiar with SSL and DAV.

If I'm not completely mistaken things like $ENV{SSL_CLIENT_S_DN} are set
on request time and not on startup where the perl-sections in your
httpd.conf are parsed. What you need to implement is a handler which is
working after mod_ssl has done it's job and before mod_dav is doing its
job but therefore you must know in which phase of Apache they are working.

If elaborate a bit more I'm sure we (mod_perl) can help you ;-)

Tom

Dennis Sinelnikov wrote:
> Dear fellow developers,
> 
>  
> 
> Here is what I’m trying to do in my httpd-ssl.conf:
> 
>  
> 
> <Perl>
> 
> $client_dn = $ENV{SSL_CLIENT_S_DN};
> 
> $client_dn =~ /.*UID=(.*)$/;
> 
> $client_uid = $1;
> 
>  
> 
>   $Location{"/svnroot"} = {
> 
>         DAV => 'svn',
> 
>         SVNPath => '/home/svnroot',
> 
>         SSLUserName => $client_uid,
> 
>         AuthzSVNAccessFile => '/usr/local/apache2/conf/svnauthorization'
> 
>         }
> 
> </Perl>
> 
>  
> 
> Obviously, the above code is not quite right (otherwise I would not be
> emailing everyone ;)
> 
> Basically, I’m trying to parse the UID off of the Client’s certificate
> DN and use it to set SSLUserName, so I can later use that uid in
> svnauthorization file to control read/write privileges of my subversion
> repository per user basis.  The reason why I need to parse UID off of
> the DN is because for some reason SSL_CLIENT_S_DN_UID is not getting
> set, but I see it in my log when I log the full DN (bug?).  If anyone
> had to do similar authorization using the client cert, please let me
> know and any suggestions are welcome. 
> 
> Thanks much!
> 
> Dennis
> 



Mime
View raw message