Re: getting *any* variables out of the server environment
On Mon, 2003-06-09 at 15:24, Perrin Harkins wrote: > [ Please keep it on the list. ] > Sorry about that! > On Mon, 2003-06-09 at 16:12, Ryan Muldoon wrote: > > > Ryan, can you post a more complete code example? > > > > > > - Perrin > > Here it is: > > > > package Apache::AuthNx509; > > > > use strict; > > use Apache::Constants qw(:common); > > use Text::ParseWords qw(quotewords); > > use Apache::Log (); > > > > sub handler { > > my $r = shift; > > my $c = $r->connection; > > my $log = $r->log; > > return OK unless $r->is_main; > > > > my $certcomponent = $r->dir_config('CertComponent') || > > 'SSL_CLIENT_S_DN_O'; > > my $certcompvalue = $r->dir_config('CertComponentValue') || > > 'University of Wisconsin'; > > my $usercomponent = $r->dir_config('RemoteUserCertComponent') || > > 'SSL_CLIENT_S_DN_CN'; > > > > #my $cn = $r->subprocess_env('MOD_PERL'); > > # $log->notice("test: $ENV{'MOD_PERL'}"); > > my $apachecertcomp = $r->subprocess_env{$certcomponent}; > > That should be $r->subprocess_env($certcomponent). It's a method, not a > hash key. Also, put the lookup_uri stuff back in, since it seems that > you need it when trying to get the stuff from mod_ssl. > > - Perrin I must have been stupid. Making those two corrections, everything works (Almost)! Right now it is failing on my attempts to set the user variable (I want to be able to set REMOTE_USER to an arbitrary cert field). I'll have to dig a bit to figure out how to do that. Thank you everyone on the list for helping me out so much today - I really appreciate it. Many days of hair-pulling are at an end. ;-) --Ryan
Re: getting *any* variables out of the server environment
[ Please keep it on the list. ] On Mon, 2003-06-09 at 16:12, Ryan Muldoon wrote: > > Ryan, can you post a more complete code example? > > > > - Perrin > Here it is: > > package Apache::AuthNx509; > > use strict; > use Apache::Constants qw(:common); > use Text::ParseWords qw(quotewords); > use Apache::Log (); > > sub handler { > my $r = shift; > my $c = $r->connection; > my $log = $r->log; > return OK unless $r->is_main; > > my $certcomponent = $r->dir_config('CertComponent') || > 'SSL_CLIENT_S_DN_O'; > my $certcompvalue = $r->dir_config('CertComponentValue') || > 'University of Wisconsin'; > my $usercomponent = $r->dir_config('RemoteUserCertComponent') || > 'SSL_CLIENT_S_DN_CN'; > > #my $cn = $r->subprocess_env('MOD_PERL'); > # $log->notice("test: $ENV{'MOD_PERL'}"); > my $apachecertcomp = $r->subprocess_env{$certcomponent}; That should be $r->subprocess_env($certcomponent). It's a method, not a hash key. Also, put the lookup_uri stuff back in, since it seems that you need it when trying to get the stuff from mod_ssl. - Perrin
Re: getting *any* variables out of the server environment
Actually, upon flushing my browser cache and checking again, I can in fact read the MOD_PERL environment variable just fine. But still no luck on any mod_ssl related variables. --Ryan
Re: getting *any* variables out of the server environment
Ok, removed. Thank you very much for the in-depth replies. It is very useful. Unfortunately any variable-reading continues to elude me. But I really appreciate all the help! well, it sounds like you are having a larger problem that just mod_ssl-based variables. since you mention you're interested in learning... :) if you really want to track this down you could start from the beginning, meaning a bare bones server and a bare bones mod_perl content handler that merely iterates over %ENV and $r->subprocess_env() (see the do() method from Apache::Table) this kind of bare bones thing used to be a pain, but with Apache-Test, it has gotten _lots_ easier. you can find Apache-Test on CPAN http://search.cpan.org/CPAN/authors/id/S/ST/STAS/Apache-Test-1.01.tar.gz you can look at some of the SSL tests in the Perl-Framework http://cvs.apache.org/viewcvs.cgi/httpd-test/perl-framework/ to see how they use Apache-Test to test SSL based things. for instance env.t tests basic environment setting for SSL connections - you can use that as the starting point for writing tests for your own stuff. or you can even download the Perl framework from http://httpd.apache.org/test/ and run the ssl tests to make sure you're server is configured properly. just some advice, and you certainly don't need to go through all the effort of reading, setting up the test environment, etc. however, once you get Apache-Test set up it will make your module development much, much easier, and you'll be able to pinpoint exactly where things go wrong much easier. some basic explanations and pointers to other docs can be found here http://www.perl.com/pub/a/2003/05/22/testing.html HTH --Geoff
Re: getting *any* variables out of the server environment
On Mon, 2003-06-09 at 15:35, Geoffrey Young wrote: > no, I wasn't saying that :) subprocess_env() from the main request is the > right way to go. I was just trying to let you know that it has nothing to > do with %ENV really. I wouldn't go that far. %ENV does get populated with that stuff, just not yet. > perhaps this is why > the eagle book said to get them from a subrequest - presumably the > subrequest would have them, since it runs through the fixup phase and SSL > stuff is per-connection and not per-request. Exactly, and as it happens, that chapter is on-line. The part Ryan was referring to is here: http://modperl.com:9000/book/chapters/ch6.html#Using_Digital_Certificates_for_A Ryan, can you post a more complete code example? - Perrin
Re: getting *any* variables out of the server environment
On Mon, 2003-06-09 at 14:35, Geoffrey Young wrote: > Ryan Muldoon wrote: > > Geoffrey, > > > > Thanks for the explanation. Unfortunately, I think I am still a little > > unclear as to how to proceed. If I understand you correctly, my first > > method is completely wrongheaded. > > :) > > > (I tried this because it is how the > > "Writing Apache Modules with Perl and C" does it. p.327) > > don't have my book handy to check that. > > > So it sounds > > like the second way is the appropriate usage for subprocess_env(). But > > it seems like you're saying that I shouldn't be using that at all. > > no, I wasn't saying that :) subprocess_env() from the main request is the > right way to go. I was just trying to let you know that it has nothing to > do with %ENV really. > Ok, cool. Thanks for the clarification ;-) > > Specifically, here is what I'd like to get out of the environment: > > SSL_CLIENT_S_DN_CN > > SSL_CLIENT_S_DN_O > > and things of that nature. > > ok, those are definitely setup in the subprocess_env table according to the > code I just took a look at. however... > > > According to mod_ssl's documentation, these > > are put in ENV upon processing of a client certificate. > > from what I can see, that's not entirely true. they are set in > subprocess_env where they sit and wait, presumably for somebody else to call > add_cgi_vars since mod_ssl does not (but mod_cgi and mod_perl both do). > > the problem you're seeing is that these variables are setup during the fixup > phase, so in using a PerlAuthenHandler you're trying to see them too early. > > int ssl_hook_Fixup(request_rec *r) > { > SSLSrvConfigRec *sc = mySrvConfig(r->server); > SSLDirConfigRec *dc = myDirConfig(r); > table *e = r->subprocess_env; > ... > /* > * Annotate the SSI/CGI environment with standard SSL information > */ > /* the always present HTTPS (=HTTP over SSL) flag! */ > ap_table_set(e, "HTTPS", "on"); > /* standard SSL environment variables */ > if (dc->nOptions & SSL_OPT_STDENVVARS) { > for (i = 0; ssl_hook_Fixup_vars[i] != NULL; i++) { > var = (char *)ssl_hook_Fixup_vars[i]; > val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); > if (!strIsEmpty(val)) > ap_table_set(e, var, val); > } > } > > in other words, you're SOL from the current request. perhaps this is why > the eagle book said to get them from a subrequest - presumably the > subrequest would have them, since it runs through the fixup phase and SSL > stuff is per-connection and not per-request. > Yeah, I think that was the motivation. On the upside of my current difficulty, I'm getting to learn a lot more about how apache does things. > > Ideally, I'd > > like to make which fields to extract configurable, so I don't want to > > hard-code. > > > > Currently, I have > > PerlPassEnv SSL_CLIENT_S_DN_O > > PerlPassEnv SSL_CLIENT_S_DN_CN > > in my httpd.conf, but it doesn't seem to make any kind of difference. > > don't do that. PerlPassEnv is for passing variables such as those from > /etc/profile to the %ENV of the Apache child processes. > Ok, removed. Thank you very much for the in-depth replies. It is very useful. Unfortunately any variable-reading continues to elude me. But I really appreciate all the help! --Ryan
Re: getting *any* variables out of the server environment
>From what I understand, what you outline *should* work. It just doesn't for me for some reason. I really appreciate everyone's help though. (And as an aside - I learned how to program in Perl from your books - many thanks) --Ryan On Mon, 2003-06-09 at 14:23, Randal L. Schwartz wrote: > > "Ryan" == Ryan Muldoon <[EMAIL PROTECTED]> writes: > > Ryan> Geoffrey, > Ryan> Thanks for the explanation. Unfortunately, I think I am still a little > Ryan> unclear as to how to proceed. If I understand you correctly, my first > Ryan> method is completely wrongheaded. (I tried this because it is how the > Ryan> "Writing Apache Modules with Perl and C" does it. p.327) So it sounds > Ryan> like the second way is the appropriate usage for subprocess_env(). But > Ryan> it seems like you're saying that I shouldn't be using that at all. > Ryan> Specifically, here is what I'd like to get out of the environment: > Ryan> SSL_CLIENT_S_DN_CN > Ryan> SSL_CLIENT_S_DN_O > Ryan> and things of that nature. According to mod_ssl's documentation, these > Ryan> are put in ENV upon processing of a client certificate. Ideally, I'd > Ryan> like to make which fields to extract configurable, so I don't want to > Ryan> hard-code. > > Well, then, in any handler after the mod_ssl has run, you > should be be able to use $r->subprocess_env("SSL_CLIENT_S_DN_CN") > to get at that info. > > Ryan> Currently, I have > Ryan> PerlPassEnv SSL_CLIENT_S_DN_O > Ryan> PerlPassEnv SSL_CLIENT_S_DN_CN > Ryan> in my httpd.conf, but it doesn't seem to make any kind of difference. > Ryan> To make sure it isn't just mod_ssl being lame for some reason, I've > Ryan> tried it with DOCUMENT_ROOT and other standard ENV variables. But to no > Ryan> avail. :( > > That takes the enviroment variables that apache was started with > and passes those to mod_perl. Probably not what you want. > > (I'm doing this from memory, so please correct me if I'm wrong.)
Re: getting *any* variables out of the server environment
I'm trying to do this as a PerlAuthenHandler, so it should be well past mod_ssl's involvement, but before the fixup stage. Trying to print out MOD_PERL either through a subprocess or ENV fails. So maybe I'm in bigger trouble than I thought? --Ryan On Mon, 2003-06-09 at 14:26, Issac Goldstand wrote: > Ryan, > Ust out of curiosity, at what stage in the request chain are you doing > this? If you are doing anything before mod_ssl populates its environment > variables (which I seem to rembmer being at Fixup, although I may be > confusing with something else), you wouldn't be able to access them. You > *should* still be able to get to other Apache environment variables. > Try an easy one: test for mod_perl. If that works, your environment > variables are OK, and it's likely a mod_ssl problem that you're having. > > Issac > > - Original Message - > From: "Ryan Muldoon" <[EMAIL PROTECTED]> > To: "Geoffrey Young" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, June 09, 2003 10:13 PM > Subject: Re: getting *any* variables out of the server environment > > > > Geoffrey, > > > > Thanks for the explanation. Unfortunately, I think I am still a little > > unclear as to how to proceed. If I understand you correctly, my first > > method is completely wrongheaded. (I tried this because it is how the > > "Writing Apache Modules with Perl and C" does it. p.327) So it sounds > > like the second way is the appropriate usage for subprocess_env(). But > > it seems like you're saying that I shouldn't be using that at all. > > Specifically, here is what I'd like to get out of the environment: > > SSL_CLIENT_S_DN_CN > > SSL_CLIENT_S_DN_O > > and things of that nature. According to mod_ssl's documentation, these > > are put in ENV upon processing of a client certificate. Ideally, I'd > > like to make which fields to extract configurable, so I don't want to > > hard-code. > > > > Currently, I have > > PerlPassEnv SSL_CLIENT_S_DN_O > > PerlPassEnv SSL_CLIENT_S_DN_CN > > in my httpd.conf, but it doesn't seem to make any kind of difference. > > To make sure it isn't just mod_ssl being lame for some reason, I've > > tried it with DOCUMENT_ROOT and other standard ENV variables. But to no > > avail. :( > > > > --Ryan > > > > On Mon, 2003-06-09 at 13:59, Geoffrey Young wrote: > > > Ryan Muldoon wrote: > > > > I'm not able to get *any* variables out from the apache server > > > > environment. > > > > > > ok, first off, this is a two step process for Apache. the first step is > > > that modules (like mod_ssl) populate the subprocess_env table with > various > > > values. then, modules like mod_cgi and mod_perl come along and populate > > > %ENV with the values from subprocess_env as well as various other CGI > > > specific variables (like DOCUMENT_ROOT or whatever else there is). the > > > point is that you're really not after environment variables if you want > to > > > test for something like $r->subprocess_env('HTTPS') - that it ends up as > > > $ENV{HTTPS} is a byproduct of modules like mod_cgi and mod_perl. > > > > > > just for your own edification :) > > > > > > > As you might be able to imagine, this is extremely > > > > frustrating, and inhibits my ability to do anything of use with > > > > mod_perl. My basic technique has been: > > > > my $uri = $r->uri; > > > > return unless $r->is_main(); > > > > my $subr = $r->lookup_uri($uri); > > > > my $apachecertcomp = $subr->subprocess_env($certcomponent); > > > > > > I don't understand the need for a subrequest to the same URI - > > > subprocess_env has nothing to do with an actual subprocess. each > request > > > (including subrequests) have their own subprocess_env table attached to > $r. > > > in many cases, modules are coded to behave differently for subrequests > > > than for the main request, so something you may see in > $r->subprocess_env() > > > could not be in $r->lookup_uri($uri)->subprocess_env(). > > > > > > > But this doesn't work. I also tried > > > > my $var = $r->subprocess_env("VARIABLE_NAME"); > > > > And this does not work either. I really need to be able to use > > > > environment variables that mod_ssl sets in my authentication handler. > > > > > > a few things here too. for the reasons described above, > subprocess_env() is > > > not a substitute for %ENV, so if what you want is a true %ENV value > (such as > > > those from PerlPassEnv), you will not be able to get to it via > > > $r->subprocess_env(). > > > > > > > Any ideas? Thanks! > > > > > > HTH > > > > > > --Geoff > > > > > > > > > > > >
Re: getting *any* variables out of the server environment
I didn't. But I just set that, and it didn't seem to make a difference --Ryan On Mon, 2003-06-09 at 14:16, Randy Kobes wrote: > On Mon, 9 Jun 2003, Ryan Muldoon wrote: > > > Geoffrey, > > > > Thanks for the explanation. Unfortunately, I think I am > > still a little unclear as to how to proceed. If I understand > > you correctly, my first method is completely wrongheaded. (I > > tried this because it is how the "Writing Apache Modules with > > Perl and C" does it. p.327) So it sounds like the second way > > is the appropriate usage for subprocess_env(). But it seems > > like you're saying that I shouldn't be using that at all. > > Specifically, here is what I'd like to get out of the > > environment: SSL_CLIENT_S_DN_CN SSL_CLIENT_S_DN_O and things of > > that nature. According to mod_ssl's documentation, these are > > put in ENV upon processing of a client certificate. Ideally, > > I'd like to make which fields to extract configurable, so I > > don't want to hard-code. > > > > Currently, I have > > PerlPassEnv SSL_CLIENT_S_DN_O > > PerlPassEnv SSL_CLIENT_S_DN_CN > > in my httpd.conf, but it doesn't seem to make any kind of difference. > > To make sure it isn't just mod_ssl being lame for some reason, I've > > tried it with DOCUMENT_ROOT and other standard ENV variables. But to no > > avail. :( > > Do you have a >SSLOptions +StdEnvVars > directive inside the relevant location of your httpd.conf?
Re: getting *any* variables out of the server environment
Ryan Muldoon wrote: Geoffrey, Thanks for the explanation. Unfortunately, I think I am still a little unclear as to how to proceed. If I understand you correctly, my first method is completely wrongheaded. :) (I tried this because it is how the "Writing Apache Modules with Perl and C" does it. p.327) don't have my book handy to check that. So it sounds like the second way is the appropriate usage for subprocess_env(). But it seems like you're saying that I shouldn't be using that at all. no, I wasn't saying that :) subprocess_env() from the main request is the right way to go. I was just trying to let you know that it has nothing to do with %ENV really. Specifically, here is what I'd like to get out of the environment: SSL_CLIENT_S_DN_CN SSL_CLIENT_S_DN_O and things of that nature. ok, those are definitely setup in the subprocess_env table according to the code I just took a look at. however... According to mod_ssl's documentation, these are put in ENV upon processing of a client certificate. from what I can see, that's not entirely true. they are set in subprocess_env where they sit and wait, presumably for somebody else to call add_cgi_vars since mod_ssl does not (but mod_cgi and mod_perl both do). the problem you're seeing is that these variables are setup during the fixup phase, so in using a PerlAuthenHandler you're trying to see them too early. int ssl_hook_Fixup(request_rec *r) { SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLDirConfigRec *dc = myDirConfig(r); table *e = r->subprocess_env; ... /* * Annotate the SSI/CGI environment with standard SSL information */ /* the always present HTTPS (=HTTP over SSL) flag! */ ap_table_set(e, "HTTPS", "on"); /* standard SSL environment variables */ if (dc->nOptions & SSL_OPT_STDENVVARS) { for (i = 0; ssl_hook_Fixup_vars[i] != NULL; i++) { var = (char *)ssl_hook_Fixup_vars[i]; val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); if (!strIsEmpty(val)) ap_table_set(e, var, val); } } in other words, you're SOL from the current request. perhaps this is why the eagle book said to get them from a subrequest - presumably the subrequest would have them, since it runs through the fixup phase and SSL stuff is per-connection and not per-request. Ideally, I'd like to make which fields to extract configurable, so I don't want to hard-code. Currently, I have PerlPassEnv SSL_CLIENT_S_DN_O PerlPassEnv SSL_CLIENT_S_DN_CN in my httpd.conf, but it doesn't seem to make any kind of difference. don't do that. PerlPassEnv is for passing variables such as those from /etc/profile to the %ENV of the Apache child processes. --Geoff
Re: getting *any* variables out of the server environment
On Mon, 9 Jun 2003, Ryan Muldoon wrote: > Geoffrey, > > Thanks for the explanation. Unfortunately, I think I am > still a little unclear as to how to proceed. If I understand > you correctly, my first method is completely wrongheaded. (I > tried this because it is how the "Writing Apache Modules with > Perl and C" does it. p.327) So it sounds like the second way > is the appropriate usage for subprocess_env(). But it seems > like you're saying that I shouldn't be using that at all. > Specifically, here is what I'd like to get out of the > environment: SSL_CLIENT_S_DN_CN SSL_CLIENT_S_DN_O and things of > that nature. According to mod_ssl's documentation, these are > put in ENV upon processing of a client certificate. Ideally, > I'd like to make which fields to extract configurable, so I > don't want to hard-code. > > Currently, I have > PerlPassEnv SSL_CLIENT_S_DN_O > PerlPassEnv SSL_CLIENT_S_DN_CN > in my httpd.conf, but it doesn't seem to make any kind of difference. > To make sure it isn't just mod_ssl being lame for some reason, I've > tried it with DOCUMENT_ROOT and other standard ENV variables. But to no > avail. :( Do you have a SSLOptions +StdEnvVars directive inside the relevant location of your httpd.conf? -- best regards, randy kobes
Re: getting *any* variables out of the server environment
Ryan, Ust out of curiosity, at what stage in the request chain are you doing this? If you are doing anything before mod_ssl populates its environment variables (which I seem to rembmer being at Fixup, although I may be confusing with something else), you wouldn't be able to access them. You *should* still be able to get to other Apache environment variables. Try an easy one: test for mod_perl. If that works, your environment variables are OK, and it's likely a mod_ssl problem that you're having. Issac - Original Message - From: "Ryan Muldoon" <[EMAIL PROTECTED]> To: "Geoffrey Young" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, June 09, 2003 10:13 PM Subject: Re: getting *any* variables out of the server environment > Geoffrey, > > Thanks for the explanation. Unfortunately, I think I am still a little > unclear as to how to proceed. If I understand you correctly, my first > method is completely wrongheaded. (I tried this because it is how the > "Writing Apache Modules with Perl and C" does it. p.327) So it sounds > like the second way is the appropriate usage for subprocess_env(). But > it seems like you're saying that I shouldn't be using that at all. > Specifically, here is what I'd like to get out of the environment: > SSL_CLIENT_S_DN_CN > SSL_CLIENT_S_DN_O > and things of that nature. According to mod_ssl's documentation, these > are put in ENV upon processing of a client certificate. Ideally, I'd > like to make which fields to extract configurable, so I don't want to > hard-code. > > Currently, I have > PerlPassEnv SSL_CLIENT_S_DN_O > PerlPassEnv SSL_CLIENT_S_DN_CN > in my httpd.conf, but it doesn't seem to make any kind of difference. > To make sure it isn't just mod_ssl being lame for some reason, I've > tried it with DOCUMENT_ROOT and other standard ENV variables. But to no > avail. :( > > --Ryan > > On Mon, 2003-06-09 at 13:59, Geoffrey Young wrote: > > Ryan Muldoon wrote: > > > I'm not able to get *any* variables out from the apache server > > > environment. > > > > ok, first off, this is a two step process for Apache. the first step is > > that modules (like mod_ssl) populate the subprocess_env table with various > > values. then, modules like mod_cgi and mod_perl come along and populate > > %ENV with the values from subprocess_env as well as various other CGI > > specific variables (like DOCUMENT_ROOT or whatever else there is). the > > point is that you're really not after environment variables if you want to > > test for something like $r->subprocess_env('HTTPS') - that it ends up as > > $ENV{HTTPS} is a byproduct of modules like mod_cgi and mod_perl. > > > > just for your own edification :) > > > > > As you might be able to imagine, this is extremely > > > frustrating, and inhibits my ability to do anything of use with > > > mod_perl. My basic technique has been: > > > my $uri = $r->uri; > > > return unless $r->is_main(); > > > my $subr = $r->lookup_uri($uri); > > > my $apachecertcomp = $subr->subprocess_env($certcomponent); > > > > I don't understand the need for a subrequest to the same URI - > > subprocess_env has nothing to do with an actual subprocess. each request > > (including subrequests) have their own subprocess_env table attached to $r. > > in many cases, modules are coded to behave differently for subrequests > > than for the main request, so something you may see in $r->subprocess_env() > > could not be in $r->lookup_uri($uri)->subprocess_env(). > > > > > But this doesn't work. I also tried > > > my $var = $r->subprocess_env("VARIABLE_NAME"); > > > And this does not work either. I really need to be able to use > > > environment variables that mod_ssl sets in my authentication handler. > > > > a few things here too. for the reasons described above, subprocess_env() is > > not a substitute for %ENV, so if what you want is a true %ENV value (such as > > those from PerlPassEnv), you will not be able to get to it via > > $r->subprocess_env(). > > > > > Any ideas? Thanks! > > > > HTH > > > > --Geoff > > > > > > >
Re: getting *any* variables out of the server environment
PerlSetEnv works fine. I can't, however, put PerlPassEnv inside either a Location or Directory block, if that makes any difference. Apache says it is a configuration error to do so (though PerlSetEnv works fine). I've tried every way that I can think of to do $r->subprocess_env('VARIABLE'), and it definitely does not work. :( --Ryan On Mon, 2003-06-09 at 14:04, Perrin Harkins wrote: > On Mon, 2003-06-09 at 14:49, Ryan Muldoon wrote: > > I tried that as well (and just re-tried). My understanding is that the > > %ENV hash only gets updated in the fixup stage, so the mod_ssl > > environment variables can't be accessed that way. Thanks for the > > suggestion though! > > Okay. And you're certain that a simple $r->subprocess_env('VARIABLE') > doesn't work? Have you tried setting a variable yourself as a test with > PerlSetEnv in httpd.conf? > > - Perrin
Re: getting *any* variables out of the server environment
> "Ryan" == Ryan Muldoon <[EMAIL PROTECTED]> writes: Ryan> Geoffrey, Ryan> Thanks for the explanation. Unfortunately, I think I am still a little Ryan> unclear as to how to proceed. If I understand you correctly, my first Ryan> method is completely wrongheaded. (I tried this because it is how the Ryan> "Writing Apache Modules with Perl and C" does it. p.327) So it sounds Ryan> like the second way is the appropriate usage for subprocess_env(). But Ryan> it seems like you're saying that I shouldn't be using that at all. Ryan> Specifically, here is what I'd like to get out of the environment: Ryan> SSL_CLIENT_S_DN_CN Ryan> SSL_CLIENT_S_DN_O Ryan> and things of that nature. According to mod_ssl's documentation, these Ryan> are put in ENV upon processing of a client certificate. Ideally, I'd Ryan> like to make which fields to extract configurable, so I don't want to Ryan> hard-code. Well, then, in any handler after the mod_ssl has run, you should be be able to use $r->subprocess_env("SSL_CLIENT_S_DN_CN") to get at that info. Ryan> Currently, I have Ryan> PerlPassEnv SSL_CLIENT_S_DN_O Ryan> PerlPassEnv SSL_CLIENT_S_DN_CN Ryan> in my httpd.conf, but it doesn't seem to make any kind of difference. Ryan> To make sure it isn't just mod_ssl being lame for some reason, I've Ryan> tried it with DOCUMENT_ROOT and other standard ENV variables. But to no Ryan> avail. :( That takes the enviroment variables that apache was started with and passes those to mod_perl. Probably not what you want. (I'm doing this from memory, so please correct me if I'm wrong.) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: getting *any* variables out of the server environment
Geoffrey, Thanks for the explanation. Unfortunately, I think I am still a little unclear as to how to proceed. If I understand you correctly, my first method is completely wrongheaded. (I tried this because it is how the "Writing Apache Modules with Perl and C" does it. p.327) So it sounds like the second way is the appropriate usage for subprocess_env(). But it seems like you're saying that I shouldn't be using that at all. Specifically, here is what I'd like to get out of the environment: SSL_CLIENT_S_DN_CN SSL_CLIENT_S_DN_O and things of that nature. According to mod_ssl's documentation, these are put in ENV upon processing of a client certificate. Ideally, I'd like to make which fields to extract configurable, so I don't want to hard-code. Currently, I have PerlPassEnv SSL_CLIENT_S_DN_O PerlPassEnv SSL_CLIENT_S_DN_CN in my httpd.conf, but it doesn't seem to make any kind of difference. To make sure it isn't just mod_ssl being lame for some reason, I've tried it with DOCUMENT_ROOT and other standard ENV variables. But to no avail. :( --Ryan On Mon, 2003-06-09 at 13:59, Geoffrey Young wrote: > Ryan Muldoon wrote: > > I'm not able to get *any* variables out from the apache server > > environment. > > ok, first off, this is a two step process for Apache. the first step is > that modules (like mod_ssl) populate the subprocess_env table with various > values. then, modules like mod_cgi and mod_perl come along and populate > %ENV with the values from subprocess_env as well as various other CGI > specific variables (like DOCUMENT_ROOT or whatever else there is). the > point is that you're really not after environment variables if you want to > test for something like $r->subprocess_env('HTTPS') - that it ends up as > $ENV{HTTPS} is a byproduct of modules like mod_cgi and mod_perl. > > just for your own edification :) > > > As you might be able to imagine, this is extremely > > frustrating, and inhibits my ability to do anything of use with > > mod_perl. My basic technique has been: > > my $uri = $r->uri; > > return unless $r->is_main(); > > my $subr = $r->lookup_uri($uri); > > my $apachecertcomp = $subr->subprocess_env($certcomponent); > > I don't understand the need for a subrequest to the same URI - > subprocess_env has nothing to do with an actual subprocess. each request > (including subrequests) have their own subprocess_env table attached to $r. > in many cases, modules are coded to behave differently for subrequests > than for the main request, so something you may see in $r->subprocess_env() > could not be in $r->lookup_uri($uri)->subprocess_env(). > > > But this doesn't work. I also tried > > my $var = $r->subprocess_env("VARIABLE_NAME"); > > And this does not work either. I really need to be able to use > > environment variables that mod_ssl sets in my authentication handler. > > a few things here too. for the reasons described above, subprocess_env() is > not a substitute for %ENV, so if what you want is a true %ENV value (such as > those from PerlPassEnv), you will not be able to get to it via > $r->subprocess_env(). > > > Any ideas? Thanks! > > HTH > > --Geoff > > >
Re: getting *any* variables out of the server environment
On Mon, 2003-06-09 at 14:49, Ryan Muldoon wrote: > I tried that as well (and just re-tried). My understanding is that the > %ENV hash only gets updated in the fixup stage, so the mod_ssl > environment variables can't be accessed that way. Thanks for the > suggestion though! Okay. And you're certain that a simple $r->subprocess_env('VARIABLE') doesn't work? Have you tried setting a variable yourself as a test with PerlSetEnv in httpd.conf? - Perrin
Re: getting *any* variables out of the server environment
Ryan Muldoon wrote: I'm not able to get *any* variables out from the apache server environment. ok, first off, this is a two step process for Apache. the first step is that modules (like mod_ssl) populate the subprocess_env table with various values. then, modules like mod_cgi and mod_perl come along and populate %ENV with the values from subprocess_env as well as various other CGI specific variables (like DOCUMENT_ROOT or whatever else there is). the point is that you're really not after environment variables if you want to test for something like $r->subprocess_env('HTTPS') - that it ends up as $ENV{HTTPS} is a byproduct of modules like mod_cgi and mod_perl. just for your own edification :) As you might be able to imagine, this is extremely frustrating, and inhibits my ability to do anything of use with mod_perl. My basic technique has been: my $uri = $r->uri; return unless $r->is_main(); my $subr = $r->lookup_uri($uri); my $apachecertcomp = $subr->subprocess_env($certcomponent); I don't understand the need for a subrequest to the same URI - subprocess_env has nothing to do with an actual subprocess. each request (including subrequests) have their own subprocess_env table attached to $r. in many cases, modules are coded to behave differently for subrequests than for the main request, so something you may see in $r->subprocess_env() could not be in $r->lookup_uri($uri)->subprocess_env(). But this doesn't work. I also tried my $var = $r->subprocess_env("VARIABLE_NAME"); And this does not work either. I really need to be able to use environment variables that mod_ssl sets in my authentication handler. a few things here too. for the reasons described above, subprocess_env() is not a substitute for %ENV, so if what you want is a true %ENV value (such as those from PerlPassEnv), you will not be able to get to it via $r->subprocess_env(). Any ideas? Thanks! HTH --Geoff
RE: getting *any* variables out of the server environment
I'm using mod_perl 1. But I'm setting the handlers in httpd.conf. I sent a message to the list on thursday ("problem with pulling variables from mod_ssl") that more fully describes my situtation. --Ryan On Mon, 2003-06-09 at 14:31, Marc M. Adkins wrote: > IF you're using mp2...in your httpd.conf are you setting up the handlers > with modperl or perl-script? The former doesn't provide any environment > variables: > > http://perl.apache.org/docs/2.0/user/config/config.html#C_SetHandler_ > > I don't believe this applies to mp1. > > mma > > > -Original Message- > > From: Ryan Muldoon [mailto:[EMAIL PROTECTED] > > Sent: Monday, June 09, 2003 11:30 AM > > To: [EMAIL PROTECTED] > > Subject: getting *any* variables out of the server environment > > > > > > I'm not able to get *any* variables out from the apache server > > environment. As you might be able to imagine, this is extremely > > frustrating, and inhibits my ability to do anything of use with > > mod_perl. My basic technique has been: > > my $uri = $r->uri; > > return unless $r->is_main(); > > my $subr = $r->lookup_uri($uri); > > my $apachecertcomp = $subr->subprocess_env($certcomponent); > > But this doesn't work. I also tried > > my $var = $r->subprocess_env("VARIABLE_NAME"); > > And this does not work either. I really need to be able to use > > environment variables that mod_ssl sets in my authentication handler. > > Any ideas? Thanks! > > > > --Ryan > > >
RE: getting *any* variables out of the server environment
IF you're using mp2...in your httpd.conf are you setting up the handlers with modperl or perl-script? The former doesn't provide any environment variables: http://perl.apache.org/docs/2.0/user/config/config.html#C_SetHandler_ I don't believe this applies to mp1. mma > -Original Message- > From: Ryan Muldoon [mailto:[EMAIL PROTECTED] > Sent: Monday, June 09, 2003 11:30 AM > To: [EMAIL PROTECTED] > Subject: getting *any* variables out of the server environment > > > I'm not able to get *any* variables out from the apache server > environment. As you might be able to imagine, this is extremely > frustrating, and inhibits my ability to do anything of use with > mod_perl. My basic technique has been: > my $uri = $r->uri; > return unless $r->is_main(); > my $subr = $r->lookup_uri($uri); > my $apachecertcomp = $subr->subprocess_env($certcomponent); > But this doesn't work. I also tried > my $var = $r->subprocess_env("VARIABLE_NAME"); > And this does not work either. I really need to be able to use > environment variables that mod_ssl sets in my authentication handler. > Any ideas? Thanks! > > --Ryan >
Re: getting *any* variables out of the server environment
I tried that as well (and just re-tried). My understanding is that the %ENV hash only gets updated in the fixup stage, so the mod_ssl environment variables can't be accessed that way. Thanks for the suggestion though! --Ryan On Mon, 2003-06-09 at 13:41, Perrin Harkins wrote: > On Mon, 2003-06-09 at 14:29, Ryan Muldoon wrote: > > I'm not able to get *any* variables out from the apache server > > environment. > > Did you try the normal $ENV{'VARIABLE'} approach? > > - Perrin
Re: getting *any* variables out of the server environment
On Mon, 2003-06-09 at 14:29, Ryan Muldoon wrote: > I'm not able to get *any* variables out from the apache server > environment. Did you try the normal $ENV{'VARIABLE'} approach? - Perrin
getting *any* variables out of the server environment
I'm not able to get *any* variables out from the apache server environment. As you might be able to imagine, this is extremely frustrating, and inhibits my ability to do anything of use with mod_perl. My basic technique has been: my $uri = $r->uri; return unless $r->is_main(); my $subr = $r->lookup_uri($uri); my $apachecertcomp = $subr->subprocess_env($certcomponent); But this doesn't work. I also tried my $var = $r->subprocess_env("VARIABLE_NAME"); And this does not work either. I really need to be able to use environment variables that mod_ssl sets in my authentication handler. Any ideas? Thanks! --Ryan