Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Yann?
Any chance to get this reviewed after the 2.4.32 release?

On Tue, Jan 2, 2018 at 7:08 PM, Andrei Ivanov 
wrote:

> Hello? Yann?
>
> On Thu, Dec 21, 2017 at 5:39 PM, Andrei Ivanov 
> wrote:
>
>> Yann? Are you there? 
>>
>> On Mon, Dec 4, 2017 at 3:43 PM, Andrei Ivanov 
>> wrote:
>>
>>> Hi Yann,
>>> Any news on the reviews?
>>>
>>> On Tue, Oct 3, 2017 at 9:58 AM, Andrei Ivanov 
>>> wrote:
>>>
 Woohoo!

 Thank you ☺

 On Tue, Oct 3, 2017 at 1:44 AM, Yann Ylavic 
 wrote:

> Hi Andrei,
>
> Committed to trunk (http://svn.apache.org/r1810605), should have a
> better visibility (and review) now.
>
> Regards,
> Yann.
>
>
> On Sun, Sep 17, 2017 at 8:18 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
>
>> Ok, I understand.
>>
>> Thank you very much 
>>
>> On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic 
>> wrote:
>>
>>> On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov <
>>> andrei.iva...@gmail.com> wrote:
>>> > Yann?
>>> > What's the next step? Your message didn't seem to draw attention
>>> from others
>>> > and it's been almost 2 months
>>>
>>> That's called lazy consensus :)
>>>
>>> In other words, I'll commit it to trunk (once rebased, since it
>>> currently applies to 2.4.x only).
>>> There, it will easily/likely be reviewed/amended by others, either
>>> before or after the backport is proposed for some future release (no
>>> timeline for this yet).
>>>
>>> Regards,
>>> Yann.
>>>
>>> 
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>>
>

>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Eric Covener]

On Sun, Jan 7, 2018 at 9:25 AM, sebb  wrote:
> The mod_lua docs state that subprocess_env can be used to access
> process environment variables [1] It appears to imply that the script
> can access standard CGI variables.
>
> However, the only variables that seem to be defined are:
>
> SCRIPT_URI
> SCRIPT_URL
>
> There also does not seem to be a way to enumerate the list of variables.
> (I found the above by trying the names that are visible to Perl and Python)
>
> How does one get at the other variables?
>
> If there is a restriction on what subprocess_env provides, it would be
> helpful if it were documented.
>
> [1] https://httpd.apache.org/docs/trunk/mod/mod_lua.html

The CGI variables are lazily added by the CGI-like handler modules
right before they kick off their scripts.

mod_lua doesn't add them in at any stage (ap_add_cgi_vars())  So there
is very little floating around in subprocess_env.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Hello? Yann?

On Thu, Dec 21, 2017 at 5:39 PM, Andrei Ivanov 
wrote:

> Yann? Are you there? 
>
> On Mon, Dec 4, 2017 at 3:43 PM, Andrei Ivanov 
> wrote:
>
>> Hi Yann,
>> Any news on the reviews?
>>
>> On Tue, Oct 3, 2017 at 9:58 AM, Andrei Ivanov 
>> wrote:
>>
>>> Woohoo!
>>>
>>> Thank you ☺
>>>
>>> On Tue, Oct 3, 2017 at 1:44 AM, Yann Ylavic 
>>> wrote:
>>>
 Hi Andrei,

 Committed to trunk (http://svn.apache.org/r1810605), should have a
 better visibility (and review) now.

 Regards,
 Yann.


 On Sun, Sep 17, 2017 at 8:18 PM, Andrei Ivanov  wrote:

> Ok, I understand.
>
> Thank you very much 
>
> On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic 
> wrote:
>
>> On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov <
>> andrei.iva...@gmail.com> wrote:
>> > Yann?
>> > What's the next step? Your message didn't seem to draw attention
>> from others
>> > and it's been almost 2 months
>>
>> That's called lazy consensus :)
>>
>> In other words, I'll commit it to trunk (once rebased, since it
>> currently applies to 2.4.x only).
>> There, it will easily/likely be reviewed/amended by others, either
>> before or after the backport is proposed for some future release (no
>> timeline for this yet).
>>
>> Regards,
>> Yann.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>

>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Yann? Are you there? 

On Mon, Dec 4, 2017 at 3:43 PM, Andrei Ivanov 
wrote:

> Hi Yann,
> Any news on the reviews?
>
> On Tue, Oct 3, 2017 at 9:58 AM, Andrei Ivanov 
> wrote:
>
>> Woohoo!
>>
>> Thank you ☺
>>
>> On Tue, Oct 3, 2017 at 1:44 AM, Yann Ylavic  wrote:
>>
>>> Hi Andrei,
>>>
>>> Committed to trunk (http://svn.apache.org/r1810605), should have a
>>> better visibility (and review) now.
>>>
>>> Regards,
>>> Yann.
>>>
>>>
>>> On Sun, Sep 17, 2017 at 8:18 PM, Andrei Ivanov 
>>> wrote:
>>>
 Ok, I understand.

 Thank you very much 

 On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic 
 wrote:

> On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
> > Yann?
> > What's the next step? Your message didn't seem to draw attention
> from others
> > and it's been almost 2 months
>
> That's called lazy consensus :)
>
> In other words, I'll commit it to trunk (once rebased, since it
> currently applies to 2.4.x only).
> There, it will easily/likely be reviewed/amended by others, either
> before or after the backport is proposed for some future release (no
> timeline for this yet).
>
> Regards,
> Yann.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Hi Yann,
Any news on the reviews?

On Tue, Oct 3, 2017 at 9:58 AM, Andrei Ivanov 
wrote:

> Woohoo!
>
> Thank you ☺
>
> On Tue, Oct 3, 2017 at 1:44 AM, Yann Ylavic  wrote:
>
>> Hi Andrei,
>>
>> Committed to trunk (http://svn.apache.org/r1810605), should have a
>> better visibility (and review) now.
>>
>> Regards,
>> Yann.
>>
>>
>> On Sun, Sep 17, 2017 at 8:18 PM, Andrei Ivanov 
>> wrote:
>>
>>> Ok, I understand.
>>>
>>> Thank you very much 
>>>
>>> On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic 
>>> wrote:
>>>
 On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov <
 andrei.iva...@gmail.com> wrote:
 > Yann?
 > What's the next step? Your message didn't seem to draw attention from
 others
 > and it's been almost 2 months

 That's called lazy consensus :)

 In other words, I'll commit it to trunk (once rebased, since it
 currently applies to 2.4.x only).
 There, it will easily/likely be reviewed/amended by others, either
 before or after the backport is proposed for some future release (no
 timeline for this yet).

 Regards,
 Yann.

 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org


>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Woohoo!

Thank you ☺

On Tue, Oct 3, 2017 at 1:44 AM, Yann Ylavic  wrote:

> Hi Andrei,
>
> Committed to trunk (http://svn.apache.org/r1810605), should have a better
> visibility (and review) now.
>
> Regards,
> Yann.
>
>
> On Sun, Sep 17, 2017 at 8:18 PM, Andrei Ivanov 
> wrote:
>
>> Ok, I understand.
>>
>> Thank you very much 
>>
>> On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic 
>> wrote:
>>
>>> On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov 
>>> wrote:
>>> > Yann?
>>> > What's the next step? Your message didn't seem to draw attention from
>>> others
>>> > and it's been almost 2 months
>>>
>>> That's called lazy consensus :)
>>>
>>> In other words, I'll commit it to trunk (once rebased, since it
>>> currently applies to 2.4.x only).
>>> There, it will easily/likely be reviewed/amended by others, either
>>> before or after the backport is proposed for some future release (no
>>> timeline for this yet).
>>>
>>> Regards,
>>> Yann.
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

Hi Andrei,

Committed to trunk (http://svn.apache.org/r1810605), should have a better
visibility (and review) now.

Regards,
Yann.


On Sun, Sep 17, 2017 at 8:18 PM, Andrei Ivanov 
wrote:

> Ok, I understand.
>
> Thank you very much 
>
> On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic  wrote:
>
>> On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov 
>> wrote:
>> > Yann?
>> > What's the next step? Your message didn't seem to draw attention from
>> others
>> > and it's been almost 2 months
>>
>> That's called lazy consensus :)
>>
>> In other words, I'll commit it to trunk (once rebased, since it
>> currently applies to 2.4.x only).
>> There, it will easily/likely be reviewed/amended by others, either
>> before or after the backport is proposed for some future release (no
>> timeline for this yet).
>>
>> Regards,
>> Yann.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Ok, I understand.

Thank you very much 

On Sun, Sep 17, 2017 at 7:14 PM, Yann Ylavic  wrote:

> On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov 
> wrote:
> > Yann?
> > What's the next step? Your message didn't seem to draw attention from
> others
> > and it's been almost 2 months
>
> That's called lazy consensus :)
>
> In other words, I'll commit it to trunk (once rebased, since it
> currently applies to 2.4.x only).
> There, it will easily/likely be reviewed/amended by others, either
> before or after the backport is proposed for some future release (no
> timeline for this yet).
>
> Regards,
> Yann.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Sun, Sep 10, 2017 at 12:46 PM, Andrei Ivanov  wrote:
> Yann?
> What's the next step? Your message didn't seem to draw attention from others
> and it's been almost 2 months

That's called lazy consensus :)

In other words, I'll commit it to trunk (once rebased, since it
currently applies to 2.4.x only).
There, it will easily/likely be reviewed/amended by others, either
before or after the backport is proposed for some future release (no
timeline for this yet).

Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Yann? Are you there? 

On Sun, Sep 10, 2017 at 1:46 PM, Andrei Ivanov 
wrote:

> Yann?
> What's the next step? Your message didn't seem to draw attention from
> others and it's been almost 2 months 
>
> On Mon, Aug 7, 2017 at 3:30 PM, Andrei Ivanov 
> wrote:
>
>> Hmm, if nobody comments on your proposal does it mean you get an implicit
>> commit acceptance after 1 month? 
>>
>> On Sat, Jul 15, 2017 at 7:35 PM, Andrei Ivanov 
>> wrote:
>>
>>> This is great news, thank you very much.
>>>
>>> So far I am monitoring the list archives through http://mail-archives.a
>>> pache.org/mod_mbox/httpd-dev/201707.mbox/browser :)
>>>
>>> On Sat, Jul 15, 2017 at 1:01 AM, Yann Ylavic 
>>> wrote:
>>>
 Hi Andrei,

 On Thu, Jul 13, 2017 at 3:21 PM, Andrei Ivanov 
 wrote:
 >
 > Yann? Is it a good time now?

 I proposed the patch on the httpd-dev mailing list.
 Waiting for feedbacks, then will commit it.

 I don't know if you are subscribed to this list, but most follow ups
 will happen there now...
 If you are not, I'll try to keep you informed here.

 Regards,
 Yann.

 -
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org


>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Yann?
What's the next step? Your message didn't seem to draw attention from
others and it's been almost 2 months 

On Mon, Aug 7, 2017 at 3:30 PM, Andrei Ivanov 
wrote:

> Hmm, if nobody comments on your proposal does it mean you get an implicit
> commit acceptance after 1 month? 
>
> On Sat, Jul 15, 2017 at 7:35 PM, Andrei Ivanov 
> wrote:
>
>> This is great news, thank you very much.
>>
>> So far I am monitoring the list archives through http://mail-archives.a
>> pache.org/mod_mbox/httpd-dev/201707.mbox/browser :)
>>
>> On Sat, Jul 15, 2017 at 1:01 AM, Yann Ylavic 
>> wrote:
>>
>>> Hi Andrei,
>>>
>>> On Thu, Jul 13, 2017 at 3:21 PM, Andrei Ivanov 
>>> wrote:
>>> >
>>> > Yann? Is it a good time now?
>>>
>>> I proposed the patch on the httpd-dev mailing list.
>>> Waiting for feedbacks, then will commit it.
>>>
>>> I don't know if you are subscribed to this list, but most follow ups
>>> will happen there now...
>>> If you are not, I'll try to keep you informed here.
>>>
>>> Regards,
>>> Yann.
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Hmm, if nobody comments on your proposal does it mean you get an implicit
commit acceptance after 1 month? 

On Sat, Jul 15, 2017 at 7:35 PM, Andrei Ivanov 
wrote:

> This is great news, thank you very much.
>
> So far I am monitoring the list archives through http://mail-archives.
> apache.org/mod_mbox/httpd-dev/201707.mbox/browser :)
>
> On Sat, Jul 15, 2017 at 1:01 AM, Yann Ylavic  wrote:
>
>> Hi Andrei,
>>
>> On Thu, Jul 13, 2017 at 3:21 PM, Andrei Ivanov 
>> wrote:
>> >
>> > Yann? Is it a good time now?
>>
>> I proposed the patch on the httpd-dev mailing list.
>> Waiting for feedbacks, then will commit it.
>>
>> I don't know if you are subscribed to this list, but most follow ups
>> will happen there now...
>> If you are not, I'll try to keep you informed here.
>>
>> Regards,
>> Yann.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

This is great news, thank you very much.

So far I am monitoring the list archives through
http://mail-archives.apache.org/mod_mbox/httpd-dev/201707.mbox/browser :)

On Sat, Jul 15, 2017 at 1:01 AM, Yann Ylavic  wrote:

> Hi Andrei,
>
> On Thu, Jul 13, 2017 at 3:21 PM, Andrei Ivanov 
> wrote:
> >
> > Yann? Is it a good time now?
>
> I proposed the patch on the httpd-dev mailing list.
> Waiting for feedbacks, then will commit it.
>
> I don't know if you are subscribed to this list, but most follow ups
> will happen there now...
> If you are not, I'll try to keep you informed here.
>
> Regards,
> Yann.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

Hi Andrei,

On Thu, Jul 13, 2017 at 3:21 PM, Andrei Ivanov  wrote:
>
> Yann? Is it a good time now?

I proposed the patch on the httpd-dev mailing list.
Waiting for feedbacks, then will commit it.

I don't know if you are subscribed to this list, but most follow ups
will happen there now...
If you are not, I'll try to keep you informed here.

Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Jim Jagielski]

Maybe this would be better discussed on dev@ ??

> On Jul 13, 2017, at 9:21 AM, Andrei Ivanov  wrote:
> 
> Yann? Is it a good time now? 
> 
> On Tue, Jun 20, 2017 at 6:41 PM, Andrei Ivanov  
> wrote:
> Hi,
> Seeing that 2.4.26 was released, is this a good time? 
> 
> Thanks again.
> 
> On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic  wrote:
> Hi Andrei,
> 
> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov  
> wrote:
> >
> > Does anybody know anything about Yann?
> 
> I do :)
> 
> Sorry I didn't have the time to propose something to the dev team for
> now, while 2.4.26 is coming soon and is very unlikely to include such
> a change on the core expression parser (without quite some testing and
> review, we can't regress here...).
> 
> Once 2.4.26 is out, I'll propose/commit the patch so that we can
> discuss and hopefuly backport it to some future 2.4.x.
> 
> 
> Regards,
> Yann.
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Yann? Is it a good time now? 

On Tue, Jun 20, 2017 at 6:41 PM, Andrei Ivanov 
wrote:

> Hi,
> Seeing that 2.4.26 was released, is this a good time? 
>
> Thanks again.
>
> On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic 
> wrote:
>
>> Hi Andrei,
>>
>> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov 
>> wrote:
>> >
>> > Does anybody know anything about Yann?
>>
>> I do :)
>>
>> Sorry I didn't have the time to propose something to the dev team for
>> now, while 2.4.26 is coming soon and is very unlikely to include such
>> a change on the core expression parser (without quite some testing and
>> review, we can't regress here...).
>>
>> Once 2.4.26 is out, I'll propose/commit the patch so that we can
>> discuss and hopefuly backport it to some future 2.4.x.
>>
>>
>> Regards,
>> Yann.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Hmm,
I was actually asking Yann about committing a patch he created.

I don't think I understand the connection with the CVEs.

On Tue, Jun 20, 2017 at 6:57 PM, Mitchell Krog Photography <
mitchellk...@gmail.com> wrote:

> Yes as it addresses a number of vulnerabilities discovered. Check mailing
> list for CVE messages sent earlier today.
>
> Kind Regards
> Mitchell Krog
> **
> Visit me at https://mitchellkrog.com
> **
> License My Images From Getty Images Here
> 
>
> or From Gallo Images Here
> 
> **
>
> On 20 June 2017 at 17:41:22, Andrei Ivanov (andrei.iva...@gmail.com)
> wrote:
>
>> Hi,
>> Seeing that 2.4.26 was released, is this a good time? 
>>
>> Thanks again.
>>
>> On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic 
>> wrote:
>>
>>> Hi Andrei,
>>>
>>> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov 
>>> wrote:
>>> >
>>> > Does anybody know anything about Yann?
>>>
>>> I do :)
>>>
>>> Sorry I didn't have the time to propose something to the dev team for
>>> now, while 2.4.26 is coming soon and is very unlikely to include such
>>> a change on the core expression parser (without quite some testing and
>>> review, we can't regress here...).
>>>
>>> Once 2.4.26 is out, I'll propose/commit the patch so that we can
>>> discuss and hopefuly backport it to some future 2.4.x.
>>>
>>>
>>> Regards,
>>> Yann.
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>>> For additional commands, e-mail: users-h...@httpd.apache.org
>>>
>>>
>>

Re: [users@httpd] mod_lua and subprocess_env

[Mitchell Krog Photography]

Yes as it addresses a number of vulnerabilities discovered. Check mailing
list for CVE messages sent earlier today.

Kind Regards
Mitchell Krog
**
Visit me at https://mitchellkrog.com
**
License My Images From Getty Images Here


or From Gallo Images Here

**

On 20 June 2017 at 17:41:22, Andrei Ivanov (andrei.iva...@gmail.com) wrote:

> Hi,
> Seeing that 2.4.26 was released, is this a good time? 
>
> Thanks again.
>
> On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic 
> wrote:
>
>> Hi Andrei,
>>
>> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov 
>> wrote:
>> >
>> > Does anybody know anything about Yann?
>>
>> I do :)
>>
>> Sorry I didn't have the time to propose something to the dev team for
>> now, while 2.4.26 is coming soon and is very unlikely to include such
>> a change on the core expression parser (without quite some testing and
>> review, we can't regress here...).
>>
>> Once 2.4.26 is out, I'll propose/commit the patch so that we can
>> discuss and hopefuly backport it to some future 2.4.x.
>>
>>
>> Regards,
>> Yann.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Hi,
Seeing that 2.4.26 was released, is this a good time? 

Thanks again.

On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic  wrote:

> Hi Andrei,
>
> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov 
> wrote:
> >
> > Does anybody know anything about Yann?
>
> I do :)
>
> Sorry I didn't have the time to propose something to the dev team for
> now, while 2.4.26 is coming soon and is very unlikely to include such
> a change on the core expression parser (without quite some testing and
> review, we can't regress here...).
>
> Once 2.4.26 is out, I'll propose/commit the patch so that we can
> discuss and hopefuly backport it to some future 2.4.x.
>
>
> Regards,
> Yann.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Sun, May 28, 2017 at 11:54 PM, Yann Ylavic  wrote:

> Hi Andrei,
>
> On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov 
> wrote:
> >
> > Does anybody know anything about Yann?
>
> I do :)
>
> Sorry I didn't have the time to propose something to the dev team for
> now, while 2.4.26 is coming soon and is very unlikely to include such
> a change on the core expression parser (without quite some testing and
> review, we can't regress here...).
>
> Once 2.4.26 is out, I'll propose/commit the patch so that we can
> discuss and hopefuly backport it to some future 2.4.x.
>
>
> Regards,
> Yann.


Thank you very much :-)

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

Hi Andrei,

On Wed, May 24, 2017 at 5:50 PM, Andrei Ivanov  wrote:
>
> Does anybody know anything about Yann?

I do :)

Sorry I didn't have the time to propose something to the dev team for
now, while 2.4.26 is coming soon and is very unlikely to include such
a change on the core expression parser (without quite some testing and
review, we can't regress here...).

Once 2.4.26 is out, I'll propose/commit the patch so that we can
discuss and hopefuly backport it to some future 2.4.x.


Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Does anybody know anything about Yann? 樂

On Thu, Apr 27, 2017 at 3:47 PM, Andrei Ivanov 
wrote:

> Yann? 
>
>
> On Wed, Apr 19, 2017 at 11:49 AM, Andrei Ivanov 
> wrote:
>
>> On Apr 10, 2017 12:10 PM, "Andrei Ivanov" 
>> wrote:
>>
>> On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov >> > wrote:
>>>
 On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov  wrote:

> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic 
> wrote:
>
>> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov <
>> andrei.iva...@gmail.com> wrote:
>> > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov <
>> andrei.iva...@gmail.com>
>> > wrote:
>> >
>> > Argh! You've sent more emails but Gmail received them out of order
>> so I
>> > didn't see your initial email about the changed syntax.
>>
>> We seem to talk past each other :)
>> Anyway, maybe past failures make more sense now...
>>
>> >
>> > It works now! :-)
>> > Wooohooo!
>>
>> Cool.
>>
>> >
>> > Now... any chance of getting the patches included in the next
>> release? :-D
>>
>> Possibly, we'll propose and ask for feedbacks on the dev@ mailing
>> list first ;)
>>
>
> Any way I can help with this?
> I saw a discussion already started about 2.4.26...
>

 Yann? :-D

>>>
>>> Ping :-/
>>>
>>
>> Yann, please come baaack!
>>
>>
>> 
>>
>>
>>
>>>
>>>


>
> Btw, I also created a ticket for what I thought was the solution at
> that time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
> I guess that would still make sense to have in the future...
>
>
>>
>> >
>> > Thank you very much, I owe you many beers! :-)
>>
>> I can drink that! let's see :)
>>
>

>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

Yann? 

On Wed, Apr 19, 2017 at 11:49 AM, Andrei Ivanov 
wrote:

> On Apr 10, 2017 12:10 PM, "Andrei Ivanov"  wrote:
>
> On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov 
> wrote:
>
>> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov 
>>> wrote:
>>>
 On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic 
 wrote:

> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
> > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov <
> andrei.iva...@gmail.com>
> > wrote:
> >
> > Argh! You've sent more emails but Gmail received them out of order
> so I
> > didn't see your initial email about the changed syntax.
>
> We seem to talk past each other :)
> Anyway, maybe past failures make more sense now...
>
> >
> > It works now! :-)
> > Wooohooo!
>
> Cool.
>
> >
> > Now... any chance of getting the patches included in the next
> release? :-D
>
> Possibly, we'll propose and ask for feedbacks on the dev@ mailing
> list first ;)
>

 Any way I can help with this?
 I saw a discussion already started about 2.4.26...

>>>
>>> Yann? :-D
>>>
>>
>> Ping :-/
>>
>
> Yann, please come baaack!
>
>
> 
>
>
>
>>
>>
>>>
>>>

 Btw, I also created a ticket for what I thought was the solution at
 that time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
 I guess that would still make sense to have in the future...


>
> >
> > Thank you very much, I owe you many beers! :-)
>
> I can drink that! let's see :)
>

>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Apr 10, 2017 12:10 PM, "Andrei Ivanov"  wrote:

On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov 
wrote:

> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov 
> wrote:
>
>> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic 
>>> wrote:
>>>
 On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov 
 wrote:
 > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov <
 andrei.iva...@gmail.com>
 > wrote:
 >
 > Argh! You've sent more emails but Gmail received them out of order so
 I
 > didn't see your initial email about the changed syntax.

 We seem to talk past each other :)
 Anyway, maybe past failures make more sense now...

 >
 > It works now! :-)
 > Wooohooo!

 Cool.

 >
 > Now... any chance of getting the patches included in the next
 release? :-D

 Possibly, we'll propose and ask for feedbacks on the dev@ mailing list
 first ;)

>>>
>>> Any way I can help with this?
>>> I saw a discussion already started about 2.4.26...
>>>
>>
>> Yann? :-D
>>
>
> Ping :-/
>

Yann, please come baaack!






>
>
>>
>>
>>>
>>> Btw, I also created a ticket for what I thought was the solution at that
>>> time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
>>> I guess that would still make sense to have in the future...
>>>
>>>

 >
 > Thank you very much, I owe you many beers! :-)

 I can drink that! let's see :)

>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Apr 4, 2017 at 4:25 PM, Andrei Ivanov 
wrote:

> On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov 
> wrote:
>
>> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic 
>>> wrote:
>>>
 On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov 
 wrote:
 > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov <
 andrei.iva...@gmail.com>
 > wrote:
 >
 > Argh! You've sent more emails but Gmail received them out of order so
 I
 > didn't see your initial email about the changed syntax.

 We seem to talk past each other :)
 Anyway, maybe past failures make more sense now...

 >
 > It works now! :-)
 > Wooohooo!

 Cool.

 >
 > Now... any chance of getting the patches included in the next
 release? :-D

 Possibly, we'll propose and ask for feedbacks on the dev@ mailing list
 first ;)

>>>
>>> Any way I can help with this?
>>> I saw a discussion already started about 2.4.26...
>>>
>>
>> Yann? :-D
>>
>
> Ping :-/
>

Yann, please come baaack!


>
>
>>
>>
>>>
>>> Btw, I also created a ticket for what I thought was the solution at that
>>> time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
>>> I guess that would still make sense to have in the future...
>>>
>>>

 >
 > Thank you very much, I owe you many beers! :-)

 I can drink that! let's see :)

>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Mar 29, 2017 at 12:16 PM, Andrei Ivanov 
wrote:

> On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov 
> wrote:
>
>> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic 
>> wrote:
>>
>>> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov 
>>> wrote:
>>> > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov <
>>> andrei.iva...@gmail.com>
>>> > wrote:
>>> >
>>> > Argh! You've sent more emails but Gmail received them out of order so I
>>> > didn't see your initial email about the changed syntax.
>>>
>>> We seem to talk past each other :)
>>> Anyway, maybe past failures make more sense now...
>>>
>>> >
>>> > It works now! :-)
>>> > Wooohooo!
>>>
>>> Cool.
>>>
>>> >
>>> > Now... any chance of getting the patches included in the next release?
>>> :-D
>>>
>>> Possibly, we'll propose and ask for feedbacks on the dev@ mailing list
>>> first ;)
>>>
>>
>> Any way I can help with this?
>> I saw a discussion already started about 2.4.26...
>>
>
> Yann? :-D
>

Ping :-/


>
>
>>
>> Btw, I also created a ticket for what I thought was the solution at that
>> time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
>> I guess that would still make sense to have in the future...
>>
>>
>>>
>>> >
>>> > Thank you very much, I owe you many beers! :-)
>>>
>>> I can drink that! let's see :)
>>>
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Thu, Mar 23, 2017 at 3:52 PM, Andrei Ivanov 
wrote:

> On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic  wrote:
>
>> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov 
>> wrote:
>> > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov > >
>> > wrote:
>> >
>> > Argh! You've sent more emails but Gmail received them out of order so I
>> > didn't see your initial email about the changed syntax.
>>
>> We seem to talk past each other :)
>> Anyway, maybe past failures make more sense now...
>>
>> >
>> > It works now! :-)
>> > Wooohooo!
>>
>> Cool.
>>
>> >
>> > Now... any chance of getting the patches included in the next release?
>> :-D
>>
>> Possibly, we'll propose and ask for feedbacks on the dev@ mailing list
>> first ;)
>>
>
> Any way I can help with this?
> I saw a discussion already started about 2.4.26...
>

Yann? :-D


>
> Btw, I also created a ticket for what I thought was the solution at that
> time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
> I guess that would still make sense to have in the future...
>
>
>>
>> >
>> > Thank you very much, I owe you many beers! :-)
>>
>> I can drink that! let's see :)
>>
>

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Mar 22, 2017 at 5:08 PM, Yann Ylavic  wrote:

> On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov 
> wrote:
> > On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov 
> > wrote:
> >
> > Argh! You've sent more emails but Gmail received them out of order so I
> > didn't see your initial email about the changed syntax.
>
> We seem to talk past each other :)
> Anyway, maybe past failures make more sense now...
>
> >
> > It works now! :-)
> > Wooohooo!
>
> Cool.
>
> >
> > Now... any chance of getting the patches included in the next release?
> :-D
>
> Possibly, we'll propose and ask for feedbacks on the dev@ mailing list
> first ;)
>

Any way I can help with this?
I saw a discussion already started about 2.4.26...

Btw, I also created a ticket for what I thought was the solution at that
time: https://bz.apache.org/bugzilla/show_bug.cgi?id=60456
I guess that would still make sense to have in the future...


>
> >
> > Thank you very much, I owe you many beers! :-)
>
> I can drink that! let's see :)
>

Re: [users@httpd] mod_lua and subprocess_env

[Eric Covener]

On Wed, Mar 22, 2017 at 10:45 AM, Andrei Ivanov  wrote:
> Argh! You've sent more emails but Gmail received them out of order so I
> didn't see your initial email about the changed syntax.


FWIW this is probably due to ASF mail problems today.

-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Wed, Mar 22, 2017 at 2:53 PM, Andrei Ivanov  wrote:
>
> Welcome back :-)

Thanks ;)

>
> These expressions don't work anymore: Can't parse value expression :
> Function 'PeerExtList' does not exist
>
> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
> %{PeerExtList:2.5.29.17}"

This is not what I proposed (according to the new patch), the above
works only with first/initial (now obsolete) patch.

For the "Client-SAN" header, it fails because
"%{PeerExtList:2.5.29.17}" is a list and it can't be evaluated in a
string context (like mod_headers' expr= context).

A string context is what's allowed between the quotes in a full
expression context (like a an 's condition), but omitting/without
the quotes...

So same for the second, "'IP Address:'.%{REMOTE_ADDR}" is not valid in
a string context, you'd have to use expr="IP Address:%{REMOTE_ADDR}"
directly, but still the following "-in %{PeerExtList:2.5.29.17}" isn't
valid either (no condition evaluated in a string context...).

That's why my latest patch introduces "%{:  :}" (note
the leading and trailing colons), so you should be able to:
 Header set Expr1 "expr=%{: 'IP Address:%{REMOTE_ADDR}' -in
PeerExtList('2.5.29.17') :}"

but still the above is "false" (my patch also evaluates the conditions
into the strings "true"/"false").
This is because 'IP Address:%{REMOTE_ADDR}' is only a part of the
first entry of PeerExtList('2.5.29.17') (which could be expressed
literally as {'email:, email:, IP
Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44'}),
not an entry on its own (like in {'email:',
'email:', 'IP Address:127.0.0.1', 'IP
Address:0:0:0:0:0:0:0:1', 'IP Address:159.107.78.131', 'IP
Address:FE80:0:0:0:6D03:4CE1:C15F:5A44'}).

So we need to be able to split a list but applying a regular
expression on all of its entries and creating a new list with the
capture(s).

That's the new "split///" operator, which will walk
all the list's entries (actually the first and only one in the
PeerExtList('2.5.29.17') case) and split them into a new list where
ed, i.e. keep only what's before (hence also after by progress
on the next ) and d if not empty.

All in one, this gives:
 Header set Expr1 "expr=%{: %{REMOTE_ADDR} -in
(PeerExtList('subjectAltName') =~ split/.*?IP Address:([^,]+)/$1/) :}"
Where we create an %{: expression :} context where we can search for
%{REMOTE_ADDR} -in PeerExtList('subjectAltName') splitted on ".*?IP
Address:([^,]+)" (i.e. skip anything before and including 'IP
Address:' to keep only what follows until the next comma: the IP!).
This one should return "true"...


>
> I've modified this one to use the "normal" method syntax, hoping that would
> work:
>
> 
> Header set matched-dynamic true
> 

Likewise, %{REMOTE_ADDR} cannot be evaluated at init time (when the
regular expression is compiled), thus the failure.

But:
 
Header set matched-dynamic true
 
should work...


Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Wed, Mar 22, 2017 at 3:45 PM, Andrei Ivanov  wrote:
> On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov 
> wrote:
>
> Argh! You've sent more emails but Gmail received them out of order so I
> didn't see your initial email about the changed syntax.

We seem to talk past each other :)
Anyway, maybe past failures make more sense now...

>
> It works now! :-)
> Wooohooo!

Cool.

>
> Now... any chance of getting the patches included in the next release? :-D

Possibly, we'll propose and ask for feedbacks on the dev@ mailing list first ;)

>
> Thank you very much, I owe you many beers! :-)

I can drink that! let's see :)

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Mar 22, 2017 at 3:53 PM, Andrei Ivanov 
wrote:

> On Wed, Mar 22, 2017 at 3:27 PM, Yann Ylavic  wrote:
>
>> On Wed, Mar 22, 2017 at 1:37 PM, Yann Ylavic 
>> wrote:
>> >
>> > There are two patches attached, one for the changes in httpd code, the
>> > other for the files generated by the bison/flex parser.
>>
>> The second patch was missing the changes in server/util_expr_parse.h,
>> resending...
>>
>> >
>> > Hope that helps,
>> > Yann.
>>
>
> Welcome back :-)
>
> Unfortunately,  the situation seems to be getting worse :-(
>
> These expressions don't work anymore: Can't parse value expression :
> Function 'PeerExtList' does not exist
>
> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
> %{PeerExtList:2.5.29.17}"
>
> I've modified this one to use the "normal" method syntax, hoping that
> would work:
>
> 
> Header set matched-dynamic true
> 
>
> Cannot parse condition clause: syntax error, unexpected T_ERROR, expecting
> T_VAR_END or ':': Invalid character in variable name '('
>
>
Argh! You've sent more emails but Gmail received them out of order so I
didn't see your initial email about the changed syntax.

It works now! :-)
Wooohooo!

Now... any chance of getting the patches included in the next release? :-D

Thank you very much, I owe you many beers! :-)

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Mar 22, 2017 at 3:27 PM, Yann Ylavic  wrote:

> On Wed, Mar 22, 2017 at 1:37 PM, Yann Ylavic  wrote:
> >
> > There are two patches attached, one for the changes in httpd code, the
> > other for the files generated by the bison/flex parser.
>
> The second patch was missing the changes in server/util_expr_parse.h,
> resending...
>
> >
> > Hope that helps,
> > Yann.
>

Welcome back :-)

Unfortunately,  the situation seems to be getting worse :-(

These expressions don't work anymore: Can't parse value expression :
Function 'PeerExtList' does not exist

Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
%{PeerExtList:2.5.29.17}"

I've modified this one to use the "normal" method syntax, hoping that would
work:


Header set matched-dynamic true


Cannot parse condition clause: syntax error, unexpected T_ERROR, expecting
T_VAR_END or ':': Invalid character in variable name '('

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Mon, Mar 13, 2017 at 4:16 PM, Andrei Ivanov 
wrote:

> On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov 
> wrote:
>
>> On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic 
>>> wrote:
>>>
 Hi Andrei,

 On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov  wrote:

> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
>
>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <
>> andrei.iva...@gmail.com> wrote:
>>
>>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
>>> andrei.iva...@gmail.com> wrote:
>>>
 On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
 andrei.iva...@gmail.com> wrote:

> On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:
>
> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
> >
> > I've managed to apply your patch and rebuild Apache and now I
> have:
> > Header set Client-IP "expr=%{REMOTE_ADDR}"
> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>
> Could you please add:
>   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
> PeerExtList('2.5.29.17')"
> ?
>
> If it outputed "Expr: IP Addressfalse" that'd be issue with
> operators'
> precedence.
> I'll try on my side, but you may beat me to it since you have the
> environment...
>
>
> Ugh, it's my work environment, I'll be able to access it only on
> Monday.
>
>
 Tried now, I've adapted your suggestion a bit as it doesn't seem
 correct:

 Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
 %{PeerExtList:2.5.29.17}"

 This results in:
 Expr: 'IP Address:'.159.107.78.127 -in email:,
 email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
 Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44

 As far as I understand, it doesn't perform the concatenation
 properly.
 I've tried
 Header set Expr "expr='%{IP Address:'
 ​​
 .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"

 But I get a parse error at startup:
 Can't parse value expression : syntax error, unexpected T_ERROR,
 expecting T_VAR_END or ':': Invalid character in variable name ' '

 But I think mod_headers has some different way of interpreting
 expressions, because this doesn't work:

 Header set matched false
 >>> ​​
 %{PeerExtList:2.5.29.17}">
 Header set matched true
 

 Cannot parse condition clause: syntax error, unexpected
 T_VAR_BEGIN, expecting T_ID or '{

>>>
>>> Yann? Any clues? :-)
>>>
>>
>> Ping 
>>
>
> Hello?
>

 ​Yes sorry, was busy these days ;)

>>>
>>> I understand, who isn't? :-)
>>>
>>> ​
 ​Mixing different types (string, boolean, list) of expressions is not
 working currently, and requires changes in the parser (I'll try to work on
 this soon).

 In the meantime, maybe with my patch you could try to (uglily) match
 "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
 against something like "IP Address:".​%{REMOTE_ADDR}(,|$) ?

 I've experimented a bit more with your suggestion, still doesn't work
>>> :-(
>>>
>>> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
>>> %{PeerExtList:2.5.29.17}"
>>> Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
>>> Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
>>>
>>> Expr1: 'IP Address:'.159.107.78.131 -in email:,
>>> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>> Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>> Expr2: email:, email:, IP Address:127.0.0.1, IP
>>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>>> Expr3: email:, email:, IP Address:127.0.0.1, IP
>>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>>>
>>> So for mod_headers the expression isn't fully evaluated...
>>>
>>> Header set matched-dynamic false
>>> 
>>> Header set matched-dynamic true
>>> 
>>> Header set matched-static false
>>> 
>>> Header set matched-static true
>>> 
>>>
>>> matched-dynamic: false
>>> matched-static: true
>>>
>>> The match against a dynamic expression fails.
>>>
>>> Require expr "PeerExtList('2.5.29.17') =~ /'IP
>>> 

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Fri, Mar 10, 2017 at 12:35 PM, Andrei Ivanov 
wrote:

> On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov 
> wrote:
>
>> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic 
>> wrote:
>>
>>> Hi Andrei,
>>>
>>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov 
>>> wrote:
>>>
 On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov  wrote:

> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
>
>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
>> andrei.iva...@gmail.com> wrote:
>>
>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
>>> andrei.iva...@gmail.com> wrote:
>>>
 On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:

 On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
 andrei.iva...@gmail.com> wrote:
 >
 > I've managed to apply your patch and rebuild Apache and now I
 have:
 > Header set Client-IP "expr=%{REMOTE_ADDR}"
 > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
 > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"

 Could you please add:
   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
 PeerExtList('2.5.29.17')"
 ?

 If it outputed "Expr: IP Addressfalse" that'd be issue with
 operators'
 precedence.
 I'll try on my side, but you may beat me to it since you have the
 environment...


 Ugh, it's my work environment, I'll be able to access it only on
 Monday.


>>> Tried now, I've adapted your suggestion a bit as it doesn't seem
>>> correct:
>>>
>>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>>> %{PeerExtList:2.5.29.17}"
>>>
>>> This results in:
>>> Expr: 'IP Address:'.159.107.78.127 -in email:,
>>> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>>
>>> As far as I understand, it doesn't perform the concatenation
>>> properly.
>>> I've tried
>>> Header set Expr "expr='%{IP Address:'
>>> ​​
>>> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"
>>>
>>> But I get a parse error at startup:
>>> Can't parse value expression : syntax error, unexpected T_ERROR,
>>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>>
>>> But I think mod_headers has some different way of interpreting
>>> expressions, because this doesn't work:
>>>
>>> Header set matched false
>>> >> ​​
>>> %{PeerExtList:2.5.29.17}">
>>> Header set matched true
>>> 
>>>
>>> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
>>> expecting T_ID or '{
>>>
>>
>> Yann? Any clues? :-)
>>
>
> Ping 
>

 Hello?

>>>
>>> ​Yes sorry, was busy these days ;)
>>>
>>
>> I understand, who isn't? :-)
>>
>> ​
>>> ​Mixing different types (string, boolean, list) of expressions is not
>>> working currently, and requires changes in the parser (I'll try to work on
>>> this soon).
>>>
>>> In the meantime, maybe with my patch you could try to (uglily) match
>>> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
>>> against something like "IP Address:".​%{REMOTE_ADDR}(,|$) ?
>>>
>>> I've experimented a bit more with your suggestion, still doesn't work :-(
>>
>> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
>> %{PeerExtList:2.5.29.17}"
>> Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
>> Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
>>
>> Expr1: 'IP Address:'.159.107.78.131 -in email:,
>> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>> Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>> Expr2: email:, email:, IP Address:127.0.0.1, IP
>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>> Expr3: email:, email:, IP Address:127.0.0.1, IP
>> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
>> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>>
>> So for mod_headers the expression isn't fully evaluated...
>>
>> Header set matched-dynamic false
>> 
>> Header set matched-dynamic true
>> 
>> Header set matched-static false
>> 
>> Header set matched-static true
>> 
>>
>> matched-dynamic: false
>> matched-static: true
>>
>> The match against a dynamic expression fails.
>>
>> Require expr "PeerExtList('2.5.29.17') =~ /'IP
>> Address:'.%{REMOTE_ADDR}(,|$)/"
>> Require expr "PeerExtList('2.5.29.17') =~ /'IP
>> Address:159.107.78.131'(,|$)/"
>>
>> These both fail :-(
>>
>> Thank you for your patience.
>>
>
> Hello?
>

Yann? I'm getting squeezed here, please 

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Mar 7, 2017 at 7:08 PM, Andrei Ivanov 
wrote:

> On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic  wrote:
>
>> Hi Andrei,
>>
>> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov 
>> wrote:
>>
>>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov 
>>> wrote:
>>>
 On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov <
 andrei.iva...@gmail.com> wrote:

> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
>
>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
>> andrei.iva...@gmail.com> wrote:
>>
>>> On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:
>>>
>>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
>>> andrei.iva...@gmail.com> wrote:
>>> >
>>> > I've managed to apply your patch and rebuild Apache and now I have:
>>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>>
>>> Could you please add:
>>>   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>>> PeerExtList('2.5.29.17')"
>>> ?
>>>
>>> If it outputed "Expr: IP Addressfalse" that'd be issue with
>>> operators'
>>> precedence.
>>> I'll try on my side, but you may beat me to it since you have the
>>> environment...
>>>
>>>
>>> Ugh, it's my work environment, I'll be able to access it only on
>>> Monday.
>>>
>>>
>> Tried now, I've adapted your suggestion a bit as it doesn't seem
>> correct:
>>
>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>> %{PeerExtList:2.5.29.17}"
>>
>> This results in:
>> Expr: 'IP Address:'.159.107.78.127 -in email:,
>> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>
>> As far as I understand, it doesn't perform the concatenation properly.
>> I've tried
>> Header set Expr "expr='%{IP Address:'
>> ​​
>> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"
>>
>> But I get a parse error at startup:
>> Can't parse value expression : syntax error, unexpected T_ERROR,
>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>
>> But I think mod_headers has some different way of interpreting
>> expressions, because this doesn't work:
>>
>> Header set matched false
>> > ​​
>> %{PeerExtList:2.5.29.17}">
>> Header set matched true
>> 
>>
>> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
>> expecting T_ID or '{
>>
>
> Yann? Any clues? :-)
>

 Ping 

>>>
>>> Hello?
>>>
>>
>> ​Yes sorry, was busy these days ;)
>>
>
> I understand, who isn't? :-)
>
> ​
>> ​Mixing different types (string, boolean, list) of expressions is not
>> working currently, and requires changes in the parser (I'll try to work on
>> this soon).
>>
>> In the meantime, maybe with my patch you could try to (uglily) match
>> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
>> against something like "IP Address:".​%{REMOTE_ADDR}(,|$) ?
>>
>> I've experimented a bit more with your suggestion, still doesn't work :-(
>
> Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
> %{PeerExtList:2.5.29.17}"
> Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
> Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"
>
> Expr1: 'IP Address:'.159.107.78.131 -in email:,
> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
> Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
> Expr2: email:, email:, IP Address:127.0.0.1, IP
> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
> Expr3: email:, email:, IP Address:127.0.0.1, IP
> Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
> Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
>
> So for mod_headers the expression isn't fully evaluated...
>
> Header set matched-dynamic false
> 
> Header set matched-dynamic true
> 
> Header set matched-static false
> 
> Header set matched-static true
> 
>
> matched-dynamic: false
> matched-static: true
>
> The match against a dynamic expression fails.
>
> Require expr "PeerExtList('2.5.29.17') =~ /'IP
> Address:'.%{REMOTE_ADDR}(,|$)/"
> Require expr "PeerExtList('2.5.29.17') =~ /'IP
> Address:159.107.78.131'(,|$)/"
>
> These both fail :-(
>
> Thank you for your patience.
>

Hello?

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Mon, Mar 6, 2017 at 12:57 PM, Yann Ylavic  wrote:

> Hi Andrei,
>
> On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov 
> wrote:
>
>> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov >> > wrote:
>>>
 On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov <
 andrei.iva...@gmail.com> wrote:

> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
>
>> On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:
>>
>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
>> andrei.iva...@gmail.com> wrote:
>> >
>> > I've managed to apply your patch and rebuild Apache and now I have:
>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>
>> Could you please add:
>>   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>> PeerExtList('2.5.29.17')"
>> ?
>>
>> If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
>> precedence.
>> I'll try on my side, but you may beat me to it since you have the
>> environment...
>>
>>
>> Ugh, it's my work environment, I'll be able to access it only on
>> Monday.
>>
>>
> Tried now, I've adapted your suggestion a bit as it doesn't seem
> correct:
>
> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
> %{PeerExtList:2.5.29.17}"
>
> This results in:
> Expr: 'IP Address:'.159.107.78.127 -in email:,
> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>
> As far as I understand, it doesn't perform the concatenation properly.
> I've tried
> Header set Expr "expr='%{IP Address:'
> ​​
> .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"
>
> But I get a parse error at startup:
> Can't parse value expression : syntax error, unexpected T_ERROR,
> expecting T_VAR_END or ':': Invalid character in variable name ' '
>
> But I think mod_headers has some different way of interpreting
> expressions, because this doesn't work:
>
> Header set matched false
>  ​​
> %{PeerExtList:2.5.29.17}">
> Header set matched true
> 
>
> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
> expecting T_ID or '{
>

 Yann? Any clues? :-)

>>>
>>> Ping 
>>>
>>
>> Hello?
>>
>
> ​Yes sorry, was busy these days ;)
>

I understand, who isn't? :-)

​
> ​Mixing different types (string, boolean, list) of expressions is not
> working currently, and requires changes in the parser (I'll try to work on
> this soon).
>
> In the meantime, maybe with my patch you could try to (uglily) match
> "%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
> against something like "IP Address:".​%{REMOTE_ADDR}(,|$) ?
>
> I've experimented a bit more with your suggestion, still doesn't work :-(

Header set Expr1 "expr='IP Address:'.%{REMOTE_ADDR} -in
%{PeerExtList:2.5.29.17}"
Header set Expr2 "expr=%{PeerExtList:2.5.29.17} =~ /%{REMOTE_ADDR}/"
Header set Expr3 "expr=%{PeerExtList:2.5.29.17} =~ /159.107.78.131/"

Expr1: 'IP Address:'.159.107.78.131 -in email:,
email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
Address:159.107.78.131, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
Expr2: email:, email:, IP Address:127.0.0.1, IP
Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/
Expr3: email:, email:, IP Address:127.0.0.1, IP
Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.131, IP
Address:FE80:0:0:0:6D03:4CE1:C15F:5A44 =~ /159.107.78.131/

So for mod_headers the expression isn't fully evaluated...

Header set matched-dynamic false

Header set matched-dynamic true

Header set matched-static false

Header set matched-static true


matched-dynamic: false
matched-static: true

The match against a dynamic expression fails.

Require expr "PeerExtList('2.5.29.17') =~ /'IP
Address:'.%{REMOTE_ADDR}(,|$)/"
Require expr "PeerExtList('2.5.29.17') =~ /'IP
Address:159.107.78.131'(,|$)/"

These both fail :-(

Thank you for your patience.

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

Hi Andrei,

On Mon, Mar 6, 2017 at 10:15 AM, Andrei Ivanov 
wrote:

> On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov 
> wrote:
>
>> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov >> > wrote:
>>>
 On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov <
 andrei.iva...@gmail.com> wrote:

> On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:
>
> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov <
> andrei.iva...@gmail.com> wrote:
> >
> > I've managed to apply your patch and rebuild Apache and now I have:
> > Header set Client-IP "expr=%{REMOTE_ADDR}"
> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>
> Could you please add:
>   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
> PeerExtList('2.5.29.17')"
> ?
>
> If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
> precedence.
> I'll try on my side, but you may beat me to it since you have the
> environment...
>
>
> Ugh, it's my work environment, I'll be able to access it only on
> Monday.
>
>
 Tried now, I've adapted your suggestion a bit as it doesn't seem
 correct:

 Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
 %{PeerExtList:2.5.29.17}"

 This results in:
 Expr: 'IP Address:'.159.107.78.127 -in email:,
 email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
 Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44

 As far as I understand, it doesn't perform the concatenation properly.
 I've tried
 Header set Expr "expr='%{IP Address:'
 ​​
 .%{REMOTE_ADDR}} -in %{PeerExtList:2.5.29.17}"

 But I get a parse error at startup:
 Can't parse value expression : syntax error, unexpected T_ERROR,
 expecting T_VAR_END or ':': Invalid character in variable name ' '

 But I think mod_headers has some different way of interpreting
 expressions, because this doesn't work:

 Header set matched false
 >>> ​​
 %{PeerExtList:2.5.29.17}">
 Header set matched true
 

 Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
 expecting T_ID or '{

>>>
>>> Yann? Any clues? :-)
>>>
>>
>> Ping 
>>
>
> Hello?
>

​Yes sorry, was busy these days ;)
​
​Mixing different types (string, boolean, list) of expressions is not
working currently, and requires changes in the parser (I'll try to work on
this soon).

In the meantime, maybe with my patch you could try to (uglily) match
"%{PeerExtList:2.5.29.17}" (as a string, hence with the operator "~=")
against something like "IP Address:".​%{REMOTE_ADDR}(,|$) ?


Regards,
Yann.

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Thu, Mar 2, 2017 at 12:40 PM, Andrei Ivanov 
wrote:

> On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov 
> wrote:
>
>> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov 
>> wrote:
>>
>>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov >> > wrote:
>>>
 On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:

 On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov 
 wrote:
 >
 > I've managed to apply your patch and rebuild Apache and now I have:
 > Header set Client-IP "expr=%{REMOTE_ADDR}"
 > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
 > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"

 Could you please add:
   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
 PeerExtList('2.5.29.17')"
 ?

 If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
 precedence.
 I'll try on my side, but you may beat me to it since you have the
 environment...


 Ugh, it's my work environment, I'll be able to access it only on
 Monday.


>>> Tried now, I've adapted your suggestion a bit as it doesn't seem correct:
>>>
>>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>>> %{PeerExtList:2.5.29.17}"
>>>
>>> This results in:
>>> Expr: 'IP Address:'.159.107.78.127 -in email:,
>>> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>>
>>> As far as I understand, it doesn't perform the concatenation properly.
>>> I've tried
>>> Header set Expr "expr='%{IP Address:'.%{REMOTE_ADDR}} -in
>>> %{PeerExtList:2.5.29.17}"
>>>
>>> But I get a parse error at startup:
>>> Can't parse value expression : syntax error, unexpected T_ERROR,
>>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>>
>>> But I think mod_headers has some different way of interpreting
>>> expressions, because this doesn't work:
>>>
>>> Header set matched false
>>> 
>>> Header set matched true
>>> 
>>>
>>> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
>>> expecting T_ID or '{
>>>
>>
>> Yann? Any clues? :-)
>>
>
> Ping 
>

Hello?

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Feb 28, 2017 at 12:09 PM, Andrei Ivanov 
wrote:

> On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov 
> wrote:
>
>> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov 
>> wrote:
>>
>>> On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:
>>>
>>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov 
>>> wrote:
>>> >
>>> > I've managed to apply your patch and rebuild Apache and now I have:
>>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>>
>>> Could you please add:
>>>   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>>> PeerExtList('2.5.29.17')"
>>> ?
>>>
>>> If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
>>> precedence.
>>> I'll try on my side, but you may beat me to it since you have the
>>> environment...
>>>
>>>
>>> Ugh, it's my work environment, I'll be able to access it only on Monday.
>>>
>>>
>> Tried now, I've adapted your suggestion a bit as it doesn't seem correct:
>>
>> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
>> %{PeerExtList:2.5.29.17}"
>>
>> This results in:
>> Expr: 'IP Address:'.159.107.78.127 -in email:,
>> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
>> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>>
>> As far as I understand, it doesn't perform the concatenation properly.
>> I've tried
>> Header set Expr "expr='%{IP Address:'.%{REMOTE_ADDR}} -in
>> %{PeerExtList:2.5.29.17}"
>>
>> But I get a parse error at startup:
>> Can't parse value expression : syntax error, unexpected T_ERROR,
>> expecting T_VAR_END or ':': Invalid character in variable name ' '
>>
>> But I think mod_headers has some different way of interpreting
>> expressions, because this doesn't work:
>>
>> Header set matched false
>> 
>> Header set matched true
>> 
>>
>> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
>> expecting T_ID or '{
>>
>
> Yann? Any clues? :-)
>

Ping 

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Feb 28, 2017 at 2:02 PM, Eric Covener  wrote:

> On Mon, Feb 27, 2017 at 4:58 AM, Andrei Ivanov 
> wrote:
> > But I think mod_headers has some different way of interpreting
> expressions,
> > because this doesn't work:
>
> The grammar has different starting points for expressions that resolve
> to boolean values vs. strings. I think that's what's biting some of
> your experiments.
>

That's probably true and seems very unfortunate, every module interprets
expressions differently :-(
That's why I hope Yann can provide more patches to get this working :-)

Re: [users@httpd] mod_lua and subprocess_env

[Eric Covener]

On Mon, Feb 27, 2017 at 4:58 AM, Andrei Ivanov  wrote:
> But I think mod_headers has some different way of interpreting expressions,
> because this doesn't work:

The grammar has different starting points for expressions that resolve
to boolean values vs. strings. I think that's what's biting some of
your experiments.


-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Mon, Feb 27, 2017 at 11:58 AM, Andrei Ivanov 
wrote:

> On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov 
> wrote:
>
>> On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:
>>
>> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov 
>> wrote:
>> >
>> > I've managed to apply your patch and rebuild Apache and now I have:
>> > Header set Client-IP "expr=%{REMOTE_ADDR}"
>> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>>
>> Could you please add:
>>   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
>> PeerExtList('2.5.29.17')"
>> ?
>>
>> If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
>> precedence.
>> I'll try on my side, but you may beat me to it since you have the
>> environment...
>>
>>
>> Ugh, it's my work environment, I'll be able to access it only on Monday.
>>
>>
> Tried now, I've adapted your suggestion a bit as it doesn't seem correct:
>
> Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
> %{PeerExtList:2.5.29.17}"
>
> This results in:
> Expr: 'IP Address:'.159.107.78.127 -in email:,
> email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
> Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
>
> As far as I understand, it doesn't perform the concatenation properly.
> I've tried
> Header set Expr "expr='%{IP Address:'.%{REMOTE_ADDR}} -in
> %{PeerExtList:2.5.29.17}"
>
> But I get a parse error at startup:
> Can't parse value expression : syntax error, unexpected T_ERROR, expecting
> T_VAR_END or ':': Invalid character in variable name ' '
>
> But I think mod_headers has some different way of interpreting
> expressions, because this doesn't work:
>
> Header set matched false
> 
> Header set matched true
> 
>
> Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
> expecting T_ID or '{
>

Yann? Any clues? :-)

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Fri, Feb 24, 2017 at 10:58 PM, Andrei Ivanov 
wrote:

> On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:
>
> On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov 
> wrote:
> >
> > I've managed to apply your patch and rebuild Apache and now I have:
> > Header set Client-IP "expr=%{REMOTE_ADDR}"
> > Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> > Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"
>
> Could you please add:
>   Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
> PeerExtList('2.5.29.17')"
> ?
>
> If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
> precedence.
> I'll try on my side, but you may beat me to it since you have the
> environment...
>
>
> Ugh, it's my work environment, I'll be able to access it only on Monday.
>
>
Tried now, I've adapted your suggestion a bit as it doesn't seem correct:

Header set Expr "expr='IP Address:'.%{REMOTE_ADDR} -in
%{PeerExtList:2.5.29.17}"

This results in:
Expr: 'IP Address:'.159.107.78.127 -in email:,
email:, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP
Address:159.107.78.127, IP Address:FE80:0:0:0:6D03:4CE1:C15F:5A44

As far as I understand, it doesn't perform the concatenation properly.
I've tried
Header set Expr "expr='%{IP Address:'.%{REMOTE_ADDR}} -in
%{PeerExtList:2.5.29.17}"

But I get a parse error at startup:
Can't parse value expression : syntax error, unexpected T_ERROR, expecting
T_VAR_END or ':': Invalid character in variable name ' '

But I think mod_headers has some different way of interpreting expressions,
because this doesn't work:

Header set matched false

Header set matched true


Cannot parse condition clause: syntax error, unexpected T_VAR_BEGIN,
expecting T_ID or '{

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Feb 24, 2017 22:54, "Yann Ylavic"  wrote:

On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov 
wrote:
>
> I've managed to apply your patch and rebuild Apache and now I have:
> Header set Client-IP "expr=%{REMOTE_ADDR}"
> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"

Could you please add:
  Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in
PeerExtList('2.5.29.17')"
?

If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
precedence.
I'll try on my side, but you may beat me to it since you have the
environment...


Ugh, it's my work environment, I'll be able to access it only on Monday.

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Fri, Feb 24, 2017 at 6:50 PM, Andrei Ivanov  wrote:
>
> I've managed to apply your patch and rebuild Apache and now I have:
> Header set Client-IP "expr=%{REMOTE_ADDR}"
> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"

Could you please add:
  Header set Expr "'IP Address:'.%{REMOTE_ADDR} -in PeerExtList('2.5.29.17')"
?

If it outputed "Expr: IP Addressfalse" that'd be issue with operators'
precedence.
I'll try on my side, but you may beat me to it since you have the environment...

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Feb 22, 2017 at 5:10 PM, Yann Ylavic  wrote:

> On Wed, Feb 22, 2017 at 3:19 PM, Andrei Ivanov 
> wrote:
> > On Wed, Feb 22, 2017 at 3:36 PM, Yann Ylavic 
> wrote:
> >>
> >> My bad, please try without the parentheses:
> >>
> >> Require expr "'IP Address:' . %{REMOTE_ADDR} -in
> >> PeerExtList('2.5.29.17')
> >
> > Did that too, Apache starts but the expression always returns false :-(
> >
> > And I can't find a way to debug it, to see what PeerExtList('2.5.29.17')
> > returns for my client certificate.
>
> My proposed patch (to be applied to 2.4.25) and:
> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> does it.
>

I've managed to apply your patch and rebuild Apache and now I have:
Header set Client-IP "expr=%{REMOTE_ADDR}"
Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"

Header set matched false

Header set matched true


results:
Client-IP: 159.107.78.119
Client-SAN: email:, email:, IP Address:127.0.0.1, IP
Address:0:0:0:0:0:0:0:1, IP Address:159.107.78.119, IP
Address:FE80:0:0:0:6D03:4CE1:C15F:5A44
Client-DN: CN=client-with-subjectAltName-with-IPs-4
matched: false

And with:

Require expr "'IP Address:'.%{REMOTE_ADDR} -in PeerExtList('2.5.29.17')"


I still get a 403 Forbidden :-(
AH01626: authorization result of Require expr "'IP Address:'.%{REMOTE_ADDR}
-in PeerExtList('2.5.29.17')": denied

What is wrong with it?

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Wed, Feb 22, 2017 at 3:19 PM, Andrei Ivanov  wrote:
> On Wed, Feb 22, 2017 at 3:36 PM, Yann Ylavic  wrote:
>>
>> My bad, please try without the parentheses:
>>
>> Require expr "'IP Address:' . %{REMOTE_ADDR} -in
>> PeerExtList('2.5.29.17')
>
> Did that too, Apache starts but the expression always returns false :-(
>
> And I can't find a way to debug it, to see what PeerExtList('2.5.29.17')
> returns for my client certificate.

My proposed patch (to be applied to 2.4.25) and:
Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
does it.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Feb 22, 2017 at 3:36 PM, Yann Ylavic  wrote:

> On Wed, Feb 22, 2017 at 11:19 AM, Andrei Ivanov 
> wrote:
> > On Wed, Feb 22, 2017 at 12:02 PM, Yann Ylavic 
> wrote:
> >>
> >> On Wed, Feb 22, 2017 at 10:58 AM, Andrei Ivanov <
> andrei.iva...@gmail.com>
> >> wrote:
> >> >
> >> > So... do I have a chance to get it running on RHEL 7.3 which ships
> with
> >> > 2.4.6?
> >>
> >> That may work in 2.4.6, I just didn't try ;)
> >> "Require expr ... -in" exists (as far as I can tell), and so is
> >> PeerExtList I think.
> >> Did you try it?
> >
> >
> > I didn't try on 2.4.6 because it fails even on 2.4.25:
> > 
> > Require expr "('IP Address:' . %{REMOTE_ADDR}) -in
> > PeerExtList('2.5.29.17')"
> > 
> >
> > Cannot parse expression in require line: syntax error, unexpected ')'
>
> My bad, please try without the parentheses:
>
> Require expr "'IP Address:' . %{REMOTE_ADDR} -in
> PeerExtList('2.5.29.17')


Did that too, Apache starts but the expression always returns false :-(

And I can't find a way to debug it, to see what PeerExtList('2.5.29.17')
returns for my client certificate.

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Wed, Feb 22, 2017 at 11:19 AM, Andrei Ivanov  wrote:
> On Wed, Feb 22, 2017 at 12:02 PM, Yann Ylavic  wrote:
>>
>> On Wed, Feb 22, 2017 at 10:58 AM, Andrei Ivanov 
>> wrote:
>> >
>> > So... do I have a chance to get it running on RHEL 7.3 which ships with
>> > 2.4.6?
>>
>> That may work in 2.4.6, I just didn't try ;)
>> "Require expr ... -in" exists (as far as I can tell), and so is
>> PeerExtList I think.
>> Did you try it?
>
>
> I didn't try on 2.4.6 because it fails even on 2.4.25:
> 
> Require expr "('IP Address:' . %{REMOTE_ADDR}) -in
> PeerExtList('2.5.29.17')"
> 
>
> Cannot parse expression in require line: syntax error, unexpected ')'

My bad, please try without the parentheses:

Require expr "'IP Address:' . %{REMOTE_ADDR} -in PeerExtList('2.5.29.17')"

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Feb 22, 2017 at 12:02 PM, Yann Ylavic  wrote:

> On Wed, Feb 22, 2017 at 10:58 AM, Andrei Ivanov 
> wrote:
> >
> > So... do I have a chance to get it running on RHEL 7.3 which ships with
> > 2.4.6?
>
> That may work in 2.4.6, I just didn't try ;)
> "Require expr ... -in" exists (as far as I can tell), and so is
> PeerExtList I think.
> Did you try it?
>

I didn't try on 2.4.6 because it fails even on 2.4.25:

Require expr "('IP Address:' . %{REMOTE_ADDR}) -in
PeerExtList('2.5.29.17')"


Cannot parse expression in require line: syntax error, unexpected ')'

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Wed, Feb 22, 2017 at 10:58 AM, Andrei Ivanov  wrote:
>
> So... do I have a chance to get it running on RHEL 7.3 which ships with
> 2.4.6?

That may work in 2.4.6, I just didn't try ;)
"Require expr ... -in" exists (as far as I can tell), and so is
PeerExtList I think.
Did you try it?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Wed, Feb 22, 2017 at 2:13 AM, Yann Ylavic  wrote:

> On Wed, Feb 22, 2017 at 1:09 AM, Yann Ylavic  wrote:
> > On Tue, Feb 21, 2017 at 5:43 PM, Andrei Ivanov 
> wrote:
> >> On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic 
> wrote:
> >>>
> >>> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov <
> andrei.iva...@gmail.com>
> >>> wrote:
> >>> >>>
> >>> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
> >>>
> >>> The syntax may be rather:
> >>>
> >>> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
> >>>
> >>> Does it work better?
> >>
> >>
> >> Uf, no :-(
> >
> > I've got it to work in (in 2.4.25), with a patch (attached), and for
> > me it outputs:
> > Client-SAN: DNS:www1.domain.tld, DNS:www2.domain.tld,
> > DNS:www3.domain.tld, IP Address:192.168.150.80, IP
> > Address:192.168.150.145, IP Address:172.25.25.100
> >
> > So I guess something like:
> > Require expr "('IP Address:' . %{REMOTE_ADDR}) -in
> PeerExtList('2.5.29.17')"
> > should work (at least with 2.4.5).
>
> I meant 2.4.25 here...
>

So... do I have a chance to get it running on RHEL 7.3 which ships with
2.4.6?
Not sure I'll be able to convince a telecom company to patch the sources
and rebuild it themselves :-(

Thank you very much for your help and patience :-)

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Wed, Feb 22, 2017 at 1:09 AM, Yann Ylavic  wrote:
> On Tue, Feb 21, 2017 at 5:43 PM, Andrei Ivanov  
> wrote:
>> On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic  wrote:
>>>
>>> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov 
>>> wrote:
>>> >>>
>>> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
>>>
>>> The syntax may be rather:
>>>
>>> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>>
>>> Does it work better?
>>
>>
>> Uf, no :-(
>
> I've got it to work in (in 2.4.25), with a patch (attached), and for
> me it outputs:
> Client-SAN: DNS:www1.domain.tld, DNS:www2.domain.tld,
> DNS:www3.domain.tld, IP Address:192.168.150.80, IP
> Address:192.168.150.145, IP Address:172.25.25.100
>
> So I guess something like:
> Require expr "('IP Address:' . %{REMOTE_ADDR}) -in 
> PeerExtList('2.5.29.17')"
> should work (at least with 2.4.5).

I meant 2.4.25 here...

>
>
> Regards,
> Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Tue, Feb 21, 2017 at 5:43 PM, Andrei Ivanov  wrote:
> On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic  wrote:
>>
>> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov 
>> wrote:
>> >>>
>> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
>>
>> The syntax may be rather:
>>
>> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>
>> Does it work better?
>
>
> Uf, no :-(

I've got it to work in (in 2.4.25), with a patch (attached), and for
me it outputs:
Client-SAN: DNS:www1.domain.tld, DNS:www2.domain.tld,
DNS:www3.domain.tld, IP Address:192.168.150.80, IP
Address:192.168.150.145, IP Address:172.25.25.100

So I guess something like:
Require expr "('IP Address:' . %{REMOTE_ADDR}) -in PeerExtList('2.5.29.17')"
should work (at least with 2.4.5).


Regards,
Yann.
Index: server/util_expr_eval.c
===
--- server/util_expr_eval.c	(revision 1783852)
+++ server/util_expr_eval.c	(working copy)
@@ -50,6 +50,9 @@ AP_IMPLEMENT_HOOK_RUN_FIRST(int, expr_lookup, (ap_
 static const char *ap_expr_eval_string_func(ap_expr_eval_ctx_t *ctx,
 const ap_expr_t *info,
 const ap_expr_t *args);
+static apr_array_header_t *ap_expr_eval_list_func(ap_expr_eval_ctx_t *ctx,
+const ap_expr_t *info,
+const ap_expr_t *args);
 static const char *ap_expr_eval_re_backref(ap_expr_eval_ctx_t *ctx,
unsigned int n);
 static const char *ap_expr_eval_var(ap_expr_eval_ctx_t *ctx,
@@ -80,6 +83,8 @@ static int inc_rec(ap_expr_eval_ctx_t *ctx)
 return 1;
 }
 
+#define AP_EXPR_MAX_LIST_STRINGS 500
+
 static const char *ap_expr_eval_word(ap_expr_eval_ctx_t *ctx,
  const ap_expr_t *node)
 {
@@ -161,6 +166,35 @@ static const char *ap_expr_eval_word(ap_expr_eval_
 result = ap_expr_eval_string_func(ctx, info, args);
 break;
 }
+case op_ListFuncCall: {
+const ap_expr_t *info = node->node_arg1;
+const ap_expr_t *args = node->node_arg2;
+apr_array_header_t *array = ap_expr_eval_list_func(ctx, info, args);
+if (array && array->nelts > 0) {
+struct iovec *vec;
+int n = array->nelts, i = 0;
+/* sanity check */
+if (n > AP_EXPR_MAX_LIST_STRINGS) {
+n = AP_EXPR_MAX_LIST_STRINGS;
+}
+/* all entries (but last) separated by ", " */
+n = (n * 2) - 1;
+vec = apr_palloc(ctx->p, n * sizeof(struct iovec));
+for (;;) {
+const char *s = APR_ARRAY_IDX(array, i, const char *);
+vec[i].iov_base = (void *)s;
+vec[i].iov_len = strlen(s);
+if (++i >= n) {
+break;
+}
+vec[i].iov_base = (void *)", ";
+vec[i].iov_len = 2;
+++i;
+}
+result = apr_pstrcatv(ctx->p, vec, n, NULL);
+}
+break;
+}
 case op_RegexBackref: {
 const unsigned int *np = node->node_arg1;
 result = ap_expr_eval_re_backref(ctx, *np);
@@ -213,6 +247,19 @@ static const char *ap_expr_eval_string_func(ap_exp
 return (*func)(ctx, data, ap_expr_eval_word(ctx, arg));
 }
 
+static apr_array_header_t *ap_expr_eval_list_func(ap_expr_eval_ctx_t *ctx,
+const ap_expr_t *info,
+const ap_expr_t *arg)
+{
+ap_expr_list_func_t *func = (ap_expr_list_func_t *)info->node_arg1;
+const void *data = info->node_arg2;
+
+AP_DEBUG_ASSERT(info->node_op == op_ListFuncInfo);
+AP_DEBUG_ASSERT(func != NULL);
+AP_DEBUG_ASSERT(data != NULL);
+return (*func)(ctx, data, ap_expr_eval_word(ctx, arg));
+}
+
 static int intstrcmp(const char *s1, const char *s2)
 {
 apr_int64_t i1 = apr_atoi64(s1);
@@ -268,13 +315,8 @@ static int ap_expr_eval_comp(ap_expr_eval_ctx_t *c
 }
 else if (e2->node_op == op_ListFuncCall) {
 const ap_expr_t *info = e2->node_arg1;
-const ap_expr_t *arg = e2->node_arg2;
-ap_expr_list_func_t *func = (ap_expr_list_func_t *)info->node_arg1;
-apr_array_header_t *haystack;
-
-AP_DEBUG_ASSERT(func != NULL);
-AP_DEBUG_ASSERT(info->node_op == op_ListFuncInfo);
-haystack = (*func)(ctx, info->node_arg2, ap_expr_eval_word(ctx, arg));
+const ap_expr_t *args = e2->node_arg2;
+apr_array_header_t *haystack = ap_expr_eval_list_func(ctx, info, args);
 if (haystack == NULL) {
 return 0;
 }
@@ -474,8 +516,19 @@ ap_expr_t 

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Feb 21, 2017 at 6:43 PM, Andrei Ivanov 
wrote:

> On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic  wrote:
>
>> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov 
>> wrote:
>> >>>
>> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
>>
>> The syntax may be rather:
>>
>> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>>
>> Does it work better?
>>
>
> Uf, no :-(
> I've mentioned above, this is with Apache/2.4.6 (Red Hat Enterprise Linux)
> OpenSSL/1.0.1e-fips
> I was also trying the Header with expr=value, but then I noticed it's
> available in 2.4.10 and later
>
>

Trying with the latest Apache/2.4.25 and switching to expression values:
- These work:
Header set Client-IP "expr=%{REMOTE_ADDR}"
Header set Client-DN "expr=%{SSL_CLIENT_S_DN}"

- These do not work, even after I adapted the expression following the
documentation,
   "Function calls use the %{funcname:arg} syntax rather than
funcname(arg).":

   Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
   Can't parse value expression : Function 'PeerExtList' does not exist

What should I do?
At least the standard expressions ("%{PeerExtList('2.5.29.17')}s") had a
modifier that indicated it's an SSL
expression and knew how to invoke it... even if it didn't work :-/

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Feb 21, 2017 at 6:32 PM, Yann Ylavic  wrote:

> On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov 
> wrote:
> >>>
> >>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
>
> The syntax may be rather:
>
> Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"
>
> Does it work better?
>

Uf, no :-(
I've mentioned above, this is with Apache/2.4.6 (Red Hat Enterprise Linux)
OpenSSL/1.0.1e-fips
I was also trying the Header with expr=value, but then I noticed it's
available in 2.4.10 and later

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Tue, Feb 21, 2017 at 4:50 PM, Andrei Ivanov  wrote:
>>>
>>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"

The syntax may be rather:

Header set Client-SAN "expr=%{PeerExtList:2.5.29.17}"

Does it work better?

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Mon, Feb 20, 2017 at 11:31 AM, Andrei Ivanov 
wrote:

> On Fri, Feb 17, 2017 at 12:18 PM, Andrei Ivanov 
> wrote:
>
>>
>> On Thu, Feb 16, 2017 at 9:26 PM, Eric Covener  wrote:
>>
>>> On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov 
>>> wrote:
>>> > Is there a way to debug this? To print the values from the expression
>>> in the
>>> > logs maybe?
>>>
>>> One simple way to debug is to use the same [sub-]expressions in
>>> mod_headers conditions or header values
>>>
>>
>> Great idea, thanks :-)
>>
>> Header set Client-IP "%{REMOTE_ADDR}e"
>> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
>> Header set Client-DN "%{SSL_CLIENT_S_DN}s"
>>
>> Client-IP: 159.107.78.110
>> Client-SAN: (null)
>> Client-DN: CN=client-with-subjectAltName-with-just-IPs-2
>>
>> Unfortunately, I don't get the Client SAN :-(
>>
>> Btw, this is with Apache/2.4.6 (Red Hat Enterprise Linux)
>> OpenSSL/1.0.1e-fips
>> I was also trying the Header with expr=value, but then I noticed it's
>> available in 2.4.10 and later.
>>
>
> Can anybody understand why this doesn't work? :-(
> Please help.
>

Yan? Any thoughts please?

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Fri, Feb 17, 2017 at 12:18 PM, Andrei Ivanov 
wrote:

>
> On Thu, Feb 16, 2017 at 9:26 PM, Eric Covener  wrote:
>
>> On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov 
>> wrote:
>> > Is there a way to debug this? To print the values from the expression
>> in the
>> > logs maybe?
>>
>> One simple way to debug is to use the same [sub-]expressions in
>> mod_headers conditions or header values
>>
>
> Great idea, thanks :-)
>
> Header set Client-IP "%{REMOTE_ADDR}e"
> Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
> Header set Client-DN "%{SSL_CLIENT_S_DN}s"
>
> Client-IP: 159.107.78.110
> Client-SAN: (null)
> Client-DN: CN=client-with-subjectAltName-with-just-IPs-2
>
> Unfortunately, I don't get the Client SAN :-(
>
> Btw, this is with Apache/2.4.6 (Red Hat Enterprise Linux)
> OpenSSL/1.0.1e-fips
> I was also trying the Header with expr=value, but then I noticed it's
> available in 2.4.10 and later.
>

Can anybody understand why this doesn't work? :-(
Please help.

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Thu, Feb 16, 2017 at 9:26 PM, Eric Covener  wrote:

> On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov 
> wrote:
> > Is there a way to debug this? To print the values from the expression in
> the
> > logs maybe?
>
> One simple way to debug is to use the same [sub-]expressions in
> mod_headers conditions or header values
>

Great idea, thanks :-)

Header set Client-IP "%{REMOTE_ADDR}e"
Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
Header set Client-DN "%{SSL_CLIENT_S_DN}s"

Client-IP: 159.107.78.110
Client-SAN: (null)
Client-DN: CN=client-with-subjectAltName-with-just-IPs-2

Unfortunately, I don't get the Client SAN :-(

Btw, this is with Apache/2.4.6 (Red Hat Enterprise Linux)
OpenSSL/1.0.1e-fips
I was also trying the Header with expr=value, but then I noticed it's
available in 2.4.10 and later.


> --
> Eric Covener
> cove...@gmail.com
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Eric Covener]

On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov  wrote:
> Is there a way to debug this? To print the values from the expression in the
> logs maybe?

One simple way to debug is to use the same [sub-]expressions in
mod_headers conditions or header values
-- 
Eric Covener
cove...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Thu, Feb 16, 2017 at 5:20 PM, Yann Ylavic  wrote:

> On Thu, Feb 16, 2017 at 2:46 PM, Andrei Ivanov 
> wrote:
> >
> > I gave it a try, but seems to reach the same limitation of the expression
> > engine :-(
> > NSSRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
> > or
> > Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"
> >
> > AH00526: Syntax error on line 229 of /etc/httpd/conf.d/nss.conf:
> > Cannot parse expression in require line: syntax error, unexpected $end
>
> This (PeerExtList), for once, is a mod_ssl (and possibly not mod_nss?)
> extension...
>
> Hmm, indeed.

This one still doesn't work:
Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"
AH00526: Syntax error on line 145 of /etc/httpd/conf.d/ssl.conf:
Cannot parse expression in require line: syntax error, unexpected $end

But this one passes the configuration check:
SSLRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')

The problem now is that I can't get it to pass when testing it with
requests :-(
[Thu Feb 16 18:12:38.928842 2017] [ssl:info] [pid 29931] [client
159.107.78.128:60511] AH02266: Access to /var/www/html/index.php denied for
159.107.78.128 (requirement expression not fulfilled)
[Thu Feb 16 18:12:38.928961 2017] [ssl:info] [pid 29931] [client
159.107.78.128:60511] AH02228: Failed expression: %{REMOTE_ADDR} in
PeerExtList('2.5.29.17')
[Thu Feb 16 18:12:38.928972 2017] [ssl:error] [pid 29931] [client
159.107.78.128:60511] AH02229: access to /var/www/html/index.php failed,
reason: SSL requirement expression not fulfilled

The client certificate gets validated, but the expression fails.
Is there a way to debug this? To print the values from the expression in
the logs maybe?


>
> Regards,
> Yann.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Thu, Feb 16, 2017 at 2:46 PM, Andrei Ivanov  wrote:
>
> I gave it a try, but seems to reach the same limitation of the expression
> engine :-(
> NSSRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
> or
> Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"
>
> AH00526: Syntax error on line 229 of /etc/httpd/conf.d/nss.conf:
> Cannot parse expression in require line: syntax error, unexpected $end

This (PeerExtList), for once, is a mod_ssl (and possibly not mod_nss?)
extension...


Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Thu, Feb 16, 2017 at 2:49 PM, Yann Ylavic  wrote:

> On Tue, Feb 14, 2017 at 1:24 PM, Andrei Ivanov 
> wrote:
> >
> > I'm using mod_nss exactly because mod_ssl doesn't expose that variable
> and
> > my issue that requests that is sitting ignored for 2 months now :-(
>
> Did you try something with SSLRequire or a  expression like
> "'' -in PeerExtList('2.5.29.17')" ?
>
> I never tested it, but since '2.5.29.17' is the OID for the
> certificate's SAN, and PeerExtList() may return the list of the inner
> strings, it could possibly work...
>
>
I gave it a try, but seems to reach the same limitation of the expression
engine :-(
NSSRequire %{REMOTE_ADDR} in PeerExtList('2.5.29.17')
or
Require expr "%{REMOTE_ADDR} in PeerExtList('2.5.29.17')"

AH00526: Syntax error on line 229 of /etc/httpd/conf.d/nss.conf:
Cannot parse expression in require line: syntax error, unexpected $end


>
> Regards,
> Yann.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Yann Ylavic]

On Tue, Feb 14, 2017 at 1:24 PM, Andrei Ivanov  wrote:
>
> I'm using mod_nss exactly because mod_ssl doesn't expose that variable and
> my issue that requests that is sitting ignored for 2 months now :-(

Did you try something with SSLRequire or a  expression like
"'' -in PeerExtList('2.5.29.17')" ?

I never tested it, but since '2.5.29.17' is the OID for the
certificate's SAN, and PeerExtList() may return the list of the inner
strings, it could possibly work...


Regards,
Yann.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Daniel Gruno]

On 02/14/2017 01:24 PM, Andrei Ivanov wrote:
> On Tue, Feb 14, 2017 at 2:19 PM, Daniel Gruno  > wrote:
> 
> On 02/14/2017 01:16 PM, Andrei Ivanov wrote:
> > On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno  
> > >> wrote:
> >
> > On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> > > Hi,
> > > I'm trying to create a lua authorization script but I can't seem 
> to
> > > access the request environment:
> > >
> > > require 'apache2'
> > >
> > > function authz_check_remote_ip_in_client_san(r)
> > > r:err("remote_ip_in_client_san running...");
> > > r:alert("uri: " .. r.uri);
> > > r:alert("useragent_ip: " .. r.useragent_ip);
> > > local ip = r.subprocess_env["REMOTE_ADDRESS"];
> > > r:crit("REMOTE_ADDRESS: " .. (ip or "N/A"));
> > > r:emerg("SSL_CLIENT_SAN_IPaddr: " ..
> > > (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A"));
> >
> >
> > What about r.subprocess_env["REMOTE_ADDRESS"]? Shouldn't that work at 
> least?
> 
> Not exactly, this isn't CGI - the remote IP is exposed through
> r.useragent_ip. Getting environment variables is tricky since the Lua VM
> is sort of detached from the actual thread handling the request.
> 
> 
> I was using the REMOTE_ADDRESS since it was used as an example in a post :-)
> http://lua-users.org/lists/lua-l/2010-07/msg00671.html
> Is subprocess_env working at all?

Shortest answer I can think of is: Yes, but it doesn't do what you think
it does. it's not equivalent to os.getenv().

Perhaps later I'll elaborate on that...when I have my brain with me.

> 
> 
> >
> >
> > use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead.
> > r:ssl_var_lookup does the special SSL vars.
> >
> >
> > I don't get a nil now anymore, but I seem to get back an empty string 
> :-(
> > SSL_CLIENT_SAN_IPaddr should be exposed by mod_nss, activated in this
> > virtual host.
> 
> If it's not exposed by mod_ssl, then it may not be available through
> that call. You should try finding the corresponding mod_ssl variable if
> possible.
> 
> I'm using mod_nss exactly because mod_ssl doesn't expose that variable
> and my issue that requests that is sitting ignored for 2 months now :-(
> I was hoping this would help:
> 
> NSSOptions +StdEnvVars
> 
> 
>  
> 
> >
> >
> >
> > With regards,
> > Daniel.
> >
> > >
> > > return apache2.AUTHZ_GRANTED
> > > end
> > >
> > > The logs show entries like this for the values accessed from
> > > r.subprocess_env:
> > > REMOTE_ADDRESS: N/A
> > > SSL_CLIENT_SAN_IPaddr: N/A
> > >
> > >
> > > LuaScope thread
> > > LuaAuthzProvider remote_ip_in_client_san
> > > /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua
> > > authz_check_remote_ip_in_client_san
> > > 
> > > Require remote_ip_in_client_san
> > >
> > > # these don't seem to work so I'm trying to implement them in 
> a LUA
> > > script
> > > #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
> > > #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
> > > 
> > >
> > > What am I doing wrong?
> > >
> > > Thank you in advance.
> >
> >
> > 
> -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
> >  >
> > For additional commands, e-mail: users-h...@httpd.apache.org 
> 
> >  >
> >
> >
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Feb 14, 2017 at 2:19 PM, Daniel Gruno  wrote:

> On 02/14/2017 01:16 PM, Andrei Ivanov wrote:
> > On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno  > > wrote:
> >
> > On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> > > Hi,
> > > I'm trying to create a lua authorization script but I can't seem to
> > > access the request environment:
> > >
> > > require 'apache2'
> > >
> > > function authz_check_remote_ip_in_client_san(r)
> > > r:err("remote_ip_in_client_san running...");
> > > r:alert("uri: " .. r.uri);
> > > r:alert("useragent_ip: " .. r.useragent_ip);
> > > local ip = r.subprocess_env["REMOTE_ADDRESS"];
> > > r:crit("REMOTE_ADDRESS: " .. (ip or "N/A"));
> > > r:emerg("SSL_CLIENT_SAN_IPaddr: " ..
> > > (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A"));
> >
> >
> > What about r.subprocess_env["REMOTE_ADDRESS"]? Shouldn't that work at
> least?
>
> Not exactly, this isn't CGI - the remote IP is exposed through
> r.useragent_ip. Getting environment variables is tricky since the Lua VM
> is sort of detached from the actual thread handling the request.
>

I was using the REMOTE_ADDRESS since it was used as an example in a post :-)
http://lua-users.org/lists/lua-l/2010-07/msg00671.html
Is subprocess_env working at all?


> >
> >
> > use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead.
> > r:ssl_var_lookup does the special SSL vars.
> >
> >
> > I don't get a nil now anymore, but I seem to get back an empty string :-(
> > SSL_CLIENT_SAN_IPaddr should be exposed by mod_nss, activated in this
> > virtual host.
>
> If it's not exposed by mod_ssl, then it may not be available through
> that call. You should try finding the corresponding mod_ssl variable if
> possible.
>
> I'm using mod_nss exactly because mod_ssl doesn't expose that variable and
my issue that requests that is sitting ignored for 2 months now :-(
I was hoping this would help:

NSSOptions +StdEnvVars




> >
> >
> >
> > With regards,
> > Daniel.
> >
> > >
> > > return apache2.AUTHZ_GRANTED
> > > end
> > >
> > > The logs show entries like this for the values accessed from
> > > r.subprocess_env:
> > > REMOTE_ADDRESS: N/A
> > > SSL_CLIENT_SAN_IPaddr: N/A
> > >
> > >
> > > LuaScope thread
> > > LuaAuthzProvider remote_ip_in_client_san
> > > /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua
> > > authz_check_remote_ip_in_client_san
> > > 
> > > Require remote_ip_in_client_san
> > >
> > > # these don't seem to work so I'm trying to implement them in
> a LUA
> > > script
> > > #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
> > > #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
> > > 
> > >
> > > What am I doing wrong?
> > >
> > > Thank you in advance.
> >
> >
> > 
> -
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > 
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > 
> >
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Daniel Gruno]

On 02/14/2017 01:16 PM, Andrei Ivanov wrote:
> On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno  > wrote:
> 
> On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> > Hi,
> > I'm trying to create a lua authorization script but I can't seem to
> > access the request environment:
> >
> > require 'apache2'
> >
> > function authz_check_remote_ip_in_client_san(r)
> > r:err("remote_ip_in_client_san running...");
> > r:alert("uri: " .. r.uri);
> > r:alert("useragent_ip: " .. r.useragent_ip);
> > local ip = r.subprocess_env["REMOTE_ADDRESS"];
> > r:crit("REMOTE_ADDRESS: " .. (ip or "N/A"));
> > r:emerg("SSL_CLIENT_SAN_IPaddr: " ..
> > (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A"));
> 
> 
> What about r.subprocess_env["REMOTE_ADDRESS"]? Shouldn't that work at least?

Not exactly, this isn't CGI - the remote IP is exposed through
r.useragent_ip. Getting environment variables is tricky since the Lua VM
is sort of detached from the actual thread handling the request.

>  
> 
> use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead.
> r:ssl_var_lookup does the special SSL vars.
> 
> 
> I don't get a nil now anymore, but I seem to get back an empty string :-(
> SSL_CLIENT_SAN_IPaddr should be exposed by mod_nss, activated in this
> virtual host.

If it's not exposed by mod_ssl, then it may not be available through
that call. You should try finding the corresponding mod_ssl variable if
possible.

>  
> 
> 
> With regards,
> Daniel.
> 
> >
> > return apache2.AUTHZ_GRANTED
> > end
> >
> > The logs show entries like this for the values accessed from
> > r.subprocess_env:
> > REMOTE_ADDRESS: N/A
> > SSL_CLIENT_SAN_IPaddr: N/A
> >
> >
> > LuaScope thread
> > LuaAuthzProvider remote_ip_in_client_san
> > /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua
> > authz_check_remote_ip_in_client_san
> > 
> > Require remote_ip_in_client_san
> >
> > # these don't seem to work so I'm trying to implement them in a LUA
> > script
> > #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
> > #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
> > 
> >
> > What am I doing wrong?
> >
> > Thank you in advance.
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> 
> For additional commands, e-mail: users-h...@httpd.apache.org
> 
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] mod_lua and subprocess_env

[Andrei Ivanov]

On Tue, Feb 14, 2017 at 1:59 PM, Daniel Gruno  wrote:

> On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> > Hi,
> > I'm trying to create a lua authorization script but I can't seem to
> > access the request environment:
> >
> > require 'apache2'
> >
> > function authz_check_remote_ip_in_client_san(r)
> > r:err("remote_ip_in_client_san running...");
> > r:alert("uri: " .. r.uri);
> > r:alert("useragent_ip: " .. r.useragent_ip);
> > local ip = r.subprocess_env["REMOTE_ADDRESS"];
> > r:crit("REMOTE_ADDRESS: " .. (ip or "N/A"));
> > r:emerg("SSL_CLIENT_SAN_IPaddr: " ..
> > (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A"));
>
>
> What about r.subprocess_env["REMOTE_ADDRESS"]? Shouldn't that work at
least?


> use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead.
> r:ssl_var_lookup does the special SSL vars.
>

I don't get a nil now anymore, but I seem to get back an empty string :-(
SSL_CLIENT_SAN_IPaddr should be exposed by mod_nss, activated in this
virtual host.


>
> With regards,
> Daniel.
>
> >
> > return apache2.AUTHZ_GRANTED
> > end
> >
> > The logs show entries like this for the values accessed from
> > r.subprocess_env:
> > REMOTE_ADDRESS: N/A
> > SSL_CLIENT_SAN_IPaddr: N/A
> >
> >
> > LuaScope thread
> > LuaAuthzProvider remote_ip_in_client_san
> > /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua
> > authz_check_remote_ip_in_client_san
> > 
> > Require remote_ip_in_client_san
> >
> > # these don't seem to work so I'm trying to implement them in a LUA
> > script
> > #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
> > #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
> > 
> >
> > What am I doing wrong?
> >
> > Thank you in advance.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] mod_lua and subprocess_env

[Daniel Gruno]

On 02/14/2017 12:38 PM, Andrei Ivanov wrote:
> Hi,
> I'm trying to create a lua authorization script but I can't seem to
> access the request environment:
> 
> require 'apache2'
> 
> function authz_check_remote_ip_in_client_san(r)
> r:err("remote_ip_in_client_san running...");
> r:alert("uri: " .. r.uri);
> r:alert("useragent_ip: " .. r.useragent_ip);
> local ip = r.subprocess_env["REMOTE_ADDRESS"];
> r:crit("REMOTE_ADDRESS: " .. (ip or "N/A"));
> r:emerg("SSL_CLIENT_SAN_IPaddr: " ..
> (r.subprocess_env["SSL_CLIENT_SAN_IPaddr"] or "N/A"));


use r:ssl_var_lookup("SSL_CLIENT_SAN_IPaddr") instead.
r:ssl_var_lookup does the special SSL vars.

With regards,
Daniel.

> 
> return apache2.AUTHZ_GRANTED
> end
> 
> The logs show entries like this for the values accessed from
> r.subprocess_env:
> REMOTE_ADDRESS: N/A
> SSL_CLIENT_SAN_IPaddr: N/A
> 
> 
> LuaScope thread
> LuaAuthzProvider remote_ip_in_client_san
> /etc/httpd/authz/authz_check_remote_ip_in_client_san.lua
> authz_check_remote_ip_in_client_san
> 
> Require remote_ip_in_client_san
> 
> # these don't seem to work so I'm trying to implement them in a LUA
> script
> #NSSRequire %{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}
> #Require expr "%{REMOTE_ADDR} in %{SSL_CLIENT_SAN_IPaddr}"
> 
> 
> What am I doing wrong?
> 
> Thank you in advance.


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org