Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm
Precedence: bulk
Received-SPF: pass (asf.osuosl.org: domain of tomAtLinux@gmx.at designates
 213.165.64.20 as permitted sender)
Message-ID: <442667C6.7090601@gmx.at>
Date: Sun, 26 Mar 2006 12:07:02 +0200
From: Tom Schindl <tomAtLinux@gmx.at>
User-Agent: Mozilla Thunderbird 1.0.7-4mdk (X11/20051221)
MIME-Version: 1.0
To: Dennis Sinelnikov <dennis.sinelnikov@augustschell.com>
CC: modperl@perl.apache.org
Subject: Re: Controlling subversion access
References: <20060325223420.1EAEF10FB000@asf.osuosl.org>
In-Reply-To: <20060325223420.1EAEF10FB000@asf.osuosl.org>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigC95A11CA32B7AD435CE9F488"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC95A11CA32B7AD435CE9F488
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Hi Dennis,

first of all it would be nice if you could tell us what version of
Apache/mod-perl you are running. Second I'm not sure I userstand what
you are trying to do because I'm not very familiar with SSL and DAV.

If I'm not completely mistaken things like $ENV{SSL_CLIENT_S_DN} are set
on request time and not on startup where the perl-sections in your
httpd.conf are parsed. What you need to implement is a handler which is
working after mod_ssl has done it's job and before mod_dav is doing its
job but therefore you must know in which phase of Apache they are working=
=2E

If elaborate a bit more I'm sure we (mod_perl) can help you ;-)

Tom

Dennis Sinelnikov wrote:
> Dear fellow developers,
>=20
> =20
>=20
> Here is what I=92m trying to do in my httpd-ssl.conf:
>=20
> =20
>=20
> <Perl>
>=20
> $client_dn =3D $ENV{SSL_CLIENT_S_DN};
>=20
> $client_dn =3D~ /.*UID=3D(.*)$/;
>=20
> $client_uid =3D $1;
>=20
> =20
>=20
>   $Location{"/svnroot"} =3D {
>=20
>         DAV =3D> 'svn',
>=20
>         SVNPath =3D> '/home/svnroot',
>=20
>         SSLUserName =3D> $client_uid,
>=20
>         AuthzSVNAccessFile =3D> '/usr/local/apache2/conf/svnauthorizati=
on'
>=20
>         }
>=20
> </Perl>
>=20
> =20
>=20
> Obviously, the above code is not quite right (otherwise I would not be
> emailing everyone ;)
>=20
> Basically, I=92m trying to parse the UID off of the Client=92s certific=
ate
> DN and use it to set SSLUserName, so I can later use that uid in
> svnauthorization file to control read/write privileges of my subversion=

> repository per user basis.  The reason why I need to parse UID off of
> the DN is because for some reason SSL_CLIENT_S_DN_UID is not getting
> set, but I see it in my log when I log the full DN (bug?).  If anyone
> had to do similar authorization using the client cert, please let me
> know and any suggestions are welcome.=20
>=20
> Thanks much!
>=20
> Dennis
>=20


--------------enigC95A11CA32B7AD435CE9F488
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFEJmfKkVPeOFLgZFIRArZZAJkB39eOBMg8NADzXryKbf93ivBHwwCfQOfK
NdxAsl8RjDHJcc1hLnxknVg=
=jXHJ
-----END PGP SIGNATURE-----

--------------enigC95A11CA32B7AD435CE9F488--