---- [email protected] wrote:
>
> ---- Sorin Manolache <[email protected]> wrote:
> > On 2012-06-26 13:55, [email protected] wrote:
> > >
> > >>>>>
> > >>>>>
> > >>>>> And for webgate, I see:
> > >>>>>
> > >>>>> Registering hooks for apache2entry_web_gate.cpp
> > >>>>> Hooked post_config
> > >>>>> Hooked handler
> > >>>>> Hooked check_user_id
> > >>>>> Hooked auth_checker
> > >>>>>
> > >>>>>
> > >
> > > The original mod_headers code has a hook for fixups. If I added an
> > > "after" string in the code that registers my fixup function, with the
> > > name of the webgate, would that cause my modified mod_headers to run
> > > before the webgate?
> >
> > As you see in the debug messages obtained with SHOW_HOOKS=1, the webgate
> > does not place any callback on the fixups hook.
> >
> > The relative order of the callbacks in question is:
> >
> > 1) post_read_request
> > 2) other callbacks (e.g. translate_name, header_parser)
> > 3) access_checker
> > 4) check_user_id
> > 5) auth_checker
> > 6) fixups
> > 7) insert_filter
> > 8) handler
> >
> > mod_ssl hooks (1), (3-6), and (8) but it initialises the environment
> > only in the fixups hook (6).
> >
> > webgate hooks (4), (5), and (8). So putting your code in (6) is already
> > too late if it is webgate's (4) or (5) that you want to precede.
> >
> > There's no way in which your fixups callback can run earlier than
> > webgate's check_user_id or auth_checker simply because the latter are
> > run by apache earlier than fixups.
> >
> > > Also can you clarify/expand on what you mean by " you'll have to get
> > > those variables yourself"? I think that I'm currently getting them using
> > > env->setproc or something like that.
> >
> > What I mean is:
> >
> > *) apparently you need the variables before webgate's check_user_id or
> > auth_checker.
> > *) but mod_ssl initialises them in fixups, i.e. _after_ check_user_id
> > and auth_checker
> >
> > You cannot wait until mod_ssl runs its fixups, you have to hook one of
> > the hooks that execute earlier than webgate's check_user_id or
> > auth_checker. (You have to hook one of the hooks (1)-(4).) There, in
> > your hook, you have to get yourself the values of the server
> > certificates, client certificate, etc, everything that mod_ssl would
> > have given you, but too late.
> >
> >
> > Please note that what I say holds under the condition that it is
> > webgate's check_user_id and auth_checker that you want to precede. If it
> > is webgate's handler, then your code already runs before webgate's handler.
> >
> >
> > Sorin
> >
> > P.S. For the order of hooks, check
> > modules/http/http_core.c, ap_process_http_connection
> > server/protocol.c, ap_read_request
> > server/request.c, ap_process_request_internal
>
>
> Hi,
>
> I tried adding a hook for check_user_id that just dumps envvars. My
> check_user_id function gets called, but from the dump, it looks like none of
> the SSL vars are populated at that point.
>
> Not sure where to go next with this :(...
>
> Jim
Sorin,
Re-reading your email, where you said:
"
> > You cannot wait until mod_ssl runs its fixups, you have to hook one of
> > the hooks that execute earlier than webgate's check_user_id or
> > auth_checker. (You have to hook one of the hooks (1)-(4).) There, in
> > your hook, you have to get yourself the values of the server
> > certificates, client certificate, etc, everything that mod_ssl would
> > have given you, but too late.
"
I guess that what I'm seeing is exactly what you said would happen, i.e., my
check_user_id hook function is being called, but none of the SSL vars are
populated (since, as you said mod_ssl doesn't populate them until the fixup
phase).
What mechanisms/methods could I use to get those SSL vars ("you have to get
yourself the values of the server certificates, client certificate, etc, ") at
this point?
Thanks,
Jim
