---- Sorin Manolache <sor...@gmail.com> wrote: > On 2012-06-26 13:55, oh...@cox.net wrote: > > > >>>>> > >>>>> > >>>>> And for webgate, I see: > >>>>> > >>>>> Registering hooks for apache2entry_web_gate.cpp > >>>>> Hooked post_config > >>>>> Hooked handler > >>>>> Hooked check_user_id > >>>>> Hooked auth_checker > >>>>> > >>>>> > > > > The original mod_headers code has a hook for fixups. If I added an "after" > > string in the code that registers my fixup function, with the name of the > > webgate, would that cause my modified mod_headers to run before the webgate? > > As you see in the debug messages obtained with SHOW_HOOKS=1, the webgate > does not place any callback on the fixups hook. > > The relative order of the callbacks in question is: > > 1) post_read_request > 2) other callbacks (e.g. translate_name, header_parser) > 3) access_checker > 4) check_user_id > 5) auth_checker > 6) fixups > 7) insert_filter > 8) handler > > mod_ssl hooks (1), (3-6), and (8) but it initialises the environment > only in the fixups hook (6). > > webgate hooks (4), (5), and (8). So putting your code in (6) is already > too late if it is webgate's (4) or (5) that you want to precede. > > There's no way in which your fixups callback can run earlier than > webgate's check_user_id or auth_checker simply because the latter are > run by apache earlier than fixups. > > > Also can you clarify/expand on what you mean by " you'll have to get those > > variables yourself"? I think that I'm currently getting them using > > env->setproc or something like that. > > What I mean is: > > *) apparently you need the variables before webgate's check_user_id or > auth_checker. > *) but mod_ssl initialises them in fixups, i.e. _after_ check_user_id > and auth_checker > > You cannot wait until mod_ssl runs its fixups, you have to hook one of > the hooks that execute earlier than webgate's check_user_id or > auth_checker. (You have to hook one of the hooks (1)-(4).) There, in > your hook, you have to get yourself the values of the server > certificates, client certificate, etc, everything that mod_ssl would > have given you, but too late. > > > Please note that what I say holds under the condition that it is > webgate's check_user_id and auth_checker that you want to precede. If it > is webgate's handler, then your code already runs before webgate's handler. > > > Sorin > > P.S. For the order of hooks, check > modules/http/http_core.c, ap_process_http_connection > server/protocol.c, ap_read_request > server/request.c, ap_process_request_internal
Hi, I tried adding a hook for check_user_id that just dumps envvars. My check_user_id function gets called, but from the dump, it looks like none of the SSL vars are populated at that point. Not sure where to go next with this :(... Jim
